Export limit exceeded: 365308 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365308 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-3637 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2025-04-11 5.5 Medium
The m_stop function in fs/proc/task_mmu.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (OOPS) via vectors that trigger an m_start error.
CVE-2011-4249 1 Realnetworks 1 Realplayer 2025-04-11 N/A
Array index error in the RV30 codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2012-0768 7 Adobe, Apple, Google and 4 more 8 Flash Player, Flash Player For Android, Mac Os X and 5 more 2025-04-11 N/A
The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2012-1007 1 Apache 1 Struts 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
CVE-2012-1802 1 Siemens 10 Scalance X-300, Scalance X-300 Firmware, Scalance X-300eec and 7 more 2025-04-11 N/A
Buffer overflow in the embedded web server on the Siemens Scalance X Industrial Ethernet switch X414-3E before 3.7.1, X308-2M before 3.7.2, X-300EEC before 3.7.2, XR-300 before 3.7.2, and X-300 before 3.7.2 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a malformed URL.
CVE-2012-2694 4 Cloudforms Cloudengine, Redhat, Rhel Sam and 1 more 5 1, Openshift, 1.1 and 2 more 2025-04-11 N/A
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain "['xyz', nil]" values, a related issue to CVE-2012-2660.
CVE-2012-6584 1 Myrephp 1 Myre Realty Manager 2025-04-11 N/A
Multiple SQL injection vulnerabilities in MYRE Realty Manager allow remote attackers to execute arbitrary SQL commands via the bathrooms1 parameter to (1) demo2/search.php or (2) search.php.
CVE-2014-1673 1 Checkpoint 1 Session Authentication Agent 2025-04-11 N/A
Check Point Session Authentication Agent allows remote attackers to obtain sensitive information (user credentials) via unspecified vectors.
CVE-2014-1680 1 Bandisoft 1 Bandizip 2025-04-11 N/A
Untrusted search path vulnerability in Bandisoft Bandizip before 3.10 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory.
CVE-2014-1683 1 Skybluecanvas 1 Skybluecanvas 2025-04-11 N/A
The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) name, (2) email, (3) subject, or (4) message parameter to index.php.
CVE-2014-1694 1 Otrs 1 Otrs 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in (1) CustomerPreferences.pm, (2) CustomerTicketMessage.pm, (3) CustomerTicketProcess.pm, and (4) CustomerTicketZoom.pm in Kernel/Modules/ in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allow remote attackers to hijack the authentication of arbitrary users for requests that (5) create tickets or (6) send follow-ups to existing tickets.
CVE-2014-1696 1 Siemens 1 Simatic Wincc Open Architecture 2025-04-11 N/A
Siemens SIMATIC WinCC OA before 3.12 P002 January uses a weak hash algorithm for passwords, which makes it easier for remote attackers to obtain access via a brute-force attack.
CVE-2014-1697 1 Siemens 1 Simatic Wincc Open Architecture 2025-04-11 N/A
The integrated web server in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to execute arbitrary code via crafted packets to TCP port 4999.
CVE-2014-1698 1 Siemens 1 Simatic Wincc Open Architecture 2025-04-11 N/A
Directory traversal vulnerability in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to read arbitrary files via crafted packets to TCP port 4999.
CVE-2014-1699 1 Siemens 1 Simatic Wincc Open Architecture 2025-04-11 N/A
Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to cause a denial of service (monitoring-service outage) via malformed HTTP requests to port 4999.
CVE-2014-1833 1 Devscripts Devel Team 1 Devscripts 2025-04-11 N/A
Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink.
CVE-2014-1837 1 Stackideas 1 Komento 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the StackIdeas Komento (com_komento) component before 1.7.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors related to "checking new comments."
CVE-2014-1861 1 Jetroplatforms 1 Jetro Cockpit Secure Browsing 2025-04-11 N/A
The client in Jetro COCKPIT Secure Browsing (JCSB) 4.3.1 and 4.3.3 does not validate the FileName element in an RDP_FILE_TRANSFER document, which allows remote JCSB servers to execute arbitrary programs by providing a .EXE extension.
CVE-2014-1869 2 Redhat, Zeroclipboard Project 2 Openshift, Zeroclipboard 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters).
CVE-2014-1870 2 Apple, Opera 2 Mac Os X, Opera Browser 2025-04-11 N/A
Opera before 19 on Mac OS X allows user-assisted remote attackers to spoof the address bar via vectors involving a drag-and-drop operation.