Export limit exceeded: 343833 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343833 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-3879 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 9.8 Critical |
| OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login (1) without a password or (2) with an incorrect password. | ||||
| CVE-2014-3875 | 1 Ulli Horlacher | 1 Fex | 2024-11-21 | 6.1 Medium |
| The addto parameter to fup in Frams' Fast File EXchange (F*EX, aka fex) before fex-2014053 allows remote attackers to conduct cross-site scripting (XSS) attacks | ||||
| CVE-2014-3868 | 1 Zeuscart | 1 Zeuscart | 2024-11-21 | 8.8 High |
| Multiple SQL injection vulnerabilities in ZeusCart 4.x. | ||||
| CVE-2014-3860 | 1 Xilisoft | 1 Video Converter | 2024-11-21 | 7.8 High |
| Xilisoft Video Converter Ultimate 7.8.1 build-20140505 has a DLL Hijacking vulnerability | ||||
| CVE-2014-3856 | 1 Fishshell | 1 Fish | 2024-11-21 | 7.0 High |
| The funced function in fish (aka fish-shell) 1.23.0 before 2.1.1 does not properly create temporary files, which allows local users to gain privileges via a temporary file with a predictable name. | ||||
| CVE-2014-3827 | 1 Mybb | 1 Mybb | 2024-11-21 | 5.4 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in the MyBB (aka MyBulletinBoard) before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the title parameter in the (1) edit or (2) add action in the user-users module or the (3) finduser action or the name parameter in an (4) edit action in the user-user module or the (5) editprofile action to modcp.php. | ||||
| CVE-2014-3826 | 1 Mybb | 1 Mybb | 2024-11-21 | 5.4 Medium |
| Cross-site scripting (XSS) vulnerability in MyBB before 1.6.13 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in the edit action of the config-profile_fields module. | ||||
| CVE-2014-3809 | 1 Nokia | 6 1830 Photonic Service Switch-16, 1830 Photonic Service Switch-16 Firmware, 1830 Photonic Service Switch-32 and 3 more | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in the management interface in Alcatel-Lucent 1830 Photonic Service Switch (PSS) 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the myurl parameter to menu/pop.html. | ||||
| CVE-2014-3798 | 1 Citrix | 1 Xenserver | 2024-11-21 | N/A |
| The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows remote attackers to cause a denial of service (guest OS crash) via a crafted Ethernet frame. | ||||
| CVE-2014-3753 | 1 1password | 1 1password | 2024-11-21 | 5.5 Medium |
| AgileBits 1Password through 1.0.9.340 allows security feature bypass | ||||
| CVE-2014-3752 | 1 Gdata-software | 1 Totalprotection | 2024-11-21 | N/A |
| The MiniIcpt.sys driver in G Data TotalProtection 2014 24.0.2.1 and earlier allows local users with administrator rights to execute arbitrary code with SYSTEM privileges via a crafted 0x83170180 call. | ||||
| CVE-2014-3743 | 1 Marked Project | 1 Marked | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) gfm codeblocks (language) or (2) javascript url's. | ||||
| CVE-2014-3719 | 1 Exlibrisgroup | 1 Aleph 500 | 2024-11-21 | 9.8 Critical |
| Multiple SQL injection vulnerabilities in cgi-bin/review_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote attackers to execute arbitrary SQL commands via the (1) find, (2) lib, or (3) sid parameter. | ||||
| CVE-2014-3718 | 1 Exlibrisgroup | 1 Aleph 500 | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/tag_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote attackers to inject arbitrary web script or HTML via the (1) find, (2) lib, or (3) sid parameter. | ||||
| CVE-2014-3701 | 1 Redhat | 2 Edeploy, Jboss Enterprise Web Server | 2024-11-21 | 8.1 High |
| eDeploy has tmp file race condition flaws | ||||
| CVE-2014-3700 | 1 Redhat | 2 Edeploy, Jboss Enterprise Web Server | 2024-11-21 | 9.8 Critical |
| eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data | ||||
| CVE-2014-3699 | 1 Redhat | 2 Edeploy, Jboss Enterprise Web Server | 2024-11-21 | 9.8 Critical |
| eDeploy has RCE via cPickle deserialization of untrusted data | ||||
| CVE-2014-3656 | 1 Redhat | 1 Jboss Keycloak | 2024-11-21 | 6.1 Medium |
| JBoss KeyCloak: XSS in login-status-iframe.html | ||||
| CVE-2014-3655 | 1 Redhat | 2 Jboss Enterprise Web Server, Keycloak | 2024-11-21 | 4.3 Medium |
| JBoss KeyCloak is vulnerable to soft token deletion via CSRF | ||||
| CVE-2014-3652 | 1 Redhat | 1 Keycloak | 2024-11-21 | 6.1 Medium |
| JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL. | ||||