Export limit exceeded: 74959 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74959 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-8140 | 2 Redhat, Unzip Project | 8 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more | 2024-11-21 | 7.8 High |
| Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. | ||||
| CVE-2014-8139 | 2 Redhat, Unzip Project | 8 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more | 2024-11-21 | 7.8 High |
| Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. | ||||
| CVE-2014-8126 | 2 Redhat, Wisc | 2 Enterprise Mrg, Htcondor | 2024-11-21 | 8.8 High |
| The scheduler in HTCondor before 8.2.6 allows remote authenticated users to execute arbitrary code. | ||||
| CVE-2014-7914 | 1 Google | 1 Android | 2024-11-21 | 8.1 High |
| btif/src/btif_dm.c in Android before 5.1 does not properly enforce the temporary nature of a Bluetooth pairing, which allows user-assisted remote attackers to bypass intended access restrictions via crafted Bluetooth packets after the tapping of a crafted NFC tag. | ||||
| CVE-2014-7863 | 1 Zohocorp | 3 Manageengine Applications Manager, Manageengine It360, Manageengine Opmanager | 2024-11-21 | 7.5 High |
| The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, OpManager 8 through 11.5 build 11400, and IT360 10.5 and earlier does not properly restrict access, which allows remote attackers and remote authenticated users to (1) read arbitrary files via the fileName parameter in a copyfile operation or (2) obtain sensitive information via a directory listing in a listdirectory operation to servlet/FailOverHelperServlet. | ||||
| CVE-2014-7844 | 3 Bsd Mailx Project, Debian, Redhat | 9 Bsd Mailx, Debian Linux, Enterprise Linux and 6 more | 2024-11-21 | 7.8 High |
| BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address. | ||||
| CVE-2014-7303 | 1 Hp | 1 Sgi Tempo | 2024-11-21 | 7.8 High |
| SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading etc/dbdump.db. | ||||
| CVE-2014-7302 | 1 Hp | 1 Sgi Tempo | 2024-11-21 | 7.8 High |
| SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to change the permissions of arbitrary files by executing /opt/sgi/sgimc/bin/vx. | ||||
| CVE-2014-7224 | 1 Google | 1 Android | 2024-11-21 | 8.8 High |
| A Code Execution vulnerability exists in Android prior to 4.4.0 related to the addJavascriptInterface method and the accessibility and accessibilityTraversal objects, which could let a remote malicious user execute arbitrary code. | ||||
| CVE-2014-6448 | 1 Juniper | 1 Junos | 2024-11-21 | 7.8 High |
| Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access. | ||||
| CVE-2014-6447 | 1 Juniper | 1 Junos | 2024-11-21 | 7.1 High |
| Multiple vulnerabilities exist in Juniper Junos J-Web error handling that may lead to cross site scripting (XSS) issues or crash the J-Web service (DoS). This affects Juniper Junos OS 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 13.1 before 13.1R5, 13.2 before 13.2R6, 13.3 before 13.3R4, 14.1 before 14.1R3, 14.1X53 before 14.1X53-D10, 14.2 before 14.2R1, and 15.1 before 15.1R1. | ||||
| CVE-2014-6309 | 1 Tenefit | 1 Kaazing Websocket Gateway | 2024-11-21 | 7.5 High |
| The HTTP and WebSocket engine components in the server in Kaazing Gateway 4.0.2, 4.0.3, and 4.0.4 and Gateway - JMS Edition 4.0.2, 4.0.3, and 4.0.4 allow remote attackers to obtain sensitive information via vectors related to HTTP request handling. | ||||
| CVE-2014-6262 | 2 Debian, Zenoss | 2 Debian Linux, Zenoss Core | 2024-11-21 | 7.5 High |
| Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph function, aka ZEN-15415, a related issue to CVE-2013-2131. | ||||
| CVE-2014-6059 | 1 Vasyltech | 1 Advanced Access Manager | 2024-11-21 | 7.2 High |
| WordPress Advanced Access Manager Plugin before 2.8.2 has an Arbitrary File Overwrite Vulnerability | ||||
| CVE-2014-6039 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-11-21 | 7.5 High |
| ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability. Fixed version 10 Build 10000. | ||||
| CVE-2014-6038 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-11-21 | 7.5 High |
| Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 have a database Information Disclosure Vulnerability. Fixed in EventLog Analyzer 10.0 Build 10000. | ||||
| CVE-2014-5468 | 1 Getrailo | 1 Railo | 2024-11-21 | 8.8 High |
| A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a specially-crafted URL request to the thumbnail.cfm to specify a malicious PNG file, which could let a remote malicious user obtain sensitive information or execute arbitrary code. | ||||
| CVE-2014-5439 | 2 Debian, Sniffit Project | 2 Debian Linux, Sniffit | 2024-11-21 | 7.8 High |
| Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit prior to 0.3.7 via a crafted configuration file that will bypass Non-eXecutable bit NX, stack smashing protector SSP, and address space layout randomization ASLR protection mechanisms, which could let a malicious user execute arbitrary code. | ||||
| CVE-2014-5380 | 1 Granding | 2 Grand Ma300, Grand Ma300 Firmware | 2024-11-21 | 7.5 High |
| Grand MA 300 allows retrieval of the access PIN from sniffed data. | ||||
| CVE-2014-5329 | 1 Tripodworks | 6 Gigapod 2010, Gigapod 2010 Firmware, Gigapod 3 and 3 more | 2024-11-21 | 7.5 High |
| GIGAPOD file servers (Appliance model and Software model) provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation. 8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HTTP requests (CVE-2011-3192), which may lead to a denial-of-service (DoS) condition. | ||||