Export limit exceeded: 363169 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363169 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-2827 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2774, CVE-2014-2820, CVE-2014-2826, and CVE-2014-4063. | ||||
| CVE-2014-2828 | 2 Openstack, Redhat | 2 Keystone, Openstack | 2025-04-12 | N/A |
| The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka "authentication chaining." | ||||
| CVE-2014-2829 | 1 Erlang-solutions | 1 Mongooseim | 2025-04-12 | N/A |
| Erlang Solutions MongooseIM through 1.3.1 rev. 2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack. | ||||
| CVE-2014-2830 | 1 Debian | 1 Cifs-utils | 2025-04-12 | N/A |
| Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils before 6.4, as used in pam_cifscreds, allows remote attackers to have unspecified impact via unknown vectors. | ||||
| CVE-2014-2838 | 1 Dev4press | 1 Gd Star Rating | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the GD Star Rating plugin 19.22 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct (1) SQL injection attacks via the s parameter in the gd-star-rating-stats page to wp-admin/admin.php or (2) cross-site scripting (XSS) attacks via unspecified vectors. | ||||
| CVE-2014-2839 | 1 Dev4press | 1 Gd Star Rating | 2025-04-12 | N/A |
| SQL injection vulnerability in the GD Star Rating plugin 19.22 for WordPress allows remote administrators to execute arbitrary SQL commands via the s parameter in the gd-star-rating-stats page to wp-admin/admin.php. | ||||
| CVE-2014-2842 | 1 Juniper | 1 Screenos | 2025-04-12 | N/A |
| Juniper ScreenOS 6.3 and earlier allows remote attackers to cause a denial of service (crash and restart or failover) via a malformed SSL/TLS packet. | ||||
| CVE-2014-2844 | 1 F-secure | 1 Secure Messaging Secure Gateway | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in F-Secure Messaging Secure Gateway 7.5.0 before Patch 1862 allows remote authenticated administrators to inject arbitrary web script or HTML via the new parameter in the SysUser module to admin. | ||||
| CVE-2014-2846 | 1 Westerndigital | 1 Arkeia Virtual Appliance Firmware | 2025-04-12 | N/A |
| Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang Cookie parameter, as demonstrated by a request to login/doLogin. | ||||
| CVE-2014-2847 | 1 Construtiva | 1 Cis Manager Cms | 2025-04-12 | N/A |
| SQL injection vulnerability in default.asp in CIS Manager CMS allows remote attackers to execute arbitrary SQL commands via the TroncoID parameter. | ||||
| CVE-2014-2848 | 1 Tenable | 2 Nessus, Plugin-set | 2025-04-12 | N/A |
| A race condition in the wmi_malware_scan.nbin plugin before 201402262215 for Nessus 5.2.1 allows local users to gain privileges by replacing the dissolvable agent executable in the Windows temp directory with a Trojan horse program. | ||||
| CVE-2014-2849 | 1 Sophos | 2 Web Appliance, Web Appliance Firmware | 2025-04-12 | N/A |
| The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request. | ||||
| CVE-2014-2850 | 1 Sophos | 2 Web Appliance, Web Appliance Firmware | 2025-04-12 | N/A |
| The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter. | ||||
| CVE-2014-2851 | 3 Debian, Linux, Redhat | 5 Debian Linux, Linux Kernel, Enterprise Linux and 2 more | 2025-04-12 | N/A |
| Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter. | ||||
| CVE-2014-2852 | 1 Openafs | 1 Openafs | 2025-04-12 | N/A |
| OpenAFS before 1.6.7 delays the listen thread when an RXS_CheckResponse fails, which allows remote attackers to cause a denial of service (performance degradation) via an invalid packet. | ||||
| CVE-2014-2854 | 1 Semantictitle Project | 1 Semantictitle | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the SemanticTitle extension before 1.1.0 for MediaWiki allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-2855 | 1 Samba | 1 Rsync | 2025-04-12 | N/A |
| The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file. | ||||
| CVE-2014-2856 | 2 Apple, Redhat | 2 Cups, Enterprise Linux | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function. | ||||
| CVE-2014-2857 | 1 Gopivotal | 2 Grails, Grails-resources | 2025-04-12 | N/A |
| The default configuration of the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 does not properly restrict access to files in the META-INF directory, which allows remote attackers to obtain sensitive information via a direct request. NOTE: this issue was SPLIT from CVE-2014-0053 due to different researchers per ADT5. | ||||
| CVE-2014-2858 | 1 Gopivotal | 2 Grails, Grails-resources | 2025-04-12 | N/A |
| Directory traversal vulnerability in the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 allows remote attackers to obtain sensitive information via unspecified vectors related to a "configured block." NOTE: this issue was SPLIT from CVE-2014-0053 per ADT2 due to different vulnerability types. | ||||