Vulnerabilities (CVE)

Filtered by CWE-20
Total 11611 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-6336 1 Microsoft 1 Exchange Server 2026-06-17 3.5 LOW N/A
Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 does not properly validate redirection tokens, which allows remote attackers to redirect users to arbitrary web sites and spoof the origin of e-mail messages via unspecified vectors, aka "Exchange URL Redirection Vulnerability."
CVE-2014-6328 1 Microsoft 1 Internet Explorer 2026-06-17 5.0 MEDIUM N/A
Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka "Internet Explorer XSS Filter Bypass Vulnerability," a different vulnerability than CVE-2014-6365.
CVE-2014-6327 1 Microsoft 1 Internet Explorer 2026-06-17 9.3 HIGH N/A
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-6329 and CVE-2014-6376.
CVE-2014-6322 1 Microsoft 8 Windows 7, Windows 8, Windows 8.1 and 5 more 2026-06-17 4.3 MEDIUM N/A
The Windows Audio service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted web site, as demonstrated by execution of web script in Internet Explorer, aka "Windows Audio Service Vulnerability."
CVE-2014-6290 1 News Project 1 News 2026-06-17 7.5 HIGH N/A
The News (tt_news) extension before 3.5.2 for TYPO3 allows remote attackers to have unspecified impact via vectors related to an "insecure unserialize" issue.
CVE-2014-6230 1 Wp-ban Project 1 Wp-ban 2026-06-17 4.3 MEDIUM N/A
WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For header.
CVE-2014-6210 1 Ibm 2 Db2, Db2 Connect 2026-06-17 4.0 MEDIUM N/A
IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying the same column within multiple ALTER TABLE statements.
CVE-2014-6209 1 Ibm 1 Db2 2026-06-17 4.0 MEDIUM N/A
IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying an identity column within a crafted ALTER TABLE statement.
CVE-2014-6197 1 Ibm 5 Security Network Protection Xgs 3100, Security Network Protection Xgs 4100, Security Network Protection Xgs 5100 and 2 more 2026-06-17 4.3 MEDIUM N/A
IBM Security Network Protection 5.1.x and 5.2.x before 5.2.0.0 FP5 and 5.3.x before 5.3.0.0 FP1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
CVE-2014-6159 1 Ibm 1 Db2 2026-06-17 3.5 LOW N/A
IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and 10.5 through FP4 on Linux, UNIX, and Windows, when immediate AUTO_REVAL is enabled, allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement.
CVE-2014-6151 1 Ibm 1 Tivoli Integrated Portal 2026-06-17 3.5 LOW N/A
CRLF injection vulnerability in IBM Tivoli Integrated Portal (TIP) 2.2.x allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
CVE-2014-6135 1 Ibm 2 Security Appscan, Security Appscan Source 2026-06-17 4.3 MEDIUM N/A
IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
CVE-2014-6105 1 Ibm 1 Security Identity Manager 2026-06-17 4.3 MEDIUM N/A
IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
CVE-2014-6097 1 Ibm 1 Db2 2026-06-17 4.0 MEDIUM N/A
IBM DB2 9.7 before FP10 and 9.8 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement.
CVE-2014-6052 4 Canonical, Debian, Libvncserver and 1 more 4 Ubuntu Linux, Debian Linux, Libvncserver and 1 more 2026-06-17 7.5 HIGH N/A
The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.
CVE-2014-6029 1 Torrentflux Project 1 Torrentflux 2026-06-17 4.9 MEDIUM N/A
TorrentFlux 2.4 allows remote authenticated users to delete or modify other users' cookies via the cid parameter in an editCookies action to profile.php.
CVE-2014-6028 1 Torrentflux Project 1 Torrentflux 2026-06-17 4.0 MEDIUM N/A
TorrentFlux 2.4 allows remote authenticated users to obtain other users' cookies via the cid parameter in an editCookies action to profile.php.
CVE-2014-5472 1 Linux 1 Linux Kernel 2026-06-17 4.0 MEDIUM N/A
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry.
CVE-2014-5468 1 Getrailo 1 Railo 2026-06-17 6.8 MEDIUM 8.8 HIGH
A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a specially-crafted URL request to the thumbnail.cfm to specify a malicious PNG file, which could let a remote malicious user obtain sensitive information or execute arbitrary code.
CVE-2014-5460 1 Tribulant 1 Tibulant Slideshow Gallery 2026-06-17 6.5 MEDIUM N/A
Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/.