Total
13341 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-4132 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4130 and CVE-2014-4138. | ||||
| CVE-2014-4133 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4137. | ||||
| CVE-2014-7251 | 1 Yokogawa | 1 Fast\/tools | 2025-04-12 | N/A |
| XML external entity (XXE) vulnerability in the WebHMI server in Yokogawa Electric Corporation FAST/TOOLS before R9.05-SP2 allows local users to cause a denial of service (CPU or network traffic consumption) or read arbitrary files via unspecified vectors. | ||||
| CVE-2014-4434 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| The kernel in Apple OS X before 10.10 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted filename on an HFS filesystem. | ||||
| CVE-2014-4617 | 3 Debian, Gnupg, Opensuse | 3 Debian Linux, Gnupg, Opensuse | 2025-04-12 | N/A |
| The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence. | ||||
| CVE-2014-6611 | 1 Blackberry | 2 Blackberry Os, Blackberry World | 2025-04-12 | N/A |
| The BlackBerry World app before 5.0.0.262 on BlackBerry 10 OS 10.2.0, before 5.0.0.263 on BlackBerry 10 OS 10.2.1, and before 5.1.0.53 on BlackBerry 10 OS 10.3.0 does not properly validate download/update requests, which allows user-assisted man-in-the-middle attackers to spoof servers and trigger the download of a crafted app by modifying the client-server data stream. | ||||
| CVE-2014-4840 | 1 Ibm | 1 Tririga Application Platform | 2025-04-12 | N/A |
| IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote attackers to execute arbitrary code via a crafted URL. | ||||
| CVE-2014-6381 | 1 Juniper | 3 Mobile System Software, Ringmaster, Smartpass | 2025-04-12 | N/A |
| Juniper WLC devices with WLAN Software releases 8.0.x before 8.0.4, 9.0.x before 9.0.2.11, 9.0.3.x before 9.0.3.5, and 9.1.x before 9.1.1, when "Proxy ARP" or "No Broadcast" features are enabled in a clustered setup, allows remote attackers to cause a denial of service (device disconnect) via unspecified vectors. | ||||
| CVE-2014-4973 | 1 Eset | 2 Endpoint Security, Smart Security | 2025-04-12 | N/A |
| The ESET Personal Firewall NDIS filter (EpFwNdis.sys) driver in the Firewall Module Build 1183 (20140214) and earlier in ESET Smart Security and ESET Endpoint Security products 5.0 through 7.0 allows local users to gain privileges via a crafted argument to a 0x830020CC IOCTL call. | ||||
| CVE-2014-6336 | 1 Microsoft | 1 Exchange Server | 2025-04-12 | N/A |
| Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 does not properly validate redirection tokens, which allows remote attackers to redirect users to arbitrary web sites and spoof the origin of e-mail messages via unspecified vectors, aka "Exchange URL Redirection Vulnerability." | ||||
| CVE-2014-6210 | 1 Ibm | 2 Db2, Db2 Connect | 2025-04-12 | N/A |
| IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying the same column within multiple ALTER TABLE statements. | ||||
| CVE-2015-5144 | 4 Canonical, Debian, Djangoproject and 1 more | 4 Ubuntu Linux, Debian Linux, Django and 1 more | 2025-04-12 | N/A |
| Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator. | ||||
| CVE-2014-6105 | 1 Ibm | 1 Security Identity Manager | 2025-04-12 | N/A |
| IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | ||||
| CVE-2015-6246 | 3 Oracle, Redhat, Wireshark | 4 Linux, Solaris, Enterprise Linux and 1 more | 2025-04-12 | N/A |
| The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | ||||
| CVE-2014-0106 | 3 Apple, Redhat, Todd Miller | 3 Mac Os X, Enterprise Linux, Sudo | 2025-04-12 | N/A |
| Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable. | ||||
| CVE-2014-2097 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-12 | N/A |
| The tak_decode_frame function in libavcodec/takdec.c in FFmpeg before 2.1.4 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted TAK (aka Tom's lossless Audio Kompressor) data. | ||||
| CVE-2014-2107 | 1 Cisco | 1 Ios | 2025-04-12 | N/A |
| Cisco IOS 12.2 and 15.0 through 15.3, when used with the Kailash FPGA before 2.6 on RSP720-3C-10GE and RSP720-3CXL-10GE devices, allows remote attackers to cause a denial of service (route switch processor outage) via crafted IP packets, aka Bug ID CSCug84789. | ||||
| CVE-2014-2109 | 1 Cisco | 1 Ios | 2025-04-12 | N/A |
| The TCP Input module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted TCP packets, aka Bug IDs CSCuh33843 and CSCuj41494. | ||||
| CVE-2014-2113 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-12 | N/A |
| Cisco IOS 15.1 through 15.3 and IOS XE 3.3 and 3.5 before 3.5.2E; 3.7 before 3.7.5S; and 3.8, 3.9, and 3.10 before 3.10.2S allow remote attackers to cause a denial of service (I/O memory consumption and device reload) via a malformed IPv6 packet, aka Bug ID CSCui59540. | ||||
| CVE-2014-6368 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability." | ||||