EntryPass N5200 Active Network Control Panel allows remote attackers to read device memory and obtain the administrator username and password via a URL starting with an ASCII character o through z or A through D, different vectors than CVE-2014-8868.
Max CVSS
7.8
EPSS Score
0.48%
Published
2014-12-07
Updated
2018-10-09
Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to obtain sensitive information via unspecified vectors.
Max CVSS
10.0
EPSS Score
0.53%
Published
2014-12-10
Updated
2018-12-20
The ConfigSaveServlet servlet in ManageEngine OpUtils before build 71024 allows remote attackers to "disclose" files via a crafted filename, related to "saveFile."
Max CVSS
7.8
EPSS Score
42.92%
Published
2014-11-25
Updated
2015-02-17
The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files.
Max CVSS
7.8
EPSS Score
32.47%
Published
2014-11-28
Updated
2014-11-28
Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote attackers to obtain sensitive information or modify data via a JNAP action in a JNAP/ HTTP request.
Max CVSS
7.5
EPSS Score
0.67%
Published
2014-11-01
Updated
2014-11-04
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted get_file request.
Max CVSS
7.8
EPSS Score
28.88%
Published
2014-06-18
Updated
2014-06-19
The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 5.2.0 and 6.2.4, expands entity references, which allows remote attackers to read arbitrary code and possibly have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue.
Max CVSS
7.5
EPSS Score
0.84%
Published
2014-07-22
Updated
2023-02-13
The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript.
Max CVSS
7.5
EPSS Score
0.71%
Published
2014-11-05
Updated
2014-11-05
The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session.
Max CVSS
7.8
EPSS Score
0.16%
Published
2014-03-02
Updated
2014-03-03
The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different domain, via a timing attack involving feDisplacementMap elements, a related issue to CVE-2013-1693.
Max CVSS
7.5
EPSS Score
1.03%
Published
2014-03-19
Updated
2023-09-12

CVE-2014-0644

Public exploit
EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file.
Max CVSS
7.8
EPSS Score
36.40%
Published
2014-04-17
Updated
2014-04-17
FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287.
Max CVSS
7.8
EPSS Score
77.11%
Published
2014-08-29
Updated
2017-01-07
The XMLHTTP ActiveX controls in XML Core Services 3.0 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to bypass the Same Origin Policy via a web page that is visited in Internet Explorer, aka "MSXML Information Disclosure Vulnerability."
Max CVSS
7.1
EPSS Score
96.52%
Published
2014-02-12
Updated
2019-05-13
Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications.
Max CVSS
7.5
EPSS Score
0.24%
Published
2014-04-29
Updated
2014-04-30
The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.
Max CVSS
7.1
EPSS Score
0.76%
Published
2014-02-06
Updated
2017-08-29
The Gentoo init script for webfs uses world-readable permissions for /var/log/webfsd.log, which allows local users to have unspecified impact by reading the file.
Max CVSS
7.2
EPSS Score
0.04%
Published
2014-11-16
Updated
2017-08-29
16 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!