Search

Search Results (363449 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-3898 1 Fujitsu 1 Serverview Operations Manager 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Fujitsu ServerView Operations Manager 5.00.09 through 6.30.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-3899 1 Gomlab 1 Gom Player 2025-04-12 N/A
Gretech GOM Player 2.2.51.5149 and earlier allows remote attackers to cause a denial of service (launch outage) via a crafted image file.
CVE-2014-3900 1 Piwigo 1 Piwigo 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in admin/picture_modify.php in the photo-edit subsystem in Piwigo 2.6.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the associate[] field, a different vulnerability than CVE-2014-4649.
CVE-2014-3901 1 Raritan 2 Dominion Kx Ii-101, Dominion Kx Ii-101 Firmware 2025-04-12 N/A
Raritan Japan Dominion KX2-101 switches before 2 allow remote attackers to cause a denial of service (device hang) via a crafted packet.
CVE-2014-3902 1 Cyberagent 1 Ameba 2025-04-12 N/A
The CyberAgent Ameba application 3.x and 4.x before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-3906 1 Kk-osk 2 Advance-flow, Advance-flow Forms 2025-04-12 N/A
SQL injection vulnerability in OSK Advance-Flow 4.41 and earlier and Advance-Flow Forms 4.41 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-3907 1 Mailpoet 1 Mailpoet Newsletters 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.11 for WordPress allows remote attackers to hijack the authentication of arbitrary users.
CVE-2014-3908 1 Amazon 1 Kindle 2025-04-12 N/A
The Amazon.com Kindle application before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-3909 1 Falconsc 1 Wisepoint 2025-04-12 N/A
Session fixation vulnerability in Falcon WisePoint 4.1.19.7 and earlier allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2014-3910 1 Emurasoft 1 Emftp 2025-04-12 N/A
Emurasoft EmFTP allows local users to gain privileges via a Trojan horse executable file that is launched during an attempt to read a similarly named file that lacks a filename extension.
CVE-2014-3911 1 Samsung 1 Ipolis Device Manager 2025-04-12 N/A
Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unspecified values to the (1) Start, (2) ChangeControlLocalName, (3) DeleteDeviceProfile, (4) FrameAdvanceReader, or other unknown method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control.
CVE-2014-3912 1 Samsung 1 Ipolis Device Manager 2025-04-12 N/A
Stack-based buffer overflow in the FindConfigChildeKeyList method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control in Samsung iPOLiS Device Manager before 1.8.7 allows remote attackers to execute arbitrary code via a long value.
CVE-2014-3913 1 Ericom 1 Accessnow Server 2025-04-12 N/A
Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers to execute arbitrary code via a request for a non-existent file.
CVE-2014-3922 1 Trendmicro 1 Interscan Messaging Security Virtual Appliance 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8.5.1.1516 allows remote authenticated users to inject arbitrary web script or HTML via the addWhiteListDomainStr parameter to addWhiteListDomain.imss.
CVE-2014-3914 1 Rocketsoftware 1 Rocket Servergraph 2025-04-12 N/A
Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows remote attackers to (1) create arbitrary files via a .. (dot dot) in the query parameter in a writeDataFile action to the fileRequestor servlet, execute arbitrary files via a .. (dot dot) in the query parameter in a (2) run or (3) runClear action to the fileRequestor servlet, (4) read arbitrary files via a readDataFile action to the fileRequestor servlet, (5) execute arbitrary code via a save_server_groups action to the userRequest servlet, or (6) delete arbitrary files via a del action in the fileRequestServlet servlet.
CVE-2014-3915 1 Rocketsoftware 1 Rocket Servergraph 2025-04-12 N/A
The userRequest servlet in the Admin Center for Tivoli Storage Manager in Rocket Servergraph allows remote attackers to execute arbitrary commands via a (1) auth, (2) auth_session, (3) auth_simple, (4) add, (5) add_flat, (6) remove, (7) set_pwd, (8) add_permissions, (9) revoke_permissions, (10) runAsync, or (11) tsmRequest command.
CVE-2014-3916 1 Rubyonrails 1 Rails 2025-04-12 N/A
The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string.
CVE-2014-3917 3 Linux, Redhat, Suse 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more 2025-04-12 N/A
kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number.
CVE-2014-3920 1 Kanboard 1 Kanboard 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Kanboard before 1.0.6 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a save action to the default URI.
CVE-2014-3921 1 Simple Popup Project 1 Simple Popup 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in popup.php in the Simple Popup Images plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the z parameter.