| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2014-0001 | Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database ... | S | |
| CVE-2014-0002 | The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to... | E | |
| CVE-2014-0003 | The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier ... | E | |
| CVE-2014-0004 | Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause ... | S | |
| CVE-2014-0005 | PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 and JB... | | |
| CVE-2014-0006 | The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0... | S | |
| CVE-2014-0007 | The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute ar... | S | |
| CVE-2014-0008 | lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before ... | S | |
| CVE-2014-0009 | course/loginas.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2... | S | |
| CVE-2014-0010 | Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle throu... | S | |
| CVE-2014-0011 | Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in Tiger... | S | |
| CVE-2014-0012 | FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows... | E S | |
| CVE-2014-0013 | Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x b... | | |
| CVE-2014-0014 | Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x b... | | |
| CVE-2014-0015 | cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses... | S | |
| CVE-2014-0016 | stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL ps... | S | |
| CVE-2014-0017 | The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the... | S | |
| CVE-2014-0018 | Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.0 and JBoss WildFly Application Server, wh... | | |
| CVE-2014-0019 | Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows lo... | S | |
| CVE-2014-0020 | The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, whic... | | |
| CVE-2014-0021 | Chrony before 1.29.1 has traffic amplification in cmdmon protocol... | | |
| CVE-2014-0022 | The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check... | | |
| CVE-2014-0023 | OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary co... | | |
| CVE-2014-0024 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2014-0025 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-1690. Reason: This candida... | R | |
| CVE-2014-0026 | katello-headpin is vulnerable to CSRF in REST API... | | |
| CVE-2014-0027 | The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arb... | | |
| CVE-2014-0028 | libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and conn... | | |
| CVE-2014-0029 | Multiple cross-site scripting (XSS) vulnerabilities in the SAM web application in Red Hat katello-he... | | |
| CVE-2014-0030 | The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External ... | E | |
| CVE-2014-0031 | The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remo... | | |
| CVE-2014-0032 | The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 an... | S | |
| CVE-2014-0033 | org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not con... | | |
| CVE-2014-0034 | The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly ... | S | |
| CVE-2014-0035 | The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning ... | S | |
| CVE-2014-0036 | The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, whic... | | |
| CVE-2014-0037 | The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2... | | |
| CVE-2014-0038 | The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_... | E S | |
| CVE-2014-0039 | Untrusted search path vulnerability in fwsnort before 1.6.4, when not running as root, allows local ... | E S | |
| CVE-2014-0040 | OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.... | E S | |
| CVE-2014-0041 | OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.... | | |
| CVE-2014-0042 | OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.... | E S | |
| CVE-2014-0043 | In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls handled by Wicket, it is poss... | | |
| CVE-2014-0044 | The opus_packet_get_samples_per_frame function in client in Mumble 1.2.4 and the 1.2.3 pre-release s... | | |
| CVE-2014-0045 | The needSamples method in AudioOutputSpeech.cpp in the client in Mumble 1.2.4 and the 1.2.3 pre-rele... | | |
| CVE-2014-0046 | Cross-site scripting (XSS) vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x... | | |
| CVE-2014-0047 | Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp us... | | |
| CVE-2014-0048 | An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HT... | | |
| CVE-2014-0049 | Buffer overflow in the complete_emulated_mmio function in arch/x86/kvm/x86.c in the Linux kernel bef... | S | |
| CVE-2014-0050 | MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web,... | E S | |
| CVE-2014-0051 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2014-0052 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2014-0053 | The default configuration of the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 before... | | |
| CVE-2014-0054 | The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 be... | | |
| CVE-2014-0055 | The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel packa... | | |
| CVE-2014-0056 | The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ... | | |
| CVE-2014-0057 | The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat... | | |
| CVE-2014-0058 | The security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6.x before 6... | | |
| CVE-2014-0059 | JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3,... | | |
| CVE-2014-0060 | PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x be... | | |
| CVE-2014-0061 | The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before... | | |
| CVE-2014-0062 | Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before... | | |
| CVE-2014-0063 | Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before... | | |
| CVE-2014-0064 | Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.2... | | |
| CVE-2014-0065 | Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2... | | |
| CVE-2014-0066 | The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x b... | | |
| CVE-2014-0067 | The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invok... | | |
| CVE-2014-0068 | It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/wat... | | |
| CVE-2014-0069 | The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly... | S | |
| CVE-2014-0070 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2014-0071 | PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neu... | | |
| CVE-2014-0072 | ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin (org.apache.cordova.file... | S | |
| CVE-2014-0073 | The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova... | S | |
| CVE-2014-0074 | Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows r... | E | |
| CVE-2014-0075 | Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedIn... | | |
| CVE-2014-0076 | The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap ope... | | |
| CVE-2014-0077 | drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does no... | S | |
| CVE-2014-0078 | The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote au... | | |
| CVE-2014-0079 | The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earl... | | |
| CVE-2014-0080 | SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb... | | |
| CVE-2014-0081 | Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_hel... | | |
| CVE-2014-0082 | actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 conver... | | |
| CVE-2014-0083 | The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords.... | S | |
| CVE-2014-0084 | Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could resu... | | |
| CVE-2014-0085 | JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This perm... | | |
| CVE-2014-0086 | The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allo... | E S | |
| CVE-2014-0087 | The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used i... | | |
| CVE-2014-0088 | The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when runni... | S | |
| CVE-2014-0089 | Cross-site scripting (XSS) vulnerability in app/views/common/500.html.erb in Foreman 1.4.x before 1.... | E S | |
| CVE-2014-0090 | Session fixation vulnerability in Foreman before 1.4.2 allows remote attackers to hijack web session... | | |
| CVE-2014-0091 | Foreman has improper input validation which could lead to partial Denial of Service... | | |
| CVE-2014-0092 | lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecifi... | | |
| CVE-2014-0093 | Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2, when using a Java Security Manager (JSM... | | |
| CVE-2014-0094 | The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" t... | | |
| CVE-2014-0095 | java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote... | S | |
| CVE-2014-0096 | java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before... | | |
| CVE-2014-0097 | The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not c... | | |
| CVE-2014-0098 | The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server b... | S | |
| CVE-2014-0099 | Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x b... | | |
| CVE-2014-0100 | Race condition in the inet_frag_intern function in net/ipv4/inet_fragment.c in the Linux kernel thro... | S | |
| CVE-2014-0101 | The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does n... | S | |
| CVE-2014-0102 | The keyring_detect_cycle_iterator function in security/keys/keyring.c in the Linux kernel through 3.... | S | |
| CVE-2014-0103 | WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allow... | | |
| CVE-2014-0104 | In fence-agents before 4.0.17 does not verify remote SSL certificates in the fence_cisco_ucs.py scri... | | |
| CVE-2014-0105 | The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystonecl... | S | |
| CVE-2014-0106 | Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables f... | S | |
| CVE-2014-0107 | The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certai... | S | |
| CVE-2014-0108 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2014-0109 | Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of servic... | | |
| CVE-2014-0110 | Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of servic... | | |
| CVE-2014-0111 | Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arb... | | |
| CVE-2014-0112 | ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getCla... | S | |
| CVE-2014-0113 | CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does no... | S | |
| CVE-2014-0114 | Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x thr... | | |
| CVE-2014-0115 | Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers ... | S | |
| CVE-2014-0116 | CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, doe... | | |
| CVE-2014-0117 | The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled,... | S | |
| CVE-2014-0118 | The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server ... | S | |
| CVE-2014-0119 | Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the... | | |
| CVE-2014-0120 | Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attac... | S | |
| CVE-2014-0121 | The admin terminal in Hawt.io does not require authentication, which allows remote attackers to exec... | S | |
| CVE-2014-0122 | mod/chat/chat_ajax.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x b... | | |
| CVE-2014-0123 | The wiki subsystem in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x befor... | | |
| CVE-2014-0124 | The identity-reporting implementations in mod/forum/renderer.php and mod/quiz/override_form.php in M... | | |
| CVE-2014-0125 | repository/alfresco/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.... | | |
| CVE-2014-0126 | Cross-site request forgery (CSRF) vulnerability in enrol/imsenterprise/importnow.php in Moodle throu... | | |
| CVE-2014-0127 | The time-validation implementation in (1) mod/feedback/complete.php and (2) mod/feedback/complete_gu... | | |
| CVE-2014-0128 | Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to c... | | |
| CVE-2014-0129 | badges/mybadges.php in Moodle 2.5.x before 2.5.5 and 2.6.x before 2.6.2 does not properly track the ... | | |
| CVE-2014-0130 | Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-rend... | KEV | |
| CVE-2014-0131 | Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel th... | S | |
| CVE-2014-0132 | The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authent... | E S | |
| CVE-2014-0133 | Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before ... | | |
| CVE-2014-0134 | The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and Icehouse before 2014... | | |
| CVE-2014-0135 | Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses world-readable permissions for d... | | |
| CVE-2014-0136 | The (1) get and (2) log methods in the AgentController in Red Hat CloudForms 3.0 Management Engine (... | | |
| CVE-2014-0137 | SQL injection vulnerability in the saved_report_delete action in the ReportController in Red Hat Clo... | | |
| CVE-2014-0138 | The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) PO... | | |
| CVE-2014-0139 | cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS... | | |
| CVE-2014-0140 | Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to acce... | | |
| CVE-2014-0141 | Cross-site scripting (XSS) vulnerability in Red Hat Satellite 6.0.3.... | | |
| CVE-2014-0142 | QEMU, possibly before 2.0.0, allows local users to cause a denial of service (divide-by-zero error a... | | |
| CVE-2014-0143 | Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to... | S | |
| CVE-2014-0144 | QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulne... | S | |
| CVE-2014-0145 | Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a de... | S | |
| CVE-2014-0146 | The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows loca... | | |
| CVE-2014-0147 | Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW vers... | S | |
| CVE-2014-0148 | Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other poten... | S | |
| CVE-2014-0149 | Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss Web Framework Kit 2.5.0 allow r... | | |
| CVE-2014-0150 | Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlie... | S | |
| CVE-2014-0151 | Cross-site request forgery (CSRF) vulnerability in oVirt Engine before 3.5.0 beta2 allows remote att... | | |
| CVE-2014-0152 | Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote a... | S | |
| CVE-2014-0153 | The REST API in oVirt 3.4.0 and earlier stores session IDs in HTML5 local storage, which allows remo... | S | |
| CVE-2014-0154 | oVirt Engine before 3.5.0 does not include the HTTPOnly flag in a Set-Cookie header for the session ... | S | |
| CVE-2014-0155 | The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properl... | E S | |
| CVE-2014-0156 | Awesome spawn contains OS command injection vulnerability, which allows execution of additional comm... | S | |
| CVE-2014-0157 | Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboa... | S | |
| CVE-2014-0158 | Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote... | | |
| CVE-2014-0159 | Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 all... | | |
| CVE-2014-0160 | The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heart... | KEV E S | |
| CVE-2014-0161 | ovirt-engine-sdk-python before 3.4.0.7 and 3.5.0.4 does not verify that the hostname of the remote e... | | |
| CVE-2014-0162 | The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.... | | |
| CVE-2014-0163 | Openshift has shell command injection flaws due to unsanitized data being passed into shell commands... | | |
| CVE-2014-0164 | openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-re... | | |
| CVE-2014-0165 | WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by ... | | |
| CVE-2014-0166 | The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.... | | |
| CVE-2014-0167 | The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 an... | S | |
| CVE-2014-0168 | Cross-site request forgery (CSRF) vulnerability in Jolokia before 1.2.1 allows remote attackers to h... | E | |
| CVE-2014-0169 | In JBoss EAP 6 a security domain is configured to use a cache that is shared between all application... | | |
| CVE-2014-0170 | Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows ... | S | |
| CVE-2014-0171 | XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in Odata4j, as used in Red Hat JB... | E | |
| CVE-2014-0172 | Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in... | S | |
| CVE-2014-0173 | The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2... | | |
| CVE-2014-0174 | Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTP... | | |
| CVE-2014-0175 | mcollective has a default password set at install... | | |
| CVE-2014-0176 | Cross-site scripting (XSS) vulnerability in application/panel_control in CloudForms 3.0 Management E... | | |
| CVE-2014-0177 | The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrar... | E S | |
| CVE-2014-0178 | Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow c... | | |
| CVE-2014-0179 | libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block... | S | |
| CVE-2014-0180 | The wait_for_task function in app/controllers/application_controller.rb in Red Hat CloudForms 3.0 Ma... | | |
| CVE-2014-0181 | The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for autho... | S | |
| CVE-2014-0182 | Heap-based buffer overflow in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 mi... | S | |
| CVE-2014-0183 | Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS v... | | |
| CVE-2014-0184 | Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 logs the root password when deploying... | | |
| CVE-2014-0185 | sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5... | E S | |
| CVE-2014-0186 | A certain tomcat7 package for Apache Tomcat 7 in Red Hat Enterprise Linux (RHEL) 7 allows remote att... | | |
| CVE-2014-0187 | The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1... | | |
| CVE-2014-0188 | The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not prope... | | |
| CVE-2014-0189 | virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to ob... | | |
| CVE-2014-0190 | The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL... | | |
| CVE-2014-0191 | The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener... | S | |
| CVE-2014-0192 | Foreman 1.4.0 before 1.5.0 does not properly restrict access to provisioning template previews, whic... | E S | |
| CVE-2014-0193 | WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x b... | S | |
| CVE-2014-0194 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2014-0195 | The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, ... | S | |
| CVE-2014-0196 | The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly... | KEV E S | |
| CVE-2014-0197 | CFME: CSRF protection vulnerability via permissive check of the referrer header... | | |
| CVE-2014-0198 | The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS ... | S | |
| CVE-2014-0199 | The setup script in ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports (... | | |
| CVE-2014-0200 | The Red Hat Enterprise Virtualization Manager reports (rhevm-reports) package before 3.3.3-1 uses wo... | | |
| CVE-2014-0201 | ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports package (rhevm-report... | | |
| CVE-2014-0202 | The setup script in ovirt-engine-dwh, as used in the Red Hat Enterprise Virtualization Manager data ... | | |
| CVE-2014-0203 | The __do_follow_link function in fs/namei.c in the Linux kernel before 2.6.33 does not properly hand... | E S | |
| CVE-2014-0204 | OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a ... | E S | |
| CVE-2014-0205 | The futex_wait function in kernel/futex.c in the Linux kernel before 2.6.37 does not properly mainta... | E | |
| CVE-2014-0206 | Array index error in the aio_read_events_ring function in fs/aio.c in the Linux kernel through 3.15.... | S | |
| CVE-2014-0207 | The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component i... | S | |
| CVE-2014-0208 | Cross-site scripting (XSS) vulnerability in the search auto-completion functionality in Foreman befo... | E | |
| CVE-2014-0209 | Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont ... | | |
| CVE-2014-0210 | Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote f... | | |
| CVE-2014-0211 | Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info... | | |
| CVE-2014-0212 | qpid-cpp: ACL policies only loaded if the acl-file option specified enabling DoS by consuming all av... | | |
| CVE-2014-0213 | Multiple cross-site request forgery (CSRF) vulnerabilities in mod/assign/locallib.php in the Assignm... | | |
| CVE-2014-0214 | login/token.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before ... | | |
| CVE-2014-0215 | The blind-marking implementation in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, ... | | |
| CVE-2014-0216 | The My Home implementation in the block_html_pluginfile function in blocks/html/lib.php in Moodle th... | | |
| CVE-2014-0217 | enrol/index.php in Moodle 2.6.x before 2.6.3 does not check for the moodle/course:viewhiddencourses ... | | |
| CVE-2014-0218 | Cross-site scripting (XSS) vulnerability in the URL downloader repository in repository/url/lib.php ... | | |
| CVE-2014-0219 | Apache Karaf before 4.0.10 enables a shutdown port on the loopback interface, which allows local use... | | |
| CVE-2014-0220 | Cloudera Manager before 4.8.3 and 5.x before 5.0.1 allows remote authenticated users to obtain sensi... | | |
| CVE-2014-0221 | The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m,... | S | |
| CVE-2014-0222 | Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attack... | E S | |
| CVE-2014-0223 | Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users t... | E S | |
| CVE-2014-0224 | OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict proc... | E S | |
| CVE-2014-0225 | When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, an... | | |
| CVE-2014-0226 | Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attack... | E S | |
| CVE-2014-0227 | java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.... | | |
| CVE-2014-0228 | Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check t... | | |
| CVE-2014-0229 | Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2... | | |
| CVE-2014-0230 | Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle ca... | S | |
| CVE-2014-0231 | The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which... | S | |
| CVE-2014-0232 | Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.... | S | |
| CVE-2014-0233 | Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to ex... | E | |
| CVE-2014-0234 | The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a passwo... | E S | |
| CVE-2014-0235 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0325, CVE-2014-3538. Reaso... | R | |
| CVE-2014-0236 | file before 5.18, as used in the Fileinfo component in PHP before 5.6.0, allows remote attackers to ... | | |
| CVE-2014-0237 | The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5... | S | |
| CVE-2014-0238 | The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.... | S | |
| CVE-2014-0239 | The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section... | | |
| CVE-2014-0240 | The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle err... | | |
| CVE-2014-0241 | rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable... | | |
| CVE-2014-0242 | mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to o... | | |
| CVE-2014-0243 | Check_MK through 1.2.5i2p1 allows local users to read arbitrary files via a symlink attack to a file... | E S | |
| CVE-2014-0244 | The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x befor... | | |
| CVE-2014-0245 | It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was n... | | |
| CVE-2014-0246 | SOSreport stores the md5 hash of the GRUB bootloader password in an archive, which allows local user... | | |
| CVE-2014-0247 | LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and at... | | |
| CVE-2014-0248 | org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise A... | | |
| CVE-2014-0249 | The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a... | | |
| CVE-2014-0250 | Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allow remote attackers to have an ... | | |
| CVE-2014-0251 | Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 201... | | |
| CVE-2014-0252 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-0253 | Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine... | | |
| CVE-2014-0254 | The IPv6 implementation in Microsoft Windows 8, Windows Server 2012, and Windows RT does not properl... | | |
| CVE-2014-0255 | Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allow remote attackers to c... | | |
| CVE-2014-0256 | Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold allow remote attackers to cause a ... | | |
| CVE-2014-0257 | Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly ... | E | |
| CVE-2014-0258 | Microsoft Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote at... | | |
| CVE-2014-0259 | Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrar... | | |
| CVE-2014-0260 | Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office Compatibility Pack SP... | | |
| CVE-2014-0261 | Microsoft Dynamics AX 4.0 SP2, 2009 SP1, 2012, and 2012 R2 allows remote authenticated users to caus... | | |
| CVE-2014-0262 | win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Server 2008 R2 SP1 does not pro... | | |
| CVE-2014-0263 | The Direct2D implementation in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windo... | S | |
| CVE-2014-0264 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-0265 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-0266 | The XMLHTTP ActiveX controls in XML Core Services 3.0 in Microsoft Windows XP SP2 and SP3, Windows S... | S | |
| CVE-2014-0267 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2014-0268 | Microsoft Internet Explorer 8 through 11 does not properly restrict file installation and registry-k... | | |
| CVE-2014-0269 | Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-0270 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-0271 | The VBScript engine in Microsoft Internet Explorer 6 through 11, and VBScript 5.6 through 5.8, allow... | | |
| CVE-2014-0272 | Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-0273 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-0274 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-0275 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-0276 | Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a den... | | |
| CVE-2014-0277 | Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of... | | |
| CVE-2014-0278 | Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of... | | |
| CVE-2014-0279 | Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of... | | |
| CVE-2014-0280 | Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a... | | |
| CVE-2014-0281 | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-0282 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ... | E | |
| CVE-2014-0283 | Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of... | | |
| CVE-2014-0284 | Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a de... | | |
| CVE-2014-0285 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-0286 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-0287 | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-0288 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-0289 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2014-0290 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2014-0291 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-0292 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2014-0293 | Microsoft Internet Explorer 9 through 11 allows remote attackers to read content from a different (1... | | |
| CVE-2014-0294 | Microsoft Forefront Protection 2010 for Exchange Server does not properly parse e-mail content, whic... | | |
| CVE-2014-0295 | VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not implement the ASLR protection me... | E | |
| CVE-2014-0296 | The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8, Windows 8.1,... | S | |
| CVE-2014-0297 | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-0298 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-0299 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-0300 | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, ... | S | |
| CVE-2014-0301 | Double free vulnerability in qedit.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Windows Se... | S | |
| CVE-2014-0302 | Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a... | | |
| CVE-2014-0303 | Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a... | | |
| CVE-2014-0304 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2014-0305 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-0306 | Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a den... | | |
| CVE-2014-0307 | Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arb... | E | |
| CVE-2014-0308 | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-0309 | Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-0310 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-0311 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-0312 | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-0313 | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d... | | |
| CVE-2014-0314 | Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a de... | | |
| CVE-2014-0315 | Untrusted search path vulnerability in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Wi... | S | |
| CVE-2014-0316 | Memory leak in the Local RPC (LRPC) server implementation in Microsoft Windows 7 SP1, Windows Server... | S | |
| CVE-2014-0317 | The Security Account Manager Remote (SAMR) protocol implementation in Microsoft Windows XP SP2 and S... | | |
| CVE-2014-0318 | win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windo... | S | |
| CVE-2014-0319 | Microsoft Silverlight 5 before 5.1.30214.0 and Silverlight 5 Developer Runtime before 5.1.30214.0 al... | | |
| CVE-2014-0320 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-0321 | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d... | | |
| CVE-2014-0322 | Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to exec... | KEV E S | |
| CVE-2014-0323 | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, ... | S | |
| CVE-2014-0324 | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-0325 | Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arb... | | |
| CVE-2014-0326 | The Pilot Below Deck Equipment (BDE) and OpenPort implementations on Iridium satellite terminals all... | | |
| CVE-2014-0327 | The Terminal Upgrade Tool in the Pilot Below Deck Equipment (BDE) and OpenPort implementations on Ir... | | |
| CVE-2014-0328 | The thraneLINK protocol implementation on Cobham devices does not verify firmware signatures, which ... | | |
| CVE-2014-0329 | The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon f... | | |
| CVE-2014-0330 | Cross-site scripting (XSS) vulnerability in adminui/user_list.php on the Dell KACE K1000 management ... | E | |
| CVE-2014-0331 | Cross-site scripting (XSS) vulnerability in the web administration interface in FortiADC with firmwa... | E | |
| CVE-2014-0332 | Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL... | | |
| CVE-2014-0333 | The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.... | S | |
| CVE-2014-0334 | Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple allow remote authenticated us... | | |
| CVE-2014-0335 | Multiple cross-site scripting (XSS) vulnerabilities in the web client in Serena Dimensions CM 12.2 b... | | |
| CVE-2014-0336 | Cross-site request forgery (CSRF) vulnerability in the web client in Serena Dimensions CM 12.2 build... | | |
| CVE-2014-0337 | Cross-site scripting (XSS) vulnerability in the web interface on Huawei Echo Life HG8247 routers wit... | | |
| CVE-2014-0338 | Multiple cross-site scripting (XSS) vulnerabilities in the firewall policy management pages in Watch... | E | |
| CVE-2014-0339 | Cross-site scripting (XSS) vulnerability in view.cgi in Webmin before 1.680 allows remote attackers ... | E | |
| CVE-2014-0341 | Multiple cross-site scripting (XSS) vulnerabilities in PivotX before 2.3.9 allow remote authenticate... | E S | |
| CVE-2014-0342 | Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow rem... | | |
| CVE-2014-0343 | The web interface on Virtual Access GW6110A routers with software 9.00 before 9.09.27, 9.50 before 9... | | |
| CVE-2014-0344 | Properties.do in ZOHO ManageEngine OpStor before build 8500 does not properly check privilege levels... | | |
| CVE-2014-0346 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0160. Reason: This candida... | R | |
| CVE-2014-0347 | The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.... | | |
| CVE-2014-0348 | The Artiva Agency Single Sign-On (SSO) implementation in Artiva Workstation 1.3.x before 1.3.9, Arti... | | |
| CVE-2014-0349 | Multiple unspecified vulnerabilities in J2k-Codec allow remote attackers to execute arbitrary code v... | | |
| CVE-2014-0350 | The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4... | | |
| CVE-2014-0351 | The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.x before 5.0.8 on FortiGat... | | |
| CVE-2014-0352 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2216. Reason: This candida... | R | |
| CVE-2014-0353 | The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers t... | | |
| CVE-2014-0354 | The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 has a hardcoded password ... | | |
| CVE-2014-0355 | Multiple stack-based buffer overflows on the ZyXEL Wireless N300 NetUSB NBG-419N router with firmwar... | | |
| CVE-2014-0356 | The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers t... | | |
| CVE-2014-0357 | Amtelco miSecureMessages allows remote attackers to read the messages of arbitrary users via an XML ... | | |
| CVE-2014-0358 | Multiple directory traversal vulnerabilities in Xangati XSR before 11 and XNR before 7 allow remote ... | | |
| CVE-2014-0359 | Xangati XSR before 11 and XNR before 7 allows remote attackers to execute arbitrary commands via she... | | |
| CVE-2014-0360 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2741. Reason: This candida... | R | |
| CVE-2014-0361 | The default configuration of IBM 4690 OS, as used in Toshiba Global Commerce Solutions 4690 POS and ... | | |
| CVE-2014-0362 | Cross-site scripting (XSS) vulnerability on Google Search Appliance (GSA) devices before 7.0.14.G.21... | | |
| CVE-2014-0363 | The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not ver... | | |
| CVE-2014-0364 | The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the... | | |
| CVE-2014-0366 | Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite ... | | |
| CVE-2014-0367 | Unspecified vulnerability in the Hyperion Essbase Administration Services component in Oracle Hyperi... | | |
| CVE-2014-0368 | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and Java SE Embedded 7u45, allow... | | |
| CVE-2014-0369 | Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 al... | | |
| CVE-2014-0370 | Unspecified vulnerability in the Siebel Life Sciences component in Oracle Siebel CRM 8.1.1 and 8.2.2... | | |
| CVE-2014-0371 | Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain ... | | |
| CVE-2014-0372 | Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain ... | E | |
| CVE-2014-0373 | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and OpenJDK 7, allows remote att... | | |
| CVE-2014-0374 | Unspecified vulnerability in the Oracle Portal component in Oracle Fusion Middleware 11.1.1.6 allows... | | |
| CVE-2014-0375 | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confiden... | | |
| CVE-2014-0376 | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJ... | | |
| CVE-2014-0377 | Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, ... | | |
| CVE-2014-0378 | Unspecified vulnerability in the Spatial component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.... | | |
| CVE-2014-0379 | Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain ... | E | |
| CVE-2014-0380 | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Pr... | | |
| CVE-2014-0381 | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Pr... | | |
| CVE-2014-0382 | Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect... | | |
| CVE-2014-0383 | Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.... | | |
| CVE-2014-0384 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.1... | | |
| CVE-2014-0385 | Unspecified vulnerability in Oracle Java SE 7u45, when installing on OS X, allows remote attackers t... | | |
| CVE-2014-0386 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 a... | | |
| CVE-2014-0387 | Unspecified vulnerability in Oracle Java SE 6u65 and Java SE 7u45, when running on Firefox, allows r... | | |
| CVE-2014-0388 | Unspecified vulnerability in the PeopleSoft Enterprise HRMS Human Resources component in Oracle Peop... | | |
| CVE-2014-0389 | Unspecified vulnerability in Oracle iLearning 6.0 allows remote attackers to affect integrity via un... | S | |
| CVE-2014-0390 | Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect integrity via unkno... | S | |
| CVE-2014-0391 | Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.... | S | |
| CVE-2014-0392 | Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products ... | S | |
| CVE-2014-0393 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 a... | | |
| CVE-2014-0394 | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Pr... | S | |
| CVE-2014-0395 | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Pr... | S | |
| CVE-2014-0396 | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Pr... | S | |
| CVE-2014-0397 | Multiple unspecified vulnerabilities in libXtsol in Oracle Solaris 10 and 11.1 have unspecified impa... | | |
| CVE-2014-0398 | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Su... | | |
| CVE-2014-0399 | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain P... | | |
| CVE-2014-0400 | Unspecified vulnerability in the Oracle Internet Directory component in Oracle Fusion Middleware 11.... | | |
| CVE-2014-0401 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 a... | | |
| CVE-2014-0402 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 a... | | |
| CVE-2014-0403 | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confiden... | | |
| CVE-2014-0404 | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox ... | | |
| CVE-2014-0405 | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox ... | | |
| CVE-2014-0406 | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox ... | | |
| CVE-2014-0407 | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox ... | | |
| CVE-2014-0408 | Unspecified vulnerability in Oracle Java SE 7u45, when running on OS X, allows remote attackers to a... | | |
| CVE-2014-0409 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-0410 | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confiden... | | |
| CVE-2014-0411 | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Jav... | | |
| CVE-2014-0412 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 a... | | |
| CVE-2014-0413 | Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10... | | |
| CVE-2014-0414 | Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10... | | |
| CVE-2014-0415 | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confiden... | | |
| CVE-2014-0416 | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJ... | | |
| CVE-2014-0417 | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JavaFX 2.2.45; and Java SE Embed... | | |
| CVE-2014-0418 | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confiden... | | |
| CVE-2014-0419 | Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) component in Oracle Virtualizati... | | |
| CVE-2014-0420 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.... | | |
| CVE-2014-0421 | Unspecified vulnerability in Oracle Solaris 10, when running on the SPARC64-X Platform, allows local... | | |
| CVE-2014-0422 | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJ... | | |
| CVE-2014-0423 | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Jav... | | |
| CVE-2014-0424 | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confiden... | | |
| CVE-2014-0425 | Unspecified vulnerability in the PeopleSoft Enterprise SCM Services Procurement component in Oracle ... | | |
| CVE-2014-0426 | Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10... | | |
| CVE-2014-0427 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows re... | | |
| CVE-2014-0428 | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJ... | | |
| CVE-2014-0429 | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; ... | | |
| CVE-2014-0430 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows re... | | |
| CVE-2014-0431 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows re... | | |
| CVE-2014-0432 | Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote att... | | |
| CVE-2014-0433 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows re... | | |
| CVE-2014-0434 | Unspecified vulnerability in the Oracle Agile Product Lifecycle Management for Process component in ... | | |
| CVE-2014-0435 | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain P... | | |
| CVE-2014-0436 | Unspecified vulnerability in the Hyperion BI+ component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 all... | | |
| CVE-2014-0437 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 a... | | |
| CVE-2014-0438 | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Pr... | | |
| CVE-2014-0439 | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Pr... | | |
| CVE-2014-0440 | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Pr... | | |
| CVE-2014-0441 | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Pr... | | |
| CVE-2014-0442 | Unspecified vulnerability in Oracle Solaris 9, 10, and 11.1 allows local users to affect confidentia... | | |
| CVE-2014-0443 | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Pr... | | |
| CVE-2014-0444 | Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical Professional component in Oracle ... | | |
| CVE-2014-0445 | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Pr... | | |
| CVE-2014-0446 | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, al... | | |
| CVE-2014-0447 | Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability vi... | S | |
| CVE-2014-0448 | Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentia... | | |
| CVE-2014-0449 | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows rem... | | |
| CVE-2014-0450 | Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.... | | |
| CVE-2014-0451 | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, al... | | |
| CVE-2014-0452 | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows rem... | | |
| CVE-2014-0453 | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; ... | | |
| CVE-2014-0454 | Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote att... | | |
| CVE-2014-0455 | Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote att... | | |
| CVE-2014-0456 | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows rem... | | |
| CVE-2014-0457 | Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.... | | |
| CVE-2014-0458 | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows rem... | | |
| CVE-2014-0459 | Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote att... | | |
| CVE-2014-0460 | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; ... | | |
| CVE-2014-0461 | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows rem... | | |
| CVE-2014-0462 | Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.0... | | |
| CVE-2014-0463 | Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via ... | | |
| CVE-2014-0464 | Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via ... | | |
| CVE-2014-0465 | Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 P... | | |
| CVE-2014-0466 | The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows contex... | | |
| CVE-2014-0467 | Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service... | | |
| CVE-2014-0468 | Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute s... | | |
| CVE-2014-0469 | Stack-based buffer overflow in a certain Debian patch for xbuffy before 3.3.bl.3.dfsg-9 allows remot... | | |
| CVE-2014-0470 | super.c in Super 3.30.0 does not check the return value of the setuid function when the -F flag is s... | | |
| CVE-2014-0471 | Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x befor... | | |
| CVE-2014-0472 | The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x bef... | | |
| CVE-2014-0473 | The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x bef... | | |
| CVE-2014-0474 | The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Djan... | | |
| CVE-2014-0475 | Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow... | | |
| CVE-2014-0476 | The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows loca... | E | |
| CVE-2014-0477 | The parse function in Email::Address module before 1.905 for Perl uses an inefficient regular expres... | E S | |
| CVE-2014-0478 | APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attacker... | E | |
| CVE-2014-0479 | reportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 allows remote attackers to execute arbitra... | | |
| CVE-2014-0480 | The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6... | S | |
| CVE-2014-0481 | The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before ... | S | |
| CVE-2014-0482 | The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.... | | |
| CVE-2014-0483 | The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x befo... | E S | |
| CVE-2014-0484 | The Debian acpi-support package before 0.140-5+deb7u3 allows local users to gain privileges via vect... | | |
| CVE-2014-0485 | S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to exe... | E S | |
| CVE-2014-0486 | Knot DNS before 1.5.2 allows remote attackers to cause a denial of service (application crash) via a... | | |
| CVE-2014-0487 | APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the ... | S | |
| CVE-2014-0488 | APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authen... | S | |
| CVE-2014-0489 | APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, whic... | S | |
| CVE-2014-0490 | The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages,... | S | |
| CVE-2014-0491 | Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS ... | S | |
| CVE-2014-0492 | Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS ... | S | |
| CVE-2014-0493 | Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allow at... | | |
| CVE-2014-0494 | Adobe Digital Editions 2.0.1 allows attackers to execute arbitrary code or cause a denial of service... | | |
| CVE-2014-0495 | Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allow at... | | |
| CVE-2014-0496 | Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 ... | KEV | |
| CVE-2014-0497 | Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.... | KEV E S | |
| CVE-2014-0498 | Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x befo... | S | |
| CVE-2014-0499 | Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac... | S | |
| CVE-2014-0500 | Adobe Shockwave Player before 12.0.9.149 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-0501 | Adobe Shockwave Player before 12.0.9.149 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-0502 | Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before... | KEV E S | |
| CVE-2014-0503 | Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS ... | | |
| CVE-2014-0504 | Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS ... | | |
| CVE-2014-0505 | Adobe Shockwave Player before 12.1.0.150 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-0506 | Use-after-free vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x bef... | | |
| CVE-2014-0507 | Buffer overflow in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.18... | | |
| CVE-2014-0508 | Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS... | S | |
| CVE-2014-0509 | Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x throug... | | |
| CVE-2014-0510 | Heap-based buffer overflow in Adobe Flash Player 12.0.0.77 allows remote attackers to execute arbitr... | | |
| CVE-2014-0511 | Heap-based buffer overflow in Adobe Reader 11.0.06 allows remote attackers to execute arbitrary code... | | |
| CVE-2014-0512 | Adobe Reader 11.0.06 allows attackers to bypass a PDF sandbox protection mechanism via unspecified v... | | |
| CVE-2014-0513 | Stack-based buffer overflow in Adobe Illustrator CS6 before 16.0.5 and 16.2.x before 16.2.2 allows r... | | |
| CVE-2014-0514 | The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaSc... | E S | |
| CVE-2014-0515 | Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.20... | S | |
| CVE-2014-0516 | Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR... | | |
| CVE-2014-0517 | Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR... | | |
| CVE-2014-0518 | Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR... | | |
| CVE-2014-0519 | Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR... | | |
| CVE-2014-0520 | Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR... | | |
| CVE-2014-0521 | Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X do not prop... | | |
| CVE-2014-0522 | Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attac... | | |
| CVE-2014-0523 | Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attac... | | |
| CVE-2014-0524 | Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attac... | | |
| CVE-2014-0525 | The API in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X ... | | |
| CVE-2014-0526 | Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attac... | | |
| CVE-2014-0527 | Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07... | | |
| CVE-2014-0528 | Double free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on... | | |
| CVE-2014-0529 | Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows a... | | |
| CVE-2014-0530 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-0531 | Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.... | S | |
| CVE-2014-0532 | Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.... | S | |
| CVE-2014-0533 | Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.... | S | |
| CVE-2014-0534 | Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.... | S | |
| CVE-2014-0535 | Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.... | S | |
| CVE-2014-0536 | Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.... | S | |
| CVE-2014-0537 | Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.... | | |
| CVE-2014-0538 | Use-after-free vulnerability in Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on W... | S | |
| CVE-2014-0539 | Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.... | | |
| CVE-2014-0540 | Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.... | S | |
| CVE-2014-0541 | Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.... | S | |
| CVE-2014-0542 | Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.... | | |
| CVE-2014-0543 | Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.... | S | |
| CVE-2014-0544 | Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.... | S | |
| CVE-2014-0545 | Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.... | S | |
| CVE-2014-0546 | Adobe Reader and Acrobat 10.x before 10.1.11 and 11.x before 11.0.08 on Windows allow attackers to b... | KEV S | |
| CVE-2014-0547 | Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and bef... | S | |
| CVE-2014-0548 | Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and bef... | S | |
| CVE-2014-0549 | Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and bef... | S | |
| CVE-2014-0550 | Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and bef... | S | |
| CVE-2014-0551 | Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and bef... | S | |
| CVE-2014-0552 | Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and bef... | S | |
| CVE-2014-0553 | Use-after-free vulnerability in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0... | S | |
| CVE-2014-0554 | Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and bef... | S | |
| CVE-2014-0555 | Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and bef... | S | |
| CVE-2014-0556 | Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.1... | E S | |
| CVE-2014-0557 | Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and bef... | S | |
| CVE-2014-0558 | Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and bef... | S | |
| CVE-2014-0559 | Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.1... | S | |
| CVE-2014-0560 | Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09... | S | |
| CVE-2014-0561 | Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 o... | S | |
| CVE-2014-0562 | Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x be... | S | |
| CVE-2014-0563 | Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attac... | S | |
| CVE-2014-0564 | Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and bef... | S | |
| CVE-2014-0565 | Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attac... | S | |
| CVE-2014-0566 | Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attac... | S | |
| CVE-2014-0567 | Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 o... | S | |
| CVE-2014-0568 | The NtSetInformationFile system call hook feature in Adobe Reader and Acrobat 10.x before 10.1.12 an... | S | |
| CVE-2014-0569 | Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Wind... | S | |
| CVE-2014-0570 | Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 befo... | S | |
| CVE-2014-0571 | Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Upda... | S | |
| CVE-2014-0572 | Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Upda... | S | |
| CVE-2014-0573 | Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0... | S | |
| CVE-2014-0574 | Double free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.22... | S | |
| CVE-2014-0575 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-0576 | Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and bef... | S | |
| CVE-2014-0577 | Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and bef... | S | |
| CVE-2014-0578 | Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and... | S | |
| CVE-2014-0579 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-0580 | Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and... | | |
| CVE-2014-0581 | Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and bef... | S | |
| CVE-2014-0582 | Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.2... | S | |
| CVE-2014-0583 | Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.2... | S | |
| CVE-2014-0584 | Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and bef... | S | |
| CVE-2014-0585 | Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and bef... | S | |
| CVE-2014-0586 | Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and bef... | S | |
| CVE-2014-0587 | Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and... | | |
| CVE-2014-0588 | Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0... | S | |
| CVE-2014-0589 | Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.2... | S | |
| CVE-2014-0590 | Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and bef... | S | |
| CVE-2014-0591 | The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P... | | |
| CVE-2014-0592 | Barclamp (aka barclamp-network) 1.7 for the Crowbar Framework, as used in SUSE Cloud 3, does not ena... | S | |
| CVE-2014-0593 | sed command injection | | |
| CVE-2014-0594 | CSRF protection incorrectly disabled | | |
| CVE-2014-0595 | /opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Li... | | |
| CVE-2014-0598 | Directory traversal vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Mai... | | |
| CVE-2014-0599 | Cross-site scripting (XSS) vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 bef... | | |
| CVE-2014-0600 | FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote at... | | |
| CVE-2014-0602 | Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in Net... | | |
| CVE-2014-0603 | The rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote at... | | |
| CVE-2014-0604 | Directory traversal vulnerability in the rftpcom.dll ActiveX control in Attachmate Reflection FTP Cl... | | |
| CVE-2014-0605 | Directory traversal vulnerability in the rftpcom.dll ActiveX control in Attachmate Reflection FTP Cl... | | |
| CVE-2014-0606 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0603. Reason: This issue was... | R | |
| CVE-2014-0607 | Unrestricted file upload vulnerability in Attachmate Verastream Process Designer (VPD) before R6 SP1... | | |
| CVE-2014-0609 | Unspecified vulnerability in Novell Open Enterprise Server (OES) 11 SP1 before Scheduled Maintenance... | | |
| CVE-2014-0610 | The client in Novell GroupWise before 8.0.3 HP4, 2012 before SP3, and 2014 before SP1 on Windows all... | | |
| CVE-2014-0611 | Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 2012 before Sup... | | |
| CVE-2014-0612 | Unspecified vulnerability in Juniper Junos before 11.4R10-S1, before 11.4R11, 12.1X44 before 12.1X44... | | |
| CVE-2014-0613 | The XNM command processor in Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12... | | |
| CVE-2014-0614 | Juniper Junos 13.2 before 13.2R3 and 13.3 before 13.3R1, when PIM is enabled, allows remote attacker... | | |
| CVE-2014-0615 | Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X... | | |
| CVE-2014-0616 | Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X... | | |
| CVE-2014-0617 | Juniper Junos 10.4S before 10.4S15, 10.4R before 10.4R16, 11.4 before 11.4R9, and 12.1R before 12.1R... | | |
| CVE-2014-0618 | Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R before 12.1R7, 12.1X44 before 12... | | |
| CVE-2014-0619 | Untrusted search path vulnerability in Hamster Free ZIP Archiver 2.0.1.7 allows local users to execu... | E | |
| CVE-2014-0620 | Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01... | E | |
| CVE-2014-0621 | Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 ... | E | |
| CVE-2014-0622 | The web service in EMC Documentum Foundation Services (DFS) 6.5 through 6.7 before 6.7 SP1 P22, 6.7 ... | | |
| CVE-2014-0623 | Cross-site scripting (XSS) vulnerability in the Self-Service Console in EMC RSA Authentication Manag... | | |
| CVE-2014-0624 | EMC RSA Data Loss Prevention (DLP) 9.x before 9.6-SP2 does not properly manage sessions, which allow... | | |
| CVE-2014-0625 | The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.... | | |
| CVE-2014-0626 | The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it... | | |
| CVE-2014-0627 | The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows... | | |
| CVE-2014-0628 | The server in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.5 does not properly process c... | | |
| CVE-2014-0629 | EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 does not properly handle the ... | | |
| CVE-2014-0630 | EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 allows remote authenticated u... | | |
| CVE-2014-0631 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2014-0632 | Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote aut... | | |
| CVE-2014-0633 | The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout ... | | |
| CVE-2014-0634 | EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie hea... | | |
| CVE-2014-0635 | Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attack... | | |
| CVE-2014-0636 | EMC RSA BSAFE Micro Edition Suite (MES) 3.2.x before 3.2.6 and 4.0.x before 4.0.5 does not properly ... | | |
| CVE-2014-0637 | Cross-site scripting (XSS) vulnerability in the back-office case-management application in RSA Adapt... | | |
| CVE-2014-0638 | Cross-site scripting (XSS) vulnerability in RSA Adaptive Authentication (On-Premise) 6.x and 7.x bef... | | |
| CVE-2014-0639 | Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.4 SP1 P3 allo... | | |
| CVE-2014-0640 | EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended ... | | |
| CVE-2014-0641 | Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 al... | | |
| CVE-2014-0642 | EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, 7.0 before P13, and 7.1 before... | | |
| CVE-2014-0643 | EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 10.2.4 and 10.3.x before 10.3.2... | | |
| CVE-2014-0644 | EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via... | | |
| CVE-2014-0645 | EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File Management Appliance (FMA) 7.x store D... | | |
| CVE-2014-0646 | The runtime WS component in the server in EMC RSA Access Manager 6.1.3 before 6.1.3.39, 6.1.4 before... | | |
| CVE-2014-0647 | The Starbucks 2.6.1 application for iOS stores sensitive information in plaintext in the Crashlytics... | | |
| CVE-2014-0648 | The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enfor... | | |
| CVE-2014-0649 | The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enfor... | | |
| CVE-2014-0650 | The web interface in Cisco Secure Access Control System (ACS) 5.x before 5.4 Patch 3 allows remote a... | | |
| CVE-2014-0651 | The administrative interface in Cisco Context Directory Agent (CDA) does not properly enforce author... | | |
| CVE-2014-0652 | Cross-site scripting (XSS) vulnerability in the Mappings page in Cisco Context Directory Agent (CDA)... | | |
| CVE-2014-0653 | The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allow... | | |
| CVE-2014-0654 | Cisco Context Directory Agent (CDA) allows remote attackers to modify the cache via a replay attack ... | | |
| CVE-2014-0655 | The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allow... | | |
| CVE-2014-0656 | Cisco Context Directory Agent (CDA) allows remote authenticated users to trigger the omission of cer... | | |
| CVE-2014-0657 | The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier do... | | |
| CVE-2014-0658 | Cisco 9900 Unified IP phones allow remote attackers to cause a denial of service (unregistration) vi... | | |
| CVE-2014-0659 | The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x th... | S | |
| CVE-2014-0660 | Cisco TelePresence ISDN Gateway with software before 2.2(1.92) allows remote attackers to cause a de... | | |
| CVE-2014-0661 | The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3... | | |
| CVE-2014-0662 | The SIP module in Cisco TelePresence Video Communication Server (VCS) before 8.1 allows remote attac... | | |
| CVE-2014-0663 | Cross-site scripting (XSS) vulnerability in the web framework in Cisco Secure Access Control System ... | | |
| CVE-2014-0664 | The server in Cisco Unity Connection allows remote authenticated users to cause a denial of service ... | | |
| CVE-2014-0665 | The RBAC implementation in Cisco Identity Services Engine (ISE) Software does not properly verify pr... | | |
| CVE-2014-0666 | Directory traversal vulnerability in the Send Screen Capture implementation in Cisco Jabber 9.2(.1) ... | | |
| CVE-2014-0667 | The RMI interface in Cisco Secure Access Control System (ACS) does not properly enforce authorizatio... | | |
| CVE-2014-0668 | Cross-site scripting (XSS) vulnerability in the portal in Cisco Secure Access Control System (ACS) a... | | |
| CVE-2014-0669 | The Wireless Session Protocol (WSP) feature in the Gateway GPRS Support Node (GGSN) component on Cis... | | |
| CVE-2014-0670 | Cross-site scripting (XSS) vulnerability in the Search and Play interface in Cisco MediaSense allows... | | |
| CVE-2014-0671 | Open redirect vulnerability in Cisco MediaSense allows remote attackers to redirect users to arbitra... | | |
| CVE-2014-0672 | The Search and Play interface in Cisco MediaSense does not properly enforce authorization requiremen... | | |
| CVE-2014-0673 | Multiple cross-site scripting (XSS) vulnerabilities in the web interface on Cisco Video Surveillance... | | |
| CVE-2014-0674 | Cisco Video Surveillance Operations Manager (VSOM) does not require authentication for MySQL databas... | | |
| CVE-2014-0675 | The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same defaul... | | |
| CVE-2014-0676 | Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multi... | | |
| CVE-2014-0677 | The Label Distribution Protocol (LDP) functionality in Cisco NX-OS allows remote attackers to cause ... | | |
| CVE-2014-0678 | The portal interface in Cisco Secure Access Control System (ACS) does not properly manage sessions, ... | | |
| CVE-2014-0679 | Cisco Prime Infrastructure 1.2 and 1.3 before 1.3.0.20-2, 1.4 before 1.4.0.45-2, and 2.0 before 2.0.... | | |
| CVE-2014-0680 | Cross-site scripting (XSS) vulnerability in the HTTP control interface in the NAC Web Agent componen... | | |
| CVE-2014-0681 | Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine (ISE) 1.2 patch 2 and ear... | | |
| CVE-2014-0682 | Cisco WebEx Meetings Server allows remote authenticated users to bypass authorization checks and (1)... | | |
| CVE-2014-0683 | The web management interface on the Cisco RV110W firewall with firmware 1.2.0.9 and earlier, RV215W ... | E S | |
| CVE-2014-0684 | Cisco NX-OS 6.2(2) on Nexus 7000 switches allows local users to cause a denial of service via crafte... | | |
| CVE-2014-0685 | Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware allows remote attackers to bypass... | | |
| CVE-2014-0686 | Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local user... | | |
| CVE-2014-0691 | Cisco WebEx Meetings Server before 1.1 uses meeting IDs with insufficient entropy, which makes it ea... | | |
| CVE-2014-0694 | Intelligent Automation for Cloud (IAC) in Cisco Cloud Portal 9.4.1 and earlier includes a cryptograp... | | |
| CVE-2014-0701 | Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, 7.3, and 7.4 before 7.4.110.0... | | |
| CVE-2014-0703 | Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distribute Aironet IOS software wit... | | |
| CVE-2014-0704 | The IGMP implementation on Cisco Wireless LAN Controller (WLC) devices 4.x, 5.x, 6.x, 7.0 before 7.0... | | |
| CVE-2014-0705 | The multicast listener discovery (MLD) service on Cisco Wireless LAN Controller (WLC) devices 7.2, 7... | | |
| CVE-2014-0706 | Cisco Wireless LAN Controller (WLC) devices 7.2 before 7.2.115.2, 7.3, and 7.4 before 7.4.110.0 allo... | | |
| CVE-2014-0707 | Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, and 7.4 before 7.4.110.0 allow remote attacker... | | |
| CVE-2014-0708 | WebEx Meeting Center in Cisco WebEx Business Suite does not properly compose URLs for HTTP GET reque... | | |
| CVE-2014-0709 | Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, ... | | |
| CVE-2014-0710 | Race condition in the cut-through proxy feature in Cisco Firewall Services Module (FWSM) Software 3.... | | |
| CVE-2014-0718 | The produce-verbose-alert feature in Cisco IPS Software 7.1 before 7.1(8)E4 and 7.2 before 7.2(2)E4 ... | | |
| CVE-2014-0719 | The control-plane access-list implementation in Cisco IPS Software before 7.1(8p2)E4 and 7.2 before ... | | |
| CVE-2014-0720 | Cisco IPS Software 7.1 before 7.1(8)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a de... | | |
| CVE-2014-0721 | The Cisco Unified SIP Phone 3905 with firmware before 9.4(1) allows remote attackers to obtain root ... | | |
| CVE-2014-0722 | The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly valida... | | |
| CVE-2014-0723 | Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unifi... | | |
| CVE-2014-0724 | The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier ... | | |
| CVE-2014-0725 | Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, wh... | | |
| CVE-2014-0726 | SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communicat... | | |
| CVE-2014-0727 | SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco... | | |
| CVE-2014-0728 | SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager (... | | |
| CVE-2014-0729 | SQL injection vulnerability in the Enterprise Mobility Application (EMApp) interface in Cisco Unifie... | | |
| CVE-2014-0730 | Cisco Unified Computing System (UCS) Central Software 1.1 and earlier allows local users to gain pri... | | |
| CVE-2014-0731 | The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlie... | | |
| CVE-2014-0732 | The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unifie... | | |
| CVE-2014-0733 | The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) ... | | |
| CVE-2014-0734 | SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cis... | | |
| CVE-2014-0735 | Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unifi... | | |
| CVE-2014-0736 | Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (C... | | |
| CVE-2014-0737 | The Cisco Unified IP Phone 7960G 9.2(1) and earlier allows remote attackers to bypass authentication... | | |
| CVE-2014-0738 | The Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier al... | | |
| CVE-2014-0739 | Race condition in the Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(... | | |
| CVE-2014-0740 | Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (C... | | |
| CVE-2014-0741 | The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation... | | |
| CVE-2014-0742 | The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in ... | | |
| CVE-2014-0743 | The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (U... | | |
| CVE-2014-0744 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-0745 | Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability subsystem in Cisco Uni... | | |
| CVE-2014-0746 | The disaster recovery system (DRS) in Cisco Unified Contact Center Express (Unified CCX) allows remo... | | |
| CVE-2014-0747 | The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications M... | | |
| CVE-2014-0748 | apinit on Cray devices with CLE before 4.2.UP02 and 5.x before 5.1.UP00 does not use alpsauth data t... | | |
| CVE-2014-0749 | Stack-based buffer overflow in lib/Libdis/disrsi_.c in Terascale Open-Source Resource and Queue Mana... | E S | |
| CVE-2014-0750 | GE Proficy HMI/SCADA Path Traversal | S | |
| CVE-2014-0751 | GE Proficy HMI/SCADA Path Traversal | S | |
| CVE-2014-0752 | Ecava IntegraXor Exposure of Access Control List Files to an Unauthorized Control Sphere | S | |
| CVE-2014-0753 | Ecava IntegraXor Stack-based Buffer Overflow | S | |
| CVE-2014-0754 | Schneider Electric | S | |
| CVE-2014-0755 | Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password pro... | | |
| CVE-2014-0756 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-0757 | Smart Software Solutions (3S) CoDeSys Runtime Toolkit NULL Pointer Dereference | S | |
| CVE-2014-0758 | ICONICS GENESIS32 Exposed Dangerous Method or Function | M | |
| CVE-2014-0759 | Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 thro... | | |
| CVE-2014-0760 | Festo CECX-X-(C1/M1) Controller Improper Authentication | M | |
| CVE-2014-0761 | The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a den... | | |
| CVE-2014-0762 | The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows physically proximate attackers ... | | |
| CVE-2014-0763 | Multiple SQL injection vulnerabilities in DBVisitor.dll in Advantech WebAccess before 7.2 allow remo... | | |
| CVE-2014-0764 | Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arb... | | |
| CVE-2014-0765 | Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arb... | | |
| CVE-2014-0766 | Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arb... | | |
| CVE-2014-0767 | Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arb... | | |
| CVE-2014-0768 | Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arb... | | |
| CVE-2014-0769 | Festo CECX-X-(C1/M1) Controller Improper Authentication | M | |
| CVE-2014-0770 | Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arb... | | |
| CVE-2014-0771 | The OpenUrlToBuffer method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advante... | | |
| CVE-2014-0772 | The OpenUrlToBufferTimeout method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in ... | | |
| CVE-2014-0773 | The CreateProcess method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech... | | |
| CVE-2014-0774 | Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) ... | | |
| CVE-2014-0775 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-0777 | The Modbus slave/outstation driver in the OPC Drivers 1.0.20 and earlier in IOServer OPC Server allo... | | |
| CVE-2014-0778 | The TCPUploader module in Progea Movicon 11.4 before 11.4.1150 allows remote attackers to obtain pot... | | |
| CVE-2014-0779 | The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric Struxu... | | |
| CVE-2014-0780 | Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allow... | KEV E S | |
| CVE-2014-0781 | Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows r... | E | |
| CVE-2014-0782 | Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENT... | | |
| CVE-2014-0783 | Stack-based buffer overflow in BKHOdeq.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows re... | E | |
| CVE-2014-0784 | Stack-based buffer overflow in BKBCopyD.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows r... | E | |
| CVE-2014-0785 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-0786 | Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administr... | S | |
| CVE-2014-0787 | Stack-based buffer overflow in WellinTech KingSCADA before 3.1.2.13 allows remote attackers to execu... | E | |
| CVE-2014-0788 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-0789 | Multiple buffer overflows in the OPC Automation 2.0 Server Object ActiveX control in Schneider Elect... | | |
| CVE-2014-0791 | Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP thr... | | |
| CVE-2014-0792 | Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and exec... | S | |
| CVE-2014-0793 | Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas Komento (com_komento) componen... | E | |
| CVE-2014-0794 | SQL injection vulnerability in the JV Comment (com_jvcomment) component before 3.0.3 for Joomla! all... | E | |
| CVE-2014-0802 | Directory traversal vulnerability in the aokitaka ZIP with Pass application 4.5.7 and earlier, and Z... | | |
| CVE-2014-0803 | Directory traversal vulnerability in the tetra filer application 2.3.1 and earlier for Android 4.0.3... | | |
| CVE-2014-0804 | Directory traversal vulnerability in the CGENE Security File Manager Pro application 1.0.6 and earli... | | |
| CVE-2014-0805 | Directory traversal vulnerability in the NeoFiler application 5.4.3 and earlier, NeoFiler Free appli... | | |
| CVE-2014-0806 | The Sleipnir Mobile application 2.12.1 and earlier and Sleipnir Mobile Black Edition application 2.1... | | |
| CVE-2014-0807 | data/class/pages/shopping/LC_Page_Shopping_Deliv.php in LOCKON EC-CUBE 2.4.4 and earlier, and 2.11.0... | E | |
| CVE-2014-0808 | Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and E... | | |
| CVE-2014-0809 | Directory traversal vulnerability in the Gapless Player SimZip (aka Simple Zip Viewer) application b... | | |
| CVE-2014-0810 | Unspecified vulnerability in JustSystems Sanshiro 2007 before update 3, 2008 before update 5, 2009 b... | | |
| CVE-2014-0811 | Cross-site scripting (XSS) vulnerability in Blackboard Vista/CE 8.0 SP6 and earlier allows remote at... | | |
| CVE-2014-0812 | Cross-site scripting (XSS) vulnerability in KENT-WEB Joyful Note 2.8 and earlier, when Internet Expl... | S | |
| CVE-2014-0813 | Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to ... | S | |
| CVE-2014-0814 | Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to inject ... | S | |
| CVE-2014-0815 | The intent: URL implementation in Opera before 18 on Android allows attackers to read local files by... | | |
| CVE-2014-0816 | Unspecified vulnerability in Norman Security Suite 10.1 and earlier allows local users to gain privi... | | |
| CVE-2014-0817 | Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not properly manage sessions, which all... | S | |
| CVE-2014-0818 | Untrusted search path vulnerability in Autodesk AutoCAD before 2014 allows local users to gain privi... | | |
| CVE-2014-0819 | Untrusted search path vulnerability in Autodesk AutoCAD before 2014 allows local users to gain privi... | | |
| CVE-2014-0820 | Directory traversal vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x... | | |
| CVE-2014-0821 | SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x throu... | | |
| CVE-2014-0822 | The IMAP server in IBM Domino 8.5.x before 8.5.3 FP6 IF1 and 9.0.x before 9.0.1 FP1 allows remote at... | | |
| CVE-2014-0823 | IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote att... | | |
| CVE-2014-0824 | Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.8 LAFIX.201... | | |
| CVE-2014-0825 | Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before... | | |
| CVE-2014-0827 | Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Workload Replay 1.1 allows remote a... | | |
| CVE-2014-0828 | Cross-site scripting (XSS) vulnerability in the WCM (Web Content Manager) UI in IBM WebSphere Portal... | | |
| CVE-2014-0829 | Multiple buffer overflows in IBM Rational ClearCase 7.x before 7.1.2.13, 8.0.0.x before 8.0.0.10, an... | S | |
| CVE-2014-0830 | Directory traversal vulnerability in the table-export implementation in the OAC component in IBM Fin... | | |
| CVE-2014-0831 | Cross-site request forgery (CSRF) vulnerability in the OAC component in IBM Financial Transaction Ma... | | |
| CVE-2014-0832 | Multiple cross-site scripting (XSS) vulnerabilities in configuration-details screens in the OAC comp... | | |
| CVE-2014-0833 | The OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 does not properly en... | | |
| CVE-2014-0834 | IBM General Parallel File System (GPFS) 3.4 through 3.4.0.27 and 3.5 through 3.5.0.16 allows attacke... | | |
| CVE-2014-0835 | Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM 7.2 MR1 and earlier allo... | | |
| CVE-2014-0836 | Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.2 MR1 and earlier allows remo... | | |
| CVE-2014-0837 | The AutoUpdate process in IBM Security QRadar SIEM 7.2 MR1 and earlier does not verify X.509 certifi... | | |
| CVE-2014-0838 | The AutoUpdate package before 6.4 for IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote att... | | |
| CVE-2014-0839 | IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authent... | S | |
| CVE-2014-0840 | Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational Focal Point 6.4.x and 6.5.x befo... | S | |
| CVE-2014-0841 | IBM Rational Focal Point 6.4.0, 6.4.1, 6.5.1, 6.5.2, and 6.6.0 use a weak algorithm to hash password... | S | |
| CVE-2014-0842 | The account-creation functionality in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.... | S | |
| CVE-2014-0843 | Cross-site scripting (XSS) vulnerability in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 ... | S | |
| CVE-2014-0844 | Unspecified vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x bef... | | |
| CVE-2014-0845 | Open redirect vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x b... | | |
| CVE-2014-0846 | Cross-site scripting (XSS) vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iF... | | |
| CVE-2014-0848 | The (1) ssl.conf and (2) httpd.conf files in the Apache HTTP Server component in IBM Netezza Perform... | | |
| CVE-2014-0849 | IBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud Control Desk 7.x before 7.5.0.... | | |
| CVE-2014-0850 | Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Reference Data Man... | | |
| CVE-2014-0852 | IBM WebSphere DataPower SOA appliances through 4.0.2.15, 5.x through 5.0.0.17, 6.0.0.x through 6.0.0... | S | |
| CVE-2014-0853 | Multiple cross-site scripting (XSS) vulnerabilities in the (1) ForwardController and (2) AttributeEd... | S | |
| CVE-2014-0854 | The server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 ... | | |
| CVE-2014-0855 | Multiple cross-site scripting (XSS) vulnerabilities in IBM Connections Portlets 4.x before 4.5.1 FP1... | | |
| CVE-2014-0857 | The Administrative Console in IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x be... | | |
| CVE-2014-0858 | IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to bypass inten... | | |
| CVE-2014-0859 | The web-server plugin in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.... | | |
| CVE-2014-0860 | The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1... | | |
| CVE-2014-0861 | Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.... | | |
| CVE-2014-0862 | Unspecified vulnerability in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CL... | | |
| CVE-2014-0863 | The client in IBM Cognos TM1 9.5.2.3 before IF5, 10.1.1.2 before IF1, 10.2.0.2 before IF1, and 10.2.... | S | |
| CVE-2014-0864 | Multiple cross-site request forgery (CSRF) vulnerabilities in Executer in RICOS in IBM Algo Credit L... | E | |
| CVE-2014-0865 | RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmi... | | |
| CVE-2014-0866 | RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmi... | | |
| CVE-2014-0867 | rcore6/main/addcookie.jsp in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4... | | |
| CVE-2014-0868 | RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmi... | | |
| CVE-2014-0869 | The decrypt function in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.... | | |
| CVE-2014-0870 | Multiple cross-site scripting (XSS) vulnerabilities in RICOS in IBM Algo Credit Limits (aka ACLM) 4.... | E | |
| CVE-2014-0871 | RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmi... | | |
| CVE-2014-0872 | The installation process in IBM Security Key Lifecycle Manager 2.5 stores unencrypted credentials, w... | | |
| CVE-2014-0873 | Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Data Stewardship, (2) Business... | | |
| CVE-2014-0874 | Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allow... | | |
| CVE-2014-0875 | Active Cloud Engine (ACE) in IBM Storwize V7000 Unified 1.3.0.0 through 1.4.3.x allows remote attack... | | |
| CVE-2014-0876 | Buffer overflow in the Java GUI Configuration Wizard and Preferences Editor in the backup-archive cl... | S | |
| CVE-2014-0877 | IBM Cognos TM1 10.2.0.2 before IF1 and 10.2.2.0 before IF1 allows remote attackers to bypass intende... | S | |
| CVE-2014-0878 | The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK J... | | |
| CVE-2014-0879 | Stack-based buffer overflow in the Taskmaster Capture ActiveX control in IBM Datacap Taskmaster Capt... | S | |
| CVE-2014-0880 | IBM SAN Volume Controller; Storwize V3500, V3700, V5000, and V7000; and Flex System V7000 with softw... | | |
| CVE-2014-0881 | The TPM on Integrated Management Module II (IMM2) on IBM Flex System x222 servers with firmware 1.00... | | |
| CVE-2014-0882 | Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDa... | | |
| CVE-2014-0883 | IBM Power Hardware Management Console cross-site scripting | | |
| CVE-2014-0884 | Cross-site scripting (XSS) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Securit... | | |
| CVE-2014-0885 | Cross-site request forgery (CSRF) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail ... | | |
| CVE-2014-0886 | The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote aut... | | |
| CVE-2014-0887 | The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote aut... | | |
| CVE-2014-0888 | IBM Worklight Foundation 5.x and 6.x before 6.2.0.0, as used in Worklight and Mobile Foundation, all... | | |
| CVE-2014-0889 | Multiple cross-site scripting (XSS) vulnerabilities in IBM Atlas Suite (aka Atlas Policy Suite), as ... | | |
| CVE-2014-0890 | The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, and 9.0.0.1, when a... | | |
| CVE-2014-0891 | IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before... | S | |
| CVE-2014-0892 | IBM Notes and Domino 8.5.x before 8.5.3 FP6 IF3 and 9.x before 9.0.1 FP1 on 32-bit Linux platforms u... | | |
| CVE-2014-0893 | Cross-site scripting (XSS) vulnerability in customreport.jsp in IBM Maximo Asset Management 7.5.x be... | | |
| CVE-2014-0894 | RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmi... | E | |
| CVE-2014-0895 | Buffer overflow in the vsflex8l ActiveX control in IBM SPSS SamplePower 3.0.1 before FP1 3.0.1-IM-S3... | | |
| CVE-2014-0896 | IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.2 allows remote attackers ... | | |
| CVE-2014-0897 | The Configuration Patterns component in IBM Flex System Manager (FSM) 1.2.0.x, 1.2.1.x, 1.3.0.x, and... | | |
| CVE-2014-0899 | ftpd in IBM AIX 7.1.1 before SP10 and 7.1.2 before SP5, when a Workload Partition (aka WPAR) for AIX... | | |
| CVE-2014-0900 | The Device Administrator code in Android before 4.4.1_r1 might allow attackers to spoof device admin... | E | |
| CVE-2014-0901 | Cross-site scripting (XSS) vulnerability in the Social Rendering implementation in the IBM Connectio... | | |
| CVE-2014-0904 | The update process in IBM Security AppScan Standard 7.9 through 8.8 does not require integrity check... | | |
| CVE-2014-0905 | IBM InfoSphere BigInsights 2.0 through 2.1.2 does not set the secure flag for the LTPA cookie in an ... | | |
| CVE-2014-0906 | The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not check whethe... | | |
| CVE-2014-0907 | Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in ... | | |
| CVE-2014-0908 | The User Attribute implementation in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x... | | |
| CVE-2014-0909 | The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4... | S | |
| CVE-2014-0910 | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5... | | |
| CVE-2014-0911 | inetd in IBM WebSphere MQ 7.1.x before 7.1.0.5 and 7.5.x before 7.5.0.4 allows remote attackers to c... | | |
| CVE-2014-0912 | IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers... | S | |
| CVE-2014-0913 | Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino 8.5.3 FP6 before IF2 and 9.0.1 bef... | | |
| CVE-2014-0914 | Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x an... | S | |
| CVE-2014-0915 | Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8... | S | |
| CVE-2014-0917 | Cross-site scripting (XSS) vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6... | | |
| CVE-2014-0918 | Directory traversal vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 th... | | |
| CVE-2014-0919 | IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certa... | S | |
| CVE-2014-0920 | IBM SPSS Analytic Server 1.0 before IF002 and 1.0.1 before IF004 logs cleartext passwords, which all... | | |
| CVE-2014-0921 | The server in IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a... | | |
| CVE-2014-0922 | IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of ser... | | |
| CVE-2014-0923 | IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of ser... | | |
| CVE-2014-0924 | IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 does not verify that all of the characters of a ... | | |
| CVE-2014-0925 | Open redirect vulnerability in IBM Sterling Control Center 5.4.0 before 5.4.0.1 iFix 3 and 5.4.1 bef... | S | |
| CVE-2014-0927 | The ActiveMQ admin user interface in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gatew... | S | |
| CVE-2014-0929 | Cross-site request forgery (CSRF) vulnerability in the Profiles component in IBM Connections through... | | |
| CVE-2014-0930 | The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a d... | E | |
| CVE-2014-0931 | Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl ... | S | |
| CVE-2014-0932 | Cross-site scripting (XSS) vulnerability in IBM Sterling Order Management 8.5 before HF105 and Sterl... | | |
| CVE-2014-0933 | Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Information Server Metadata Workbe... | | |
| CVE-2014-0935 | Unspecified vulnerability in IBM Smart Analytics System 7700 before FP 2.1.3.0 and 7710 before FP 2.... | | |
| CVE-2014-0936 | IBM Security AppScan Source 8.0 through 9.0, when the publish-assessment permission is not properly ... | | |
| CVE-2014-0940 | Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Service Automation Manager 7.2.2.2... | S | |
| CVE-2014-0941 | Cross-site scripting (XSS) vulnerability in webtop/eventviewer/eventViewer.jsp in the Web GUI in IBM... | | |
| CVE-2014-0942 | Cross-site scripting (XSS) vulnerability in webtop/eventviewer/eventViewer.jsp in the Web GUI in IBM... | | |
| CVE-2014-0943 | IBM WebSphere Commerce 6.0 Feature Pack 2 through Feature Pack 5, 7.0.0.0 through 7.0.0.8, and 7.0 F... | | |
| CVE-2014-0944 | Cross-site request forgery (CSRF) vulnerability in the RES Console in Rule Execution Server in IBM O... | | |
| CVE-2014-0945 | Cross-site scripting (XSS) vulnerability in the RES Console in Rule Execution Server in IBM Operatio... | | |
| CVE-2014-0946 | The RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.... | | |
| CVE-2014-0947 | Unspecified vulnerability in the server in IBM Rational Software Architect Design Manager 4.0.6 allo... | | |
| CVE-2014-0948 | Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody De... | | |
| CVE-2014-0949 | IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF2... | S | |
| CVE-2014-0950 | Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native c... | S | |
| CVE-2014-0951 | Cross-site scripting (XSS) vulnerability in FilterForm.jsp in IBM WebSphere Portal 7.0 before 7.0.0.... | S | |
| CVE-2014-0952 | Cross-site scripting (XSS) vulnerability in boot_config.jsp in IBM WebSphere Portal 6.1.0 through 6.... | S | |
| CVE-2014-0953 | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5... | S | |
| CVE-2014-0954 | IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF2... | S | |
| CVE-2014-0955 | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0 before 8.0.0.1 CF12, when Socia... | S | |
| CVE-2014-0956 | Cross-site scripting (XSS) vulnerability in googlemap.jsp in IBM WebSphere Portal 6.1.0 through 6.1.... | S | |
| CVE-2014-0957 | Cross-site scripting (XSS) vulnerability in IBM Business Process Manager 7.5 through 8.5.5, and WebS... | | |
| CVE-2014-0958 | Open redirect vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.... | | |
| CVE-2014-0959 | IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF2... | S | |
| CVE-2014-0960 | IBM PureApplication System 1.0 before 1.0.0.4 cfix8 and 1.1 before 1.1.0.4 IF1 allows remote authent... | | |
| CVE-2014-0961 | Cross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity Manager (ITIM) 5.0 before 5.0... | | |
| CVE-2014-0963 | The Reverse Proxy feature in IBM Global Security Kit (aka GSKit) in IBM Security Access Manager (ISA... | S | |
| CVE-2014-0964 | IBM WebSphere Application Server (WAS) 6.1.0.0 through 6.1.0.47 and 6.0.2.0 through 6.0.2.43 allows ... | | |
| CVE-2014-0965 | IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before... | S | |
| CVE-2014-0966 | SQL injection vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collabor... | | |
| CVE-2014-0967 | Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Manageme... | | |
| CVE-2014-0968 | Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Manageme... | | |
| CVE-2014-0969 | Cross-site request forgery (CSRF) vulnerability in the GDS component in IBM InfoSphere Master Data M... | S | |
| CVE-2014-0970 | The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x bef... | | |
| CVE-2014-0972 | The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Andr... | | |
| CVE-2014-0973 | The image_verify function in platform/msm_shared/image_verify.c in the Little Kernel (LK) bootloader... | S | |
| CVE-2014-0974 | The boot_linux_from_mmc function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distr... | S | |
| CVE-2014-0977 | Cross-site scripting (XSS) vulnerability in the Rich Text Editor in Movable Type 5.0x, 5.1x before 5... | | |
| CVE-2014-0978 | Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows r... | E S | |
| CVE-2014-0979 | The start_authentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does... | | |
| CVE-2014-0980 | Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote attackers to execute arbitrary code... | E | |
| CVE-2014-0981 | VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x befo... | E | |
| CVE-2014-0982 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0981. Reason: This issue was... | R | |
| CVE-2014-0983 | Multiple array index errors in programs that are automatically generated by VBox/HostServices/Shared... | E | |
| CVE-2014-0984 | The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier te... | E | |
| CVE-2014-0985 | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote a... | | |
| CVE-2014-0986 | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote a... | | |
| CVE-2014-0987 | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote a... | | |
| CVE-2014-0988 | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote a... | | |
| CVE-2014-0989 | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote a... | | |
| CVE-2014-0990 | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote a... | | |
| CVE-2014-0991 | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote a... | | |
| CVE-2014-0992 | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote a... | | |
| CVE-2014-0993 | Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (... | S | |
| CVE-2014-0994 | Heap-based buffer overflow in the ReadDIB function in the Vcl.Graphics.TPicture.Bitmap implementatio... | E | |
| CVE-2014-0995 | The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to ca... | E | |
| CVE-2014-0997 | WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, And... | E | |
| CVE-2014-0998 | Integer signedness error in the vt console driver (formerly Newcons) in FreeBSD 9.3 before p10 and 1... | E | |
| CVE-2014-0999 | Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers... | E |