Export limit exceeded: 364911 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364911 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-9682 | 1 Dns-sync Project | 1 Dns-sync | 2025-04-12 | N/A |
| The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function. | ||||
| CVE-2014-9683 | 3 Canonical, Linux, Redhat | 3 Ubuntu Linux, Linux Kernel, Enterprise Linux | 2025-04-12 | N/A |
| Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename. | ||||
| CVE-2014-9684 | 2 Openstack, Redhat | 2 Image Registry And Delivery Service \(glance\), Openstack | 2025-04-12 | N/A |
| OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881. | ||||
| CVE-2014-9685 | 1 Vanillaforums | 2 Vanilla, Vanilla Forums | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums before 2.0.18.13 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-9689 | 1 Google | 1 Chrome | 2025-04-12 | N/A |
| content/renderer/device_sensors/device_orientation_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate gyroscope data, which makes it easier for remote attackers to obtain speech signals from a device's physical environment via a crafted web site that listens for ondeviceorientation events, a different vulnerability than CVE-2015-1231. | ||||
| CVE-2014-9710 | 1 Linux | 1 Linux Kernel | 2025-04-12 | N/A |
| The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time window, related to a race condition, or (2) after an xattr-replacement attempt that fails because the data does not fit. | ||||
| CVE-2014-9712 | 1 Websense | 1 V-series Appliances | 2025-04-12 | N/A |
| Websense TRITON V-Series appliances before 7.8.3 Hotfix 03 and 7.8.4 before Hotfix 01 allow remote administrators to read arbitrary files and obtain passwords via a crafted path. | ||||
| CVE-2014-9709 | 6 Canonical, Debian, Libgd and 3 more | 7 Ubuntu Linux, Debian Linux, Libgd and 4 more | 2025-04-12 | N/A |
| The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function. | ||||
| CVE-2014-9707 | 1 Embedthis | 1 Goahead | 2025-04-12 | N/A |
| EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . (dot), which allows remote attackers to conduct directory traversal attacks, cause a denial of service (heap-based buffer overflow and crash), or possibly execute arbitrary code via a crafted URI. | ||||
| CVE-2014-9713 | 2 Debian, Openldap | 2 Debian Linux, Openldap | 2025-04-12 | N/A |
| The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors. | ||||
| CVE-2014-9714 | 1 Facebook | 1 Hiphop Virtual Machine | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the WddxPacket::recursiveAddVar function in HHVM (aka the HipHop Virtual Machine) before 3.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted string to the wddx_serialize_value function. | ||||
| CVE-2014-9716 | 1 Kogmbh | 1 Webodf | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in WebODF before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via a file name. | ||||
| CVE-2014-9717 | 1 Linux | 1 Linux Kernel | 2025-04-12 | N/A |
| fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allows local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace. | ||||
| CVE-2014-9718 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-12 | N/A |
| The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions. | ||||
| CVE-2015-0542 | 1 Emc | 1 Rsa Archer Egrc | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in EMC RSA Archer GRC 5.5 SP1 before P3 allow remote attackers to hijack the authentication of arbitrary users. | ||||
| CVE-2014-9721 | 1 Zeromq | 1 Zeromq | 2025-04-12 | N/A |
| libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header. | ||||
| CVE-2014-9728 | 1 Linux | 1 Linux Kernel | 2025-04-12 | N/A |
| The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c. | ||||
| CVE-2014-9729 | 1 Linux | 1 Linux Kernel | 2025-04-12 | N/A |
| The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a certain data-structure size consistency, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image. | ||||
| CVE-2014-9730 | 1 Linux | 1 Linux Kernel | 2025-04-12 | N/A |
| The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image. | ||||
| CVE-2014-9731 | 1 Linux | 1 Linux Kernel | 2025-04-12 | N/A |
| The UDF filesystem implementation in the Linux kernel before 3.18.2 does not ensure that space is available for storing a symlink target's name along with a trailing \0 character, which allows local users to obtain sensitive information via a crafted filesystem image, related to fs/udf/symlink.c and fs/udf/unicode.c. | ||||