Total
5271 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-5356 | 2 Canonical, Openstack | 2 Ubuntu Linux, Image Registry And Delivery Service \(glance\) | 2026-06-17 | 4.0 MEDIUM | N/A |
| OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image. | |||||
| CVE-2014-5337 | 2 Wordpress Mobile Pack Project, Wpmobilepack | 2 Wordpress Mobile Pack, Wordpress Mobile Pack | 2026-06-17 | 5.0 MEDIUM | N/A |
| The WordPress Mobile Pack plugin before 2.0.2 for WordPress does not properly restrict access to password protected posts, which allows remote attackers to obtain sensitive information via an exportarticles action to export/content.php. | |||||
| CVE-2014-5318 | 1 Jig | 1 Jigbrowser\+ | 2026-06-17 | 5.8 MEDIUM | N/A |
| The jigbrowser+ application 1.8.1 and earlier for iOS allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. | |||||
| CVE-2014-5298 | 1 X2engine | 1 X2engine | 2026-06-17 | 5.0 MEDIUM | N/A |
| FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks by uploading a file with an executable extension that contains uppercase letters, as demonstrated using a PHP program. | |||||
| CVE-2014-5286 | 1 Tibco | 3 Activematrix Management Agent, Activematrix Policy Agent, Activematrix Policy Manager | 2026-06-17 | 6.4 MEDIUM | N/A |
| The ActiveMatrix Policy Manager Authentication module in TIBCO ActiveMatrix Policy Agent 3.x before 3.1.2, ActiveMatrix Policy Manager 3.x before 3.1.2, ActiveMatrix Management Agent 1.x before 1.2.1 for WCF, and ActiveMatrix Management Agent 1.x before 1.2.1 for WebSphere allows remote attackers to gain privileges and obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-5284 | 1 Ossec | 1 Ossec | 2026-06-17 | 7.2 HIGH | N/A |
| host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable filenames without verifying ownership, which allows local users to modify access restrictions in hosts.deny and gain root privileges by creating the temporary files before automatic IP blocking is performed. | |||||
| CVE-2014-5269 | 1 Plack Project | 1 Plack | 2026-06-17 | 5.0 MEDIUM | N/A |
| Plack::App::File in Plack before 1.0031 removes trailing slash characters from paths, which allows remote attackers to bypass the whitelist of generated files and obtain sensitive information via a crafted path, related to Plack::Middleware::Static. | |||||
| CVE-2014-5268 | 1 Fasttoggle Project | 1 Fasttoggle | 2026-06-17 | 5.8 MEDIUM | N/A |
| The Fasttoggle module 7.x-1.3 and 7.x-1.4 for Drupal allows remote attackers to block or unblock an account via a crafted user status link. | |||||
| CVE-2014-5267 | 1 Drupal | 1 Drupal | 2026-06-17 | 6.8 MEDIUM | N/A |
| modules/openid/xrds.inc in Drupal 6.x before 6.33 and 7.x before 7.31 allows remote attackers to have unspecified impact via a crafted DOCTYPE declaration in an XRDS document. | |||||
| CVE-2014-5247 | 1 Spi-inc | 1 Ganeti | 2026-06-17 | 2.1 LOW | N/A |
| The _UpgradeBeforeConfigurationChange function in lib/client/gnt_cluster.py in Ganeti 2.10.0 before 2.10.7 and 2.11.0 before 2.11.5 uses world-readable permissions for the configuration backup file, which allows local users to obtain SSL keys, remote API credentials, and other sensitive information by reading the file, related to the upgrade command. | |||||
| CVE-2014-5246 | 1 Tenda | 2 A5s, A5s Firmware | 2026-06-17 | 10.0 HIGH | N/A |
| The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn. | |||||
| CVE-2014-5232 | 2 Apple, Siemens | 2 Iphone Os, Simatic Wincc Sm\@rtclient | 2026-06-17 | 1.9 LOW | N/A |
| The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows local users to bypass an intended application-password requirement by leveraging the running of the app in the background state. | |||||
| CVE-2014-5179 | 2 Freelinking For Case Tracker Project, Freelinking Project | 2 Freelinking For Case Tracker, Freelinking | 2026-06-17 | 4.3 MEDIUM | N/A |
| The freelinking module for Drupal, as used in the Freelinking for Case Tracker module, does not properly check access permissions for (1) nodes or (2) users, which allows remote attackers to obtain sensitive information via a crafted link. | |||||
| CVE-2014-5174 | 1 Sap | 1 Netweaver Business Warehouse | 2026-06-17 | 3.5 LOW | N/A |
| The SAP Netweaver Business Warehouse component does not properly restrict access to the functions in the BW-SYS-DB-DB4 function group, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-5173 | 1 Sap | 1 Hana Extended Application Services | 2026-06-17 | 5.0 MEDIUM | N/A |
| SAP HANA Extend Application Services (XS) allows remote attackers to bypass access restrictions via a request to a private IU5 SDK application that was once public. | |||||
| CVE-2014-5147 | 1 Xen | 1 Xen | 2026-06-17 | 4.3 MEDIUM | N/A |
| Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not properly handle traps from the guest domain that use a different address width, which allows local guest users to cause a denial of service (host crash) via a crafted 32-bit process. | |||||
| CVE-2014-5070 | 1 Microsemi | 2 S350i, S350i Firmware | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| Symmetricom s350i 2.70.15 allows remote authenticated users to gain privileges via vectors related to pushing unauthenticated users to the login page. | |||||
| CVE-2014-5040 | 1 Eucalyptus | 1 Eucalyptus | 2026-06-17 | 4.6 MEDIUM | 6.8 MEDIUM |
| HP Helion Eucalyptus 4.1.x before 4.1.2 and HPE Helion Eucalyptus 4.2.x before 4.2.1 allow remote authenticated users to bypass intended access restrictions and modify arbitrary (1) access key credentials by leveraging knowledge of a key ID or (2) signing certificates by leveraging knowledge of a certificate ID. | |||||
| CVE-2014-5032 | 1 Glpi-project | 1 Glpi | 2026-06-17 | 5.0 MEDIUM | N/A |
| GLPI before 0.84.7 does not properly restrict access to cost information, which allows remote attackers to obtain sensitive information via the cost criteria in the search bar. | |||||
| CVE-2014-5031 | 2 Apple, Canonical | 2 Cups, Ubuntu Linux | 2026-06-17 | 5.0 MEDIUM | N/A |
| The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors. | |||||
