Export limit exceeded: 29864 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29864 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-5668 | 1 Crestron | 2 Dm-txrx-100-str, Dm-txrx-100-str Firmware | 2025-04-12 | N/A |
| Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication and change settings via a JSON API call. | ||||
| CVE-2013-4143 | 1 David Bagley | 1 Xlockmore | 2025-04-12 | N/A |
| The (1) checkPasswd and (2) checkGroupXlockPasswds functions in xlockmore before 5.43 do not properly handle when a NULL value is returned upon an error by the crypt or dispcrypt function as implemented in glibc 2.17 and later, which allows attackers to bypass the screen lock via vectors related to invalid salts. | ||||
| CVE-2013-1851 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.13 and 4.5.x before 4.5.8, when the user_migrate application is enabled, allows remote authenticated users to import arbitrary files to the user's account via unspecified vectors. | ||||
| CVE-2013-1874 | 1 Call-cc | 1 Chicken | 2025-04-12 | N/A |
| Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory. | ||||
| CVE-2013-7220 | 1 Gnome | 1 Gnome-shell | 2025-04-12 | N/A |
| js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search. | ||||
| CVE-2014-0325 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site that triggers improper processing of CElement objects, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1751 and CVE-2014-1755. NOTE: MS14-018 originally had a typo of CVE-2014-0235 for this. | ||||
| CVE-2014-0326 | 1 Iridium | 2 Open Port, Pilot Below Deck Equipment | 2025-04-12 | N/A |
| The Pilot Below Deck Equipment (BDE) and OpenPort implementations on Iridium satellite terminals allow remote attackers to read hardcoded credentials via the web interface. | ||||
| CVE-2014-0327 | 1 Iridium | 2 Open Port, Pilot Below Deck Equipment | 2025-04-12 | N/A |
| The Terminal Upgrade Tool in the Pilot Below Deck Equipment (BDE) and OpenPort implementations on Iridium satellite terminals allows remote attackers to execute arbitrary code by uploading new firmware to TCP port 54321. | ||||
| CVE-2014-0343 | 1 Virtualaccess | 2 Gw6110a, Gw6110a Firmware | 2025-04-12 | N/A |
| The web interface on Virtual Access GW6110A routers with software 9.00 before 9.09.27, 9.50 before 9.50.21, and 10.00 before 10.00.21 allows remote authenticated users to gain privileges via a modified JavaScript variable. | ||||
| CVE-2014-0477 | 2 Email\, Fedoraproject | 2 \, Fedora | 2025-04-12 | N/A |
| The parse function in Email::Address module before 1.905 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via an empty quoted string in an RFC 2822 address. | ||||
| CVE-2014-10021 | 1 Wpsymposiumpro | 1 Wp Symposium | 2025-04-12 | N/A |
| Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in server/php/. | ||||
| CVE-2014-10030 | 1 Fluxbb | 1 Fluxbb | 2025-04-12 | N/A |
| Open redirect vulnerability in forums/login.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter. | ||||
| CVE-2014-1216 | 1 Fitnesse | 1 Fitnesse Wiki | 2025-04-12 | N/A |
| FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page. | ||||
| CVE-2014-1726 | 1 Google | 1 Chrome | 2025-04-12 | N/A |
| The drag implementation in Google Chrome before 34.0.1847.116 allows user-assisted remote attackers to bypass the Same Origin Policy and forge local pathnames by leveraging renderer access. | ||||
| CVE-2014-1750 | 1 Nokia Maps \& Places Project | 1 Nokia Maps \& Places | 2025-04-12 | N/A |
| Open redirect vulnerability in nokia-mapsplaces.php in the Nokia Maps & Places plugin 1.6.6 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the href parameter to page/place.html. NOTE: this was originally reported as a cross-site scripting (XSS) vulnerability, but this may be inaccurate. | ||||
| CVE-2014-1756 | 1 Microsoft | 1 Office | 2025-04-12 | N/A |
| Untrusted search path vulnerability in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1, when the Simplified Chinese Proofing Tool is enabled, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Microsoft Office Chinese Grammar Checking Vulnerability." | ||||
| CVE-2014-1759 | 1 Microsoft | 1 Publisher | 2025-04-12 | N/A |
| pubconv.dll in Microsoft Publisher 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via a crafted .pub file, aka "Arbitrary Pointer Dereference Vulnerability." | ||||
| CVE-2014-1831 | 1 Phusion | 1 Passenger | 2025-04-12 | N/A |
| Phusion Passenger before 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. | ||||
| CVE-2014-1832 | 1 Phusion | 1 Passenger | 2025-04-12 | N/A |
| Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831. | ||||
| CVE-2014-1868 | 1 Restlet | 1 Restlet Framework | 2025-04-12 | N/A |
| Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML serializers, allows attackers to cause a denial of service via an XML Entity Expansion (XEE) attack. | ||||