| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2014-1004 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9456. Reason: This candida... | R | |
| CVE-2014-1137 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9445, CVE-2014-9581, CVE-20... | R | |
| CVE-2014-1155 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9580. Reason: This candida... | R | |
| CVE-2014-1201 | Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with... | | |
| CVE-2014-1202 | The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitra... | E | |
| CVE-2014-1203 | The get_login_ip_config_file function in Eyou Mail System before 3.6 allows remote attackers to exec... | | |
| CVE-2014-1204 | SQL injection vulnerability in Tableau Server 8.0.x before 8.0.7 and 8.1.x before 8.1.2 allows remot... | E | |
| CVE-2014-1206 | SQL injection vulnerability in the password reset page in Open Web Analytics (OWA) before 1.5.5 allo... | E | |
| CVE-2014-1207 | VMware ESXi 4.0 through 5.1 and ESX 4.0 and 4.1 allow remote attackers to cause a denial of service ... | | |
| CVE-2014-1208 | VMware Workstation 9.x before 9.0.1, VMware Player 5.x before 5.0.1, VMware Fusion 5.x before 5.0.1,... | | |
| CVE-2014-1209 | VMware vSphere Client 4.0, 4.1, 5.0 before Update 3, and 5.1 before Update 2 does not properly valid... | | |
| CVE-2014-1210 | VMware vSphere Client 5.0 before Update 3 and 5.1 before Update 2 does not properly validate X.509 c... | | |
| CVE-2014-1211 | Cross-site request forgery (CSRF) vulnerability in VMware vCloud Director 5.1.x before 5.1.3 allows ... | | |
| CVE-2014-1213 | Sophos Anti-Virus engine (SAVi) before 3.50.1, as used in VDL 4.97G 9.7.x before 9.7.9, 10.0.x befor... | | |
| CVE-2014-1214 | views/upload.php in the ProJoom Smart Flash Header (NovaSFH) component 3.0.2 and earlier for Joomla!... | E | |
| CVE-2014-1215 | Multiple buffer overflows in Core FTP Server before 1.2 build 508 allow local users to gain privileg... | | |
| CVE-2014-1216 | FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands ... | E | |
| CVE-2014-1217 | Livetecs Timelive before 6.2.8 does not properly restrict access to systemsetting.aspx, which allows... | | |
| CVE-2014-1219 | CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the... | | |
| CVE-2014-1222 | Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM before 6.0.0 Security patch 1... | E S | |
| CVE-2014-1223 | Cross-site scripting (XSS) vulnerability in controlpanel/loading.aspx in Telligent Evolution before ... | E | |
| CVE-2014-1224 | Incomplete blacklist vulnerability in the user registration feature in rexx Recruitment R6.1 and R7 ... | E | |
| CVE-2014-1226 | The pipe_init_terminal function in main.c in s3dvt allows local users to gain privileges by leveragi... | | |
| CVE-2014-1232 | Cross-site scripting (XSS) vulnerability in the Foliopress WYSIWYG plugin before 2.6.8.5 for WordPre... | S | |
| CVE-2014-1233 | The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and p... | E | |
| CVE-2014-1234 | The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by list... | E | |
| CVE-2014-1235 | Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows remote attackers to ... | S | |
| CVE-2014-1236 | Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows re... | E S | |
| CVE-2014-1237 | Cross-site scripting (XSS) vulnerability in synetics i-doit pro before 1.2.4 allows remote attackers... | | |
| CVE-2014-1238 | Cross-site scripting (XSS) vulnerability in ui/common/managedlistdialog.aspx in Gael Q-Pulse 0.6 and... | | |
| CVE-2014-1242 | Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, which allows man-in-the-middle... | | |
| CVE-2014-1243 | Apple QuickTime before 7.7.5 does not initialize an unspecified pointer, which allows remote attacke... | | |
| CVE-2014-1244 | Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or... | | |
| CVE-2014-1245 | Integer signedness error in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrar... | | |
| CVE-2014-1246 | Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or... | | |
| CVE-2014-1247 | Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of ... | | |
| CVE-2014-1248 | Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or... | | |
| CVE-2014-1249 | Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or... | | |
| CVE-2014-1250 | Apple QuickTime before 7.7.5 does not properly perform a byte-swapping operation, which allows remot... | | |
| CVE-2014-1251 | Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or... | | |
| CVE-2014-1252 | Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers t... | | |
| CVE-2014-1253 | AppleMNT.sys in Apple Boot Camp 5 before 5.1 allows local users to cause a denial of service (kernel... | | |
| CVE-2014-1254 | Apple Type Services (ATS) in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary c... | | |
| CVE-2014-1255 | Apple Type Services (ATS) in Apple OS X before 10.9.2 does not properly validate calls to the free f... | | |
| CVE-2014-1256 | Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass ... | | |
| CVE-2014-1257 | CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, w... | | |
| CVE-2014-1258 | Heap-based buffer overflow in CoreAnimation in Apple OS X before 10.9.2 allows remote attackers to e... | | |
| CVE-2014-1259 | Buffer overflow in File Bookmark in Apple OS X before 10.9.2 allows attackers to execute arbitrary c... | | |
| CVE-2014-1260 | QuickLook in Apple OS X through 10.8.5 allows remote attackers to execute arbitrary code or cause a ... | | |
| CVE-2014-1261 | Integer signedness error in CoreText in Apple OS X before 10.9.2 allows remote attackers to execute ... | | |
| CVE-2014-1262 | Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox pro... | | |
| CVE-2014-1263 | curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in... | E | |
| CVE-2014-1264 | Finder in Apple OS X before 10.9.2 does not ensure ACL integrity after the viewing of file ACL infor... | | |
| CVE-2014-1265 | The systemsetup program in the Date and Time subsystem in Apple OS X before 10.9.2 allows local user... | | |
| CVE-2014-1266 | The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure ... | E | |
| CVE-2014-1267 | The Configuration Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 does not proper... | | |
| CVE-2014-1268 | WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execut... | | |
| CVE-2014-1269 | WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execut... | | |
| CVE-2014-1270 | WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execut... | | |
| CVE-2014-1271 | CoreCapture in Apple iOS before 7.1 and Apple TV before 6.1 does not properly validate IOKit API cal... | | |
| CVE-2014-1272 | CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local us... | | |
| CVE-2014-1273 | dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing require... | | |
| CVE-2014-1274 | FaceTime in Apple iOS before 7.1 allows physically proximate attackers to obtain sensitive FaceTime ... | | |
| CVE-2014-1275 | Buffer overflow in ImageIO in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers t... | | |
| CVE-2014-1276 | IOKit HID Event in Apple iOS before 7.1 allows attackers to conduct user-action monitoring attacks a... | | |
| CVE-2014-1277 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-3948. Reason: This candida... | R | |
| CVE-2014-1278 | The ptmx_get_ioctl function in the ARM kernel in Apple iOS before 7.1 and Apple TV before 6.1 allows... | | |
| CVE-2014-1279 | Apple TV before 6.1 does not properly restrict logging, which allows local users to obtain sensitive... | | |
| CVE-2014-1280 | Video Driver in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to cause a deni... | | |
| CVE-2014-1281 | Photos Backend in Apple iOS before 7.1 does not properly manage the asset-library cache during delet... | | |
| CVE-2014-1282 | The Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass in... | | |
| CVE-2014-1283 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-1284 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2019. Reason: This candida... | R | |
| CVE-2014-1285 | Springboard in Apple iOS before 7.1 allows physically proximate attackers to bypass intended access ... | | |
| CVE-2014-1286 | SpringBoard Lock Screen in Apple iOS before 7.1 allows remote attackers to cause a denial of service... | | |
| CVE-2014-1287 | USB Host in Apple iOS before 7.1 and Apple TV before 6.1 allows physically proximate attackers to ex... | | |
| CVE-2014-1288 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-1289 | WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute ... | | |
| CVE-2014-1290 | WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute ... | | |
| CVE-2014-1291 | WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute ... | | |
| CVE-2014-1292 | WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute ... | | |
| CVE-2014-1293 | WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute ... | | |
| CVE-2014-1294 | WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute ... | | |
| CVE-2014-1295 | Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple T... | E | |
| CVE-2014-1296 | CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not e... | | |
| CVE-2014-1297 | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, does not properly validate WebPro... | | |
| CVE-2014-1298 | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execut... | | |
| CVE-2014-1299 | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execut... | | |
| CVE-2014-1300 | Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows remote attackers to execute arbitrary... | | |
| CVE-2014-1301 | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execut... | | |
| CVE-2014-1302 | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execut... | | |
| CVE-2014-1303 | Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code a... | | |
| CVE-2014-1304 | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execut... | | |
| CVE-2014-1305 | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execut... | | |
| CVE-2014-1306 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-1307 | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execut... | | |
| CVE-2014-1308 | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execut... | | |
| CVE-2014-1309 | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execut... | | |
| CVE-2014-1310 | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execut... | | |
| CVE-2014-1311 | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execut... | | |
| CVE-2014-1312 | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execut... | | |
| CVE-2014-1313 | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execut... | | |
| CVE-2014-1314 | WindowServer in Apple OS X through 10.9.2 does not prevent session creation by a sandboxed applicati... | | |
| CVE-2014-1315 | Format string vulnerability in CoreServicesUIAgent in Apple OS X 10.9.x through 10.9.2 allows remote... | | |
| CVE-2014-1316 | Heimdal, as used in Apple OS X through 10.9.2, allows remote attackers to cause a denial of service ... | | |
| CVE-2014-1317 | iBooks Commerce in Apple OS X before 10.9.4 places Apple ID credentials in the iBooks log, which all... | | |
| CVE-2014-1318 | The Intel Graphics Driver in Apple OS X through 10.9.2 does not properly validate a certain pointer,... | | |
| CVE-2014-1319 | Buffer overflow in ImageIO in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute ar... | | |
| CVE-2014-1320 | IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel ... | | |
| CVE-2014-1321 | Power Management in Apple OS X 10.9.x through 10.9.2 allows physically proximate attackers to bypass... | | |
| CVE-2014-1322 | The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure ac... | | |
| CVE-2014-1323 | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execut... | | |
| CVE-2014-1324 | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execut... | | |
| CVE-2014-1325 | WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple... | | |
| CVE-2014-1326 | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execut... | | |
| CVE-2014-1327 | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execut... | | |
| CVE-2014-1328 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-1329 | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execut... | | |
| CVE-2014-1330 | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execut... | | |
| CVE-2014-1331 | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execut... | | |
| CVE-2014-1332 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-1333 | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execut... | | |
| CVE-2014-1334 | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execut... | | |
| CVE-2014-1335 | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execut... | | |
| CVE-2014-1336 | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execut... | | |
| CVE-2014-1337 | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execut... | | |
| CVE-2014-1338 | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execut... | | |
| CVE-2014-1339 | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execut... | | |
| CVE-2014-1340 | WebKit, as used in Apple Safari before 6.1.5 and 7.x before 7.0.5, allows remote attackers to execut... | | |
| CVE-2014-1341 | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execut... | | |
| CVE-2014-1342 | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execut... | | |
| CVE-2014-1343 | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execut... | | |
| CVE-2014-1344 | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execut... | | |
| CVE-2014-1345 | WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x before 7.0.5 does not properl... | | |
| CVE-2014-1346 | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, does not properly interpret Unico... | | |
| CVE-2014-1347 | Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared duri... | | |
| CVE-2014-1348 | Mail in Apple iOS before 7.1.2 advertises the availability of data protection for attachments but st... | | |
| CVE-2014-1349 | Use-after-free vulnerability in Safari in Apple iOS before 7.1.2 allows remote attackers to execute ... | | |
| CVE-2014-1350 | Settings in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended iClou... | | |
| CVE-2014-1351 | Siri in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended lock-scre... | | |
| CVE-2014-1352 | Lock Screen in Apple iOS before 7.1.2 does not properly enforce the limit on failed passcode attempt... | | |
| CVE-2014-1353 | Lock Screen in Apple iOS before 7.1.2 does not properly manage the telephony state in Airplane Mode,... | | |
| CVE-2014-1354 | CoreGraphics in Apple iOS before 7.1.2 does not properly restrict allocation of stack memory for pro... | | |
| CVE-2014-1355 | The IOKit implementation in the kernel in Apple iOS before 7.1.2 and Apple TV before 6.1.2, and in I... | | |
| CVE-2014-1356 | Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple... | | |
| CVE-2014-1357 | Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple... | | |
| CVE-2014-1358 | Integer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before... | | |
| CVE-2014-1359 | Integer underflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV befor... | | |
| CVE-2014-1360 | Lockdown in Apple iOS before 7.1.2 does not properly verify data from activation servers, which make... | | |
| CVE-2014-1361 | Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does... | | |
| CVE-2014-1362 | WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple... | | |
| CVE-2014-1363 | WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple... | | |
| CVE-2014-1364 | WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple... | | |
| CVE-2014-1365 | WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple... | | |
| CVE-2014-1366 | WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple... | | |
| CVE-2014-1367 | WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple... | | |
| CVE-2014-1368 | WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple... | | |
| CVE-2014-1369 | WebKit in Apple Safari before 6.1.5 and 7.x before 7.0.5 allows user-assisted remote attackers to ac... | | |
| CVE-2014-1370 | The byte-swapping implementation in copyfile in Apple OS X before 10.9.4 allows remote attackers to ... | | |
| CVE-2014-1371 | Array index error in Dock in Apple OS X before 10.9.4 allows attackers to execute arbitrary code or ... | | |
| CVE-2014-1372 | Graphics Driver in Apple OS X before 10.9.4 does not properly restrict read operations during proces... | E | |
| CVE-2014-1373 | Intel Graphics Driver in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenGL A... | E | |
| CVE-2014-1374 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-1375 | Intel Graphics Driver in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection m... | | |
| CVE-2014-1376 | Intel Compute in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenCL API call,... | E | |
| CVE-2014-1377 | Array index error in IOAcceleratorFamily in Apple OS X before 10.9.4 allows attackers to execute arb... | E | |
| CVE-2014-1378 | IOGraphicsFamily in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechan... | | |
| CVE-2014-1379 | Graphics Drivers in Apple OS X before 10.9.4 allows attackers to gain privileges or cause a denial o... | E | |
| CVE-2014-1380 | The Security - Keychain component in Apple OS X before 10.9.4 does not properly implement keystroke ... | | |
| CVE-2014-1381 | Thunderbolt in Apple OS X before 10.9.4 does not properly restrict IOThunderBoltController API calls... | | |
| CVE-2014-1382 | WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple... | | |
| CVE-2014-1383 | Apple TV before 6.1.2 allows remote authenticated users to bypass an intended password requirement f... | | |
| CVE-2014-1384 | WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execut... | | |
| CVE-2014-1385 | WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execut... | | |
| CVE-2014-1386 | WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execut... | | |
| CVE-2014-1387 | WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execut... | | |
| CVE-2014-1388 | WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execut... | | |
| CVE-2014-1389 | WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execut... | | |
| CVE-2014-1390 | WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execut... | | |
| CVE-2014-1391 | QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or... | | |
| CVE-2014-1398 | The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow... | S | |
| CVE-2014-1399 | The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow... | S | |
| CVE-2014-1400 | The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote ... | S | |
| CVE-2014-1401 | Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users t... | E | |
| CVE-2014-1402 | The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not proper... | | |
| CVE-2014-1403 | Cross-site scripting (XSS) vulnerability in name.html in easyXDM before 2.4.19 allows remote attacke... | E S | |
| CVE-2014-1405 | Multiple open redirect vulnerabilities on the Conceptronic C54APM access point with runtime code 1.2... | | |
| CVE-2014-1406 | CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with... | E | |
| CVE-2014-1407 | Multiple cross-site scripting (XSS) vulnerabilities on the Conceptronic C54APM access point with run... | E | |
| CVE-2014-1408 | The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the ... | E | |
| CVE-2014-1409 | MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 have an authentication bypas... | E | |
| CVE-2014-1418 | Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly... | S | |
| CVE-2014-1419 | Race condition in the power policy functions in policy-funcs in acpi-support before 0.142 allows loc... | | |
| CVE-2014-1420 | Insecure temp file usage in Ubuntu UI toolkit | S | |
| CVE-2014-1421 | mountall 1.54, as used in Ubuntu 14.10, does not properly handle the umask when using the mount util... | | |
| CVE-2014-1422 | Location service uses cached authorization even after revocation | E S | |
| CVE-2014-1423 | Online Accounts Signon daemon gives out all oauth tokens to any app | | |
| CVE-2014-1424 | apparmor_parser in the apparmor package before 2.8.95~2430-0ubuntu5.1 in Ubuntu 14.04 allows attacke... | S | |
| CVE-2014-1425 | cmanager 0.32 does not properly enforce nesting when modifying cgroup properties, which allows local... | | |
| CVE-2014-1426 | get_file_by_name does not check owner | | |
| CVE-2014-1427 | MAAS API vulnerable to CSRF attack | | |
| CVE-2014-1428 | uuid.uuid1() is not suitable as an unguessable identifier/token | | |
| CVE-2014-1429 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-1430 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-1431 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-1432 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-1433 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-1434 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-1435 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-1436 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-1437 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-1438 | The restore_fpu_checking function in arch/x86/include/asm/fpu-internal.h in the Linux kernel before ... | | |
| CVE-2014-1439 | The libxml_disable_entity_loader function in runtime/ext/ext_simplexml.cpp in HipHop Virtual Machine... | | |
| CVE-2014-1441 | Core FTP Server 1.2 before build 515 allows remote attackers to cause a denial of service (reachable... | E | |
| CVE-2014-1442 | Directory traversal vulnerability in Core FTP Server 1.2 before build 515 allows remote authenticate... | E | |
| CVE-2014-1443 | Core FTP Server 1.2 before build 515 allows remote authenticated users to obtain sensitive informati... | E | |
| CVE-2014-1444 | The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not p... | S | |
| CVE-2014-1445 | The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not prope... | S | |
| CVE-2014-1446 | The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not init... | S | |
| CVE-2014-1447 | Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remot... | | |
| CVE-2014-1448 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-1447. Reason: This candida... | R | |
| CVE-2014-1449 | The Maxthon Cloud Browser application before 4.1.6.2000 for Android allows remote attackers to spoof... | E | |
| CVE-2014-1452 | Stack-based buffer overflow in lib/snmpagent.c in bsnmpd, as used in FreeBSD 8.3 through 10.0, allow... | | |
| CVE-2014-1453 | The NFS server (nfsserver) in FreeBSD 8.3 through 10.0 does not acquire locks in the proper order wh... | | |
| CVE-2014-1454 | Pearson eSIS (Enterprise Student Information System) message board has stored XSS due to improper va... | | |
| CVE-2014-1455 | SQL injection vulnerability in the password reset functionality in Pearson eSIS Enterprise Student I... | | |
| CVE-2014-1456 | Cross-site scripting (XSS) vulnerability in the login page in Open Web Analytics (OWA) before 1.5.6 ... | | |
| CVE-2014-1457 | Open Web Analytics (OWA) before 1.5.6 improperly generates random nonce values, which makes it easie... | E | |
| CVE-2014-1458 | Cross-site scripting (XSS) vulnerability in the web administration interface in FortiGuard FortiWeb ... | | |
| CVE-2014-1459 | SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and earlier allows remote auth... | E | |
| CVE-2014-1466 | SQL injection vulnerability in CSP MySQL User Manager 2.3 allows remote attackers to execute arbitra... | | |
| CVE-2014-1467 | BlackBerry Enterprise Service 10 before 10.2.1, Universal Device Service 6, Enterprise Server Expres... | | |
| CVE-2014-1469 | BlackBerry Enterprise Server 5.x before 5.0.4 MR7 and Enterprise Service 10.x before 10.2.2 log clea... | S | |
| CVE-2014-1470 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2388. Reason: This candida... | R | |
| CVE-2014-1471 | SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open T... | S | |
| CVE-2014-1472 | Multiple cross-site scripting (XSS) vulnerabilities in the Enterprise Manager in McAfee Vulnerabilit... | | |
| CVE-2014-1473 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Enterprise Manager in McAfee Vulne... | | |
| CVE-2014-1474 | Algorithmic complexity vulnerability in Email::Address::List before 0.02, as used in RT 4.2.0 throug... | S | |
| CVE-2014-1475 | The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows remote OpenID users to authen... | | |
| CVE-2014-1476 | The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earlier version of Drupal, does... | | |
| CVE-2014-1477 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox E... | E | |
| CVE-2014-1478 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMon... | | |
| CVE-2014-1479 | The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before... | E | |
| CVE-2014-1480 | The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not p... | | |
| CVE-2014-1481 | Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey be... | E | |
| CVE-2014-1482 | RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.... | E | |
| CVE-2014-1483 | Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Orig... | | |
| CVE-2014-1484 | Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile... | | |
| CVE-2014-1485 | The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before... | | |
| CVE-2014-1486 | Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox... | | |
| CVE-2014-1487 | The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunder... | E | |
| CVE-2014-1488 | The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remot... | | |
| CVE-2014-1489 | Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on oth... | | |
| CVE-2014-1490 | Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozill... | S | |
| CVE-2014-1491 | Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firef... | E S | |
| CVE-2014-1492 | The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in ... | E S | |
| CVE-2014-1493 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox E... | E | |
| CVE-2014-1494 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMon... | | |
| CVE-2014-1496 | Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey be... | E | |
| CVE-2014-1497 | The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x b... | E | |
| CVE-2014-1498 | The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does ... | | |
| CVE-2014-1499 | Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain nam... | | |
| CVE-2014-1500 | Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of se... | | |
| CVE-2014-1501 | Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and ... | | |
| CVE-2014-1502 | The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefo... | | |
| CVE-2014-1504 | The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consid... | | |
| CVE-2014-1505 | The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderb... | E | |
| CVE-2014-1506 | Directory traversal vulnerability in Android Crash Reporter in Mozilla Firefox before 28.0 on Androi... | | |
| CVE-2014-1507 | Directory traversal vulnerability in the DeviceStorage API in Mozilla FirefoxOS before 1.2.2 allows ... | | |
| CVE-2014-1508 | The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 2... | E | |
| CVE-2014-1509 | Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox b... | E | |
| CVE-2014-1510 | The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird... | E | |
| CVE-2014-1511 | Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey be... | E | |
| CVE-2014-1512 | Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox bef... | E | |
| CVE-2014-1513 | TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird befor... | E | |
| CVE-2014-1514 | vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird bef... | E | |
| CVE-2014-1515 | Mozilla Firefox before 28.0.1 on Android processes a file: URL by copying a local file onto the SD c... | | |
| CVE-2014-1516 | The saltProfileName function in base/GeckoProfileDirectories.java in Mozilla Firefox through 28.0.1 ... | E | |
| CVE-2014-1517 | The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x before 4.5.3 does not properly hand... | S | |
| CVE-2014-1518 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox E... | E | |
| CVE-2014-1519 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0 and SeaMon... | E S | |
| CVE-2014-1520 | maintenservice_installer.exe in the Maintenance Service Installer in Mozilla Firefox before 29.0 and... | E S | |
| CVE-2014-1521 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-1522 | The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla... | E S | |
| CVE-2014-1523 | Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x... | | |
| CVE-2014-1524 | The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x ... | E | |
| CVE-2014-1525 | The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.2... | S | |
| CVE-2014-1526 | The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-... | S | |
| CVE-2014-1527 | Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted ... | | |
| CVE-2014-1528 | The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and Se... | | |
| CVE-2014-1529 | The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird b... | E | |
| CVE-2014-1530 | The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbir... | | |
| CVE-2014-1531 | Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla... | E | |
| CVE-2014-1532 | Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so... | E | |
| CVE-2014-1533 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0, Firefox E... | | |
| CVE-2014-1534 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0 allow remo... | | |
| CVE-2014-1536 | The PropertyProvider::FindJustificationRange function in Mozilla Firefox before 30.0 allows remote a... | | |
| CVE-2014-1537 | Use-after-free vulnerability in the mozilla::dom::workers::WorkerPrivateParent function in Mozilla F... | | |
| CVE-2014-1538 | Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before ... | | |
| CVE-2014-1539 | Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do not ensure visibility of the cur... | | |
| CVE-2014-1540 | Use-after-free vulnerability in the nsEventListenerManager::CompileEventHandlerInternal function in ... | | |
| CVE-2014-1541 | Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Co... | | |
| CVE-2014-1542 | Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 all... | | |
| CVE-2014-1543 | Multiple heap-based buffer overflows in the navigator.getGamepads function in the Gamepad API in Moz... | | |
| CVE-2014-1544 | Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Networ... | | |
| CVE-2014-1545 | Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary ... | | |
| CVE-2014-1546 | The response function in the JSONP endpoint in WebService/Server/JSONRPC.pm in jsonrpc.cgi in Bugzil... | | |
| CVE-2014-1547 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox E... | | |
| CVE-2014-1548 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunde... | | |
| CVE-2014-1549 | The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox befor... | | |
| CVE-2014-1550 | Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderb... | | |
| CVE-2014-1551 | Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ... | | |
| CVE-2014-1552 | Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attrib... | | |
| CVE-2014-1553 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0, Firefox E... | | |
| CVE-2014-1554 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0 allow remo... | | |
| CVE-2014-1555 | Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0,... | | |
| CVE-2014-1556 | Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote ... | | |
| CVE-2014-1557 | The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x ... | | |
| CVE-2014-1558 | Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of ... | | |
| CVE-2014-1559 | Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of ... | | |
| CVE-2014-1560 | Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of ... | | |
| CVE-2014-1561 | Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customiz... | | |
| CVE-2014-1562 | Unspecified vulnerability in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 24.x bef... | | |
| CVE-2014-1563 | Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox be... | | |
| CVE-2014-1564 | Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not p... | | |
| CVE-2014-1565 | The mozilla::dom::AudioEventTimeline function in the Web Audio API implementation in Mozilla Firefox... | | |
| CVE-2014-1566 | Mozilla Firefox before 31.1 on Android does not properly restrict copying of local files onto the SD... | | |
| CVE-2014-1567 | Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR ... | | |
| CVE-2014-1568 | Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.1... | | |
| CVE-2014-1569 | The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NS... | E | |
| CVE-2014-1571 | Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.... | S | |
| CVE-2014-1572 | The confirm_create_account function in the account-creation feature in token.cgi in Bugzilla 2.x thr... | S | |
| CVE-2014-1573 | Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.... | S | |
| CVE-2014-1574 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0, Firefox E... | | |
| CVE-2014-1575 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0 allow remo... | E | |
| CVE-2014-1576 | Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Fire... | | |
| CVE-2014-1577 | The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla... | | |
| CVE-2014-1578 | The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird ... | | |
| CVE-2014-1579 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-1580 | Mozilla Firefox before 33.0 does not properly initialize memory for GIF images, which allows remote ... | | |
| CVE-2014-1581 | Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 33.0, Firefox ESR ... | | |
| CVE-2014-1582 | The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 does not properly conside... | | |
| CVE-2014-1583 | The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly rest... | | |
| CVE-2014-1584 | The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 skips pinning checks upon... | | |
| CVE-2014-1585 | The WebRTC video-sharing feature in dom/media/MediaManager.cpp in Mozilla Firefox before 33.0, Firef... | | |
| CVE-2014-1586 | content/base/src/nsDocument.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Th... | | |
| CVE-2014-1587 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0, Firefox E... | | |
| CVE-2014-1588 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0 and SeaMon... | | |
| CVE-2014-1589 | Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide stylesheets with an incorrect primary ... | | |
| CVE-2014-1590 | The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.... | | |
| CVE-2014-1591 | Mozilla Firefox 33.0 and SeaMonkey before 2.31 include path strings in CSP violation reports, which ... | | |
| CVE-2014-1592 | Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox befo... | | |
| CVE-2014-1593 | Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before ... | | |
| CVE-2014-1594 | Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey be... | | |
| CVE-2014-1595 | Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X... | | |
| CVE-2014-1596 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-1597 | SQL injection vulnerability in the CMDB web application in synetics i-doit pro before 1.2.5 and i-do... | E | |
| CVE-2014-1598 | centurystar 7.12 ActiveX Control has a Stack Buffer Overflow... | | |
| CVE-2014-1599 | Multiple cross-site scripting (XSS) vulnerabilities in the SFR Box router with firmware NB6-MAIN-R3.... | | |
| CVE-2014-1603 | Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.3.1 allow remote attackers to... | E | |
| CVE-2014-1604 | The parser cache functionality in parsergenerator.py in RPLY (aka python-rply) before 0.7.1 allows l... | | |
| CVE-2014-1607 | Cross-site scripting (XSS) vulnerability in the EventCalendar module for Drupal 7.14 allows remote a... | | |
| CVE-2014-1608 | SQL injection vulnerability in the mci_file_get function in api/soap/mc_file_api.php in MantisBT bef... | E S | |
| CVE-2014-1609 | Multiple SQL injection vulnerabilities in MantisBT before 1.2.16 allow remote attackers to execute a... | E S | |
| CVE-2014-1610 | MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF fi... | E | |
| CVE-2014-1611 | Cross-site scripting (XSS) vulnerability in the Anonymous Posting module 7.x-1.2 and 7.x-1.3 for Dru... | S | |
| CVE-2014-1612 | Cross-site scripting (XSS) vulnerability in login.esp in the Web Management Interface in Media5 Medi... | | |
| CVE-2014-1613 | Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object ... | E S | |
| CVE-2014-1615 | Multiple cross-site request forgery (CSRF) vulnerabilities in Carbon Black before 4.1.0 allow remote... | E | |
| CVE-2014-1617 | Microsys PROMOTIC 8.2.13 contains an ActiveX Control Start Buffer Overflow vulnerability which can l... | | |
| CVE-2014-1618 | Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script allow remote attackers to execu... | E | |
| CVE-2014-1619 | Multiple SQL injection vulnerabilities in Cubic CMS 5.1.1, 5.1.2, and 5.2 allow remote attackers to ... | E | |
| CVE-2014-1620 | Multiple cross-site scripting (XSS) vulnerabilities in add.php in HIOX Guest Book (HGB) 5.0 allow re... | E | |
| CVE-2014-1624 | Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local use... | | |
| CVE-2014-1626 | XML External Entity (XXE) vulnerability in MARC::File::XML module before 1.0.2 for Perl, as used in ... | | |
| CVE-2014-1631 | Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /set... | E S | |
| CVE-2014-1632 | htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitra... | E S | |
| CVE-2014-1634 | SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancedne... | E | |
| CVE-2014-1635 | Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with firmware before F9K1103_WW_1.10... | E | |
| CVE-2014-1636 | Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow rem... | E | |
| CVE-2014-1637 | Command School Student Management System 1.06.01 does not properly restrict access to sw/backup/back... | | |
| CVE-2014-1638 | (1) debian/postrm and (2) debian/localepurge.config in localepurge before 0.7.3.2 use tempfile to cr... | | |
| CVE-2014-1639 | syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mktemp to create a safe temporar... | | |
| CVE-2014-1640 | axiom-test.sh in axiom 20100701-1.1 uses tempfile to create a safe temporary file but appends a suff... | | |
| CVE-2014-1642 | The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a larg... | | |
| CVE-2014-1643 | The Web Email Protection component in Symantec Encryption Management Server (aka PGP Universal Serve... | | |
| CVE-2014-1644 | The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Admini... | S | |
| CVE-2014-1645 | SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administr... | S | |
| CVE-2014-1646 | Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 ... | | |
| CVE-2014-1647 | Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 ... | | |
| CVE-2014-1648 | Cross-site scripting (XSS) vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in... | E | |
| CVE-2014-1649 | The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access ... | E | |
| CVE-2014-1650 | SQL injection vulnerability in user.php in the management console in Symantec Web Gateway (SWG) befo... | | |
| CVE-2014-1651 | SQL injection vulnerability in clientreport.php in the management console in Symantec Web Gateway (S... | | |
| CVE-2014-1652 | Multiple cross-site scripting (XSS) vulnerabilities in the management console in Symantec Web Gatewa... | | |
| CVE-2014-1653 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-1654 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-1655 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-1656 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-1657 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-1658 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-1659 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-1660 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-1661 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-1662 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-1663 | Unspecified vulnerability in Citrix XenMobile Device Manager server (formerly Zenprise Device Manage... | | |
| CVE-2014-1664 | The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive ... | E | |
| CVE-2014-1665 | Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users ... | E | |
| CVE-2014-1666 | The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly r... | S | |
| CVE-2014-1670 | The Microsoft Bing application before 4.2.1 for Android allows remote attackers to install arbitrary... | E | |
| CVE-2014-1671 | Multiple SQL injection vulnerabilities in Dell KACE K1000 5.4.76847 and possibly earlier allow remot... | | |
| CVE-2014-1672 | Check Point R75.47 Security Gateway and Management Server does not properly enforce Anti-Spoofing wh... | | |
| CVE-2014-1673 | Check Point Session Authentication Agent allows remote attackers to obtain sensitive information (us... | | |
| CVE-2014-1677 | Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive informa... | E | |
| CVE-2014-1679 | Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 bef... | | |
| CVE-2014-1680 | Untrusted search path vulnerability in Bandisoft Bandizip before 3.10 allows local users to gain pri... | E | |
| CVE-2014-1681 | Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.102 have unknown impact and a... | | |
| CVE-2014-1682 | The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote ... | | |
| CVE-2014-1683 | The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas... | E | |
| CVE-2014-1684 | The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in Vide... | E | |
| CVE-2014-1685 | The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2.2.x before 2.2.2rc1 allows re... | | |
| CVE-2014-1686 | MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thum... | | |
| CVE-2014-1690 | The help function in net/netfilter/nf_nat_irc.c in the Linux kernel before 3.12.8 allows remote atta... | E S | |
| CVE-2014-1691 | The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows r... | E S | |
| CVE-2014-1692 | The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enabl... | | |
| CVE-2014-1693 | Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-depende... | E | |
| CVE-2014-1694 | Multiple cross-site request forgery (CSRF) vulnerabilities in (1) CustomerPreferences.pm, (2) Custom... | E S | |
| CVE-2014-1695 | Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.20, 3... | E | |
| CVE-2014-1696 | Siemens SIMATIC WinCC OA before 3.12 P002 January uses a weak hash algorithm for passwords, which ma... | | |
| CVE-2014-1697 | The integrated web server in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attacke... | | |
| CVE-2014-1698 | Directory traversal vulnerability in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote... | | |
| CVE-2014-1699 | Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to cause a denial of servi... | | |
| CVE-2014-1700 | Use-after-free vulnerability in modules/speech/SpeechSynthesis.cpp in Blink, as used in Google Chrom... | | |
| CVE-2014-1701 | The GenerateFunction function in bindings/scripts/code_generator_v8.pm in Blink, as used in Google C... | | |
| CVE-2014-1702 | Use-after-free vulnerability in the DatabaseThread::cleanupDatabaseThread function in modules/webdat... | | |
| CVE-2014-1703 | Use-after-free vulnerability in the WebSocketDispatcherHost::SendOrDrop function in content/browser/... | | |
| CVE-2014-1704 | Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18, as used in Google Chrome before... | | |
| CVE-2014-1705 | Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 ... | | |
| CVE-2014-1706 | crosh in Google Chrome OS before 33.0.1750.152 allows attackers to inject commands via unspecified v... | | |
| CVE-2014-1707 | Directory traversal vulnerability in CrosDisks in Google Chrome OS before 33.0.1750.152 has unspecif... | | |
| CVE-2014-1708 | The boot implementation in Google Chrome OS before 33.0.1750.152 does not properly consider file per... | | |
| CVE-2014-1710 | The AsyncPixelTransfersCompletedQuery::End function in gpu/command_buffer/service/query_manager.cc i... | | |
| CVE-2014-1711 | The GPU driver in the kernel in Google Chrome OS before 33.0.1750.152 allows remote attackers to cau... | | |
| CVE-2014-1713 | Use-after-free vulnerability in the AttributeSetter function in bindings/templates/attributes.cpp in... | | |
| CVE-2014-1714 | The ScopedClipboardWriter::WritePickledData function in ui/base/clipboard/scoped_clipboard_writer.cc... | | |
| CVE-2014-1715 | Directory traversal vulnerability in Google Chrome before 33.0.1750.152 on OS X and Linux and before... | | |
| CVE-2014-1716 | Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime.cc in Googl... | | |
| CVE-2014-1717 | Google V8, as used in Google Chrome before 34.0.1847.116, does not properly use numeric casts during... | | |
| CVE-2014-1718 | Integer overflow in the SoftwareFrameManager::SwapToNewFrame function in content/browser/renderer_ho... | | |
| CVE-2014-1719 | Use-after-free vulnerability in the WebSharedWorkerStub::OnTerminateWorkerContext function in conten... | | |
| CVE-2014-1720 | Use-after-free vulnerability in the HTMLBodyElement::insertedInto function in core/html/HTMLBodyElem... | | |
| CVE-2014-1721 | Google V8, as used in Google Chrome before 34.0.1847.116, does not properly implement lazy deoptimiz... | | |
| CVE-2014-1722 | Use-after-free vulnerability in the RenderBlock::addChildIgnoringAnonymousColumnBlocks function in c... | | |
| CVE-2014-1723 | The UnescapeURLWithOffsetsImpl function in net/base/escape.cc in Google Chrome before 34.0.1847.116 ... | | |
| CVE-2014-1724 | Use-after-free vulnerability in Free(b)soft Laboratory Speech Dispatcher 0.7.1, as used in Google Ch... | | |
| CVE-2014-1725 | The base64DecodeInternal function in wtf/text/Base64.cpp in Blink, as used in Google Chrome before 3... | | |
| CVE-2014-1726 | The drag implementation in Google Chrome before 34.0.1847.116 allows user-assisted remote attackers ... | | |
| CVE-2014-1727 | Use-after-free vulnerability in content/renderer/renderer_webcolorchooser_impl.h in Google Chrome be... | | |
| CVE-2014-1728 | Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.116 allow attackers to cause ... | | |
| CVE-2014-1729 | Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22, as used in Google Chrome before... | | |
| CVE-2014-1730 | Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.13... | | |
| CVE-2014-1731 | core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before ... | | |
| CVE-2014-1732 | Use-after-free vulnerability in browser/ui/views/speech_recognition_bubble_views.cc in Google Chrome... | | |
| CVE-2014-1733 | The PointerCompare function in codegen.cc in Seccomp-BPF, as used in Google Chrome before 34.0.1847.... | | |
| CVE-2014-1734 | Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.131 on Windows and OS X and b... | | |
| CVE-2014-1735 | Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33, as used in Google Chrome before... | | |
| CVE-2014-1736 | Integer overflow in api.cc in Google V8, as used in Google Chrome before 34.0.1847.131 on Windows an... | | |
| CVE-2014-1737 | The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not pr... | | |
| CVE-2014-1738 | The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not p... | | |
| CVE-2014-1739 | The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3... | | |
| CVE-2014-1740 | Multiple use-after-free vulnerabilities in net/websockets/websocket_job.cc in the WebSockets impleme... | | |
| CVE-2014-1741 | Multiple integer overflows in the replace-data functionality in the CharacterData interface implemen... | | |
| CVE-2014-1742 | Use-after-free vulnerability in the FrameSelection::updateAppearance function in core/editing/FrameS... | | |
| CVE-2014-1743 | Use-after-free vulnerability in the StyleElement::removedFromDocument function in core/dom/StyleElem... | | |
| CVE-2014-1744 | Integer overflow in the AudioInputRendererHost::OnCreateStream function in content/browser/renderer_... | | |
| CVE-2014-1745 | Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.... | | |
| CVE-2014-1746 | The InMemoryUrlProtocol::Read function in media/filters/in_memory_url_protocol.cc in Google Chrome b... | | |
| CVE-2014-1747 | Cross-site scripting (XSS) vulnerability in the DocumentLoader::maybeCreateArchive function in core/... | | |
| CVE-2014-1748 | The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome ... | | |
| CVE-2014-1749 | Multiple unspecified vulnerabilities in Google Chrome before 35.0.1916.114 allow attackers to cause ... | | |
| CVE-2014-1750 | Open redirect vulnerability in nokia-mapsplaces.php in the Nokia Maps & Places plugin 1.6.6 for Word... | E | |
| CVE-2014-1751 | Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of... | | |
| CVE-2014-1752 | Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a den... | | |
| CVE-2014-1753 | Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a... | | |
| CVE-2014-1754 | Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 Gold and SP1, SharePoin... | | |
| CVE-2014-1755 | Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of... | | |
| CVE-2014-1756 | Untrusted search path vulnerability in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, S... | | |
| CVE-2014-1757 | Microsoft Word 2007 SP3 and 2010 SP1 and SP2, and Office Compatibility Pack SP3, allocates memory in... | | |
| CVE-2014-1758 | Stack-based buffer overflow in Microsoft Word 2003 SP3 allows remote attackers to execute arbitrary ... | | |
| CVE-2014-1759 | pubconv.dll in Microsoft Publisher 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrar... | | |
| CVE-2014-1760 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2014-1761 | Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatib... | KEV S | |
| CVE-2014-1762 | Unspecified vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to exe... | | |
| CVE-2014-1763 | Use-after-free vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to ... | | |
| CVE-2014-1764 | Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code and bypas... | | |
| CVE-2014-1765 | Multiple use-after-free vulnerabilities in Microsoft Internet Explorer 6 through 11 allow remote att... | | |
| CVE-2014-1766 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ... | S | |
| CVE-2014-1767 | Double free vulnerability in the Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drive... | E | |
| CVE-2014-1768 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-1769 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2014-1770 | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to ... | M | |
| CVE-2014-1771 | SChannel in Microsoft Internet Explorer 6 through 11 does not ensure that a server's X.509 certifica... | | |
| CVE-2014-1772 | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d... | | |
| CVE-2014-1773 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-1774 | Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of... | | |
| CVE-2014-1775 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-1776 | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to ... | KEV E S | |
| CVE-2014-1777 | Microsoft Internet Explorer 10 and 11 allows remote attackers to read local files on the client via ... | | |
| CVE-2014-1778 | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary web script wit... | | |
| CVE-2014-1779 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-1780 | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d... | | |
| CVE-2014-1781 | Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of... | | |
| CVE-2014-1782 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2014-1783 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-1784 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-1785 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o... | E | |
| CVE-2014-1786 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-1787 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-1788 | Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of... | | |
| CVE-2014-1789 | Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2014-1790 | Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2014-1791 | Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-1792 | Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of... | | |
| CVE-2014-1793 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-1794 | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d... | | |
| CVE-2014-1795 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-1796 | Microsoft Internet Explorer 6 and 8 through 11 allows remote attackers to execute arbitrary code or ... | | |
| CVE-2014-1797 | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d... | | |
| CVE-2014-1798 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-1799 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-1800 | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-1801 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-1802 | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d... | | |
| CVE-2014-1803 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-1804 | Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of... | | |
| CVE-2014-1805 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-1806 | The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, a... | | |
| CVE-2014-1807 | The ShellExecute API in Windows Shell in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windo... | S | |
| CVE-2014-1808 | Microsoft Office 2013 Gold, SP1, RT, and RT SP1 allows remote attackers to obtain sensitive token in... | | |
| CVE-2014-1809 | The MSCOMCTL library in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT ... | | |
| CVE-2014-1810 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-1811 | The TCP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7... | S | |
| CVE-2014-1812 | The Group Policy implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ... | KEV S | |
| CVE-2014-1813 | Microsoft Web Applications 2010 SP1 and SP2 allows remote authenticated users to execute arbitrary c... | | |
| CVE-2014-1814 | The Windows Installer in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 S... | S | |
| CVE-2014-1815 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-1816 | Microsoft XML Core Services (aka MSXML) 3.0 and 6.0 does not properly restrict the information trans... | | |
| CVE-2014-1817 | usp10.dll in Uniscribe (aka the Unicode Script Processor) in Microsoft Windows Server 2003 SP2, Wind... | S | |
| CVE-2014-1818 | GDI+ in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Wi... | S | |
| CVE-2014-1819 | win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windo... | S | |
| CVE-2014-1820 | Cross-site scripting (XSS) vulnerability in Master Data Services (MDS) in Microsoft SQL Server 2012 ... | | |
| CVE-2014-1821 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-1822 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-1823 | Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2010 ... | | |
| CVE-2014-1824 | Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, W... | S | |
| CVE-2014-1825 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-1826 | Cross-site scripting (XSS) vulnerability in the iThoughtsHD app 4.19 for iOS on iPad devices, when t... | E | |
| CVE-2014-1827 | The iThoughtsHD app 4.19 for iOS on iPad devices, when the WiFi Transfer feature is used, allows rem... | E | |
| CVE-2014-1828 | The iThoughts web server in the iThoughtsHD app 4.19 for iOS on iPad devices allows remote attackers... | E | |
| CVE-2014-1829 | Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by read... | S | |
| CVE-2014-1830 | Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by... | | |
| CVE-2014-1831 | Phusion Passenger before 4.0.37 allows local users to write to certain files and directories via a s... | | |
| CVE-2014-1832 | Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink ... | | |
| CVE-2014-1833 | Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify ... | | |
| CVE-2014-1834 | The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users t... | | |
| CVE-2014-1835 | The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users t... | | |
| CVE-2014-1836 | Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS ... | E | |
| CVE-2014-1837 | Cross-site scripting (XSS) vulnerability in the StackIdeas Komento (com_komento) component before 1.... | | |
| CVE-2014-1838 | The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons before 0.6... | | |
| CVE-2014-1839 | The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows ... | | |
| CVE-2014-1840 | Cross-site scripting (XSS) vulnerability in Upload/search.php in MyBB 1.6.12 and earlier allows remo... | E | |
| CVE-2014-1841 | Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 a... | E | |
| CVE-2014-1842 | Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 a... | E | |
| CVE-2014-1843 | Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 a... | E | |
| CVE-2014-1845 | An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileg... | S | |
| CVE-2014-1846 | Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb... | S | |
| CVE-2014-1849 | Foscam IP camera 11.37.2.49 and other versions, when using the Foscam DynDNS option, generates crede... | E | |
| CVE-2014-1850 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3743. Reason: This candidate... | R | |
| CVE-2014-1854 | SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5... | E | |
| CVE-2014-1855 | Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel before 3.5.0 allow remote attackers... | E | |
| CVE-2014-1858 | __init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symli... | | |
| CVE-2014-1859 | (1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/te... | S | |
| CVE-2014-1860 | Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities... | E S | |
| CVE-2014-1861 | The client in Jetro COCKPIT Secure Browsing (JCSB) 4.3.1 and 4.3.3 does not validate the FileName el... | | |
| CVE-2014-1867 | suPHP before 0.7.2 source-highlighting feature allows security bypass which could lead to arbitrary ... | | |
| CVE-2014-1868 | Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML s... | | |
| CVE-2014-1869 | Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3... | S | |
| CVE-2014-1870 | Opera before 19 on Mac OS X allows user-assisted remote attackers to spoof the address bar via vecto... | | |
| CVE-2014-1874 | The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel befo... | S | |
| CVE-2014-1875 | The Capture::Tiny module before 0.24 for Perl allows local users to write to arbitrary files via a s... | E | |
| CVE-2014-1876 | The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java... | | |
| CVE-2014-1877 | Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 2.1.1 allow remote attackers to inject... | E | |
| CVE-2014-1878 | Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3r... | S | |
| CVE-2014-1879 | Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote auth... | | |
| CVE-2014-1881 | Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypa... | E S | |
| CVE-2014-1882 | Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypa... | | |
| CVE-2014-1883 | Adobe PhoneGap before 2.6.0 on Android uses the shouldOverrideUrlLoading callback instead of the pro... | E S | |
| CVE-2014-1884 | Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do no... | E | |
| CVE-2014-1885 | The ForzeArmate application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote... | | |
| CVE-2014-1886 | The Edinburgh by Bus application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows r... | E | |
| CVE-2014-1887 | The DrinkedIn BarFinder application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allow... | E | |
| CVE-2014-1888 | Cross-site scripting (XSS) vulnerability in the BuddyPress plugin before 1.9.2 for WordPress allows ... | | |
| CVE-2014-1889 | The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authent... | E | |
| CVE-2014-1891 | Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLAS... | S | |
| CVE-2014-1892 | Xen 3.3 through 4.1, when XSM is enabled, allows local users to cause a denial of service via vector... | S | |
| CVE-2014-1893 | Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETBOOL suboperations in the flask... | S | |
| CVE-2014-1894 | Multiple integer overflows in unspecified suboperations in the flask hypercall in Xen 3.2.x and earl... | S | |
| CVE-2014-1895 | Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x ... | S | |
| CVE-2014-1896 | The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4.2.x, 4.3.x, and 4.4-RC series... | S | |
| CVE-2014-1899 | Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway... | | |
| CVE-2014-1900 | Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCE... | E S | |
| CVE-2014-1901 | Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCE... | | |
| CVE-2014-1902 | Multiple cross-site scripting (XSS) vulnerabilities in Y-Cam camera models SD range YCB003, YCK003, ... | E S | |
| CVE-2014-1903 | admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 befor... | | |
| CVE-2014-1904 | Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spri... | S | |
| CVE-2014-1905 | Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Int... | E | |
| CVE-2014-1906 | Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration p... | E | |
| CVE-2014-1907 | Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin b... | E | |
| CVE-2014-1908 | The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in... | E | |
| CVE-2014-1909 | Integer signedness error in system/core/adb/adb_client.c in Android Debug Bridge (ADB) for Android 4... | E | |
| CVE-2014-1910 | Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2.4.4 for Android do not verify X.50... | S | |
| CVE-2014-1911 | The Foscam FI8910W camera with firmware before 11.37.2.55 allows remote attackers to obtain sensitiv... | | |
| CVE-2014-1912 | Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before ... | E S | |
| CVE-2014-1914 | Multiple cross-site scripting (XSS) vulnerabilities in Command School Student Management System 1.06... | E | |
| CVE-2014-1915 | Multiple cross-site request forgery (CSRF) vulnerabilities in Command School Student Management Syst... | E | |
| CVE-2014-1916 | The (1) opus_packet_get_nb_frames and (2) opus_packet_get_samples_per_frame functions in the client ... | | |
| CVE-2014-1921 | parcimonie before 0.8.1, when using a large keyring, sleeps for the same amount of time between fetc... | S | |
| CVE-2014-1922 | Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha before 3.8.23, 3.10.x before 3.1... | E | |
| CVE-2014-1923 | Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or... | E | |
| CVE-2014-1924 | The MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, ... | E | |
| CVE-2014-1925 | SQL injection vulnerability in the MARC framework import/export function (admin/import_export_framew... | E | |
| CVE-2014-1926 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2014-1927 | The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, which allows context... | E | |
| CVE-2014-1928 | The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows con... | E | |
| CVE-2014-1929 | python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via ve... | | |
| CVE-2014-1930 | Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS ... | | |
| CVE-2014-1931 | The user login page in Visibility Software Cyber Recruiter before 8.1.00 generates different respons... | | |
| CVE-2014-1932 | The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3... | E S | |
| CVE-2014-1933 | The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and... | E S | |
| CVE-2014-1934 | tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for Python allows local users to modif... | | |
| CVE-2014-1935 | 9base 1:6-6 and 1:6-7 insecurely creates temporary files which results in predictable filenames.... | E | |
| CVE-2014-1936 | rc before 1.7.1-5 insecurely creates temporary files.... | | |
| CVE-2014-1937 | Gamera before 3.4.1 insecurely creates temporary files.... | | |
| CVE-2014-1938 | python-rply before 0.7.4 insecurely creates temporary files.... | | |
| CVE-2014-1939 | java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in c... | | |
| CVE-2014-1942 | Cross-site scripting (XSS) vulnerability in aal/loginverification.aspx in Pearson eSIS Enterprise St... | | |
| CVE-2014-1943 | Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite... | | |
| CVE-2014-1944 | Cross-site scripting (XSS) vulnerability in Ilch CMS 2.0 and earlier allows remote attackers to inje... | E S | |
| CVE-2014-1945 | SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to ... | E S | |
| CVE-2014-1946 | OpenDocMan 1.2.7 and earlier does not properly validate allowed actions, which allows remote authent... | E | |
| CVE-2014-1947 | Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and e... | S | |
| CVE-2014-1948 | OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before i... | | |
| CVE-2014-1949 | GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications,... | | |
| CVE-2014-1950 | Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when usi... | | |
| CVE-2014-1955 | Cross-site scripting (XSS) vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers... | | |
| CVE-2014-1956 | CRLF injection vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject a... | | |
| CVE-2014-1957 | FortiGuard FortiWeb before 5.0.3 allows remote authenticated users to gain privileges via unspecifie... | | |
| CVE-2014-1958 | Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might ... | | |
| CVE-2014-1959 | lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificate... | E S | |
| CVE-2014-1960 | The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attacke... | | |
| CVE-2014-1961 | Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain... | | |
| CVE-2014-1962 | Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified... | | |
| CVE-2014-1963 | Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allows remote attackers to cause a... | | |
| CVE-2014-1964 | Cross-site scripting (XSS) vulnerability in the Integration Repository in the SAP Exchange Infrastru... | | |
| CVE-2014-1965 | Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP E... | | |
| CVE-2014-1966 | The SNMP implementation in Siemens RuggedCom ROS before 3.11, ROS 3.11 for RS950G, ROS 3.12 before 3... | | |
| CVE-2014-1967 | The Denny's application before 2.0.1 for Android does not verify X.509 certificates from SSL servers... | | |
| CVE-2014-1968 | Cross-site scripting (XSS) vulnerability in the XooNIps module 3.47 and earlier for XOOPS allows rem... | S | |
| CVE-2014-1969 | Directory traversal vulnerability in the apps4u@android SD Card Manager application before 20140224 ... | | |
| CVE-2014-1970 | Directory traversal vulnerability in the ES File Explorer File Manager application before 3.0.4 for ... | | |
| CVE-2014-1971 | Cross-site scripting (XSS) vulnerability in Silex before 2.0.0 allows remote attackers to inject arb... | | |
| CVE-2014-1972 | Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client ... | | |
| CVE-2014-1973 | Directory traversal vulnerability in the NextApp File Explorer application before 2.1.0.3 for Androi... | | |
| CVE-2014-1974 | Directory traversal vulnerability in the LYSESOFT AndExplorer application before 20140403 and AndExp... | | |
| CVE-2014-1975 | Directory traversal vulnerability in the R-Company Unzipper application 1.0.1 and earlier for Androi... | | |
| CVE-2014-1976 | The Demaecan application 2.1.0 and earlier for Android does not verify X.509 certificates from SSL s... | | |
| CVE-2014-1977 | The NTT DOCOMO sp mode mail application 6300 and earlier for Android 4.0.x and 6700 and earlier for ... | | |
| CVE-2014-1978 | The application link interface in the NTT DOCOMO sp mode mail application 6100 through 6300 for Andr... | | |
| CVE-2014-1979 | The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 fo... | | |
| CVE-2014-1980 | Cross-site scripting (XSS) vulnerability in include/functions_metadata.inc.php in Piwigo before 2.4.... | | |
| CVE-2014-1981 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-1982 | The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmwar... | E | |
| CVE-2014-1983 | Unspecified vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows... | S | |
| CVE-2014-1984 | Session fixation vulnerability in the management screen in Cybozu Remote Service Manager through 2.3... | S | |
| CVE-2014-1985 | Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_... | E S | |
| CVE-2014-1986 | The Content Provider in the KOKUYO CamiApp application 1.21.1 and earlier for Android allows attacke... | | |
| CVE-2014-1987 | The CGI component in Cybozu Garoon 3.1.0 through 3.7 SP3 allows remote attackers to execute arbitrar... | | |
| CVE-2014-1988 | The Phone Messages feature in Cybozu Garoon 2.0.0 through 3.7 SP2 allows remote authenticated users ... | | |
| CVE-2014-1989 | Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to bypass intended access restri... | | |
| CVE-2014-1990 | Cross-site request forgery (CSRF) vulnerability in TopAccess (aka the web-based management utility) ... | | |
| CVE-2014-1991 | Open redirect vulnerability in WebPlatform / AppFramework 6.0 through 7.2 in NTT DATA INTRAMART intr... | S | |
| CVE-2014-1992 | Cross-site scripting (XSS) vulnerability in the Messages functionality in Cybozu Garoon 3.1.x, 3.5.x... | | |
| CVE-2014-1993 | The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users... | | |
| CVE-2014-1994 | Cross-site scripting (XSS) vulnerability in the Notices portlet in Cybozu Garoon 2.x and 3.x before ... | | |
| CVE-2014-1995 | Cross-site scripting (XSS) vulnerability in the Map search functionality in Cybozu Garoon 2.x and 3.... | | |
| CVE-2014-1996 | Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restriction... | | |
| CVE-2014-1997 | The ATEN CN8000 remote-access unit with firmware 1.6.154 and earlier allows remote attackers to caus... | | |
| CVE-2014-1998 | Cross-site scripting (XSS) vulnerability in Nippon Institute of Agroinformatics SOY CMS 1.4.0c and e... | | |
| CVE-2014-1999 | The auto-format feature in the Request_Curl class in FuelPHP 1.1 through 1.7.1 allows remote attacke... | |