Export limit exceeded: 363701 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363701 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363701 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-1837 | 1 Stackideas | 1 Komento | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the StackIdeas Komento (com_komento) component before 1.7.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors related to "checking new comments." | ||||
| CVE-2014-1861 | 1 Jetroplatforms | 1 Jetro Cockpit Secure Browsing | 2025-04-11 | N/A |
| The client in Jetro COCKPIT Secure Browsing (JCSB) 4.3.1 and 4.3.3 does not validate the FileName element in an RDP_FILE_TRANSFER document, which allows remote JCSB servers to execute arbitrary programs by providing a .EXE extension. | ||||
| CVE-2014-1869 | 2 Redhat, Zeroclipboard Project | 2 Openshift, Zeroclipboard | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters). | ||||
| CVE-2014-1870 | 2 Apple, Opera | 2 Mac Os X, Opera Browser | 2025-04-11 | N/A |
| Opera before 19 on Mac OS X allows user-assisted remote attackers to spoof the address bar via vectors involving a drag-and-drop operation. | ||||
| CVE-2014-1876 | 2 Oracle, Redhat | 5 Openjdk, Enterprise Linux, Network Satellite and 2 more | 2025-04-11 | N/A |
| The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log. | ||||
| CVE-2014-1879 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action. | ||||
| CVE-2014-1962 | 1 Sap | 1 Customer Relationship Management | 2025-04-11 | N/A |
| Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue. | ||||
| CVE-2014-1963 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allows remote attackers to cause a denial of service via unknown attack vectors. | ||||
| CVE-2014-1903 | 2 Freepbx, Sangoma | 2 Freepbx, Freepbx | 2025-04-11 | N/A |
| admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php. | ||||
| CVE-2014-1910 | 1 Citrix | 2 Sharefile Mobile, Sharefile Mobile For Tablets | 2025-04-11 | N/A |
| Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2.4.4 for Android do not verify X.509 certificates from SSL servers, which allow man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-1914 | 1 Doug Poulin | 1 Command School Student Management System | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to inject arbitrary web script or HTML via the (1) topic parameter to sw/add_topic.php or (2) nick parameter to sw/chat/message.php. | ||||
| CVE-2014-1915 | 1 Doug Poulin | 1 Command School Student Management System | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to hijack the authentication of (1) administrators for requests that change the administrator password via an update action to sw/admin_change_password.php or (2) unspecified victims for requests that add a topic or blog entry to sw/add_topic.php. NOTE: vector 2 can be leveraged to bypass the authentication requirements for exploiting vector 1 in CVE-2014-1914. | ||||
| CVE-2014-1916 | 1 Light Speed Gaming | 2 Mumble, Mumblekit | 2025-04-11 | N/A |
| The (1) opus_packet_get_nb_frames and (2) opus_packet_get_samples_per_frame functions in the client in MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d and Mumble for iOS 1.1 through 1.2.2 do not properly check the return value of the copyDataBlock method, which allow remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted length prefix value in an Opus voice packet. | ||||
| CVE-2014-1921 | 1 Parcimonie Project | 1 Parcimonie | 2025-04-11 | N/A |
| parcimonie before 0.8.1, when using a large keyring, sleeps for the same amount of time between fetches, which allows attackers to correlate key fetches via unspecified vectors. | ||||
| CVE-2014-1930 | 1 Visibility Software | 1 Cyber Recruiter | 2025-04-11 | N/A |
| Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to (1) AppSelfService.aspx and (2) AgencyPortal.aspx in the browser history, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation. | ||||
| CVE-2014-1931 | 1 Visibility Software | 1 Cyber Recruiter | 2025-04-11 | N/A |
| The user login page in Visibility Software Cyber Recruiter before 8.1.00 generates different responses for invalid password-retrieval attempts depending on which data elements are incorrect, which might allow remote attackers to obtain account-related information via a series of requests. | ||||
| CVE-2014-1943 | 5 Canonical, Debian, Fine Free File Project and 2 more | 6 Ubuntu Linux, Debian Linux, Fine Free File and 3 more | 2025-04-11 | N/A |
| Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file. | ||||
| CVE-2014-1948 | 2 Openstack, Redhat | 2 Image Registry And Delivery Service \(glance\), Openstack | 2025-04-11 | N/A |
| OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log. | ||||
| CVE-2014-1950 | 1 Xen | 1 Xen | 2025-04-11 | N/A |
| Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xc_cpumap_alloc function, which allows local users with access to management functions to cause a denial of service (heap corruption) and possibly gain privileges via unspecified vectors. | ||||
| CVE-2014-1960 | 1 Sap | 2 Netweaver, Netweaver Solution Manager | 2025-04-11 | N/A |
| The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors. | ||||