Search Results (9606 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-7995 1 Cisco 6 Meraki Mr, Meraki Mr Firmware, Meraki Ms and 3 more 2025-04-12 N/A
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow physically proximate attackers to obtain shell access by opening a device's case and connecting a cable to a serial port, aka Cisco-Meraki defect ID 00302077.
CVE-2014-7998 1 Cisco 21 Aironet 1040, Aironet 1140, Aironet 1260 and 18 more 2025-04-12 N/A
Cisco IOS on Aironet access points, when "dot11 aaa authenticator" debugging is enabled, allows remote attackers to cause a denial of service via a malformed EAP packet, aka Bug ID CSCul15509.
CVE-2014-7999 1 Cisco 6 Meraki Mr, Meraki Mr Firmware, Meraki Ms and 3 more 2025-04-12 N/A
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote authenticated users to install arbitrary firmware by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00478565.
CVE-2014-8000 1 Cisco 1 Unified Communications Manager Im And Presence Service 2025-04-12 N/A
Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCur63497.
CVE-2014-8015 1 Cisco 1 Identity Services Engine Software 2025-04-12 N/A
The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remote authenticated users to obtain access to an arbitrary sponsor's guest account via a modified HTTP request, aka Bug ID CSCur64400.
CVE-2014-8023 1 Cisco 1 Adaptive Security Appliance Software 2025-04-12 N/A
Cisco Adaptive Security Appliance (ASA) Software 9.2(.3) and earlier, when challenge-response authentication is used, does not properly select tunnel groups, which allows remote authenticated users to bypass intended resource-access restrictions via a crafted tunnel-group parameter, aka Bug ID CSCtz48533.
CVE-2014-8027 1 Cisco 1 Secure Access Control System 2025-04-12 N/A
The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034.
CVE-2014-8072 1 Openmrs 1 Openmrs 2025-04-12 N/A
The administration module in OpenMRS 2.1 Standalone Edition allows remote authenticated users to obtain read access via a direct request to /admin.
CVE-2014-8114 1 Redhat 3 Jboss Bpms, Jboss Brms, Uberfire 2025-04-12 N/A
The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to (1) execute arbitrary code by uploading crafted content to FileUploadServlet or (2) read arbitrary files via vectors involving FileDownloadServlet.
CVE-2014-8115 1 Redhat 3 Jboss Bpms, Jboss Brms, Kie Workbench 2025-04-12 N/A
The default authorization constrains in KIE Workbench 6.0.x allows remote authenticated users to read or write to arbitrary files, bypass intended access restrictions, and possibly have other unspecified impact via unknown vectors.
CVE-2014-8131 1 Redhat 1 Libvirt 2025-04-12 N/A
The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access.
CVE-2014-8133 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-12 N/A
arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a set_thread_area system call and later reads a 16-bit value.
CVE-2014-8136 4 Canonical, Mageia, Opensuse and 1 more 10 Ubuntu Linux, Mageia, Opensuse and 7 more 2025-04-12 N/A
The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.
CVE-2014-8143 1 Samba 1 Samba 2025-04-12 N/A
Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation.
CVE-2014-8148 2 Midgard-project, Opensuse 2 Midgard2, Opensuse 2025-04-12 N/A
The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges.
CVE-2014-8159 4 Canonical, Debian, Linux and 1 more 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more 2025-04-12 N/A
The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.
CVE-2014-8169 3 Automount Project, Opensuse, Redhat 7 Automount, Opensuse, Enterprise Linux and 4 more 2025-04-12 N/A
automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory.
CVE-2014-8175 1 Redhat 2 Jboss Amq, Jboss Fuse 2025-04-12 N/A
Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account defined in the users.properties file.
CVE-2014-8268 1 Qpr 1 Portal 2025-04-12 N/A
QPR Portal before 2012.2.1 allows remote attackers to modify or delete notes via a direct request.
CVE-2014-8270 1 Bmc 1 Track-it\! 2025-04-12 N/A
BMC Track-It! 11.3 allows remote attackers to gain privileges and execute arbitrary code by creating an account whose name matches that of a local system account, then performing a password reset.