Export limit exceeded: 344055 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344055 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-9986 | 1 Qualcomm | 44 Msm8909w, Msm8909w Firmware, Sd 205 and 41 more | 2024-11-21 | N/A |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, and SD 820A, in playready_licacq_process_response(), 'cbResponse' value is controlled by HLOS, and there is no validation on this length. If 'cbResponse' is too large, memory overread occurs. | ||||
| CVE-2014-9985 | 1 Qualcomm | 6 Mdm9635m, Mdm9635m Firmware, Sd 400 and 3 more | 2024-11-21 | N/A |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, SD 400, and SD 800, TOCTOU condition may result in bypassing error condition checks, leading to undefined behavior. | ||||
| CVE-2014-9959 | 1 Google | 1 Android | 2024-11-21 | N/A |
| An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36383694. | ||||
| CVE-2014-9958 | 1 Google | 1 Android | 2024-11-21 | N/A |
| An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384774. | ||||
| CVE-2014-9957 | 1 Google | 1 Android | 2024-11-21 | N/A |
| An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36387564. | ||||
| CVE-2014-9956 | 1 Google | 1 Android | 2024-11-21 | N/A |
| An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36389611. | ||||
| CVE-2014-9955 | 1 Google | 1 Android | 2024-11-21 | N/A |
| An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384686. | ||||
| CVE-2014-9954 | 1 Google | 1 Android | 2024-11-21 | N/A |
| An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36388559. | ||||
| CVE-2014-9953 | 1 Google | 1 Android | 2024-11-21 | N/A |
| An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714770. | ||||
| CVE-2014-9919 | 1 Bilboplanet | 1 Bilboplanet | 2024-11-21 | N/A |
| An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the fullname parameter to signup.php. | ||||
| CVE-2014-9918 | 1 Bilboplanet | 1 Bilboplanet | 2024-11-21 | N/A |
| An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the user_id parameter to signup.php. | ||||
| CVE-2014-9917 | 1 Bilboplanet | 1 Bilboplanet | 2024-11-21 | N/A |
| An issue was discovered in Bilboplanet 2.0. There is a stored XSS vulnerability when adding a tag via the user/?page=tribes tags parameter. | ||||
| CVE-2014-9908 | 1 Google | 1 Android | 2024-11-21 | 6.5 Medium |
| A Denial of Service vulnerability exists in Google Android 4.4.4, 5.0.2, and 5.1.1, which allows malicious users to block Bluetooh access (Android Bug ID A-28672558). | ||||
| CVE-2014-9753 | 1 Atutor | 1 Atutor | 2024-11-21 | 9.8 Critical |
| confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain access as an existing user via the auto_login parameter. | ||||
| CVE-2014-9748 | 3 Libuv, Microsoft, Nodejs | 4 Libuv, Windows Server 2003, Windows Xp and 1 more | 2024-11-21 | 8.1 High |
| The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service (deadlock) or possibly have unspecified other impact by leveraging a race condition. | ||||
| CVE-2014-9720 | 1 Tornadoweb | 1 Tornado | 2024-11-21 | 6.5 Medium |
| Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests. | ||||
| CVE-2014-9702 | 1 2pisoftware | 1 Cmfive | 2024-11-21 | 7.5 High |
| system/classes/DbPDO.php in Cmfive through 2015-03-15, when database connectivity malfunctions, allows remote attackers to obtain sensitive information (username and password) via any request, such as a password reset request. | ||||
| CVE-2014-9699 | 1 Makerbot | 2 Replicator 5th Generation, Replicator 5th Generation Firmware | 2024-11-21 | N/A |
| The MakerBot Replicator 5G printer runs an Apache HTTP Server with directory indexing enabled. Apache logs, system logs, design files (i.e., a history of print files), and more are exposed to unauthenticated attackers through this HTTP server. | ||||
| CVE-2014-9630 | 1 Videolan | 1 Vlc Media Player | 2024-11-21 | 7.8 High |
| The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted length value. | ||||
| CVE-2014-9629 | 1 Videolan | 1 Vlc Media Player | 2024-11-21 | 7.8 High |
| Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value. | ||||