Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-8272 2 Dell, Intel 4 Idrac6 Modular, Idrac6 Monolithic, Idrac7 and 1 more 2025-04-12 N/A
The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.
CVE-2014-8173 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2025-04-12 N/A
The pmd_none_or_trans_huge_or_clear_bad function in include/asm-generic/pgtable.h in the Linux kernel before 3.13 on NUMA systems does not properly determine whether a Page Middle Directory (PMD) entry is a transparent huge-table entry, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted MADV_WILLNEED madvise system call that leverages the absence of a page-table lock.
CVE-2014-8162 2 Redhat, Suse 2 Network Satellite, Manager 2025-04-12 N/A
XML external entity (XXE) in the RPC interface in Spacewalk and Red Hat Network (RHN) Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors.
CVE-2014-8151 2 Apple, Haxx 2 Mac Os X, Libcurl 2025-04-12 N/A
The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka SecureTransport) back-end for TLS, does not check if a cached TLS session validated the certificate when reusing the session, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
CVE-2014-8150 4 Canonical, Debian, Haxx and 1 more 4 Ubuntu Linux, Debian Linux, Libcurl and 1 more 2025-04-12 N/A
CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.
CVE-2014-8142 2 Php, Redhat 3 Php, Enterprise Linux, Rhel Software Collections 2025-04-12 N/A
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019.
CVE-2014-8137 2 Jasper Project, Redhat 3 Jasper, Enterprise Linux, Rhev Manager 2025-04-12 N/A
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.
CVE-2014-8135 1 Redhat 1 Libvirt 2025-04-12 N/A
The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a "virsh vol-upload" command.
CVE-2014-8132 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2025-04-12 N/A
Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.
CVE-2014-8125 1 Redhat 4 Drools, Jboss Bpms, Jboss Brms and 1 more 2025-04-12 N/A
XML external entity (XXE) vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file.
CVE-2014-8108 3 Apache, Apple, Redhat 7 Subversion, Xcode, Enterprise Linux and 4 more 2025-04-12 N/A
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist.
CVE-2014-7294 1 Nyu 1 Opensso Integration 2025-04-12 N/A
Open redirect vulnerability in the logon page in NYU OpenSSO Integration 2.1 and earlier for Ex Libris Patron Directory Services (PDS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.
CVE-2014-7292 1 Newtelligence 1 Dasblog 2025-04-12 N/A
Open redirect vulnerability in the Click-Through feature in Newtelligence dasBlog 2.1 (2.1.8102.813), 2.2 (2.2.8279.16125), and 2.3 (2.3.9074.18820) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to ct.ashx.
CVE-2014-4851 1 Foecms 1 Foecms 2025-04-12 N/A
Open redirect vulnerability in msg.php in FoeCMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the r parameter.
CVE-2014-4834 1 Ibm 1 Websphere Commerce 2025-04-12 N/A
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application crash) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
CVE-2014-4815 1 Ibm 1 Ibm Rational Lifecycle Integration Adapter For Windchill 2025-04-12 N/A
Session fixation vulnerability in IBM Rational Lifecycle Integration Adapter for Windchill 1.x before 1.0.1 allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2014-4803 1 Ibm 1 Curam Social Program Management 2025-04-12 N/A
CRLF injection vulnerability in the Universal Access implementation in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix007, and 6.0.5 before 6.0.5.5 iFix003, when WebSphere Application Server is not used, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via an unspecified parameter.
CVE-2014-4769 1 Ibm 1 Websphere Commerce 2025-04-12 N/A
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 allows remote authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2014-4760 1 Ibm 1 Websphere Portal 2025-04-12 N/A
Open redirect vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 before 8.0.0.1 CF13, and 8.5.0 before CF01 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
CVE-2014-4756 1 Ibm 1 Rational License Key Server 2025-04-12 N/A
The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4.4 allows remote authenticated users to hijack sessions via unspecified vectors.