Export limit exceeded: 367118 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (367118 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-9579 | 1 Vdgsecurity | 1 Vdg Sense | 2025-04-12 | N/A |
| VDG Security SENSE (formerly DIVA) 2.3.13 stores administrator credentials in cleartext, which allows attackers to obtain sensitive information by reading the plugin configuration files. | ||||
| CVE-2014-9580 | 1 Projectsend | 1 Projectsend | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) r561 allows remote attackers to inject arbitrary web script or HTML via the Description field in a file upload. NOTE: this issue was originally incorrectly mapped to CVE-2014-1155; see CVE-2014-1155 for more information. | ||||
| CVE-2014-9581 | 1 Codiad | 1 Codiad | 2025-04-12 | N/A |
| Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information. | ||||
| CVE-2014-9582 | 1 Codiad | 1 Codiad | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in components/filemanager/dialog.php in Codiad 2.4.3 allows remote attackers to inject arbitrary web script or HTML via the short_name parameter in a rename action. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information. | ||||
| CVE-2014-9583 | 2 Asus, T-mobile | 4 Rt-ac66u, Rt-n66u, Wrt Firmware and 1 more | 2025-04-12 | N/A |
| common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute arbitrary commands via a NET_CMD_ID_MANU_CMD packet to UDP port 9999. NOTE: this issue was incorrectly mapped to CVE-2014-10000, but that ID is invalid due to its use as an example of the 2014 CVE ID syntax change. | ||||
| CVE-2014-9585 | 7 Canonical, Debian, Fedoraproject and 4 more | 22 Ubuntu Linux, Debian Linux, Fedora and 19 more | 2025-04-12 | N/A |
| The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD. | ||||
| CVE-2014-9593 | 1 Apache | 1 Cloudstack | 2025-04-12 | N/A |
| Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call. | ||||
| CVE-2014-9594 | 1 Sap | 1 Sap Kernel | 2025-04-12 | N/A |
| Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the ABAP VM, aka SAP Note 2059734. | ||||
| CVE-2014-9595 | 1 Sap | 1 Sap Kernel | 2025-04-12 | N/A |
| Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Spool System, aka SAP Note 2061271. | ||||
| CVE-2014-9596 | 1 Panasonic | 4 Arbitrator Back-end Server Mk 2.0 Vpu, Arbitrator Back-end Server Mk 2.0 Vpu Firmware, Arbitrator Back-end Server Mk 3.0 Vpu and 1 more | 2025-04-12 | N/A |
| Panasonic Arbitrator Back-End Server (BES) MK 2.0 VPU before 9.3.1 build 4.08.003.0, when USB Wi-Fi or Direct LAN is enabled, and MK 3.0 VPU before 9.3.1 build 5.06.000.0, when Embedded Wi-Fi or Direct LAN is enabled, does not use encryption, which allows remote attackers to obtain sensitive information by sniffing the network for client-server traffic, as demonstrated by Active Directory credential information. | ||||
| CVE-2014-9597 | 1 Videolan | 1 Vlc Media Player | 2025-04-12 | N/A |
| The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (DEP violation and application crash) via a crafted FLV file. | ||||
| CVE-2014-9598 | 1 Videolan | 1 Vlc Media Player | 2025-04-12 | N/A |
| The picture_Release function in misc/picture.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (write access violation) via a crafted M2V file. | ||||
| CVE-2014-9599 | 1 B2evolution | 1 B2evolution | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the filemanager in b2evolution before 5.2.1 allows remote attackers to inject arbitrary web script or HTML via the fm_filter parameter to blogs/admin.php. | ||||
| CVE-2014-9600 | 1 Macroplant | 1 Iexplorer | 2025-04-12 | N/A |
| Untrusted search path vulnerability in Macroplant iExplorer 3.6.3.0 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse itunesmobiledevice.dll. | ||||
| CVE-2014-9601 | 4 Fedoraproject, Opensuse, Oracle and 1 more | 4 Fedora, Opensuse, Solaris and 1 more | 2025-04-12 | N/A |
| Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed. | ||||
| CVE-2014-9602 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-12 | N/A |
| libavcodec/xface.h in FFmpeg before 2.5.2 establishes certain digits and words array dimensions that do not satisfy a required mathematical relationship, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted X-Face image data. | ||||
| CVE-2014-9603 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-12 | N/A |
| The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before 2.5.2 does not validate the relationship between a certain length value and the frame width, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Sierra VMD video data. | ||||
| CVE-2014-9604 | 2 Canonical, Ffmpeg | 2 Ubuntu Linux, Ffmpeg | 2025-04-12 | N/A |
| libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restore_median and (2) restore_median_il functions. | ||||
| CVE-2014-9605 | 1 Netsweeper | 1 Netsweeper | 2025-04-12 | N/A |
| WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and create a system backup tarball, restart the server, or stop the filters on the server via a ' (single quote) character in the login and password parameters to webupgrade/webupgrade.php. NOTE: this was originally reported as an SQL injection vulnerability, but this may be inaccurate. | ||||
| CVE-2014-9620 | 2 File Project, Redhat | 2 File, Enterprise Linux | 2025-04-12 | N/A |
| The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes. | ||||