Export limit exceeded: 363683 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363683 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-1950 | 1 Xen | 1 Xen | 2025-04-11 | N/A |
| Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xc_cpumap_alloc function, which allows local users with access to management functions to cause a denial of service (heap corruption) and possibly gain privileges via unspecified vectors. | ||||
| CVE-2014-1960 | 1 Sap | 2 Netweaver, Netweaver Solution Manager | 2025-04-11 | N/A |
| The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2014-1961 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain sensitive path information via unknown attack vectors. | ||||
| CVE-2014-1964 | 1 Sap | 2 Netweaver, Netweaver Exchange Infrastructure \(bc-xi\) | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to the ESR application and a DIR error. | ||||
| CVE-2014-1965 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to PIP. | ||||
| CVE-2014-1966 | 1 Siemens | 3 Ruggedcom Rs950g, Ruggedcom Rsg2488, Ruggedcom Rugged Operating System | 2025-04-11 | N/A |
| The SNMP implementation in Siemens RuggedCom ROS before 3.11, ROS 3.11 for RS950G, ROS 3.12 before 3.12.4, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (device outage) via crafted packets. | ||||
| CVE-2014-2018 | 1 Mozilla | 3 Seamonkey, Thunderbird, Thunderbird Esr | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in a (1) OBJECT or (2) EMBED element, a related issue to CVE-2013-6674. | ||||
| CVE-2014-2019 | 1 Apple | 1 Iphone Os | 2025-04-11 | 4.6 Medium |
| The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by entering an arbitrary iCloud Account Password value and a blank iCloud Account Description value. | ||||
| CVE-2014-2020 | 1 Php | 1 Php | 2025-04-11 | N/A |
| ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226. | ||||
| CVE-2009-3999 | 1 Hp | 1 Power Manager | 2025-04-11 | N/A |
| Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter. | ||||
| CVE-2011-4684 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 11.60 does not properly handle certificate revocation, which has unspecified impact and remote attack vectors related to "corner cases." | ||||
| CVE-2011-4807 | 1 Phpalbum | 1 Phpalbum | 2025-04-11 | N/A |
| Directory traversal vulnerability in main.php in phpAlbum 0.4.1.16 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the var1 parameter. | ||||
| CVE-2011-4835 | 1 Homeseer | 1 Homeseer Hs2 | 2025-04-11 | N/A |
| Directory traversal vulnerability in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to access arbitrary files via unspecified vectors. | ||||
| CVE-2011-5168 | 1 Bananadance | 1 Banana Dance | 2025-04-11 | N/A |
| SQL injection vulnerability in user.php in Banana Dance before B.1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2010-0695 | 1 Basic-cms | 1 Basic-cms | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in pages/index.php in BASIC-CMS allows remote attackers to inject arbitrary web script or HTML via the nav_id parameter. | ||||
| CVE-2010-0904 | 1 Oracle | 1 Secure Backup | 2025-04-11 | N/A |
| Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect integrity via unknown vectors. | ||||
| CVE-2010-3250 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Unspecified vulnerability in Google Chrome before 6.0.472.53 allows remote attackers to enumerate the set of installed extensions via unknown vectors. | ||||
| CVE-2010-3256 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 6.0.472.53 does not properly limit the number of stored autocomplete entries, which has unspecified impact and attack vectors. | ||||
| CVE-2010-3258 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| The sandbox implementation in Google Chrome before 6.0.472.53 does not properly deserialize parameters, which has unspecified impact and remote attack vectors. | ||||
| CVE-2010-4721 | 1 Mhproducts | 1 Immo Makler | 2025-04-11 | N/A |
| SQL injection vulnerability in news.php in Immo Makler allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||