Export limit exceeded: 26295 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26295 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-6153 2 Apache, Redhat 13 Commons-httpclient, Developer Toolset, Jboss Bpms and 10 more 2025-04-12 N/A
http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5783.
CVE-2014-6130 1 Ibm 1 Notes Traveler 2025-04-12 N/A
The IBM Notes Traveler application before 9.0.1.3 for Android lacks a warning message during selection of an HTTP session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which the user had intended to use HTTPS.
CVE-2014-6134 1 Ibm 2 Installation Manager, Rational Clearcase 2025-04-12 N/A
IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local users to obtain sensitive information by leveraging access to the installation account.
CVE-2013-2598 1 Codeaurora 1 Android-msm 2025-04-12 N/A
app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to overwrite signature-verification code via crafted boot-image load-destination header values that specify memory locations within bootloader memory.
CVE-2014-6135 1 Ibm 2 Security Appscan, Security Appscan Source 2025-04-12 N/A
IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
CVE-2014-6138 1 Ibm 1 Websphere Datapower Xc10 Appliance Firmware 2025-04-12 N/A
The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to bypass intended grid-data access restrictions via unspecified vectors.
CVE-2013-2828 1 Osisoft 1 Pi Interface 2025-04-12 N/A
The DNP Master Driver in the OSIsoft PI Interface before 3.1.2.54 for DNP3 allows physically proximate attackers to cause a denial of service (interface shutdown) via crafted input over a serial line.
CVE-2015-2080 2 Eclipse, Fedoraproject 2 Jetty, Fedora 2025-04-12 N/A
The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.
CVE-2014-7284 1 Linux 1 Linux Kernel 2025-04-12 N/A
The net_get_random_once implementation in net/core/utils.c in the Linux kernel 3.13.x and 3.14.x before 3.14.5 on certain Intel processors does not perform the intended slow-path operation to initialize random seeds, which makes it easier for remote attackers to spoof or disrupt IP communication by leveraging the predictability of TCP sequence numbers, TCP and UDP port numbers, and IP ID values.
CVE-2014-4311 1 Epicor 1 Epicor Enterprise 2025-04-12 N/A
Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allows attackers to obtain the (1) Database Connection and (2) E-mail Connection passwords by reading HTML source code of the database connection and email settings page.
CVE-2014-4323 1 Linux 1 Linux Kernel 2025-04-12 N/A
The mdp_lut_hw_update function in drivers/video/msm/mdp.c in the MDP display driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain start and length values within an ioctl call, which allows attackers to gain privileges via a crafted application.
CVE-2013-3588 1 Zyxel 11 P-660h-61, P-660h-63, P-660h-67 and 8 more 2025-04-12 N/A
The web management interface on Zyxel P660 devices allows remote attackers to cause a denial of service (reboot) via a flood of TCP SYN packets.
CVE-2014-6147 1 Ibm 1 Flex System Manager 2025-04-12 N/A
IBM Flex System Manager (FSM) 1.1.x.x, 1.2.0.x, 1.2.1.x, 1.3.0.0, 1.3.1.0, and 1.3.2.0 allows local users to obtain sensitive information, and consequently gain privileges or conduct impersonation attacks, via unspecified vectors.
CVE-2014-6151 1 Ibm 1 Tivoli Integrated Portal 2025-04-12 N/A
CRLF injection vulnerability in IBM Tivoli Integrated Portal (TIP) 2.2.x allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
CVE-2014-8425 1 Arris 1 Vap2500 Firmware 2025-04-12 N/A
The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files.
CVE-2014-8553 1 Mantisbt 1 Mantisbt 2025-04-12 N/A
The mci_account_get_array_by_id function in api/soap/mc_account_api.php in MantisBT before 1.2.18 allows remote attackers to obtain sensitive information via a (1) mc_project_get_users, (2) mc_issue_get, (3) mc_filter_get_issues, or (4) mc_project_get_issues SOAP request.
CVE-2014-4620 2 Emc, Meditech 2 Networker, Meditech 2025-04-12 N/A
The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files.
CVE-2014-9462 2 Mercurial, Opensuse 2 Mercurial, Opensuse 2025-04-12 N/A
The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command.
CVE-2013-4250 1 Typo3 1 Typo3 2025-04-12 N/A
The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file.
CVE-2014-6290 1 News Project 1 News 2025-04-12 N/A
The News (tt_news) extension before 3.5.2 for TYPO3 allows remote attackers to have unspecified impact via vectors related to an "insecure unserialize" issue.