Export limit exceeded: 364818 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364818 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-8583 | 1 Modwsgi | 1 Mod Wsgi | 2025-04-12 | N/A |
| mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors. | ||||
| CVE-2014-8584 | 1 Web-dorado | 1 Web-dorado Spider Video Player | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Web Dorado Spider Video Player (aka WordPress Video Player) plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-8762 | 1 Dokuwiki | 1 Dokuwiki | 2025-04-12 | N/A |
| The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter. | ||||
| CVE-2014-8585 | 1 W3eden | 1 Download Manager | 2025-04-12 | N/A |
| Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php. | ||||
| CVE-2014-8586 | 1 Cp Multi View Event Calendar Project | 1 Cp Multi View Event Calendar | 2025-04-12 | N/A |
| SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter. | ||||
| CVE-2014-8587 | 1 Sap | 5 Commoncryptolib, Hana, Netweaver and 2 more | 2025-04-12 | N/A |
| SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors. | ||||
| CVE-2014-8588 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2014-8589 | 1 Sap | 1 Network Interface Router | 2025-04-12 | N/A |
| Integer overflow in SAP Network Interface Router (SAProuter) 40.4 allows remote attackers to cause a denial of service (resource consumption) via crafted requests. | ||||
| CVE-2014-8590 | 1 Sap | 1 Netweaver Java Application Server | 2025-04-12 | N/A |
| XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request. | ||||
| CVE-2014-8591 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown vectors. | ||||
| CVE-2014-8592 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via a crafted request. | ||||
| CVE-2014-8593 | 1 Allomani | 1 Allomani Weblinks | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Allomani Weblinks 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) default URI to admin.php or the (2) id parameter to admin.php or (3) go.php. | ||||
| CVE-2014-8594 | 3 Debian, Opensuse, Xen | 3 Debian Linux, Opensuse, Xen | 2025-04-12 | N/A |
| The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer dereference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging (HAP). | ||||
| CVE-2014-8595 | 3 Debian, Opensuse, Xen | 3 Debian Linux, Opensuse, Xen | 2025-04-12 | N/A |
| arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a crafted (1) CALL, (2) JMP, (3) RETF, (4) LCALL, (5) LJMP, or (6) LRET far branch instruction. | ||||
| CVE-2014-8596 | 1 Php-fusion | 1 Php-fusion | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to files/administration/submissions.php or (2) status parameter to files/administration/members.php. | ||||
| CVE-2014-8600 | 3 Kde, Opensuse, Urs Wolfer | 4 Kde-runtime, Kio-extras, Opensuse and 1 more | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the (1) zip, (2) trash, (3) tar, (4) thumbnail, (5) smtps, (6) smtp, (7) smb, (8) remote, (9) recentdocuments, (10) nntps, (11) nntp, (12) network, (13) mbox, (14) ldaps, (15) ldap, (16) fonts, (17) file, (18) desktop, (19) cgi, (20) bookmarks, or (21) ar scheme, which is not properly handled in an error message. | ||||
| CVE-2014-8601 | 2 Debian, Powerdns | 2 Debian Linux, Recursor | 2025-04-12 | N/A |
| PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service ("performance degradations") via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it. | ||||
| CVE-2014-8602 | 4 Canonical, Debian, Nlnetlabs and 1 more | 4 Ubuntu Linux, Debian Linux, Unbound and 1 more | 2025-04-12 | N/A |
| iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals. | ||||
| CVE-2014-8603 | 1 Xcloner | 1 Xcloner | 2025-04-12 | N/A |
| cloner.functions.php in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to execute arbitrary code via shell metacharacters in the (1) file name when creating a backup or vectors related to the (2) $_CONFIG[tarpath], (3) $exclude, (4) $_CONFIG['tarcompress'], (5) $_CONFIG['filename'], (6) $_CONFIG['exfile_tar'], (7) $_CONFIG[sqldump], (8) $_CONFIG['mysql_host'], (9) $_CONFIG['mysql_pass'], (10) $_CONFIG['mysql_user'], (11) $database_name, or (12) $sqlfile variable. | ||||
| CVE-2014-8604 | 1 Xcloner | 1 Xcloner | 2025-04-12 | N/A |
| The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! returns the MySQL password in cleartext to a text box in the configuration panel, which allows remote attackers to obtain sensitive information via unspecified vectors. | ||||