Search

Search Results (364870 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-9488 2 Gnu, Opensuse 2 Less, Opensuse 2025-04-12 N/A
The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read.
CVE-2014-9490 1 Getsentry 1 Raven-ruby 2025-04-12 N/A
The numtok function in lib/raven/okjson.rb in the raven-ruby gem before 0.12.2 for Ruby allows remote attackers to cause a denial of service via a large exponent value in a scientific number.
CVE-2014-9491 1 Illumos 1 Illumos 2025-04-12 N/A
The devzvol_readdir function in illumos does not check the return value of a strchr call, which allows remote attackers to cause a denial of service (NULL pointer dereference and panic) via unspecified vectors.
CVE-2014-9493 2 Openstack, Redhat 2 Image Registry And Delivery Service \(glance\), Openstack 2025-04-12 N/A
The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.
CVE-2014-9494 1 Pivotal Software 1 Rabbitmq 2025-04-12 N/A
RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header.
CVE-2014-9498 1 Webform Invitation Project 1 Webform Invitation 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Webform Invitation module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.4 for Drupal allows remote authenticated users with the Webform: Create new content, Webform: Edit own content, or Webform: Edit any content permission to inject arbitrary web script or HTML via a node title.
CVE-2014-9499 1 Godwin\'s Law Project 1 Godwin\'s Law 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Godwin's Law module before 7.x-1.1 for Drupal, when using the dblog module, allows remote authenticated users to inject arbitrary web script or HTML via a Watchdog message.
CVE-2014-9500 1 Moip Project 1 Moip 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Moip module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the notification page callback.
CVE-2014-9501 1 Poll Chart Block Project 1 Poll Chart Block 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Poll Chart Block module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a poll node title.
CVE-2014-9505 1 School Administration Project 1 School Administration 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the School Administration module 7.x-1.x before 7.x-1.8 for Drupal allows remote authenticated users with permission to create or edit a class node to inject arbitrary web script or HTML via a node title.
CVE-2014-9506 1 Mantisbt 1 Mantisbt 2025-04-12 N/A
MantisBT before 1.2.18 does not properly check permissions when sending an email that indicates when a monitored issue is related to another issue, which allows remote authenticated users to obtain sensitive information about restricted issues.
CVE-2014-9507 1 Mediawiki 1 Mediawiki 2025-04-12 N/A
MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content model for a revision to JS.
CVE-2014-9508 1 Typo3 1 Typo3 2025-04-12 N/A
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors.
CVE-2014-9509 1 Typo3 1 Typo3 2025-04-12 N/A
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact (possibly resource consumption) via a "Cache Poisoning" attack using a URL with arbitrary arguments, which triggers a reload of the page.
CVE-2014-9510 1 Tp-link 2 Tl-wr840n, Tl-wr840n Firmware 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the administration console in TP-Link TL-WR840N (V1) router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the authentication of administrators for requests that change router settings via a configuration file import.
CVE-2014-9512 3 Opensuse, Oracle, Samba 3 Opensuse, Solaris, Rsync 2025-04-12 N/A
rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.
CVE-2014-9516 1 Social Microblogging Pro Project 1 Social Microblogging Pro 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Social Microblogging PRO 1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI, related to the "Web Site" input in the Profile section.
CVE-2014-9517 1 Dlink 2 Dcs-2103, Dcs-2103 Firmware 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in D-link IP camera DCS-2103 with firmware before 1.20 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to vb.htm.
CVE-2014-9518 1 D-link 2 Dir-655, Dir-655 Firmware 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in login.cgi in D-Link router DIR-655 (rev Bx) with firmware before 2.12b01 allows remote attackers to inject arbitrary web script or HTML via the html_response_page parameter.
CVE-2014-9519 1 Infinitewp 1 Infinitewp 2025-04-12 N/A
SQL injection vulnerability in login.php in InfiniteWP Admin Panel before 2.4.3 allows remote attackers to execute arbitrary SQL commands via the email parameter.