Export limit exceeded: 363527 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363527 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-1444 1 Linux 1 Linux Kernel 2025-04-11 N/A
The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call.
CVE-2014-1445 1 Linux 1 Linux Kernel 2025-04-11 N/A
The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call.
CVE-2014-1446 1 Linux 1 Linux Kernel 2025-04-11 N/A
The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call.
CVE-2014-1447 1 Redhat 2 Enterprise Linux, Libvirt 2025-04-11 N/A
Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent.
CVE-2014-1452 1 Freebsd 1 Freebsd 2025-04-11 N/A
Stack-based buffer overflow in lib/snmpagent.c in bsnmpd, as used in FreeBSD 8.3 through 10.0, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted GETBULK PDU request.
CVE-2014-1472 1 Mcafee 1 Vulnerability Manager 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-1458 1 Fortinet 1 Fortiweb 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the web administration interface in FortiGuard FortiWeb 5.0.3 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-1459 1 Doorgets 1 Doorgets Cms 2025-04-11 N/A
SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the _position_down_id parameter. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
CVE-2014-1466 1 Csp Mysql User Manager Project 1 Csp Mysql User Manager 2025-04-11 N/A
SQL injection vulnerability in CSP MySQL User Manager 2.3 allows remote attackers to execute arbitrary SQL commands via the login field of the login page.
CVE-2014-1467 1 Blackberry 4 Blackberry Enterprise Service, Blackberry Universal Device Service, Enterprise Server and 1 more 2025-04-11 N/A
BlackBerry Enterprise Service 10 before 10.2.1, Universal Device Service 6, Enterprise Server Express for Domino through 5.0.4, Enterprise Server Express for Exchange through 5.0.4, Enterprise Server for Domino through 5.0.4 MR6, Enterprise Server for Exchange through 5.0.4 MR6, and Enterprise Server for GroupWise through 5.0.4 MR6 log cleartext credentials during exception handling, which might allow context-dependent attackers to obtain sensitive information by reading a log file.
CVE-2014-1471 1 Otrs 1 Otrs 2025-04-11 N/A
SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows remote attackers to execute arbitrary SQL commands via vectors related to a ticket search URL.
CVE-2014-1473 1 Mcafee 1 Vulnerability Manager 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to hijack the authentication of users for requests that modify HTML via unspecified vectors related to the "response web page."
CVE-2014-1475 1 Drupal 1 Drupal 2025-04-11 N/A
The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows remote OpenID users to authenticate as other users via unspecified vectors.
CVE-2014-1476 1 Drupal 1 Drupal 2025-04-11 N/A
The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earlier version of Drupal, does not properly restrict access to unpublished content, which allows remote authenticated users to obtain sensitive information via a listing page.
CVE-2014-1478 4 Canonical, Mozilla, Opensuse and 1 more 5 Ubuntu Linux, Firefox, Seamonkey and 2 more 2025-04-11 N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the MPostWriteBarrier class in js/src/jit/MIR.h and stack alignment in js/src/jit/AsmJS.cpp in OdinMonkey, and unknown other vectors.
CVE-2014-1480 5 Canonical, Mozilla, Opensuse and 2 more 8 Ubuntu Linux, Firefox, Seamonkey and 5 more 2025-04-11 N/A
The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site.
CVE-2014-1483 5 Canonical, Mozilla, Opensuse and 2 more 8 Ubuntu Linux, Firefox, Seamonkey and 5 more 2025-04-11 N/A
Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functions.
CVE-2014-1484 6 Google, Mozilla, Opensuse and 3 more 8 Android, Firefox, Opensuse and 5 more 2025-04-11 N/A
Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application.
CVE-2014-1485 5 Canonical, Mozilla, Opensuse and 2 more 8 Ubuntu Linux, Firefox, Seamonkey and 5 more 2025-04-11 N/A
The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions.
CVE-2014-1488 5 Canonical, Mozilla, Opensuse and 2 more 8 Ubuntu Linux, Firefox, Seamonkey and 5 more 2025-04-11 N/A
The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js.