Export limit exceeded: 14123 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9129 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-1501 | 4 Google, Mozilla, Oracle and 1 more | 6 Android, Firefox, Solaris and 3 more | 2025-04-12 | N/A |
| Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open Link in New Tab" menu selection. | ||||
| CVE-2014-1504 | 4 Mozilla, Opensuse, Oracle and 1 more | 7 Firefox, Seamonkey, Opensuse and 4 more | 2025-04-12 | N/A |
| The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document that is accessed after a browser restart. | ||||
| CVE-2014-2102 | 1 Cisco | 1 Unified Contact Center Express Editor Software | 2025-04-12 | N/A |
| Cisco Unified Contact Center Express (Unified CCX) does not properly restrict the content of the CCMConfig page, which allows remote authenticated users to obtain sensitive information by examining this content, aka Bug ID CSCum95575. | ||||
| CVE-2014-2119 | 1 Cisco | 3 Content Security Management Appliance, Email Security Appliance Firmware, Ironport Asyncos | 2025-04-12 | N/A |
| The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management Appliance (SMA) before 7.9.1-110 and 8.x before 8.1.1-013 allows remote authenticated users to execute arbitrary code with root privileges via an FTP session that uploads a modified SLBL database file, aka Bug IDs CSCug79377 and CSCug80118. | ||||
| CVE-2014-2126 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-12 | N/A |
| Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47), 8.4 before 8.4(7.5), 8.7 before 8.7(1.11), 9.0 before 9.0(3.10), and 9.1 before 9.1(3.4) allows remote authenticated users to gain privileges by leveraging level-0 ASDM access, aka Bug ID CSCuj33496. | ||||
| CVE-2014-2130 | 1 Cisco | 1 Secure Access Control System | 2025-04-12 | N/A |
| Cisco Secure Access Control Server (ACS) provides an unintentional administration web interface based on Apache Tomcat, which allows remote authenticated users to modify application files and configuration files, and consequently execute arbitrary code, by leveraging administrative privileges, aka Bug ID CSCuj83189. | ||||
| CVE-2014-2173 | 1 Cisco | 2 Telepresence Tc Software, Telepresence Te Software | 2025-04-12 | N/A |
| Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 do not properly restrict access to the serial port, which allows local users to gain privileges via unspecified commands, aka Bug ID CSCub67692. | ||||
| CVE-2014-2197 | 1 Cisco | 2 Unified Cdm Application Software, Unified Communications Domain Manager | 2025-04-12 | N/A |
| The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which allows remote authenticated users to modify administrative credentials via a crafted URL, aka Bug ID CSCun49862. | ||||
| CVE-2014-2200 | 1 Cisco | 5 Nexus 7000, Nexus 7000 10-slot, Nexus 7000 18-slot and 2 more | 2025-04-12 | N/A |
| Cisco NX-OS 5.0 before 5.0(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via an SSH session to a management interface, aka Bug ID CSCti11629. | ||||
| CVE-2014-2205 | 1 Mcafee | 1 Epolicy Orchestrator | 2025-04-12 | N/A |
| The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) before 4.6.7 Hotfix 940148 allows remote authenticated users with permissions to add dashboards to read arbitrary files by importing a crafted XML file, related to an XML External Entity (XXE) issue. | ||||
| CVE-2014-2209 | 1 Facebook | 1 Hiphop Virtual Machine | 2025-04-12 | N/A |
| Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory. | ||||
| CVE-2014-2237 | 2 Openstack, Redhat | 2 Keystone, Openstack | 2025-04-12 | N/A |
| The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being invalidated by bulk token revocation and allows the trustee to bypass intended access restrictions. | ||||
| CVE-2014-2268 | 1 Vtiger | 1 Vtiger Crm | 2025-04-12 | N/A |
| views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the db_name parameter. | ||||
| CVE-2014-2273 | 1 Huawei | 2 P2-6011, P2-6011 Firmware | 2025-04-12 | N/A |
| The hx170dec device driver in Huawei P2-6011 before V100R001C00B043 allows local users to read and write to arbitrary memory locations via unspecified vectors. | ||||
| CVE-2014-2276 | 1 Emc | 1 Connectrix Manager | 2025-04-12 | N/A |
| The FileUploadController servlet in EMC Connectrix Manager Converged Network Edition (CMCNE) before 12.1.5 does not properly restrict additions to the Connectrix Manager repository, which allows remote attackers to obtain sensitive information by importing a crafted firmware file. | ||||
| CVE-2014-2321 | 1 Zte | 2 F460, F660 | 2025-04-12 | N/A |
| web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials. | ||||
| CVE-2014-3001 | 1 Freebsd | 1 Freebsd | 2025-04-12 | N/A |
| The device file system (aka devfs) in FreeBSD 10.0 before p2 does not load default rulesets when booting, which allows context-dependent attackers to bypass intended restrictions by leveraging a jailed device node process. | ||||
| CVE-2014-3006 | 1 Sitepark | 1 Information Enterprise Server | 2025-04-12 | N/A |
| Sitepark Information Enterprise Server (IES) 2.9 before 2.9.6, when upgraded from an earlier version, does not properly restrict access, which allows remote attackers to change the manager account password and obtain sensitive information via a request to install/. | ||||
| CVE-2014-3019 | 1 Ibm | 4 Sas Connectivity Module, Sas Connectivity Module Firmware, Sas Raid Module and 1 more | 2025-04-12 | N/A |
| IBM BladeCenter SAS Connectivity Module (aka NSSM) and SAS RAID Module (aka RSSM) before 1.3.3.006 allow remote attackers to obtain blade and storage-pool access via a TELNET session. | ||||
| CVE-2014-3020 | 1 Ibm | 2 Embedded Websphere Application Server, Tivoli Integrated Portal | 2025-04-12 | N/A |
| install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program. | ||||