Search Results (23533 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-0588 5 Adobe, Apple, Linux and 2 more 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more 2025-04-12 N/A
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0573 and CVE-2014-8438.
CVE-2014-0589 5 Adobe, Apple, Linux and 2 more 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more 2025-04-12 N/A
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0582.
CVE-2014-1545 2 Mozilla, Redhat 2 Netscape Portable Runtime, Enterprise Linux 2025-04-12 N/A
Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions.
CVE-2014-1583 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2025-04-12 N/A
The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls, which allows remote attackers to bypass the Same Origin Policy via crafted API calls that access sensitive information within the JSON data of an alarm.
CVE-2014-1739 4 Canonical, Linux, Redhat and 1 more 6 Ubuntu Linux, Linux Kernel, Enterprise Linux and 3 more 2025-04-12 N/A
The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call.
CVE-2014-2015 2 Freeradius, Redhat 2 Freeradius, Enterprise Linux 2025-04-12 N/A
Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash.
CVE-2014-2064 2 Jenkins, Redhat 2 Jenkins, Openshift 2025-04-12 N/A
The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts.
CVE-2014-2065 2 Jenkins, Redhat 2 Jenkins, Openshift 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to inject arbitrary web script or HTML via the iconSize cookie.
CVE-2014-2066 2 Jenkins, Redhat 2 Jenkins, Openshift 2025-04-12 N/A
Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies.
CVE-2014-2067 2 Jenkins, Redhat 2 Jenkins, Openshift 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in java/hudson/model/Cause.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to inject arbitrary web script or HTML via a "remote cause note."
CVE-2014-2068 2 Jenkins, Redhat 2 Jenkins, Openshift 2025-04-12 N/A
The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump.
CVE-2014-2403 4 Canonical, Debian, Oracle and 1 more 7 Ubuntu Linux, Debian Linux, Jdk and 4 more 2025-04-12 N/A
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via vectors related to JAXP.
CVE-2014-2483 3 Debian, Oracle, Redhat 6 Debian Linux, Jdk, Jre and 3 more 2025-04-12 N/A
Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is from the July 2014 CPU. Oracle has not commented on another vendor's claim that the issue is related to improper restriction of the "use of privileged annotations."
CVE-2014-2568 3 Canonical, Linux, Redhat 3 Ubuntu Linux, Linux Kernel, Enterprise Linux 2025-04-12 N/A
Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. NOTE: the affected code was moved to the skb_zerocopy function in net/core/skbuff.c before the vulnerability was announced.
CVE-2014-3122 4 Canonical, Debian, Linux and 1 more 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more 2025-04-12 N/A
The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service (system crash) by triggering a memory-usage pattern that requires removal of page-table mappings.
CVE-2014-3192 3 Apple, Google, Redhat 10 Iphone Os, Itunes, Safari and 7 more 2025-04-12 N/A
Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2014-3193 2 Google, Redhat 6 Chrome, Enterprise Linux Desktop Supplementary, Enterprise Linux Server Supplementary and 3 more 2025-04-12 N/A
The SessionService::GetLastSession function in browser/sessions/session_service.cc in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors that leverage "type confusion" for callback processing.
CVE-2014-3194 2 Google, Redhat 6 Chrome, Enterprise Linux Desktop Supplementary, Enterprise Linux Server Supplementary and 3 more 2025-04-12 N/A
Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2014-3195 2 Google, Redhat 6 Chrome, Enterprise Linux Desktop Supplementary, Enterprise Linux Server Supplementary and 3 more 2025-04-12 N/A
Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of uninitialized memory and does not properly concatenate arrays of double-precision floating-point numbers, which allows remote attackers to obtain sensitive information via crafted JavaScript code, related to the PagedSpace::AllocateRaw and NewSpace::AllocateRaw functions in heap/spaces-inl.h, the LargeObjectSpace::AllocateRaw function in heap/spaces.cc, and the Runtime_ArrayConcat function in runtime.cc.
CVE-2014-3197 2 Google, Redhat 6 Chrome, Enterprise Linux Desktop Supplementary, Enterprise Linux Server Supplementary and 3 more 2025-04-12 N/A
The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attackers to obtain sensitive information via a crafted web site.