Vulnerabilities (CVE)

Filtered by CWE-20
Total 11609 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-5376 1 Adaptivecomputing 1 Moab 2026-06-17 4.0 MEDIUM N/A
Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0, when a pre-generated key is used, does not validate that the requesting user matches the actor in the message, which allows remote authenticated users to impersonate arbitrary users via the actor field in a message.
CVE-2014-5375 1 Adaptivecomputing 1 Moab 2026-06-17 4.0 MEDIUM N/A
The server in Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 does not properly validate the message owner matches the submitting user, which allows remote authenticated users to impersonate arbitrary users via the UserId and Owner tags.
CVE-2014-5362 1 Landesk 1 Landesk Management Suite 2026-06-17 6.5 MEDIUM 7.2 HIGH
The admin interface in Landesk Management Suite 9.6 and earlier allows remote attackers to conduct remote file inclusion attacks involving ASPX pages from third-party sites via the d parameter to (1) ldms/sm_actionfrm.asp or (2) remote/frm_coremainfrm.aspx; or the (3) top parameter to remote/frm_splitfrm.aspx.
CVE-2014-5336 1 Monkey-project 1 Monkey 2026-06-17 4.3 MEDIUM N/A
Monkey HTTP Server before 1.5.3, when the File Descriptor Table (FDT) is enabled and custom error messages are set, allows remote attackers to cause a denial of service (file descriptor consumption) via an HTTP request that triggers an error message.
CVE-2014-5289 1 Senkas Kolibri Project 1 Senkas Kolibri 2026-06-17 7.5 HIGH 9.8 CRITICAL
Buffer overflow in Senkas Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a POST request.
CVE-2014-5282 1 Docker 1 Docker 2026-06-17 5.5 MEDIUM 8.1 HIGH
Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'.
CVE-2014-5243 1 Mediawiki 1 Mediawiki 2026-06-17 4.3 MEDIUM N/A
MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
CVE-2014-5177 2 Opensuse, Redhat 4 Opensuse, Enterprise Linux, Enterprise Virtualization and 1 more 2026-06-17 1.2 LOW N/A
libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virStorageVolCreateXMLFrom, (11) virConnectDomainXMLFromNative, (12) virConnectDomainXMLToNative, (13) virSecretDefineXML, (14) virNWFilterDefineXML, (15) virDomainSnapshotCreateXML, (16) virDomainSaveImageDefineXML, (17) virDomainCreateXMLWithFiles, (18) virConnectCompareCPU, or (19) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT from CVE-2014-0179 per ADT3 due to different affected versions of some vectors.
CVE-2014-5170 1 Drupal 1 Storage Api 2026-06-17 7.5 HIGH 9.8 CRITICAL
The Storage API module 7.x before 7.x-1.6 for Drupal might allow remote attackers to execute arbitrary code by leveraging failure to update .htaccess file contents after SA-CORE-2013-003.
CVE-2014-5120 1 Php 1 Php 2026-06-17 6.4 MEDIUM N/A
gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function.
CVE-2014-5118 3 Fedoraproject, Redhat, Trusted Boot Project 3 Fedora, Enterprise Linux, Trusted Boot 2026-06-17 2.1 LOW 5.5 MEDIUM
Trusted Boot (tboot) before 1.8.2 has a 'loader.c' Security Bypass Vulnerability
CVE-2014-5092 1 Status2k 1 Status2k 2026-06-17 6.5 MEDIUM 8.8 HIGH
Status2k allows Remote Command Execution in admin/options/editpl.php.
CVE-2014-5091 1 Status2k 1 Status2k 2026-06-17 10.0 HIGH 9.8 CRITICAL
A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code.
CVE-2014-5087 3 Sphider, Sphider-plus, Sphiderpro 3 Sphider, Sphider-plus, Sphider Pro 2026-06-17 7.5 HIGH 9.8 CRITICAL
A vulnerability exists in Sphider Search Engine prior to 1.3.6 due to exec calls in admin/spiderfuncs.php, which could let a remote malicious user execute arbitrary code.
CVE-2014-5019 1 Drupal 1 Drupal 2026-06-17 5.0 MEDIUM N/A
The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 allows remote attackers to cause a denial of service via a crafted HTTP Host header, related to determining which configuration file to use.
CVE-2014-5003 1 Ciborg Project 1 Ciborg 2026-06-17 2.1 LOW 5.5 MEDIUM
chef/travis-cookbooks/ci_environment/perlbrew/recipes/default.rb in the ciborg gem 3.0.0 for Ruby allows local users to write to arbitrary files and gain privileges via a symlink attack on /tmp/perlbrew-installer.
CVE-2014-4994 1 Gyazo Project 1 Gyazo 2026-06-17 2.1 LOW 5.5 MEDIUM
lib/gyazo/client.rb in the gyazo gem 1.0.0 for Ruby allows local users to write to arbitrary files via a symlink attack on a temporary file, related to time-based filenames.
CVE-2014-4973 1 Eset 2 Endpoint Security, Smart Security 2026-06-17 6.9 MEDIUM N/A
The ESET Personal Firewall NDIS filter (EpFwNdis.sys) driver in the Firewall Module Build 1183 (20140214) and earlier in ESET Smart Security and ESET Endpoint Security products 5.0 through 7.0 allows local users to gain privileges via a crafted argument to a 0x830020CC IOCTL call.
CVE-2014-4971 1 Microsoft 1 Windows Xp 2026-06-17 7.2 HIGH N/A
Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ Access Control subsystem and (2) the BthPan.sys driver in the Bluetooth Personal Area Networking subsystem.
CVE-2014-4870 1 Brocade 2 Vyatta 5400 Vrouter, Vyatta 5400 Vrouter Software 2026-06-17 7.2 HIGH N/A
/opt/vyatta/bin/sudo-users/vyatta-clear-dhcp-lease.pl on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 does not properly validate parameters, which allows local users to gain privileges by leveraging the sudo configuration.