Search

Search Results (363726 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-4634 1 Emc 2 Appsync, Replication Manager 2025-04-12 N/A
Unquoted Windows search path vulnerability in EMC Replication Manager through 5.5.2 and AppSync before 2.1.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.
CVE-2014-4635 1 Emc 1 Documentum Wdk 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum Web Development Kit (WDK) before 6.8 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-4636 1 Emc 1 Documentum Wdk 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to hijack the authentication of arbitrary users for requests that perform Docbase operations.
CVE-2014-4637 1 Emc 1 Documentum Wdk 2025-04-12 N/A
Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter.
CVE-2014-4638 1 Emc 1 Documentum Wdk 2025-04-12 N/A
EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to conduct frame-injection attacks and obtain sensitive information via unspecified vectors.
CVE-2014-4639 1 Emc 1 Documentum Wdk 2025-04-12 N/A
EMC Documentum Web Development Kit (WDK) before 6.8 does not properly generate random numbers for a certain parameter related to Webtop components, which makes it easier for remote attackers to conduct phishing attacks via brute-force attempts to predict the parameter value.
CVE-2014-4643 1 Coreftp 1 Core Ftp 2025-04-12 N/A
Multiple heap-based buffer overflows in the client in Core FTP LE 2.2 build 1798 allow remote FTP servers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in a reply to a (1) USER, (2) PASS, (3) PASV, (4) SYST, (5) PWD, or (6) CDUP command.
CVE-2014-4644 1 Cacti 1 Superlinks 2025-04-12 N/A
SQL injection vulnerability in superlinks.php in the superlinks plugin 1.4-2 for Cacti allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2014-4645 1 Dlink 1 Dsl-2760u-e1 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link DSL-2760U-E1 allows remote attackers to inject arbitrary web script or HTML via a hostname.
CVE-2014-4646 1 Foxitsoftware 1 Foxit Pdf Sdk Dll 2025-04-12 N/A
Buffer overflow in the FPDFBookmark_GetTitle method in Foxit PDF SDK DLL before 3.1.1.5005 allows context-dependent attackers to execute arbitrary code via unspecified vectors.
CVE-2014-4647 1 Embarcadero 1 Er\/studio Data Architect 2025-04-12 N/A
Stack-based buffer overflow in the loadExtensionFactory method in the TSVisualization ActiveX control in Embarcadero ER/Studio Data Architect allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2014-4648 1 Piwigo 1 Piwigo 2025-04-12 N/A
Unspecified vulnerability in Piwigo before 2.6.3 has unknown impact and attack vectors, related to a "security failure."
CVE-2014-4649 1 Piwigo 1 Piwigo 2025-04-12 N/A
SQL injection vulnerability in the photo-edit subsystem in Piwigo 2.6.x and 2.7.x before 2.7.0beta2 allows remote authenticated administrators to execute arbitrary SQL commands via the associate[] field.
CVE-2014-4652 4 Canonical, Linux, Redhat and 1 more 8 Ubuntu Linux, Linux Kernel, Enterprise Linux and 5 more 2025-04-12 N/A
Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.
CVE-2014-4653 4 Canonical, Linux, Redhat and 1 more 5 Ubuntu Linux, Linux Kernel, Enterprise Linux and 2 more 2025-04-12 N/A
sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.
CVE-2014-4654 4 Canonical, Linux, Redhat and 1 more 5 Ubuntu Linux, Linux Kernel, Enterprise Linux and 2 more 2025-04-12 N/A
The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call.
CVE-2014-4655 4 Canonical, Linux, Redhat and 1 more 5 Ubuntu Linux, Linux Kernel, Enterprise Linux and 2 more 2025-04-12 N/A
The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls.
CVE-2014-4656 4 Canonical, Linux, Redhat and 1 more 11 Ubuntu Linux, Linux Kernel, Enterprise Linux and 8 more 2025-04-12 N/A
Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function.
CVE-2014-4736 1 Blogengine 1 E2 2025-04-12 N/A
SQL injection vulnerability in E2 before 2.4 (2845) allows remote attackers to execute arbitrary SQL commands via the note-id parameter to @actions/comment-process.
CVE-2014-4661 1 Hp 1 Records Manager 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in HP Records Manager before 7.3.5 and 8.x before 8.1 Patch 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.