Export limit exceeded: 24994 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24994 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-0857 | 1 Ibm | 1 Websphere Application Server | 2025-04-12 | N/A |
| The Administrative Console in IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote authenticated users to obtain sensitive information via a crafted request. | ||||
| CVE-2014-1209 | 1 Vmware | 1 Vsphere Client | 2025-04-12 | N/A |
| VMware vSphere Client 4.0, 4.1, 5.0 before Update 3, and 5.1 before Update 2 does not properly validate updates to Client files, which allows remote attackers to trigger the downloading and execution of an arbitrary program via unspecified vectors. | ||||
| CVE-2014-1255 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| Apple Type Services (ATS) in Apple OS X before 10.9.2 does not properly validate calls to the free function, which allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages. | ||||
| CVE-2014-1267 | 1 Apple | 2 Iphone Os, Tvos | 2025-04-12 | N/A |
| The Configuration Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 does not properly evaluate the expiration date of a mobile configuration profile, which allows attackers to bypass intended access restrictions by using a profile after the date has passed. | ||||
| CVE-2014-1271 | 1 Apple | 2 Iphone Os, Tvos | 2025-04-12 | N/A |
| CoreCapture in Apple iOS before 7.1 and Apple TV before 6.1 does not properly validate IOKit API calls, which allows attackers to cause a denial of service (assertion failure and device crash) via a crafted app. | ||||
| CVE-2014-1273 | 1 Apple | 2 Iphone Os, Tvos | 2025-04-12 | N/A |
| dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library. | ||||
| CVE-2014-1274 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| FaceTime in Apple iOS before 7.1 allows physically proximate attackers to obtain sensitive FaceTime contact information by using the lock screen for an invalid FaceTime call. | ||||
| CVE-2014-6197 | 1 Ibm | 5 Security Network Protection Xgs 3100, Security Network Protection Xgs 4100, Security Network Protection Xgs 5100 and 2 more | 2025-04-12 | N/A |
| IBM Security Network Protection 5.1.x and 5.2.x before 5.2.0.0 FP5 and 5.3.x before 5.3.0.0 FP1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | ||||
| CVE-2014-6209 | 1 Ibm | 1 Db2 | 2025-04-12 | N/A |
| IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying an identity column within a crafted ALTER TABLE statement. | ||||
| CVE-2014-6210 | 1 Ibm | 2 Db2, Db2 Connect | 2025-04-12 | N/A |
| IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying the same column within multiple ALTER TABLE statements. | ||||
| CVE-2014-6211 | 1 Ibm | 1 Websphere Commerce | 2025-04-12 | N/A |
| The command-line scripts in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 2 through 8, when debugging is configured, do not properly restrict the logging of personal data, which allows local users to obtain sensitive information by reading a log file. | ||||
| CVE-2014-6229 | 1 Facebook | 1 Hiphop Virtual Machine | 2025-04-12 | N/A |
| The HashContext class in hphp/runtime/ext/ext_hash.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 incorrectly expects that a certain key string uses '\0' for termination, which allows remote attackers to obtain sensitive information by leveraging read access beyond the end of the string, and makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging truncation of a string containing an internal '\0' character. | ||||
| CVE-2014-6230 | 1 Wp-ban Project | 1 Wp-ban | 2025-04-12 | N/A |
| WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For header. | ||||
| CVE-2014-6290 | 1 News Project | 1 News | 2025-04-12 | N/A |
| The News (tt_news) extension before 3.5.2 for TYPO3 allows remote attackers to have unspecified impact via vectors related to an "insecure unserialize" issue. | ||||
| CVE-2014-6304 | 1 Pnmsoft | 1 Sequence Kinetics | 2025-04-12 | N/A |
| The Form Controls CSS file in PNMsoft Sequence Kinetics before 7.7 allows remote attackers to obtain sensitive source-code information via unspecified vectors. | ||||
| CVE-2014-6322 | 1 Microsoft | 8 Windows 7, Windows 8, Windows 8.1 and 5 more | 2025-04-12 | N/A |
| The Windows Audio service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted web site, as demonstrated by execution of web script in Internet Explorer, aka "Windows Audio Service Vulnerability." | ||||
| CVE-2014-6323 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 7 through 11 allows remote attackers to obtain sensitive clipboard information via a crafted web site, aka "Internet Explorer Clipboard Information Disclosure Vulnerability." | ||||
| CVE-2014-6327 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-6329 and CVE-2014-6376. | ||||
| CVE-2014-6328 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka "Internet Explorer XSS Filter Bypass Vulnerability," a different vulnerability than CVE-2014-6365. | ||||
| CVE-2014-6336 | 1 Microsoft | 1 Exchange Server | 2025-04-12 | N/A |
| Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 does not properly validate redirection tokens, which allows remote attackers to redirect users to arbitrary web sites and spoof the origin of e-mail messages via unspecified vectors, aka "Exchange URL Redirection Vulnerability." | ||||