Export limit exceeded: 363299 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363299 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-0956 | 1 Ibm | 1 Websphere Portal | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in googlemap.jsp in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-0957 | 1 Ibm | 2 Business Process Manager, Websphere Application Server | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Business Process Manager 7.5 through 8.5.5, and WebSphere Lombardi Edition 7.2, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a service failure. | ||||
| CVE-2014-0958 | 1 Ibm | 1 Websphere Portal | 2025-04-12 | N/A |
| Open redirect vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||
| CVE-2014-0959 | 1 Ibm | 1 Websphere Portal | 2025-04-12 | N/A |
| IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote authenticated users to cause a denial of service (infinite loop) via a login redirect. | ||||
| CVE-2014-0960 | 1 Ibm | 1 Pureapplication System | 2025-04-12 | N/A |
| IBM PureApplication System 1.0 before 1.0.0.4 cfix8 and 1.1 before 1.1.0.4 IF1 allows remote authenticated users to bypass intended access restrictions by establishing an SSH session from a deployed virtual machine. | ||||
| CVE-2014-0961 | 1 Ibm | 2 Security Identity Manager, Tivoli Identity Manager | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity Manager (ITIM) 5.0 before 5.0.0.15 and 5.1 before 5.1.0.15 and IBM Security Identity Manager (ISIM) 6.0 before 6.0.0.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | ||||
| CVE-2014-0963 | 1 Ibm | 2 Security Access Manager For Web Appliance, Security Access Manager For Web Software | 2025-04-12 | N/A |
| The Reverse Proxy feature in IBM Global Security Kit (aka GSKit) in IBM Security Access Manager (ISAM) for Web 7.0 before 7.0.0-ISS-SAM-IF0006 and 8.0 before 8.0.0.3-ISS-WGA-IF0002 allows remote attackers to cause a denial of service (infinite loop) via crafted SSL messages. | ||||
| CVE-2014-0964 | 1 Ibm | 1 Websphere Application Server | 2025-04-12 | N/A |
| IBM WebSphere Application Server (WAS) 6.1.0.0 through 6.1.0.47 and 6.0.2.0 through 6.0.2.43 allows remote attackers to cause a denial of service via crafted TLS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool. | ||||
| CVE-2014-0965 | 1 Ibm | 1 Websphere Application Server | 2025-04-12 | N/A |
| IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted SOAP response. | ||||
| CVE-2014-0966 | 1 Ibm | 2 Infosphere Master Data Management, Infosphere Master Data Management Server For Product Information Management | 2025-04-12 | N/A |
| SQL injection vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x through 11.x before 11.3-IF2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2014-0967 | 1 Ibm | 2 Infosphere Master Data Management Collaboration Server, Infosphere Master Data Management Server For Product Information Management | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2014-0968 | 1 Ibm | 2 Infosphere Master Data Management Collaboration Server, Infosphere Master Data Management Server For Product Information Management | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL for an MHTML document. | ||||
| CVE-2014-0969 | 1 Ibm | 2 Infosphere Master Data Management, Infosphere Master Data Management Server For Product Information Management | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x through 11.x before 11.3-IF2 allows remote authenticated users to hijack the authentication of arbitrary users. | ||||
| CVE-2014-0970 | 1 Ibm | 2 Infosphere Master Data Management Collaboration Server, Infosphere Master Data Management Server For Product Information Management | 2025-04-12 | N/A |
| The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to inject links via unspecified vectors. | ||||
| CVE-2014-0972 | 1 Codeaurora | 1 Android-msm | 2025-04-12 | N/A |
| The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly prevent write access to IOMMU context registers, which allows local users to select a custom page table, and consequently write to arbitrary memory locations, by using a crafted GPU command stream to modify the contents of a certain register. | ||||
| CVE-2014-0973 | 1 Little Kernel Project | 1 Little Kernel Bootloader | 2025-04-12 | N/A |
| The image_verify function in platform/msm_shared/image_verify.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not check whether a certain digest size is consistent with the RSA_public_decrypt API specification, which makes it easier for attackers to bypass boot-image authentication requirements via trailing data. | ||||
| CVE-2014-0974 | 1 Little Kernel Project | 1 Little Kernel Bootloader | 2025-04-12 | N/A |
| The boot_linux_from_mmc function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate a certain address value, which allows attackers to write data to a controllable memory location by leveraging the ability to initiate an attempted boot of an arbitrary image. | ||||
| CVE-2014-0989 | 1 Advantech | 1 Advantech Webaccess | 2025-04-12 | N/A |
| Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode2 parameter. | ||||
| CVE-2014-0981 | 1 Oracle | 1 Vm Virtualbox | 2025-04-12 | N/A |
| VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption. NOTE: this issue was MERGED with CVE-2014-0982 because it is the same type of vulnerability affecting the same set of versions. All CVE users should reference CVE-2014-0981 instead of CVE-2014-0982. | ||||
| CVE-2014-0983 | 1 Oracle | 1 Vm Virtualbox | 2025-04-12 | N/A |
| Multiple array index errors in programs that are automatically generated by VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8, when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server via certain CR_MESSAGE_OPCODES messages with a crafted index, which are not properly handled by the (1) CR_VERTEXATTRIB4NUBARB_OPCODE to the crServerDispatchVertexAttrib4NubARB function, (2) CR_VERTEXATTRIB1DARB_OPCODE to the crServerDispatchVertexAttrib1dARB function, (3) CR_VERTEXATTRIB1FARB_OPCODE to the crServerDispatchVertexAttrib1fARB function, (4) CR_VERTEXATTRIB1SARB_OPCODE to the crServerDispatchVertexAttrib1sARB function, (5) CR_VERTEXATTRIB2DARB_OPCODE to the crServerDispatchVertexAttrib2dARB function, (6) CR_VERTEXATTRIB2FARB_OPCODE to the crServerDispatchVertexAttrib2fARB function, (7) CR_VERTEXATTRIB2SARB_OPCODE to the crServerDispatchVertexAttrib2sARB function, (8) CR_VERTEXATTRIB3DARB_OPCODE to the crServerDispatchVertexAttrib3dARB function, (9) CR_VERTEXATTRIB3FARB_OPCODE to the crServerDispatchVertexAttrib3fARB function, (10) CR_VERTEXATTRIB3SARB_OPCODE to the crServerDispatchVertexAttrib3sARB function, (11) CR_VERTEXATTRIB4DARB_OPCODE to the crServerDispatchVertexAttrib4dARB function, (12) CR_VERTEXATTRIB4FARB_OPCODE to the crServerDispatchVertexAttrib4fARB function, and (13) CR_VERTEXATTRIB4SARB_OPCODE to the crServerDispatchVertexAttrib4sARB function. | ||||