Export limit exceeded: 364840 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 26340 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (26340 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-0040 | 1 Redhat | 1 Openstack | 2025-04-12 | N/A |
| OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, uses an HTTP connection to download (1) packages and (2) signing keys from Yum repositories, which allows man-in-the-middle attackers to prevent updates via unspecified vectors. | ||||
| CVE-2014-8415 | 1 Digium | 1 Asterisk | 2025-04-12 | N/A |
| Race condition in the chan_pjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a cancel request for a SIP session with a queued action to (1) answer a session or (2) send ringing. | ||||
| CVE-2014-0066 | 2 Postgresql, Redhat | 4 Postgresql, Cloudforms Managementengine, Enterprise Linux and 1 more | 2025-04-12 | N/A |
| The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors. | ||||
| CVE-2014-0079 | 1 Zarafa | 1 Zarafa | 2025-04-12 | N/A |
| The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the password." | ||||
| CVE-2014-0095 | 1 Apache | 1 Tomcat | 2025-04-12 | N/A |
| java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a "Content-Length: 0" AJP request to trigger a hang in request processing. | ||||
| CVE-2014-0106 | 3 Apple, Redhat, Todd Miller | 3 Mac Os X, Enterprise Linux, Sudo | 2025-04-12 | N/A |
| Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable. | ||||
| CVE-2014-0128 | 3 Opensuse, Redhat, Squid-cache | 3 Opensuse, Enterprise Linux, Squid | 2025-04-12 | N/A |
| Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management. | ||||
| CVE-2014-8416 | 1 Digium | 1 Asterisk | 2025-04-12 | N/A |
| Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the res_pjsip_refer module, allows remote attackers to cause a denial of service (crash) via an in-dialog INVITE with Replaces message, which triggers the channel to be hung up. | ||||
| CVE-2014-0476 | 2 Canonical, Chkrootkit | 2 Ubuntu Linux, Chkrootkit | 2025-04-12 | N/A |
| The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option. | ||||
| CVE-2014-0478 | 1 Debian | 1 Advanced Package Tool | 2025-04-12 | N/A |
| APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature. | ||||
| CVE-2014-0521 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2025-04-12 | N/A |
| Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X do not properly implement JavaScript APIs, which allows remote attackers to obtain sensitive information via a crafted PDF document. | ||||
| CVE-2014-0600 | 1 Novell | 1 Groupwise | 2025-04-12 | N/A |
| FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287. | ||||
| CVE-2014-0896 | 1 Ibm | 1 Websphere Application Server | 2025-04-12 | N/A |
| IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information via a crafted request. | ||||
| CVE-2014-1255 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| Apple Type Services (ATS) in Apple OS X before 10.9.2 does not properly validate calls to the free function, which allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages. | ||||
| CVE-2014-1580 | 1 Mozilla | 1 Firefox | 2025-04-12 | N/A |
| Mozilla Firefox before 33.0 does not properly initialize memory for GIF images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers a sequence of rendering operations for truncated GIF data within a CANVAS element. | ||||
| CVE-2014-1591 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-12 | N/A |
| Mozilla Firefox 33.0 and SeaMonkey before 2.31 include path strings in CSP violation reports, which allows remote attackers to obtain sensitive information via a web site that receives a report after a redirect. | ||||
| CVE-2014-1714 | 4 Apple, Google, Linux and 1 more | 4 Mac Os X, Chrome, Linux Kernel and 1 more | 2025-04-12 | N/A |
| The ScopedClipboardWriter::WritePickledData function in ui/base/clipboard/scoped_clipboard_writer.cc in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows does not verify a certain format value, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the clipboard. | ||||
| CVE-2014-1777 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 10 and 11 allows remote attackers to read local files on the client via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." | ||||
| CVE-2014-1723 | 1 Google | 1 Chrome | 2025-04-12 | N/A |
| The UnescapeURLWithOffsetsImpl function in net/base/escape.cc in Google Chrome before 34.0.1847.116 does not properly handle bidirectional Internationalized Resource Identifiers (IRIs), which makes it easier for remote attackers to spoof URLs via crafted use of right-to-left (RTL) Unicode text. | ||||
| CVE-2014-1738 | 5 Debian, Linux, Oracle and 2 more | 12 Debian Linux, Linux Kernel, Linux and 9 more | 2025-04-12 | N/A |
| The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device. | ||||