Export limit exceeded: 11887 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29902 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29902 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-3596 | 2 Apache, Redhat | 3 Axis, Enterprise Linux, Jboss Enterprise Portal Platform | 2025-04-12 | N/A |
| The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784. | ||||
| CVE-2014-3631 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-12 | N/A |
| The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via multiple "keyctl newring" operations followed by a "keyctl timeout" operation. | ||||
| CVE-2014-4369 | 1 Apple | 2 Iphone Os, Tvos | 2025-04-12 | N/A |
| The IOAcceleratorFamily API implementation in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via an application that uses crafted arguments. | ||||
| CVE-2014-4373 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2025-04-12 | N/A |
| The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted application. | ||||
| CVE-2014-4374 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-12 | N/A |
| NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||
| CVE-2014-4375 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2025-04-12 | N/A |
| Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (device crash) via vectors related to Mach ports. | ||||
| CVE-2014-4376 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| IOKit in IOAcceleratorFamily in Apple OS X before 10.9.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted API arguments. | ||||
| CVE-2014-4405 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2025-04-12 | N/A |
| IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted key-mapping properties. | ||||
| CVE-2014-4419 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2025-04-12 | N/A |
| The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4420, and CVE-2014-4421. | ||||
| CVE-2014-4420 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2025-04-12 | N/A |
| The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4421. | ||||
| CVE-2014-4421 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2025-04-12 | N/A |
| The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4420. | ||||
| CVE-2014-4459 | 1 Apple | 5 Iphone Os, Itunes, Mac Os X and 2 more | 2025-04-12 | N/A |
| Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document. | ||||
| CVE-2014-4486 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2025-04-12 | N/A |
| IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted app. | ||||
| CVE-2014-4489 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2025-04-12 | N/A |
| IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. | ||||
| CVE-2014-5176 | 1 Sap | 1 Fi Manager Self-service | 2025-04-12 | N/A |
| SAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors. | ||||
| CVE-2014-5214 | 1 Microfocus | 1 Access Manager | 2025-04-12 | N/A |
| nps/servlet/webacc in iManager in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated novlwww users to read arbitrary files via a query parameter containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||
| CVE-2014-5237 | 1 Open-xchange | 1 App Suite | 2025-04-12 | N/A |
| Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded image in a Text document, which is not properly handled by the image preview. | ||||
| CVE-2014-5352 | 2 Mit, Redhat | 2 Kerberos 5, Enterprise Linux | 2025-04-12 | N/A |
| The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind. | ||||
| CVE-2014-5354 | 1 Mit | 2 Kerberos, Kerberos 5 | 2025-04-12 | N/A |
| plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a keyless principal, as demonstrated by a kadmin "add_principal -nokey" or "purgekeys -all" command. | ||||
| CVE-2014-5355 | 2 Mit, Redhat | 2 Kerberos 5, Enterprise Linux | 2025-04-12 | N/A |
| MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c. | ||||