Export limit exceeded: 75152 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75152 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-5013 | 1 Dompdf Project | 1 Dompdf | 2024-11-21 | 8.8 High |
| DOMPDF before 0.6.2 allows remote code execution, a related issue to CVE-2014-2383. | ||||
| CVE-2014-4968 | 1 Boatmob | 1 Boat Browser | 2024-11-21 | 8.8 High |
| The WebView class and use of the WebView.addJavascriptInterface method in the Boat Browser application 8.0 and 8.0.1 for Android allow remote attackers to execute arbitrary code via a crafted web site, a related issue to CVE-2012-6636. | ||||
| CVE-2014-4610 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 8.8 High |
| Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0.x before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.4 allows remote attackers to execute arbitrary code via a crafted Literal Run. | ||||
| CVE-2014-4609 | 1 Libav | 1 Libav | 2024-11-21 | 8.8 High |
| Integer overflow in the get_len function in libavutil/lzo.c in Libav before 0.8.13, 9.x before 9.14, and 10.x before 10.2 allows remote attackers to execute arbitrary code via a crafted Literal Run. | ||||
| CVE-2014-4607 | 2 Oberhumer, Redhat | 3 Liblzo2, Lzo2, Enterprise Linux | 2024-11-21 | 8.8 High |
| Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run. | ||||
| CVE-2014-4019 | 1 Zte | 2 Zxv10 W300, Zxv10 W300 Firmware | 2024-11-21 | 7.5 High |
| ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0. | ||||
| CVE-2014-3979 | 1 Bytemark | 1 Symbiosis | 2024-11-21 | 7.5 High |
| Bytemark Symbiosis allows remote attackers to cause a denial of service via a crafted username, which triggers the firewall to blacklist the IP. | ||||
| CVE-2014-3868 | 1 Zeuscart | 1 Zeuscart | 2024-11-21 | 8.8 High |
| Multiple SQL injection vulnerabilities in ZeusCart 4.x. | ||||
| CVE-2014-3860 | 1 Xilisoft | 1 Video Converter | 2024-11-21 | 7.8 High |
| Xilisoft Video Converter Ultimate 7.8.1 build-20140505 has a DLL Hijacking vulnerability | ||||
| CVE-2014-3856 | 1 Fishshell | 1 Fish | 2024-11-21 | 7.0 High |
| The funced function in fish (aka fish-shell) 1.23.0 before 2.1.1 does not properly create temporary files, which allows local users to gain privileges via a temporary file with a predictable name. | ||||
| CVE-2014-3701 | 1 Redhat | 2 Edeploy, Jboss Enterprise Web Server | 2024-11-21 | 8.1 High |
| eDeploy has tmp file race condition flaws | ||||
| CVE-2014-3648 | 1 Redhat | 1 Jboss Aerogear | 2024-11-21 | 7.5 High |
| The simplepush server iterates through the application installations and pushes a notification to the server provided by deviceToken. But this is user controlled. If a bogus applications is registered with bad deviceTokens, one can generate endless exceptions when those endpoints can't be reached or can slow the server down by purposefully wasting it's time with slow endpoints. Similarly, one can provide whatever HTTP end point they want. This turns the server into a DDOS vector or an anonymizer for the posting of malware and so on. | ||||
| CVE-2014-3643 | 1 Jersey Project | 1 Jersey | 2024-11-21 | 7.5 High |
| jersey: XXE via parameter entities not disabled by the jersey SAX parser | ||||
| CVE-2014-3495 | 2 Debian, Opensuse | 3 Debian Linux, Duplicity, Opensuse | 2024-11-21 | 7.5 High |
| duplicity 0.6.24 has improper verification of SSL certificates | ||||
| CVE-2014-3447 | 1 Bss Continuity Cms Project | 1 Bss Continuty Cms | 2024-11-21 | 7.5 High |
| BSS Continuity CMS 4.2.22640.0 has a Remote Denial Of Service vulnerability | ||||
| CVE-2014-3208 | 1 Askpop3d Project | 1 Askpop3d | 2024-11-21 | 7.5 High |
| A Denial of Service vulnerability exists in askpop3d 0.7.7 in free (pszQuery), | ||||
| CVE-2014-3136 | 1 Dlink | 2 Dwr-113, Dwr-113 Firmware | 2024-11-21 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in D-Link DWR-113 (Rev. Ax) with firmware before 2.03b02 allows remote attackers to hijack the authentication of administrators for requests that change the admin password via unspecified vectors. | ||||
| CVE-2014-3119 | 1 Web2project | 1 Web2project | 2024-11-21 | 8.8 High |
| Multiple SQL injection vulnerabilities in web2Project 3.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search_string parameter in the contacts module to index.php or allow remote attackers to execute arbitrary SQL commands via the updatekey parameter to (2) do_updatecontact.php or (3) updatecontact.php. | ||||
| CVE-2014-2906 | 1 Fishshell | 1 Fish | 2024-11-21 | 7.0 High |
| The psub function in fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly create temporary files, which allows local users to execute arbitrary commands via a temporary file with a predictable name. | ||||
| CVE-2014-2904 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 7.5 High |
| wolfssl before 3.2.0 has a server certificate that is not properly authorized for server authentication. | ||||