Export limit exceeded: 25144 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25144 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-4826 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-12 | N/A |
| IBM Security QRadar SIEM 7.2 before 7.2.3 Patch 1 does not properly handle SSH connections, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. | ||||
| CVE-2014-4828 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-12 | N/A |
| IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote attackers to conduct clickjacking attacks via a crafted HTTP request. | ||||
| CVE-2014-4835 | 1 Ibm | 3 Serverguide, Toolscenter Suite, Updatexpress System Packs Installer | 2025-04-12 | N/A |
| IBM ServerGuide before 9.63, UpdateXpress System Packs Installer (UXSPI) before 9.63, and ToolsCenter Suite before 9.63 place credentials in logs, which allows local users to obtain sensitive information by reading a file. | ||||
| CVE-2014-4840 | 1 Ibm | 1 Tririga Application Platform | 2025-04-12 | N/A |
| IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote attackers to execute arbitrary code via a crafted URL. | ||||
| CVE-2014-4876 | 1 Toshiba | 1 4690 Operating System | 2025-04-12 | N/A |
| Toshiba 4690 Operating System 6 Release 3, when the ADXSITCF logical name is not properly restricted, allows remote attackers to read potentially sensitive system environment variables via a crafted request to TCP port 54138. | ||||
| CVE-2016-4324 | 3 Canonical, Debian, Libreoffice | 3 Ubuntu Linux, Debian Linux, Libreoffice | 2025-04-12 | N/A |
| Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens. | ||||
| CVE-2014-4973 | 1 Eset | 2 Endpoint Security, Smart Security | 2025-04-12 | N/A |
| The ESET Personal Firewall NDIS filter (EpFwNdis.sys) driver in the Firewall Module Build 1183 (20140214) and earlier in ESET Smart Security and ESET Endpoint Security products 5.0 through 7.0 allows local users to gain privileges via a crafted argument to a 0x830020CC IOCTL call. | ||||
| CVE-2014-4974 | 1 Eset | 1 Personal Firewall Ndis Filter | 2025-04-12 | N/A |
| The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel memory via crafted IOCTL calls. | ||||
| CVE-2014-5447 | 1 Zarafa | 2 Webapp, Zarafa | 2025-04-12 | N/A |
| Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103. | ||||
| CVE-2014-5448 | 1 Zarafa | 1 Zarafa | 2025-04-12 | N/A |
| Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files. | ||||
| CVE-2014-5449 | 1 Zarafa | 2 Webaccess, Webapp | 2025-04-12 | N/A |
| Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data. | ||||
| CVE-2014-5460 | 1 Tribulant | 1 Tibulant Slideshow Gallery | 2025-04-12 | N/A |
| Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/. | ||||
| CVE-2014-6336 | 1 Microsoft | 1 Exchange Server | 2025-04-12 | N/A |
| Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 does not properly validate redirection tokens, which allows remote attackers to redirect users to arbitrary web sites and spoof the origin of e-mail messages via unspecified vectors, aka "Exchange URL Redirection Vulnerability." | ||||
| CVE-2014-6346 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 8 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability." | ||||
| CVE-2014-6365 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka "Internet Explorer XSS Filter Bypass Vulnerability," a different vulnerability than CVE-2014-6328. | ||||
| CVE-2014-6373 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | ||||
| CVE-2014-6381 | 1 Juniper | 3 Mobile System Software, Ringmaster, Smartpass | 2025-04-12 | N/A |
| Juniper WLC devices with WLAN Software releases 8.0.x before 8.0.4, 9.0.x before 9.0.2.11, 9.0.3.x before 9.0.3.5, and 9.1.x before 9.1.1, when "Proxy ARP" or "No Broadcast" features are enabled in a clustered setup, allows remote attackers to cause a denial of service (device disconnect) via unspecified vectors. | ||||
| CVE-2014-6382 | 1 Juniper | 11 Junos, Mx10, Mx104 and 8 more | 2025-04-12 | N/A |
| The Juniper MX Series routers with Junos 13.3R3 through 13.3Rx before 13.3R6, 14.1 before 14.1R4, 14.1X50 before 14.1X50-D70, and 14.2 before 14.2R2, when configured as a broadband edge (BBE) router, allows remote attackers to cause a denial of service (jpppd crash and restart) by sending a crafted PAP Authenticate-Request after the PPPoE Discovery and LCP phase are complete. | ||||
| CVE-2014-6429 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2025-04-12 | N/A |
| The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | ||||
| CVE-2014-6609 | 1 Digium | 1 Asterisk | 2025-04-12 | N/A |
| The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package. | ||||