Vulnerabilities (CVE)

Filtered by CWE-20
Total 11612 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-7278 1 Zyxel 2 Sbg3300-n, Sbg3300-n Firmware 2026-06-17 5.0 MEDIUM N/A
The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to cause a denial of service (persistent web-interface outage) via JavaScript code within unspecified "welcome message" form data that is improperly handled during use for the loginMsg variable's value, a different vulnerability than CVE-2014-7277.
CVE-2014-7251 1 Yokogawa 1 Fast\/tools 2026-06-17 3.2 LOW N/A
XML external entity (XXE) vulnerability in the WebHMI server in Yokogawa Electric Corporation FAST/TOOLS before R9.05-SP2 allows local users to cause a denial of service (CPU or network traffic consumption) or read arbitrary files via unspecified vectors.
CVE-2014-7246 1 Forgerock 1 Openam 2026-06-17 3.5 LOW N/A
The Core Server in OpenAM 9.5.3 through 9.5.5, 10.0.0 through 10.0.2, 10.1.0-Xpress, and 11.0.0 through 11.0.2, when deployed on a multi-server network, allows remote authenticated users to cause a denial of service (infinite loop) via a crafted cookie in a request.
CVE-2014-7241 1 Tsutaya 1 Tsutaya 2026-06-17 6.8 MEDIUM N/A
The TSUTAYA application 5.3 and earlier for Android allows remote attackers to execute arbitrary Java methods via a crafted HTML document.
CVE-2014-7224 1 Google 1 Android 2026-06-17 9.0 HIGH 8.8 HIGH
A Code Execution vulnerability exists in Android prior to 4.4.0 related to the addJavascriptInterface method and the accessibility and accessibilityTraversal objects, which could let a remote malicious user execute arbitrary code.
CVE-2014-7222 1 Teamspeak 1 Teamspeak3 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
Buffer overflow in TeamSpeak Client 3.0.14 and earlier allows remote authenticated users to cause a denial of service (application crash) by connecting to a channel with a different client instance, and placing crafted data in the Chat/Server tab with two \\ (backslash) characters, a digit, a \ (backslash) character, and "z" in a series of nested img BBCODE tags.
CVE-2014-7178 1 Enalean 1 Tuleap 2026-06-17 9.3 HIGH N/A
Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function.
CVE-2014-7146 1 Mantisbt 1 Mantisbt 2026-06-17 7.5 HIGH N/A
The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function with the e modifier.
CVE-2014-7142 3 Canonical, Oracle, Squid-cache 3 Ubuntu Linux, Solaris, Squid 2026-06-17 6.4 MEDIUM N/A
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.
CVE-2014-6611 1 Blackberry 2 Blackberry Os, Blackberry World 2026-06-17 4.3 MEDIUM N/A
The BlackBerry World app before 5.0.0.262 on BlackBerry 10 OS 10.2.0, before 5.0.0.263 on BlackBerry 10 OS 10.2.1, and before 5.1.0.53 on BlackBerry 10 OS 10.3.0 does not properly validate download/update requests, which allows user-assisted man-in-the-middle attackers to spoof servers and trigger the download of a crafted app by modifying the client-server data stream.
CVE-2014-6609 1 Digium 1 Asterisk 2026-06-17 4.0 MEDIUM N/A
The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package.
CVE-2014-6430 1 Wireshark 1 Wireshark 2026-06-17 5.0 MEDIUM N/A
The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
CVE-2014-6429 1 Wireshark 1 Wireshark 2026-06-17 5.0 MEDIUM N/A
The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
CVE-2014-6382 1 Juniper 11 Junos, Mx10, Mx104 and 8 more 2026-06-17 7.1 HIGH N/A
The Juniper MX Series routers with Junos 13.3R3 through 13.3Rx before 13.3R6, 14.1 before 14.1R4, 14.1X50 before 14.1X50-D70, and 14.2 before 14.2R2, when configured as a broadband edge (BBE) router, allows remote attackers to cause a denial of service (jpppd crash and restart) by sending a crafted PAP Authenticate-Request after the PPPoE Discovery and LCP phase are complete.
CVE-2014-6381 1 Juniper 3 Mobile System Software, Ringmaster, Smartpass 2026-06-17 2.9 LOW N/A
Juniper WLC devices with WLAN Software releases 8.0.x before 8.0.4, 9.0.x before 9.0.2.11, 9.0.3.x before 9.0.3.5, and 9.1.x before 9.1.1, when "Proxy ARP" or "No Broadcast" features are enabled in a clustered setup, allows remote attackers to cause a denial of service (device disconnect) via unspecified vectors.
CVE-2014-6376 1 Microsoft 1 Internet Explorer 2026-06-17 9.3 HIGH N/A
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-6327 and CVE-2014-6329.
CVE-2014-6375 1 Microsoft 1 Internet Explorer 2026-06-17 9.3 HIGH N/A
Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
CVE-2014-6373 1 Microsoft 1 Internet Explorer 2026-06-17 9.3 HIGH N/A
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
CVE-2014-6369 1 Microsoft 1 Internet Explorer 2026-06-17 9.3 HIGH N/A
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
CVE-2014-6368 1 Microsoft 1 Internet Explorer 2026-06-17 4.3 MEDIUM N/A
Microsoft Internet Explorer 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."