Export limit exceeded: 367102 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-5852 1 Nvidia 40 Geforce 910m, Geforce 920m, Geforce 920mx and 37 more 2025-04-12 N/A
For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-5852 ID is for the NVTray Plugin unquoted service path.
CVE-2014-5430 1 Abb 2 Robotstudio, Test Signal Viewer 2025-04-12 N/A
Untrusted search path vulnerability in ABB RobotStudio 5.6x before 5.61.02 and Test Signal Viewer 1.5 allows local users to gain privileges via a Trojan horse DLL that is accessed as a result of incorrect DLL configuration by an optional installation program.
CVE-2016-7437 1 Sap 1 Netweaver 2025-04-12 N/A
SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 2252312.
CVE-2014-5428 1 Johnsoncontrols 12 Application And Data Server, Extended Application And Data Server, Lonworks Control Server Lcs8520 and 9 more 2025-04-12 N/A
Unrestricted file upload vulnerability in unspecified web services in Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to execute arbitrary code by uploading a shell script.
CVE-2016-8331 1 Libtiff 1 Libtiff 2025-04-12 N/A
An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the application using LibTIFF's tag extension functionality.
CVE-2014-5396 1 Schrack 2 Technik Microcontrol, Technik Microcontrol Firmware 2025-04-12 N/A
The web interface in Schrack Technik microControl with firmware before 1.7.0 (937) has a hardcoded password of not for the "user" account, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2014-5392 1 Sos 1 Jobscheduler 2025-04-12 N/A
XML External Entity (XXE) vulnerability in JobScheduler before 1.6.4246 and 7.x before 1.7.4241 allows remote attackers to cause a denial of service and read arbitrary files or directories via a request containing an XML external entity declaration in conjunction with an entity reference.
CVE-2014-5355 2 Mit, Redhat 2 Kerberos 5, Enterprise Linux 2025-04-12 N/A
MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c.
CVE-2014-5354 1 Mit 2 Kerberos, Kerberos 5 2025-04-12 N/A
plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a keyless principal, as demonstrated by a kadmin "add_principal -nokey" or "purgekeys -all" command.
CVE-2014-5352 2 Mit, Redhat 2 Kerberos 5, Enterprise Linux 2025-04-12 N/A
The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind.
CVE-2014-5237 1 Open-xchange 1 App Suite 2025-04-12 N/A
Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded image in a Text document, which is not properly handled by the image preview.
CVE-2014-5214 1 Microfocus 1 Access Manager 2025-04-12 N/A
nps/servlet/webacc in iManager in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated novlwww users to read arbitrary files via a query parameter containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2014-5176 1 Sap 1 Fi Manager Self-service 2025-04-12 N/A
SAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2014-5139 1 Openssl 1 Openssl 2025-04-12 N/A
The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client.
CVE-2014-4489 1 Apple 3 Iphone Os, Mac Os X, Tvos 2025-04-12 N/A
IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
CVE-2014-4486 1 Apple 3 Iphone Os, Mac Os X, Tvos 2025-04-12 N/A
IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted app.
CVE-2014-4459 1 Apple 5 Iphone Os, Itunes, Mac Os X and 2 more 2025-04-12 N/A
Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.
CVE-2014-4421 1 Apple 3 Iphone Os, Mac Os X, Tvos 2025-04-12 N/A
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4420.
CVE-2014-4420 1 Apple 3 Iphone Os, Mac Os X, Tvos 2025-04-12 N/A
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4421.
CVE-2014-4419 1 Apple 3 Iphone Os, Mac Os X, Tvos 2025-04-12 N/A
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4420, and CVE-2014-4421.