Total
11597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1539 | 2 Apple, Mozilla | 3 Mac Os X, Firefox, Thunderbird | 2026-06-17 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote attackers to conduct clickjacking attacks via JavaScript code that produces a fake cursor image. | |||||
| CVE-2014-1492 | 1 Mozilla | 1 Network Security Services | 2026-06-17 | 4.3 MEDIUM | N/A |
| The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate. | |||||
| CVE-2014-1426 | 1 Canonical | 1 Metal As A Service | 2026-06-17 | 5.0 MEDIUM | 8.6 HIGH |
| A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. This issue affects: Ubuntu MAAS versions prior to 1.9.2. | |||||
| CVE-2014-1406 | 1 Conceptronic | 2 C54apm, C54apm Firmware | 2026-06-17 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with runtime code 1.26 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the submit-url parameter in a Refresh action. | |||||
| CVE-2014-1405 | 1 Conceptronic | 2 C54apm, C54apm Firmware | 2026-06-17 | 5.8 MEDIUM | N/A |
| Multiple open redirect vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup. | |||||
| CVE-2014-1369 | 1 Apple | 1 Safari | 2026-06-17 | 4.3 MEDIUM | N/A |
| WebKit in Apple Safari before 6.1.5 and 7.x before 7.0.5 allows user-assisted remote attackers to access file: URLs by leveraging a URL drag operation that originates at a crafted web site. | |||||
| CVE-2014-1360 | 1 Apple | 1 Iphone Os | 2026-06-17 | 2.1 LOW | N/A |
| Lockdown in Apple iOS before 7.1.2 does not properly verify data from activation servers, which makes it easier for physically proximate attackers to bypass the Activation Lock protection mechanism via unspecified vectors. | |||||
| CVE-2014-1346 | 1 Apple | 1 Safari | 2026-06-17 | 5.0 MEDIUM | N/A |
| WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, does not properly interpret Unicode encoding, which allows remote attackers to spoof a postMessage origin, and bypass intended restrictions on sending a message to a connected frame or window, via crafted characters in a URL. | |||||
| CVE-2014-1318 | 1 Apple | 1 Mac Os X | 2026-06-17 | 10.0 HIGH | N/A |
| The Intel Graphics Driver in Apple OS X through 10.9.2 does not properly validate a certain pointer, which allows attackers to execute arbitrary code via a crafted application. | |||||
| CVE-2014-1316 | 1 Apple | 1 Mac Os X | 2026-06-17 | 5.0 MEDIUM | N/A |
| Heimdal, as used in Apple OS X through 10.9.2, allows remote attackers to cause a denial of service (abort and daemon exit) via ASN.1 data encountered in the Kerberos 5 protocol. | |||||
| CVE-2014-1297 | 1 Apple | 1 Safari | 2026-06-17 | 5.0 MEDIUM | N/A |
| WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, does not properly validate WebProcess IPC messages, which allows remote attackers to bypass a sandbox protection mechanism and read arbitrary files by leveraging WebProcess access. | |||||
| CVE-2014-1273 | 1 Apple | 2 Iphone Os, Tvos | 2026-06-17 | 5.8 MEDIUM | N/A |
| dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library. | |||||
| CVE-2014-1271 | 1 Apple | 2 Iphone Os, Tvos | 2026-06-17 | 7.8 HIGH | N/A |
| CoreCapture in Apple iOS before 7.1 and Apple TV before 6.1 does not properly validate IOKit API calls, which allows attackers to cause a denial of service (assertion failure and device crash) via a crafted app. | |||||
| CVE-2014-1267 | 1 Apple | 2 Iphone Os, Tvos | 2026-06-17 | 5.8 MEDIUM | N/A |
| The Configuration Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 does not properly evaluate the expiration date of a mobile configuration profile, which allows attackers to bypass intended access restrictions by using a profile after the date has passed. | |||||
| CVE-2014-1255 | 1 Apple | 1 Mac Os X | 2026-06-17 | 7.5 HIGH | N/A |
| Apple Type Services (ATS) in Apple OS X before 10.9.2 does not properly validate calls to the free function, which allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages. | |||||
| CVE-2014-1219 | 1 Broadcom | 1 2e Web Option | 2026-06-17 | 5.1 MEDIUM | N/A |
| CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a session via a modified SSNID parameter to web2edoc/close.htm. | |||||
| CVE-2014-1209 | 1 Vmware | 1 Vsphere Client | 2026-06-17 | 9.3 HIGH | N/A |
| VMware vSphere Client 4.0, 4.1, 5.0 before Update 3, and 5.1 before Update 2 does not properly validate updates to Client files, which allows remote attackers to trigger the downloading and execution of an arbitrary program via unspecified vectors. | |||||
| CVE-2014-125119 | 2026-06-17 | N/A | N/A | ||
| A filename spoofing vulnerability exists in WinRAR when opening specially crafted ZIP archives. The issue arises due to inconsistencies between the Central Directory and Local File Header entries in ZIP files. When viewed in WinRAR, the file name from the Central Directory is displayed to the user, while the file from the Local File Header is extracted and executed. An attacker can leverage this flaw to spoof filenames and trick users into executing malicious payloads under the guise of harmless files, potentially leading to remote code execution. | |||||
| CVE-2014-125117 | 1 Dlink | 2 Dsp-w215, Dsp-w215 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| A stack-based buffer overflow vulnerability in the my_cgi.cgi component of certain D-Link devices, including the DSP-W215 version 1.02, can be exploited via a specially crafted HTTP POST request to the /common/info.cgi endpoint. This flaw enables an unauthenticated attacker to achieve remote code execution with system-level privileges. | |||||
| CVE-2014-125114 | 2026-06-17 | N/A | N/A | ||
| A stack-based buffer overflow vulnerability exists in i-Ftp version 2.20 due to improper handling of the Time attribute within Schedule.xml. By placing a specially crafted Schedule.xml file in the i-Ftp application directory, a remote attacker can trigger a buffer overflow during scheduled download parsing, potentially leading to arbitrary code execution or a crash. | |||||
