Search Results (363434 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-5244 1 Bananadance 1 Banana Dance 2025-04-12 N/A
Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php, (6) the category parameter to functions/print.php; or (7) the name parameter to functions/ajax.php.
CVE-2012-6684 2 Debian, Redcloth 2 Debian Linux, Redcloth Library 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI.
CVE-2014-0069 3 Linux, Redhat, Suse 11 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 8 more 2025-04-12 N/A
The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer.
CVE-2014-0071 1 Redhat 1 Openstack 2025-04-12 N/A
PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections.
CVE-2014-0074 2 Apache, Redhat 6 Shiro, Fuse Esb Enterprise, Fuse Management Console and 3 more 2025-04-12 N/A
Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password.
CVE-2014-0076 1 Openssl 1 Openssl 2025-04-12 N/A
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.
CVE-2014-0077 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Rhel Eus 2025-04-12 N/A
drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions.
CVE-2014-0078 1 Redhat 2 Cloudforms 3.0 Management Engine, Cloudforms Managementengine 2025-04-12 N/A
The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID.
CVE-2014-2643 1 Hp 1 Systems Insight Manager 2025-04-12 N/A
Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.4 allows remote authenticated users to gain privileges via unknown vectors.
CVE-2014-0075 2 Apache, Redhat 11 Tomcat, Enterprise Linux, Jboss Bpms and 8 more 2025-04-12 N/A
Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.
CVE-2015-4916 2 Oracle, Redhat 4 Javafx, Jdk, Jre and 1 more 2025-04-12 N/A
Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2015-4906 and CVE-2015-4908.
CVE-2014-3576 3 Apache, Oracle, Redhat 5 Activemq, Business Intelligence Publisher, Fusion Middleware and 2 more 2025-04-12 N/A
The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command.
CVE-2014-3612 2 Apache, Redhat 6 Activemq, Fuse Esb Enterprise, Fuse Management Console and 3 more 2025-04-12 N/A
The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE-2015-6524 for the use of wildcard operators in usernames.
CVE-2014-1525 4 Canonical, Fedoraproject, Mozilla and 1 more 5 Ubuntu Linux, Fedora, Firefox and 2 more 2025-04-12 N/A
The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) via a crafted VIDEO element in an HTML document.
CVE-2023-21684 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2025-04-12 8.8 High
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-21801 1 Microsoft 13 Windows 10, Windows 10 1607, Windows 10 1809 and 10 more 2025-04-12 7.8 High
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-21717 1 Microsoft 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server 2025-04-12 8.8 High
Microsoft SharePoint Server Elevation of Privilege Vulnerability
CVE-2023-21754 1 Microsoft 15 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 12 more 2025-04-12 7.8 High
Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-21771 1 Microsoft 3 Windows 10, Windows 11, Windows Server 2022 2025-04-12 7 High
Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability
CVE-2023-21524 1 Microsoft 12 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 9 more 2025-04-12 7.8 High
Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability