Export limit exceeded: 26340 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26340 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-2180 1 Cisco 2 Unified Contact Center Enterprise, Unified Contact Center Express Editor Software 2025-04-12 N/A
The Document Management component in Cisco Unified Contact Center Express does not properly validate a parameter, which allows remote authenticated users to upload files to arbitrary pathnames via a crafted HTTP request, aka Bug ID CSCun74133.
CVE-2014-2182 1 Cisco 1 Adaptive Security Appliance Software 2025-04-12 N/A
Cisco Adaptive Security Appliance (ASA) Software, when DHCPv6 replay is configured, allows remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 packet, aka Bug ID CSCun45520.
CVE-2014-2183 1 Cisco 9 Asr 1001, Asr 1002, Asr 1002-x and 6 more 2025-04-12 N/A
The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 routers allows remote authenticated users to cause a denial of service (ESP card reload) via a malformed L2TP packet, aka Bug ID CSCun09973.
CVE-2014-2184 1 Cisco 1 Unified Communications Manager 2025-04-12 N/A
The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCun74352.
CVE-2014-2185 1 Cisco 1 Unified Communications Manager 2025-04-12 N/A
The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374.
CVE-2014-2193 1 Cisco 1 Unified Web And E-mail Interaction Manager 2025-04-12 N/A
Cisco Unified Web and E-Mail Interaction Manager places session identifiers in GET requests, which allows remote attackers to inject conversation text by obtaining a valid identifier, aka Bug ID CSCuj43084.
CVE-2014-2194 1 Cisco 1 Unified Web And E-mail Interaction Manager 2025-04-12 N/A
system/egain/chat/entrypoint in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to have an unspecified impact by injecting a spoofed XML external entity.
CVE-2014-2195 1 Cisco 3 Asyncos, Content Security Management Appliance, Email Security Appliance Firmware 2025-04-12 N/A
Cisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA) devices, when Active Directory is enabled, does not properly handle group names, which allows remote attackers to gain role privileges by leveraging group-name similarity, aka Bug ID CSCum86085.
CVE-2014-2278 1 Seeddms 1 Seeddms 2025-04-12 N/A
Unrestricted file upload vulnerability in op/op.AddFile2.php in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension specified by the partitionIndex parameter and leveraging CVE-2014-2279.2 to access it via the directory specified by the fileId parameter.
CVE-2014-2288 1 Digium 1 Asterisk 2025-04-12 N/A
The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency "is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request," allows remote attackers to cause a denial of service (crash) via a PJSIP endpoint that does not have an associated outgoing request.
CVE-2014-2289 1 Digium 1 Asterisk 2025-04-12 N/A
res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference.
CVE-2014-2284 2 Net-snmp, Redhat 2 Net-snmp, Enterprise Linux 2025-04-12 N/A
The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors.
CVE-2014-2597 1 Remote-rac 1 Rac Server 2025-04-12 N/A
PCNetSoftware RAC Server 4.0.4 and 4.0.5 allows local users to cause a denial of service (disabled keyboard or crash) via a large input buffer to unspecified IOCTL requests in RACDriver.sys, which triggers a buffer over-read.
CVE-2014-2749 1 Sap 1 Hana 2025-04-12 N/A
The HANA ICM process in SAP HANA allows remote attackers to obtain the platform version, host name, instance number, and possibly other sensitive information via a malformed HTTP GET request.
CVE-2014-2714 1 Juniper 1 Junos 2025-04-12 N/A
The Enhanced Web Filtering (EWF) in Juniper Junos before 10.4R15, 11.4 before 11.4R9, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D10, and 12.1X46 before 12.1X46-D10, as used in the SRX Series services gateways, allows remote attackers to cause a denial of service (flow daemon crash and restart) via a crafted URL.
CVE-2015-1302 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and out_of_process_instance.cc.
CVE-2014-2744 2 Lightwitch, Prosody 2 Metronome, Prosody 2025-04-12 N/A
plugins/mod_compression.lua in (1) Prosody before 0.9.4 and (2) Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cause a denial of service (resource consumption) via compressed XML elements in an XMPP stream, aka an "xmppbomb" attack.
CVE-2014-3263 1 Cisco 1 Ios 2025-04-12 N/A
The ScanSafe module in Cisco IOS 15.3(3)M allows remote attackers to cause a denial of service (device reload) via HTTPS packets that require tower processing, aka Bug ID CSCum97038.
CVE-2014-2869 1 Paperthin 1 Commonspot Content Server 2025-04-12 N/A
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to obtain sensitive information via requests to unspecified URIs, as demonstrated by pathname, SQL server, e-mail address, and IP address information.
CVE-2014-2871 1 Paperthin 1 Commonspot Content Server 2025-04-12 N/A
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on an HTTP session for entering credentials on login pages, which allows remote attackers to obtain sensitive information by sniffing the network.