Export limit exceeded: 363308 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363308 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-2200 1 Cisco 5 Nexus 7000, Nexus 7000 10-slot, Nexus 7000 18-slot and 2 more 2025-04-12 N/A
Cisco NX-OS 5.0 before 5.0(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via an SSH session to a management interface, aka Bug ID CSCti11629.
CVE-2014-2201 1 Cisco 7 Mds 9000, Mds 9100, Nexus 7000 and 4 more 2025-04-12 N/A
The Message Transfer Service (MTS) in Cisco NX-OS before 6.2(7) on MDS 9000 devices and 6.0 before 6.0(2) on Nexus 7000 devices allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a large volume of crafted traffic, aka Bug ID CSCtw98915.
CVE-2014-2205 1 Mcafee 1 Epolicy Orchestrator 2025-04-12 N/A
The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) before 4.6.7 Hotfix 940148 allows remote authenticated users with permissions to add dashboards to read arbitrary files by importing a crafted XML file, related to an XML External Entity (XXE) issue.
CVE-2014-2206 1 Getgosoft 1 Getgo Download Manager 2025-04-12 N/A
Stack-based buffer overflow in GetGo Download Manager 4.9.0.1982, 4.8.2.1346, 4.4.5.502, and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long HTTP Response Header.
CVE-2014-2208 1 Facebook 1 Hiphop Virtual Machine 2025-04-12 N/A
CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbitrary commands by entering a \n (newline) character before the end of a string.
CVE-2014-2209 1 Facebook 1 Hiphop Virtual Machine 2025-04-12 N/A
Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory.
CVE-2014-2211 1 Posh Project 1 Posh 2025-04-12 N/A
SQL injection vulnerability in portal/addtoapplication.php in POSH (aka Posh portal or Portaneo) 3.0 before 3.3.0 allows remote attackers to execute arbitrary SQL commands via the rssurl parameter.
CVE-2014-2212 1 Posh Project 1 Posh 2025-04-12 N/A
The remember me feature in portal/scr_authentif.php in POSH (aka Posh portal or Portaneo) 3.0, 3.2.1, 3.3.0, and earlier stores the username and MD5 digest of the password in cleartext in a cookie, which allows attackers to obtain sensitive information by reading this cookie.
CVE-2014-2216 1 Fortinet 1 Fortios 2025-04-12 N/A
The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.0.0 before 5.0.8 on FortiGate devices allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted request.
CVE-2014-3273 1 Cisco 1 Ios 2025-04-12 N/A
The LLDP implementation in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a malformed packet, aka Bug ID CSCum96282.
CVE-2014-2219 1 Cmsimple 1 Cmsimple Classic 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in whizzywig/wb.php in CMSimple Classic 3.54 and earlier, possibly as downloaded before February 26, 2014, allows remote attackers to inject arbitrary web script or HTML via the d parameter.
CVE-2014-2223 1 Plogger 1 Plogger 2025-04-12 N/A
Unrestricted file upload vulnerability in plog-admin/plog-upload.php in Plogger 1.0 RC1 and earlier allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file and a non-zero length PNG file, then accessing the PHP file via a direct request to it in plog-content/uploads/archive/.
CVE-2014-2224 1 Plogger 1 Plogger 2025-04-12 N/A
Plogger 1.0 RC1 and earlier, when the Lucid theme is used, does not assign new values for certain codes, which makes it easier for remote attackers to bypass the CAPTCHA protection mechanism via a series of form submissions.
CVE-2014-2226 1 Ui 1 Unifi Controller 2025-04-12 N/A
Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
CVE-2014-2227 1 Ui 1 Unifi Video 2025-04-12 N/A
The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file.
CVE-2014-2253 1 Siemens 1 Simatic S7-1500 Cpu Firmware 2025-04-12 N/A
Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted Profinet packets.
CVE-2014-2230 1 Openx 1 Openx 2025-04-12 N/A
Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php.
CVE-2014-2231 1 I-doit 1 I-doit 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the API in synetics i-doit pro before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via a property title.
CVE-2014-2232 1 Infoware 1 Mapsuite 2025-04-12 N/A
Absolute path traversal vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2014-2233 1 Infoware 1 Mapsuite 2025-04-12 N/A
Server-side request forgery (SSRF) vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to trigger requests to intranet servers via unspecified vectors.