Search Results (26429 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-2472 1 Microsoft 9 Windows 10, Windows 7, Windows 8 and 6 more 2025-04-12 N/A
Remote Desktop Session Host (RDSH) in Remote Desktop Protocol (RDP) through 8.1 in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly verify certificates, which allows man-in-the-middle attackers to spoof clients via a crafted certificate with valid Issuer and Serial Number fields, aka "Remote Desktop Session Host Spoofing Vulnerability."
CVE-2014-3216 1 Gomlab 1 Gom Media Player 2025-04-12 N/A
GOM Media Player 2.2.57.5189 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .ogg file.
CVE-2014-3263 1 Cisco 1 Ios 2025-04-12 N/A
The ScanSafe module in Cisco IOS 15.3(3)M allows remote attackers to cause a denial of service (device reload) via HTTPS packets that require tower processing, aka Bug ID CSCum97038.
CVE-2014-3269 1 Cisco 1 Ios Xe 2025-04-12 N/A
The SNMP module in Cisco IOS XE 3.5E allows remote authenticated users to cause a denial of service (device reload) by polling frequently, aka Bug ID CSCug65204.
CVE-2014-3270 1 Cisco 1 Ios Xr 2025-04-12 N/A
The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (process hang) via a malformed packet, aka Bug ID CSCul80924.
CVE-2014-3284 1 Cisco 9 Asr 1001, Asr 1002, Asr 1002-x and 6 more 2025-04-12 N/A
Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed PPPoE packet, aka Bug ID CSCuo55180.
CVE-2014-3292 1 Cisco 1 Unified Communications Manager 2025-04-12 N/A
The Real Time Monitoring Tool (RTMT) implementation in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to (1) read or (2) delete arbitrary files via a crafted URL, aka Bug IDs CSCuo17302 and CSCuo17199.
CVE-2014-3308 1 Cisco 8 Asr 9000 Rsp440 Router, Asr 9001, Asr 9006 and 5 more 2025-04-12 N/A
Cisco IOS XR on Trident line cards in ASR 9000 devices lacks a static punt policer, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted packets, aka Bug ID CSCun83985.
CVE-2014-3310 1 Cisco 2 Webex Meeting Center, Webex Meetings Server 2025-04-12 N/A
The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463.
CVE-2015-2483 1 Microsoft 1 Internet Explorer 2025-04-12 N/A
Microsoft Internet Explorer 10 and 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Information Disclosure Vulnerability."
CVE-2014-1827 1 Ithoughts 1 Ithoughtshd 2025-04-12 N/A
The iThoughtsHD app 4.19 for iOS on iPad devices, when the WiFi Transfer feature is used, allows remote attackers to upload arbitrary files by placing a %00 sequence after a dangerous extension, as demonstrated by a .html%00.txt file.
CVE-2015-3340 5 Debian, Fedoraproject, Opensuse and 2 more 9 Debian Linux, Fedora, Opensuse and 6 more 2025-04-12 N/A
Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.
CVE-2014-3485 1 Redhat 2 Enterprise Virtualization, Rhev Manager 2025-04-12 N/A
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.
CVE-2014-3487 6 Debian, File Project, Opensuse and 3 more 7 Debian Linux, File, Opensuse and 4 more 2025-04-12 N/A
The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.
CVE-2014-0896 1 Ibm 1 Websphere Application Server 2025-04-12 N/A
IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information via a crafted request.
CVE-2015-3318 5 Ca, Hp, Ibm and 2 more 10 Client Automation, Network And Systems Management, Nsm Job Management Option and 7 more 2025-04-12 N/A
CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly validate an unspecified variable, which allows local users to gain privileges via unknown vectors.
CVE-2014-3620 2 Apple, Haxx 3 Mac Os X, Curl, Libcurl 2025-04-12 N/A
cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain.
CVE-2015-0143 1 Ibm 1 Openpages Grc Platform 2025-04-12 N/A
IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to obtain sensitive information by reading error messages.
CVE-2015-0157 1 Ibm 1 Db2 2025-04-12 N/A
IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by leveraging an unspecified scalar function in a SQL statement.
CVE-2015-0178 1 Ibm 2 Bluemix, Liberty 2025-04-12 N/A
The Java overlay feature in IBM Bluemix Liberty before 1.13-20150209-1122 for Java does not properly support WAR applications, which allows remote attackers to obtain sensitive information via unspecified vectors.