| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2014-2000 | The NTT 050 plus application before 4.2.1 for Android allows attackers to obtain sensitive informati... | | |
| CVE-2014-2001 | The East Japan Railway Company JR East Japan application before 1.2.0 for Android does not verify X.... | | |
| CVE-2014-2002 | Cross-site scripting (XSS) vulnerability in C-BOARD Moyuku 1.01b6 and earlier allows remote attacker... | | |
| CVE-2014-2003 | JustSystems JUST Online Update, as used in Ichitaro through 2014 and other products, does not proper... | | |
| CVE-2014-2004 | The PPP Access Concentrator (PPPAC) on SEIL SEIL/x86 routers 1.00 through 3.10, SEIL/X1 routers 1.00... | | |
| CVE-2014-2005 | Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) 5.x before 5.2.2 does not enforc... | | |
| CVE-2014-2006 | Cross-site scripting (XSS) vulnerability in Intercom Web Kyukincho 3.x before 3.0.030 allows remote ... | | |
| CVE-2014-2008 | SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop al... | E S | |
| CVE-2014-2009 | The mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to obtain credentials, t... | E | |
| CVE-2014-2013 | Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and ear... | E | |
| CVE-2014-2014 | imapsync before 1.584, when running with the --tls option, attempts a cleartext login when a certifi... | S | |
| CVE-2014-2015 | Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c... | E S | |
| CVE-2014-2016 | Multiple cross-site scripting (XSS) vulnerabilities in OXID eShop Professional and Community Edition... | | |
| CVE-2014-2017 | CRLF injection vulnerability in OXID eShop Professional Edition before 4.7.11 and 4.8.x before 4.8.4... | S | |
| CVE-2014-2018 | Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR... | | |
| CVE-2014-2019 | The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an inte... | E | |
| CVE-2014-2020 | ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers ... | | |
| CVE-2014-2021 | Cross-site scripting (XSS) vulnerability in admincp/apilog.php in vBulletin 4.2.2 and earlier, and 5... | E | |
| CVE-2014-2022 | SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.... | E | |
| CVE-2014-2023 | Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and earlier and 5.x through 5.2.... | E | |
| CVE-2014-2024 | Cross-site scripting (XSS) vulnerability in classes/controller/error.php in Open Classifieds 2 befor... | E S | |
| CVE-2014-2025 | Unrestricted file upload vulnerability in an unspecified third party tool in United Planet Intrexx P... | | |
| CVE-2014-2026 | Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Profes... | | |
| CVE-2014-2027 | eGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, ... | S | |
| CVE-2014-2029 | The automatic version check functionality in the tools in Percona Toolkit 2.1 allows man-in-the-midd... | S | |
| CVE-2014-2030 | Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6... | S | |
| CVE-2014-2031 | Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS before 1.4.14 and 2.x before 2.0.0... | | |
| CVE-2014-2032 | Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS before 1.4.14 and 2.x before 2.0.0... | S | |
| CVE-2014-2033 | The caching feature in SGOS in Blue Coat ProxySG 5.5 through 5.5.11.3, 6.1 through 6.1.6.3, 6.2 thro... | | |
| CVE-2014-2034 | Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to crea... | | |
| CVE-2014-2035 | Cross-site scripting (XSS) vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Ho... | | |
| CVE-2014-2037 | Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and I... | | |
| CVE-2014-2038 | The nfs_can_extend_write function in fs/nfs/write.c in the Linux kernel before 3.13.3 relies on a wr... | S | |
| CVE-2014-2039 | arch/s390/kernel/head64.S in the Linux kernel before 3.13.5 on the s390 platform does not properly h... | S | |
| CVE-2014-2040 | Multiple cross-site scripting (XSS) vulnerabilities in the (1) callback_multicheck, (2) callback_rad... | E | |
| CVE-2014-2042 | Unrestricted file upload vulnerability in the Manage Project functionality in Livetecs Timelive befo... | | |
| CVE-2014-2043 | SQL injection vulnerability in Resources/System/Templates/Data.aspx in Procentia IntelliPen before 1... | E | |
| CVE-2014-2044 | Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Window... | E | |
| CVE-2014-2045 | Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multic... | E | |
| CVE-2014-2046 | cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 rev2 does not properly restrict... | E | |
| CVE-2014-2047 | Session fixation vulnerability in ownCloud before 6.0.2, when PHP is configured to accept session pa... | S | |
| CVE-2014-2048 | The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by lev... | | |
| CVE-2014-2049 | The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote... | S | |
| CVE-2014-2050 | Cross-site request forgery (CSRF) vulnerability in ownCloud Server before 5.0.15 and 6.0.x before 6.... | | |
| CVE-2014-2051 | ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to conduct an LDAP inje... | S | |
| CVE-2014-2052 | Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attac... | | |
| CVE-2014-2053 | getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remot... | | |
| CVE-2014-2054 | PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not dis... | | |
| CVE-2014-2055 | SabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remo... | | |
| CVE-2014-2056 | PHPDocX, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to... | | |
| CVE-2014-2057 | Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 6.0.2 allow remote attackers ... | | |
| CVE-2014-2058 | BuildTrigger in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to byp... | S | |
| CVE-2014-2059 | Directory traversal vulnerability in the CLI job creation (hudson/cli/CreateJobCommand.java) in Jenk... | S | |
| CVE-2014-2060 | The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attacker... | | |
| CVE-2014-2061 | The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allo... | S | |
| CVE-2014-2062 | Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted... | S | |
| CVE-2014-2063 | Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to conduct clickjacking attacks ... | S | |
| CVE-2014-2064 | The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before... | S | |
| CVE-2014-2065 | Cross-site scripting (XSS) vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remot... | S | |
| CVE-2014-2066 | Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attacker... | S | |
| CVE-2014-2067 | Cross-site scripting (XSS) vulnerability in java/hudson/model/Cause.java in Jenkins before 1.551 and... | | |
| CVE-2014-2068 | The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and L... | S | |
| CVE-2014-2069 | Absolute path traversal vulnerability in Eshtery CMS allows remote attackers to read arbitrary files... | | |
| CVE-2014-2071 | Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712... | | |
| CVE-2014-2072 | Dassault Systemes Catia V5-6R2013: Stack Buffer Overflow due to inadequate boundary checks... | E | |
| CVE-2014-2073 | Stack-based buffer overflow in Dassault Systemes CATIA V5-6R2013 allows remote attackers to execute ... | E | |
| CVE-2014-2075 | TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator SDK 1.0.0 do not properly enforce ... | | |
| CVE-2014-2077 | Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 before ... | | |
| CVE-2014-2078 | The backend in Open-Xchange (OX) AppSuite 7.4.2 before 7.4.2-rev9 allows remote attackers to obtain ... | M | |
| CVE-2014-2079 | X File Explorer (aka xfe) might allow local users to bypass intended access restrictions and gain ac... | S | |
| CVE-2014-2080 | Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in ModX Revolution ... | E S | |
| CVE-2014-2081 | Multiple SQL injection vulnerabilities in the login in web_reports/cgi-bin/InfoStation.cgi in Innova... | E | |
| CVE-2014-2084 | Skybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 ... | E | |
| CVE-2014-2085 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2084. Reason: This issue was... | R | |
| CVE-2014-2087 | Stack-based buffer overflow in the CDownloads_Deleted::UpdateDownload function in Downloads_Deleted.... | E | |
| CVE-2014-2088 | Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.1 allows remote authenticated users... | E | |
| CVE-2014-2089 | ILIAS 4.4.1 allows remote attackers to execute arbitrary PHP code via an e-mail attachment that lead... | E | |
| CVE-2014-2090 | Multiple cross-site scripting (XSS) vulnerabilities in ilias.php in ILIAS 4.4.1 allow remote authent... | E | |
| CVE-2014-2091 | Cross-site scripting (XSS) vulnerability in mods/_standard/forums/admin/forum_add.php in ATutor 2.1.... | E | |
| CVE-2014-2092 | Cross-site scripting (XSS) vulnerability in lib/filemanager/ImageManager/editorFrame.php in CMS Made... | E | |
| CVE-2014-2093 | Untrusted search path vulnerability in Catfish through 0.4.0.3 allows local users to gain privileges... | | |
| CVE-2014-2094 | Untrusted search path vulnerability in Catfish through 0.4.0.3, when a Fedora package such as 0.4.0.... | | |
| CVE-2014-2095 | Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0, when a Fedora package such as 0.... | | |
| CVE-2014-2096 | Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0 allows local users to gain privil... | | |
| CVE-2014-2097 | The tak_decode_frame function in libavcodec/takdec.c in FFmpeg before 2.1.4 does not properly valida... | | |
| CVE-2014-2098 | libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect data-structure size for certain... | | |
| CVE-2014-2099 | The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before 2.1.4 does not properly calcu... | | |
| CVE-2014-2102 | Cisco Unified Contact Center Express (Unified CCX) does not properly restrict the content of the CCM... | | |
| CVE-2014-2103 | Cisco Intrusion Prevention System (IPS) Software allows remote attackers to cause a denial of servic... | | |
| CVE-2014-2104 | Multiple cross-site scripting (XSS) vulnerabilities in the Business Voice Services Manager (BVSM) pa... | | |
| CVE-2014-2106 | Cisco IOS 15.3M before 15.3(3)M2 and IOS XE 3.10.xS before 3.10.2S allow remote attackers to cause a... | | |
| CVE-2014-2107 | Cisco IOS 12.2 and 15.0 through 15.3, when used with the Kailash FPGA before 2.6 on RSP720-3C-10GE a... | | |
| CVE-2014-2108 | Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.2 through 3.7 before 3.7.5S and 3.8 through 3.10 b... | | |
| CVE-2014-2109 | The TCP Input module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows ... | | |
| CVE-2014-2111 | The Application Layer Gateway (ALG) module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, whe... | | |
| CVE-2014-2112 | The SSL VPN (aka WebVPN) feature in Cisco IOS 15.1 through 15.4 allows remote attackers to cause a d... | | |
| CVE-2014-2113 | Cisco IOS 15.1 through 15.3 and IOS XE 3.3 and 3.5 before 3.5.2E; 3.7 before 3.7.5S; and 3.8, 3.9, a... | | |
| CVE-2014-2114 | Cross-site scripting (XSS) vulnerability in UserServlet in Cisco Emergency Responder (ER) 8.6 and ea... | | |
| CVE-2014-2115 | Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserServlet pages in Cisco Emergenc... | | |
| CVE-2014-2116 | Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject web pages and modif... | | |
| CVE-2014-2117 | Multiple open redirect vulnerabilities in Cisco Emergency Responder (ER) 8.6 and earlier allow remot... | | |
| CVE-2014-2118 | Multiple cross-site scripting (XSS) vulnerabilities in dashboard-related HTML documents in Cisco Pri... | | |
| CVE-2014-2119 | The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appl... | | |
| CVE-2014-2120 | Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Applian... | KEV | |
| CVE-2014-2121 | The Java-based software in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to caus... | | |
| CVE-2014-2122 | Memory leak in the GUI in the Impact server in Cisco Hosted Collaboration Solution (HCS) allows remo... | | |
| CVE-2014-2124 | Cisco IOS 15.1(2)SY3 and earlier, when used with Supervisor Engine 2T (aka Sup2T) on Catalyst 6500 d... | | |
| CVE-2014-2125 | Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco Unity Connection 8.6(2a)SU3 and e... | | |
| CVE-2014-2126 | Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47), 8.4 before 8.4(7.5), 8.7 befo... | | |
| CVE-2014-2127 | Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), 8.3 before 8.3(2.40), 8.4 bef... | | |
| CVE-2014-2128 | The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47, ... | | |
| CVE-2014-2129 | The SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.48), ... | | |
| CVE-2014-2130 | Cisco Secure Access Control Server (ACS) provides an unintentional administration web interface base... | | |
| CVE-2014-2131 | The packet driver in Cisco IOS allows remote attackers to cause a denial of service (device reload) ... | | |
| CVE-2014-2132 | Cisco WebEx Recording Format (WRF) player and Advanced Recording Format (ARF) player T27 LD before S... | | |
| CVE-2014-2133 | Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before ... | | |
| CVE-2014-2134 | Heap-based buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T28... | | |
| CVE-2014-2135 | Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before ... | | |
| CVE-2014-2136 | Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before ... | | |
| CVE-2014-2137 | CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earl... | | |
| CVE-2014-2138 | CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows r... | | |
| CVE-2014-2139 | Cisco ONS 15454 controller cards with software 9.6 and earlier allow remote attackers to cause a den... | | |
| CVE-2014-2140 | Cisco ONS 15454 controller cards with software 9.6 and earlier allow remote attackers to cause a den... | | |
| CVE-2014-2141 | The session-termination functionality on Cisco ONS 15454 controller cards with software 9.6 and earl... | | |
| CVE-2014-2142 | Cisco ONS 15454 controller cards with software 10.0 and earlier allow remote attackers to cause a de... | | |
| CVE-2014-2143 | The IKE implementation in Cisco IOS 15.4(1)T and earlier and IOS XE allows remote attackers to cause... | | |
| CVE-2014-2144 | Cisco IOS XR does not properly throttle ICMPv6 redirect packets, which allows remote attackers to ca... | | |
| CVE-2014-2145 | Directory traversal vulnerability in the messaging API in Cisco Unity Connection allows remote authe... | | |
| CVE-2014-2146 | The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, po... | | |
| CVE-2014-2147 | The web interface in Cisco Prime Infrastructure 2.1 and earlier does not properly restrict use of IF... | | |
| CVE-2014-2149 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-2150 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-2151 | The WebVPN portal in Cisco Adaptive Security Appliance (ASA) Software 8.4(.7.15) and earlier allows ... | | |
| CVE-2014-2152 | Cross-site request forgery (CSRF) vulnerability in the INSERT page in Cisco Prime Infrastructure (PI... | | |
| CVE-2014-2153 | Multiple cross-site scripting (XSS) vulnerabilities in INSERT pages in Cisco Prime Infrastructure al... | | |
| CVE-2014-2154 | Memory leak in the SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software allows ... | | |
| CVE-2014-2155 | The DHCPv6 server module in Cisco CNS Network Registrar 7.1 allows remote attackers to cause a denia... | | |
| CVE-2014-2156 | Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denia... | | |
| CVE-2014-2157 | Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denia... | | |
| CVE-2014-2158 | Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denia... | | |
| CVE-2014-2159 | The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote att... | | |
| CVE-2014-2160 | The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote att... | | |
| CVE-2014-2161 | The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote att... | | |
| CVE-2014-2162 | The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 all... | | |
| CVE-2014-2163 | The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x allows remo... | | |
| CVE-2014-2164 | The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 all... | | |
| CVE-2014-2165 | The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 all... | | |
| CVE-2014-2166 | The SIP implementation in Cisco TelePresence TC Software 4.x and TE Software 4.x allows remote attac... | | |
| CVE-2014-2167 | The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 all... | | |
| CVE-2014-2168 | Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows rem... | | |
| CVE-2014-2169 | Cisco TelePresence TC Software 4.x through 6.x before 6.2.0 and TE Software 4.x and 6.0 allow remote... | | |
| CVE-2014-2170 | Cisco TelePresence TC Software 4.x and 5.x before 5.1.7 and 6.x before 6.0.1 and TE Software 4.x and... | | |
| CVE-2014-2171 | Heap-based buffer overflow in Cisco TelePresence TC Software 4.x through 6.x before 6.0.1 and TE Sof... | | |
| CVE-2014-2172 | Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows loc... | | |
| CVE-2014-2173 | Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 do not properly restrict acce... | | |
| CVE-2014-2174 | Cisco TelePresence T, TelePresence TE, and TelePresence TC before 7.1 do not properly implement acce... | | |
| CVE-2014-2175 | Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allow remote attackers to cau... | | |
| CVE-2014-2176 | Cisco IOS XR 4.1.2 through 5.1.1 on ASR 9000 devices, when a Trident-based line card is used, allows... | | |
| CVE-2014-2177 | The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, ... | S | |
| CVE-2014-2178 | Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV ... | S | |
| CVE-2014-2179 | The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.1... | S | |
| CVE-2014-2180 | The Document Management component in Cisco Unified Contact Center Express does not properly validate... | | |
| CVE-2014-2181 | Cisco Adaptive Security Appliance (ASA) Software allows remote authenticated users to read files by ... | | |
| CVE-2014-2182 | Cisco Adaptive Security Appliance (ASA) Software, when DHCPv6 replay is configured, allows remote at... | | |
| CVE-2014-2183 | The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 routers allows remote authenticate... | | |
| CVE-2014-2184 | The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allow... | | |
| CVE-2014-2185 | The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified ... | | |
| CVE-2014-2186 | Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server ... | | |
| CVE-2014-2188 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-0607. Reason: This candida... | R | |
| CVE-2014-2189 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-2190 | Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Broadcast Access Cente... | | |
| CVE-2014-2191 | Cross-site scripting (XSS) vulnerability in the web framework in Cisco Broadcast Access Center for T... | | |
| CVE-2014-2192 | Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-mail Interaction Manager 9.0(2) ... | | |
| CVE-2014-2193 | Cisco Unified Web and E-Mail Interaction Manager places session identifiers in GET requests, which a... | | |
| CVE-2014-2194 | system/egain/chat/entrypoint in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remot... | | |
| CVE-2014-2195 | Cisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA) devi... | | |
| CVE-2014-2196 | Cisco Wide Area Application Services (WAAS) 5.1.1 before 5.1.1e, when SharePoint prefetch optimizati... | | |
| CVE-2014-2197 | The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in ... | | |
| CVE-2014-2198 | Cisco Unified Communications Domain Manager (CDM) in Unified CDM Platform Software before 4.4.2 has ... | | |
| CVE-2014-2199 | meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training... | | |
| CVE-2014-2200 | Cisco NX-OS 5.0 before 5.0(5) on Nexus 7000 devices, when local authentication and multiple VDCs are... | | |
| CVE-2014-2201 | The Message Transfer Service (MTS) in Cisco NX-OS before 6.2(7) on MDS 9000 devices and 6.0 before 6... | | |
| CVE-2014-2205 | The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) before 4.6.7 Hotfix 940148 allo... | E | |
| CVE-2014-2206 | Stack-based buffer overflow in GetGo Download Manager 4.9.0.1982, 4.8.2.1346, 4.4.5.502, and earlier... | E | |
| CVE-2014-2208 | CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.... | | |
| CVE-2014-2209 | Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships wit... | | |
| CVE-2014-2210 | Multiple directory traversal vulnerabilities in CA ERwin Web Portal 9.5 allow remote attackers to ob... | S | |
| CVE-2014-2211 | SQL injection vulnerability in portal/addtoapplication.php in POSH (aka Posh portal or Portaneo) 3.0... | E S | |
| CVE-2014-2212 | The remember me feature in portal/scr_authentif.php in POSH (aka Posh portal or Portaneo) 3.0, 3.2.1... | E | |
| CVE-2014-2213 | Open redirect vulnerability in the password reset functionality in POSH 3.0 through 3.2.1 allows rem... | E | |
| CVE-2014-2214 | Multiple cross-site scripting (XSS) vulnerabilities in POSH (aka Posh portal or Portaneo) 3.0 throug... | E | |
| CVE-2014-2215 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-2216 | The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.0.0 before 5.0.8 on FortiG... | | |
| CVE-2014-2217 | Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI... | E | |
| CVE-2014-2219 | Cross-site scripting (XSS) vulnerability in whizzywig/wb.php in CMSimple Classic 3.54 and earlier, p... | E | |
| CVE-2014-2223 | Unrestricted file upload vulnerability in plog-admin/plog-upload.php in Plogger 1.0 RC1 and earlier ... | E | |
| CVE-2014-2224 | Plogger 1.0 RC1 and earlier, when the Lucid theme is used, does not assign new values for certain co... | | |
| CVE-2014-2225 | Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller bef... | E | |
| CVE-2014-2226 | Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, whi... | | |
| CVE-2014-2227 | The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly A... | E | |
| CVE-2014-2228 | The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary ... | E | |
| CVE-2014-2230 | Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows... | E | |
| CVE-2014-2231 | Cross-site scripting (XSS) vulnerability in the API in synetics i-doit pro before 1.2.5 allows remot... | | |
| CVE-2014-2232 | Absolute path traversal vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x bef... | | |
| CVE-2014-2233 | Server-side request forgery (SSRF) vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 an... | | |
| CVE-2014-2234 | A certain Apple patch for OpenSSL in Apple OS X 10.9.2 and earlier uses a Trust Evaluation Agent (TE... | E | |
| CVE-2014-2235 | Cross-site scripting (XSS) vulnerability in Askbot before 0.7.49 allows remote attackers to inject a... | E S | |
| CVE-2014-2236 | Multiple cross-site scripting (XSS) vulnerabilities in Askbot before 0.7.49 allow remote attackers t... | E S | |
| CVE-2014-2237 | The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through... | | |
| CVE-2014-2238 | SQL injection vulnerability in the manage configuration page (adm_config_report.php) in MantisBT 1.2... | E S | |
| CVE-2014-2240 | Stack-based buffer overflow in the cf2_hintmap_build function in cff/cf2hints.c in FreeType before 2... | S | |
| CVE-2014-2241 | The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer functions in cff/cf2ft.c in Fre... | E S | |
| CVE-2014-2242 | includes/upload/UploadBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.2... | S | |
| CVE-2014-2243 | includes/User.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.... | S | |
| CVE-2014-2244 | Cross-site scripting (XSS) vulnerability in the formatHTML function in includes/api/ApiFormatBase.ph... | S | |
| CVE-2014-2245 | SQL injection vulnerability in the News module in CMS Made Simple (CMSMS) before 1.11.10 allows remo... | | |
| CVE-2014-2246 | Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1500 CPU... | S | |
| CVE-2014-2247 | The integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allo... | S | |
| CVE-2014-2248 | Open redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices ... | S | |
| CVE-2014-2249 | Cross-site request forgery (CSRF) vulnerability on Siemens SIMATIC S7-1500 CPU PLC devices with firm... | S | |
| CVE-2014-2250 | The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 does... | | |
| CVE-2014-2251 | The random-number generator on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 do... | S | |
| CVE-2014-2252 | Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a d... | | |
| CVE-2014-2253 | Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a... | S | |
| CVE-2014-2254 | Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a d... | | |
| CVE-2014-2255 | Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a... | S | |
| CVE-2014-2256 | Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a d... | | |
| CVE-2014-2257 | Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a... | S | |
| CVE-2014-2258 | Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a d... | | |
| CVE-2014-2259 | Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a... | S | |
| CVE-2014-2260 | Cross-site scripting (XSS) vulnerability in plugins/main/content/js/ajenti.coffee in Eugene Pankov A... | E S | |
| CVE-2014-2262 | Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS 9.3 TS1M1 and TS1M2, and SAS 9.... | | |
| CVE-2014-2263 | The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) muxer (libavformat/mpegtsenc.c... | | |
| CVE-2014-2264 | The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 update 1 has a hardcoded root pass... | | |
| CVE-2014-2265 | Rock Lobster Contact Form 7 before 3.7.2 allows remote attackers to bypass the CAPTCHA protection me... | S | |
| CVE-2014-2268 | views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restri... | E | |
| CVE-2014-2269 | modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote attackers to re... | E S | |
| CVE-2014-2270 | softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of... | S | |
| CVE-2014-2271 | cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 d... | | |
| CVE-2014-2273 | The hx170dec device driver in Huawei P2-6011 before V100R001C00B043 allows local users to read and w... | E | |
| CVE-2014-2274 | Cross-site request forgery (CSRF) vulnerability in the Subscribe To Comments Reloaded plugin before ... | E | |
| CVE-2014-2276 | The FileUploadController servlet in EMC Connectrix Manager Converged Network Edition (CMCNE) before ... | | |
| CVE-2014-2277 | The make_temporary_filename function in perltidy 20120701-1 and earlier allows local users to obtain... | | |
| CVE-2014-2278 | Unrestricted file upload vulnerability in op/op.AddFile2.php in SeedDMS (formerly LetoDMS and MyDMS)... | | |
| CVE-2014-2279 | Multiple directory traversal vulnerabilities in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 al... | | |
| CVE-2014-2280 | Cross-site scripting (XSS) vulnerability in the search feature in SeedDMS (formerly LetoDMS and MyDM... | | |
| CVE-2014-2281 | The nfs_name_snoop_add_name function in epan/dissectors/packet-nfs.c in the NFS dissector in Wiresha... | E S | |
| CVE-2014-2282 | The dissect_protocol_data_parameter function in epan/dissectors/packet-m3ua.c in the M3UA dissector ... | S | |
| CVE-2014-2283 | epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1... | E | |
| CVE-2014-2284 | The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5... | | |
| CVE-2014-2285 | The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earl... | | |
| CVE-2014-2286 | main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 1... | S | |
| CVE-2014-2287 | channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x ... | S | |
| CVE-2014-2288 | The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency "is enab... | S | |
| CVE-2014-2289 | res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 a... | S | |
| CVE-2014-2291 | Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in J... | | |
| CVE-2014-2292 | Unspecified vulnerability in the Linux Network Connect client in Juniper Junos Pulse Secure Access S... | | |
| CVE-2014-2293 | Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object inj... | | |
| CVE-2014-2294 | Open Web Analytics (OWA) before 1.5.7 allows remote attackers to conduct PHP object injection attack... | S | |
| CVE-2014-2296 | XML external entity (XXE) vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS serve... | | |
| CVE-2014-2297 | Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration p... | | |
| CVE-2014-2299 | Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x be... | E | |
| CVE-2014-2301 | OrbiTeam BSCW before 5.0.8 allows remote attackers to obtain sensitive metadata via the inf operatio... | E | |
| CVE-2014-2302 | The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attac... | E | |
| CVE-2014-2303 | Multiple SQL injection vulnerabilities in the file browser component (we_fs.php) in webEdition CMS b... | E | |
| CVE-2014-2304 | A vulnerability in version 0.90 of the Open Floodlight SDN controller software could result in a den... | E | |
| CVE-2014-2309 | The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly ... | E S | |
| CVE-2014-2310 | The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (h... | | |
| CVE-2014-2311 | SQL injection vulnerability in modx.class.php in MODX Revolution 2.0.0 before 2.2.13 allows remote a... | | |
| CVE-2014-2312 | The main function in android_main.cpp in thermald allows local users to write to arbitrary files via... | | |
| CVE-2014-2313 | Directory traversal vulnerability in the Importers plugin in Atlassian JIRA before 6.0.5 allows remo... | | |
| CVE-2014-2314 | Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allow... | E | |
| CVE-2014-2315 | Multiple cross-site scripting (XSS) vulnerabilities in the Thank You Counter Button plugin 1.8.7 for... | E | |
| CVE-2014-2316 | SQL injection vulnerability in se_search_default in the Search Everything plugin before 7.0.3 for Wo... | | |
| CVE-2014-2317 | SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to ... | S | |
| CVE-2014-2318 | SQL injection vulnerability in ATCOM Netvolution 3 allows remote attackers to execute arbitrary SQL ... | E | |
| CVE-2014-2319 | The Encrypt Files feature in ConeXware PowerArchiver before 14.02.05 uses legacy ZIP encryption even... | | |
| CVE-2014-2321 | web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative... | E | |
| CVE-2014-2322 | lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby allows remote attackers to execute ... | E | |
| CVE-2014-2323 | SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers t... | E S | |
| CVE-2014-2324 | Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd ... | E S | |
| CVE-2014-2325 | Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway before 3.1-5829 allow re... | E S | |
| CVE-2014-2326 | Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows rem... | E S | |
| CVE-2014-2327 | Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote a... | | |
| CVE-2014-2328 | lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execu... | S | |
| CVE-2014-2329 | Multiple cross-site scripting (XSS) vulnerabilities in Check_MK before 1.2.2p3 and 1.2.3x before 1.2... | | |
| CVE-2014-2330 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Multisite GUI in Check_MK before 1... | | |
| CVE-2014-2331 | Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated users to execute arbitrary Python... | | |
| CVE-2014-2332 | Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allows remote authenticated users to delete arbitr... | | |
| CVE-2014-2333 | Cross-site scripting (XSS) vulnerability in the Lazyest Gallery plugin before 1.1.21 for WordPress a... | | |
| CVE-2014-2334 | Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnaly... | | |
| CVE-2014-2335 | Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManag... | | |
| CVE-2014-2336 | Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManag... | | |
| CVE-2014-2338 | IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying ... | | |
| CVE-2014-2339 | Multiple SQL injection vulnerabilities in bbs/ajax.autosave.php in GNUboard 5.x and possibly earlier... | E | |
| CVE-2014-2340 | Cross-site request forgery (CSRF) vulnerability in the XCloner plugin before 3.1.1 for WordPress all... | E | |
| CVE-2014-2341 | Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessio... | E | |
| CVE-2014-2342 | Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote attackers to cause a denial of... | | |
| CVE-2014-2343 | Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows physically proximate attackers to cau... | | |
| CVE-2014-2344 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-2345 | COPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11 through 7.11 SP0 build 10238 and zenon DN... | | |
| CVE-2014-2346 | COPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11 through 7.11 SP0 build 10238 and zenon DN... | | |
| CVE-2014-2347 | Amtelco miSecureMessages (aka MSM) 6.2 does not properly manage sessions, which allows remote authen... | | |
| CVE-2014-2349 | Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 allows local users to modify or read configuration fil... | | |
| CVE-2014-2350 | Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, wh... | | |
| CVE-2014-2351 | SQL injection vulnerability in the LiveData service in CSWorks before 2.5.5233.0 allows remote attac... | | |
| CVE-2014-2352 | Directory traversal vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to read arb... | | |
| CVE-2014-2353 | Cross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to i... | | |
| CVE-2014-2354 | Cogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for c... | | |
| CVE-2014-2355 | The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow ... | | |
| CVE-2014-2356 | Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot dow... | | |
| CVE-2014-2357 | The GPT library in the Telegyr 8979 Master Protocol application in SUBNET SubSTATION Server 2 before... | | |
| CVE-2014-2358 | Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative web interface in th... | | |
| CVE-2014-2359 | OleumTech Wireless Sensor Network devices allow remote attackers to obtain sensitive information abo... | | |
| CVE-2014-2360 | OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute... | | |
| CVE-2014-2361 | OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not requi... | | |
| CVE-2014-2362 | OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value ... | | |
| CVE-2014-2363 | Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote at... | | |
| CVE-2014-2364 | Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to ex... | E | |
| CVE-2014-2365 | Unspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to cre... | | |
| CVE-2014-2366 | upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover creden... | | |
| CVE-2014-2367 | The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAcce... | | |
| CVE-2014-2368 | The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows rem... | | |
| CVE-2014-2369 | Cross-site request forgery (CSRF) vulnerability in the web application on Omron NS5, NS8, NS10, NS12... | | |
| CVE-2014-2370 | Cross-site scripting (XSS) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and N... | | |
| CVE-2014-2373 | The web server on the AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows rem... | S | |
| CVE-2014-2374 | The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to d... | S | |
| CVE-2014-2375 | Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remot... | S | |
| CVE-2014-2376 | SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.... | S | |
| CVE-2014-2377 | Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remot... | | |
| CVE-2014-2378 | Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not ... | | |
| CVE-2014-2379 | Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not ... | | |
| CVE-2014-2380 | Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encrypti... | | |
| CVE-2014-2381 | Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encrypti... | | |
| CVE-2014-2382 | The DfDiskLo.sys driver in Faronics Deep Freeze Standard and Enterprise 8.10 and earlier allows loca... | E | |
| CVE-2014-2383 | dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attac... | S | |
| CVE-2014-2384 | vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player 6.0.1 build 1379776 on Window... | | |
| CVE-2014-2385 | Multiple cross-site scripting (XSS) vulnerabilities in the web UI in Sophos Anti-Virus for Linux bef... | E | |
| CVE-2014-2386 | Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, allow remote attackers to cause a... | | |
| CVE-2014-2387 | Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities... | | |
| CVE-2014-2388 | The Storage and Access service in BlackBerry OS 10.x before 10.2.1.1925 on Q5, Q10, Z10, and Z30 dev... | E | |
| CVE-2014-2389 | Stack-based buffer overflow in a certain decryption function in qconnDoor on BlackBerry Z10 devices ... | E | |
| CVE-2014-2390 | Cross-site request forgery (CSRF) vulnerability in the User Management module in McAfee Network Secu... | | |
| CVE-2014-2391 | The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11,... | | |
| CVE-2014-2392 | The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1... | | |
| CVE-2014-2393 | Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2... | | |
| CVE-2014-2397 | Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote att... | | |
| CVE-2014-2398 | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R2... | | |
| CVE-2014-2399 | Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 2.2.2 al... | E | |
| CVE-2014-2400 | Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 2.2.2 al... | | |
| CVE-2014-2401 | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Em... | | |
| CVE-2014-2402 | Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote att... | | |
| CVE-2014-2403 | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows rem... | | |
| CVE-2014-2404 | Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 10.1.4.... | | |
| CVE-2014-2405 | Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.0... | | |
| CVE-2014-2406 | Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, ... | | |
| CVE-2014-2407 | Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1... | | |
| CVE-2014-2408 | Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, ... | | |
| CVE-2014-2409 | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows rem... | | |
| CVE-2014-2410 | Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality, int... | | |
| CVE-2014-2411 | Unspecified vulnerability in the Oracle Identity Analytics component in Oracle Fusion Middleware Ora... | | |
| CVE-2014-2412 | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51,... | | |
| CVE-2014-2413 | Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote att... | | |
| CVE-2014-2414 | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows rem... | | |
| CVE-2014-2415 | Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1... | | |
| CVE-2014-2416 | Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1... | | |
| CVE-2014-2417 | Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1... | S | |
| CVE-2014-2418 | Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1... | S | |
| CVE-2014-2419 | Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows re... | | |
| CVE-2014-2420 | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows rem... | | |
| CVE-2014-2421 | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Em... | | |
| CVE-2014-2422 | Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX 2.2.51, allows remote attackers t... | | |
| CVE-2014-2423 | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows rem... | | |
| CVE-2014-2424 | Unspecified vulnerability in the Oracle Event Processing component in Oracle Fusion Middleware 11.1.... | E | |
| CVE-2014-2425 | Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 P... | | |
| CVE-2014-2426 | Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 P... | | |
| CVE-2014-2427 | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, al... | | |
| CVE-2014-2428 | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows rem... | | |
| CVE-2014-2429 | Unspecified vulnerability in the PeopleSoft Enterprise CS Campus Self Service component in Oracle Pe... | | |
| CVE-2014-2430 | Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows re... | | |
| CVE-2014-2431 | Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows re... | | |
| CVE-2014-2432 | Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlie... | | |
| CVE-2014-2433 | Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft... | | |
| CVE-2014-2434 | Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated user... | | |
| CVE-2014-2435 | Unspecified vulnerability in Oracle MySQL Server 5.6.16 and earlier allows remote authenticated user... | | |
| CVE-2014-2436 | Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows re... | | |
| CVE-2014-2437 | Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft... | | |
| CVE-2014-2438 | Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows re... | | |
| CVE-2014-2439 | Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) component in Oracle Virtualizati... | | |
| CVE-2014-2440 | Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.1... | S | |
| CVE-2014-2441 | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox ... | | |
| CVE-2014-2442 | Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated user... | | |
| CVE-2014-2443 | Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft... | | |
| CVE-2014-2444 | Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated user... | | |
| CVE-2014-2445 | Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Product... | | |
| CVE-2014-2446 | Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft... | | |
| CVE-2014-2447 | Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft... | | |
| CVE-2014-2448 | Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft... | | |
| CVE-2014-2449 | Unspecified vulnerability in the PeopleSoft Enterprise HRMS Talent Acquisition Manager component in ... | | |
| CVE-2014-2450 | Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated user... | | |
| CVE-2014-2451 | Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated user... | | |
| CVE-2014-2452 | Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.... | | |
| CVE-2014-2453 | Unspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.... | | |
| CVE-2014-2454 | Unspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.... | | |
| CVE-2014-2455 | Unspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.... | | |
| CVE-2014-2456 | Unspecified vulnerability in the PeopleSoft Enterprise ELS Enterprise Learning Management component ... | | |
| CVE-2014-2457 | Unspecified vulnerability in the Oracle Agile Product Lifecycle component in Oracle Supply Chain Pro... | | |
| CVE-2014-2458 | Unspecified vulnerability in the Oracle Agile Product Lifecycle component in Oracle Supply Chain Pro... | | |
| CVE-2014-2459 | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain P... | | |
| CVE-2014-2460 | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain P... | | |
| CVE-2014-2461 | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain P... | | |
| CVE-2014-2462 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-2463 | Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) component in Oracle Virtualizati... | | |
| CVE-2014-2464 | Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Product... | | |
| CVE-2014-2465 | Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Product... | | |
| CVE-2014-2466 | Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Product... | | |
| CVE-2014-2467 | Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Product... | | |
| CVE-2014-2468 | Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 ... | | |
| CVE-2014-2469 | Unspecified vulnerability in lighttpd in Oracle Solaris 11.1 allows attackers to cause a denial of s... | | |
| CVE-2014-2470 | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2... | | |
| CVE-2014-2471 | Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 6.0 and 6.1 allows r... | | |
| CVE-2014-2472 | Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0... | S | |
| CVE-2014-2473 | Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0... | S | |
| CVE-2014-2474 | Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0... | S | |
| CVE-2014-2475 | Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 4.6... | S | |
| CVE-2014-2476 | Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0... | S | |
| CVE-2014-2477 | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox ... | E | |
| CVE-2014-2478 | Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, ... | S | |
| CVE-2014-2479 | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2... | | |
| CVE-2014-2480 | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2... | | |
| CVE-2014-2481 | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2... | | |
| CVE-2014-2482 | Unspecified vulnerability in the Oracle Concurrent Processing component in Oracle E-Business Suite 1... | | |
| CVE-2014-2483 | Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allo... | E S | |
| CVE-2014-2484 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows re... | | |
| CVE-2014-2485 | Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 al... | | |
| CVE-2014-2486 | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox ... | | |
| CVE-2014-2487 | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox ... | | |
| CVE-2014-2488 | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox ... | | |
| CVE-2014-2489 | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox ... | | |
| CVE-2014-2490 | Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote a... | | |
| CVE-2014-2491 | Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 ... | | |
| CVE-2014-2492 | Unspecified vulnerability in the Oracle Agile Product Collaboration component in Oracle Supply Chain... | | |
| CVE-2014-2493 | Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7.0,... | | |
| CVE-2014-2494 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows re... | | |
| CVE-2014-2495 | Unspecified vulnerability in the PeopleSoft Enterprise SCM Purchasing component in Oracle PeopleSoft... | | |
| CVE-2014-2496 | Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft... | | |
| CVE-2014-2497 | The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows rem... | E S | |
| CVE-2014-2502 | Cross-site scripting (XSS) vulnerability in rsa_fso.swf in EMC RSA Adaptive Authentication (Hosted) ... | | |
| CVE-2014-2503 | The thumbnail proxy server in EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5, ... | | |
| CVE-2014-2504 | EMC Documentum D2 3.1 before P20, 3.1 SP1 before P02, 4.0 before P10, 4.1 before P13, and 4.2 before... | | |
| CVE-2014-2505 | EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of ar... | | |
| CVE-2014-2506 | EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before... | | |
| CVE-2014-2507 | EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before... | | |
| CVE-2014-2508 | EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before... | | |
| CVE-2014-2509 | Session fixation vulnerability in the Report Advisor (RA) component in EMC Network Configuration Man... | | |
| CVE-2014-2510 | The JAXB XML parser in EMC Documentum Foundation Services (DFS) 6.6 before P39, 6.7 SP1 before P28, ... | | |
| CVE-2014-2511 | Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and ... | | |
| CVE-2014-2512 | Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum eRoom 7.4.3, 7.4.4 before P19,... | E | |
| CVE-2014-2513 | EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before... | | |
| CVE-2014-2514 | EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before... | | |
| CVE-2014-2515 | EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before ... | | |
| CVE-2014-2516 | Open redirect vulnerability in EMC RSA Authentication Manager 8.x before 8.1 Patch 6 allows remote a... | | |
| CVE-2014-2517 | Unspecified vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authentica... | | |
| CVE-2014-2518 | Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Documentum WDK before 6.7SP1 P28 a... | | |
| CVE-2014-2519 | The default configuration of EMC RecoverPoint Appliance (RPA) 4.1 before 4.1.0.1 does not enable a f... | | |
| CVE-2014-2520 | EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is use... | | |
| CVE-2014-2521 | EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated ... | | |
| CVE-2014-2522 | curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS ba... | S | |
| CVE-2014-2523 | net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointe... | S | |
| CVE-2014-2524 | The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or... | S | |
| CVE-2014-2525 | Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allo... | E S | |
| CVE-2014-2526 | Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive before 6.7 allow remote attack... | E | |
| CVE-2014-2527 | kcleanup.cpp in KDirStat 2.7.0 does not properly quote strings when deleting a directory, which allo... | E S | |
| CVE-2014-2528 | kcleanup.cpp in KDirStat 2.7.3 does not properly quote strings when deleting a directory, which allo... | E S | |
| CVE-2014-2531 | SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control... | E | |
| CVE-2014-2532 | sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, wh... | | |
| CVE-2014-2533 | /sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges... | E | |
| CVE-2014-2534 | /sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitiv... | E | |
| CVE-2014-2535 | Directory traversal vulnerability in McAfee Web Gateway (MWG) 7.4.x before 7.4.1, 7.3.x before 7.3.2... | | |
| CVE-2014-2536 | Directory traversal vulnerability in McAfee Cloud Identity Manager 3.0, 3.1, and 3.5.1, McAfee Cloud... | | |
| CVE-2014-2537 | Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cau... | S | |
| CVE-2014-2538 | Cross-site scripting (XSS) vulnerability in lib/rack/ssl.rb in the rack-ssl gem before 1.4.0 for Rub... | S | |
| CVE-2014-2540 | SQL injection vulnerability in OrbitScripts Orbit Open Ad Server before 1.1.1 allows remote attacker... | E | |
| CVE-2014-2541 | The Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and ... | | |
| CVE-2014-2542 | Cross-site scripting (XSS) vulnerability in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (... | | |
| CVE-2014-2543 | Buffer overflow in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure ... | | |
| CVE-2014-2544 | Unspecified vulnerability in Spotfire Web Player Engine, Spotfire Desktop, and Spotfire Server Authe... | | |
| CVE-2014-2545 | TIBCO Managed File Transfer Internet Server before 7.2.2, Managed File Transfer Command Center befor... | | |
| CVE-2014-2550 | Cross-site request forgery (CSRF) vulnerability in the Disable Comments plugin before 1.0.4 for Word... | E | |
| CVE-2014-2552 | Brookins Consulting (BC) Collected Information Export extension for eZ Publish 1.1.0 does not proper... | S | |
| CVE-2014-2553 | Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3... | | |
| CVE-2014-2554 | OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to con... | | |
| CVE-2014-2558 | The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows ... | E S | |
| CVE-2014-2559 | Multiple cross-site request forgery (CSRF) vulnerabilities in twitget.php in the Twitget plugin befo... | E | |
| CVE-2014-2560 | The PhonerLite phone before 2.15 provides hashed credentials in a response to an invalid authenticat... | | |
| CVE-2014-2565 | The commandline interface in Blue Coat Content Analysis System (CAS) 1.1 before 1.1.4.2 allows remot... | | |
| CVE-2014-2567 | The OpenConnectionTask::handleStateHelper function in Imap/Tasks/OpenConnectionTask.cpp in Trojita b... | | |
| CVE-2014-2568 | Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in ... | E S | |
| CVE-2014-2570 | Cross-site scripting (XSS) vulnerability in www/make_subset.php in PHP Font Lib before 0.3.1 allows ... | E S | |
| CVE-2014-2571 | Cross-site scripting (XSS) vulnerability in the quiz_question_tostring function in mod/quiz/editlib.... | | |
| CVE-2014-2572 | mod/assign/externallib.php in Moodle 2.6.x before 2.6.2 does not properly handle assignment web-serv... | | |
| CVE-2014-2573 | The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into... | | |
| CVE-2014-2575 | Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Contro... | E | |
| CVE-2014-2576 | plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or... | | |
| CVE-2014-2577 | Multiple cross-site scripting (XSS) vulnerabilities in the Transform Content Center in Bottomline Te... | E | |
| CVE-2014-2578 | Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.8 allows remote attacker... | | |
| CVE-2014-2579 | Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.5 and earlier all... | E | |
| CVE-2014-2580 | The netback driver in Xen, when using certain Linux versions that do not allow sleeping in softirq c... | S | |
| CVE-2014-2581 | Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid opt... | S | |
| CVE-2014-2583 | Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linu... | E S | |
| CVE-2014-2585 | ownCloud before 5.0.15 and 6.x before 6.0.2, when the file_external app is enabled, allows remote au... | | |
| CVE-2014-2586 | Cross-site scripting (XSS) vulnerability in the login audit form in McAfee Cloud Single Sign On (SSO... | E | |
| CVE-2014-2587 | SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remot... | E | |
| CVE-2014-2588 | Directory traversal vulnerability in servlet/downloadReport in McAfee Asset Manager 6.6 allows remot... | E | |
| CVE-2014-2589 | Cross-site scripting (XSS) vulnerability in the Dashboard Backend service (stats/dashboard.jsp) in S... | E | |
| CVE-2014-2590 | The web management interface in Siemens RuggedCom ROS before 3.11, ROS 3.11 before 3.11.5 for RS950G... | | |
| CVE-2014-2591 | Untrusted search path vulnerability in BMC Patrol for AIX 3.9.00 allows local users to gain privileg... | E | |
| CVE-2014-2592 | Unrestricted file upload vulnerability in Aruba Web Management portal allows remote attackers to exe... | | |
| CVE-2014-2593 | The management console in Aruba Networks ClearPass Policy Manager 6.3.0.60730 allows local users to ... | | |
| CVE-2014-2595 | Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication ... | E | |
| CVE-2014-2597 | PCNetSoftware RAC Server 4.0.4 and 4.0.5 allows local users to cause a denial of service (disabled k... | | |
| CVE-2014-2598 | Cross-site request forgery (CSRF) vulnerability in the Quick Page/Post Redirect plugin before 5.0.5 ... | E S | |
| CVE-2014-2599 | The HVMOP_set_mem_access HVM control operations in Xen 4.1.x for 32-bit and 4.1.x through 4.4.x for ... | S | |
| CVE-2014-2600 | Unspecified vulnerability in HP IceWall Identity Manager 4.0 through SP1 and 5.0 and IceWall SSO 10.... | | |
| CVE-2014-2601 | The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier allows remote attackers to cau... | S | |
| CVE-2014-2602 | Unspecified vulnerability in HP OneView 1.0 and 1.01 allows remote authenticated users to gain privi... | | |
| CVE-2014-2603 | Unspecified vulnerability on HP 8/20q switches, SN6000 switches, and 8Gb Simple SAN Connection Kit w... | | |
| CVE-2014-2604 | Unspecified vulnerability in HP IceWall SSO 10.0 Dfw and IceWall MCRP 2.1 and 3.0 allows remote atta... | | |
| CVE-2014-2605 | Unspecified vulnerability in HP StoreVirtual 4000 Storage and StoreVirtual VSA 9.5 through 11.0 allo... | | |
| CVE-2014-2606 | Unspecified vulnerability in HP StoreVirtual 4000 Storage and StoreVirtual VSA 9.5 through 11.0 allo... | | |
| CVE-2014-2607 | Unspecified vulnerability in HP Operations Manager i 9.1 through 9.13 and 9.2 through 9.24 allows re... | | |
| CVE-2014-2608 | Unspecified vulnerability in HP Smart Update Manager 6.x before 6.4.1 on Windows, and 6.2.x through ... | | |
| CVE-2014-2609 | The Java Glassfish Admin Console in HP Executive Scorecard 9.40 and 9.41 does not require authentica... | | |
| CVE-2014-2610 | Directory traversal vulnerability in the Content Acceleration Pack (CAP) web application in HP Execu... | | |
| CVE-2014-2611 | Directory traversal vulnerability in the fndwar web application in HP Executive Scorecard 9.40 and 9... | | |
| CVE-2014-2612 | Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and 9.2x before RC 9.21.0003 p1 o... | | |
| CVE-2014-2613 | Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and 9.2x before RC 9.21.0003 p1 o... | | |
| CVE-2014-2614 | Unspecified vulnerability in HP SiteScope 11.1x through 11.13 and 11.2x through 11.24 allows remote ... | | |
| CVE-2014-2615 | Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute ar... | | |
| CVE-2014-2616 | Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute ar... | | |
| CVE-2014-2617 | Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute ar... | | |
| CVE-2014-2618 | Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch ... | | |
| CVE-2014-2619 | Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch ... | | |
| CVE-2014-2620 | Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch ... | | |
| CVE-2014-2621 | Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch ... | | |
| CVE-2014-2622 | Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch ... | | |
| CVE-2014-2623 | Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitr... | E | |
| CVE-2014-2624 | Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote att... | | |
| CVE-2014-2625 | Directory traversal vulnerability in the storedNtxFile function in HP Network Virtualization 8.6 (ak... | | |
| CVE-2014-2626 | Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (a... | | |
| CVE-2014-2627 | Unspecified vulnerability in HP NonStop NetBatch G06.14 through G06.32.01, H06 through H06.28, and J... | | |
| CVE-2014-2628 | Unspecified vulnerability in HP Enterprise Maps 1 allows remote authenticated users to obtain sensit... | | |
| CVE-2014-2629 | HP NonStop Safeguard Security Software G, H06.03 through H06.28.01, and J06.03 through J06.17.01 doe... | | |
| CVE-2014-2630 | Unspecified vulnerability in HP Operations Agent 11.00, when Glance is used, allows local users to g... | | |
| CVE-2014-2631 | Unspecified vulnerability in HP Application Lifecycle Management (aka Quality Center) 11.5x and 12.0... | | |
| CVE-2014-2632 | Unspecified vulnerability in the WebTier component in HP Service Manager (SM) 7.21 and 9.x before 9.... | | |
| CVE-2014-2633 | Cross-site request forgery (CSRF) vulnerability in the server in HP Service Manager (SM) 7.21 and 9.... | | |
| CVE-2014-2634 | Unspecified vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows r... | | |
| CVE-2014-2635 | Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via... | | |
| CVE-2014-2636 | Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via... | | |
| CVE-2014-2637 | Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via... | | |
| CVE-2014-2638 | Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via... | | |
| CVE-2014-2639 | Unspecified vulnerability in HP MPIO Device Specific Module Manager before 4.02.00 allows local user... | S | |
| CVE-2014-2640 | Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.4 allows re... | | |
| CVE-2014-2641 | Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.4 al... | | |
| CVE-2014-2642 | HP System Management Homepage (SMH) before 7.4 allows remote attackers to conduct clickjacking attac... | | |
| CVE-2014-2643 | Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.4 allows remote authenticated... | | |
| CVE-2014-2644 | Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager (SIM) before 7.4 allows remot... | | |
| CVE-2014-2645 | HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to conduct clickjacking attacks ... | | |
| CVE-2014-2646 | Unspecified vulnerability in HP Network Automation 9.10 and 9.20 allows local users to bypass intend... | | |
| CVE-2014-2647 | Cross-site scripting (XSS) vulnerability in HP Operations Agent in HP Operations Manager (formerly O... | E | |
| CVE-2014-2648 | Unspecified vulnerability in HP Operations Manager 9.10 and 9.11 on UNIX allows remote attackers to ... | | |
| CVE-2014-2649 | Unspecified vulnerability in HP Operations Manager 9.20 on UNIX allows remote attackers to execute a... | | |
| CVE-2014-2650 | Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerab... | | |
| CVE-2014-2651 | Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the de... | | |
| CVE-2014-2652 | SQL injection vulnerability in OpenScape Deployment Service (DLS) before 6.x and 7.x before R1.11.3 ... | | |
| CVE-2014-2653 | The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote ... | E | |
| CVE-2014-2654 | Multiple SQL injection vulnerabilities in MobFox mAdserve 2.0 and earlier allow remote authenticated... | E | |
| CVE-2014-2655 | SQL injection vulnerability in the gen_show_status function in functions.inc.php in Postfix Admin (a... | E S | |
| CVE-2014-2656 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2014-2657 | Unspecified vulnerability in the print release functionality in PaperCut MF before 14.1 (Build 26983... | | |
| CVE-2014-2658 | Unspecified vulnerability in Papercut MF and NG before 14.1 (Build 26983) allows attacker to cause a... | | |
| CVE-2014-2659 | Cross-site request forgery (CSRF) vulnerability in the admin UI in Papercut MF and NG before 14.1 (B... | | |
| CVE-2014-2664 | Unrestricted file upload vulnerability in the ProfileController::actionUploadPhoto method in protect... | | |
| CVE-2014-2665 | includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.... | S | |
| CVE-2014-2667 | Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_o... | | |
| CVE-2014-2668 | Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memor... | E | |
| CVE-2014-2669 | Multiple integer overflows in contrib/hstore/hstore_io.c in PostgreSQL 9.0.x before 9.0.16, 9.1.x be... | | |
| CVE-2014-2670 | Cross-site scripting (XSS) vulnerability in Properties.do in ZOHO ManageEngine OpStor before build 8... | | |
| CVE-2014-2671 | Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of ser... | E | |
| CVE-2014-2672 | Race condition in the ath_tx_aggr_sleep function in drivers/net/wireless/ath/ath9k/xmit.c in the Lin... | S | |
| CVE-2014-2673 | The arch_dup_task_struct function in the Transactional Memory (TM) implementation in arch/powerpc/ke... | S | |
| CVE-2014-2674 | Directory traversal vulnerability in the Ajax Pagination (twitter Style) plugin 1.1 for WordPress al... | E | |
| CVE-2014-2675 | Cross-site request forgery (CSRF) vulnerability in inc/AdminPage.php in the WP HTML Sitemap plugin 1... | E | |
| CVE-2014-2678 | The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users ... | S | |
| CVE-2014-2680 | The update process in Xmind 3.4.1 and earlier allow remote attackers to execute arbitrary code via a... | E | |
| CVE-2014-2681 | Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpen... | | |
| CVE-2014-2682 | Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpen... | | |
| CVE-2014-2683 | Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpen... | | |
| CVE-2014-2684 | The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_C... | | |
| CVE-2014-2685 | The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_C... | | |
| CVE-2014-2686 | Ansible prior to 1.5.4 mishandles the evaluation of some strings.... | | |
| CVE-2014-2689 | Cross-site scripting (XSS) vulnerability in Offiria 2.1.0 and earlier allows remote attackers to inj... | E | |
| CVE-2014-2690 | Citrix VDI-in-a-Box 5.3.x before 5.3.6 and 5.4.x before 5.4.3 allows local users to obtain administr... | | |
| CVE-2014-2706 | Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers t... | E S | |
| CVE-2014-2707 | cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary co... | | |
| CVE-2014-2708 | Multiple SQL injection vulnerabilities in graph_xport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow... | S | |
| CVE-2014-2709 | lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary comman... | S | |
| CVE-2014-2710 | Multiple cross-site scripting (XSS) vulnerabilities in Oliver (formerly Webshare) 1.3.1 and earlier ... | E | |
| CVE-2014-2711 | Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 11.4R11, 11.4X27 before 11... | | |
| CVE-2014-2712 | Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 10.0S25, 10.4 before 10.4R... | | |
| CVE-2014-2713 | Juniper Junos before 11.4R11, 12.1 before 12.1R9, 12.2 before 12.2R7, 12.3R4 before 12.3R4-S3, 13.1 ... | | |
| CVE-2014-2714 | The Enhanced Web Filtering (EWF) in Juniper Junos before 10.4R15, 11.4 before 11.4R9, 12.1 before 12... | | |
| CVE-2014-2715 | Multiple cross-site scripting (XSS) vulnerabilities in vwrooms\templates\logout.tpl.php in the Video... | | |
| CVE-2014-2716 | Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.... | | |
| CVE-2014-2717 | Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe contro... | | |
| CVE-2014-2718 | ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possi... | E | |
| CVE-2014-2719 | Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, whe... | | |
| CVE-2014-2720 | IZArc 4.1.8 displays a file's name on the basis of a ZIP archive's Central Directory entry, but laun... | E | |
| CVE-2014-2721 | In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been ... | M | |
| CVE-2014-2722 | In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been ... | M | |
| CVE-2014-2723 | In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been ... | M | |
| CVE-2014-2727 | The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection.... | | |
| CVE-2014-2729 | Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS 8.7 before 8.7.0.055 allows r... | E | |
| CVE-2014-2730 | The XML parser in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013, and Office for Mac 2011, do... | | |
| CVE-2014-2731 | Multiple unspecified vulnerabilities in the integrated web server in Siemens SINEMA Server before 12... | | |
| CVE-2014-2732 | Multiple directory traversal vulnerabilities in the integrated web server in Siemens SINEMA Server b... | | |
| CVE-2014-2733 | Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a denial of service (web-interf... | | |
| CVE-2014-2734 | The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a fil... | E | |
| CVE-2014-2735 | WinSCP before 5.5.3, when FTP with TLS is used, does not verify that the server hostname matches a d... | | |
| CVE-2014-2736 | Multiple SQL injection vulnerabilities in MODX Revolution before 2.2.14 allow remote attackers to ex... | | |
| CVE-2014-2737 | SQL injection vulnerability in the get_active_session function in the KTAPI_UserSession class in web... | | |
| CVE-2014-2739 | The cma_req_handler function in drivers/infiniband/core/cma.c in the Linux kernel 3.14.x through 3.1... | E S | |
| CVE-2014-2741 | nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 does not properly restrict th... | | |
| CVE-2014-2742 | Isode M-Link before 16.0v7 does not properly restrict the processing of compressed XML elements, whi... | | |
| CVE-2014-2743 | plugins/mod_compression.lua in Lightwitch Metronome through 3.4 does not properly restrict the proce... | E S | |
| CVE-2014-2744 | plugins/mod_compression.lua in (1) Prosody before 0.9.4 and (2) Lightwitch Metronome through 3.4 neg... | E S | |
| CVE-2014-2745 | Prosody before 0.9.4 does not properly restrict the processing of compressed XML elements, which all... | | |
| CVE-2014-2746 | net/IOService.java in Tigase before 5.2.1 does not properly restrict the processing of compressed XM... | S | |
| CVE-2014-2748 | The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for SAP ERP 6.0 allows remote att... | | |
| CVE-2014-2749 | The HANA ICM process in SAP HANA allows remote attackers to obtain the platform version, host name, ... | | |
| CVE-2014-2750 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2744, CVE-2014-2745. Reaso... | R | |
| CVE-2014-2751 | SAP Print and Output Management has hardcoded credentials, which makes it easier for remote attacker... | | |
| CVE-2014-2752 | SAP Business Object Processing Framework (BOPF) for ABAP has hardcoded credentials, which makes it e... | | |
| CVE-2014-2753 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2014-2754 | Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of... | | |
| CVE-2014-2755 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2014-2756 | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d... | | |
| CVE-2014-2757 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-2758 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-2759 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-2760 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2014-2761 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2014-2762 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-2763 | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d... | | |
| CVE-2014-2764 | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d... | | |
| CVE-2014-2765 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-2766 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-2767 | Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a den... | | |
| CVE-2014-2768 | Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a... | | |
| CVE-2014-2769 | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d... | | |
| CVE-2014-2770 | Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of... | | |
| CVE-2014-2771 | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d... | | |
| CVE-2014-2772 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2014-2773 | Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a... | | |
| CVE-2014-2774 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-2775 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-2776 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2014-2777 | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary web script wit... | | |
| CVE-2014-2778 | Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrar... | | |
| CVE-2014-2779 | mpengine.dll in Microsoft Malware Protection Engine before 1.1.10701.0 allows remote attackers to ca... | S | |
| CVE-2014-2780 | DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Window... | S | |
| CVE-2014-2781 | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8... | S | |
| CVE-2014-2782 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-2783 | Microsoft Internet Explorer 7 through 11 does not prevent use of wildcard EV SSL certificates, which... | | |
| CVE-2014-2784 | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-2785 | Microsoft Internet Explorer 7 allows remote attackers to execute arbitrary code or cause a denial of... | | |
| CVE-2014-2786 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-2787 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2014-2788 | Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a den... | | |
| CVE-2014-2789 | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-2790 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2014-2791 | Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of... | | |
| CVE-2014-2792 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-2793 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-2794 | Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a den... | | |
| CVE-2014-2795 | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-2796 | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d... | | |
| CVE-2014-2797 | Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a... | | |
| CVE-2014-2798 | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-2799 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-2800 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-2801 | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d... | | |
| CVE-2014-2802 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2014-2803 | Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-2804 | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-2805 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-2806 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2014-2807 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-2808 | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d... | | |
| CVE-2014-2809 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-2810 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2014-2811 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2014-2812 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-2813 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-2814 | Microsoft Service Bus 1.1 on Microsoft Windows Server 2008 R2 SP1 and Server 2012 Gold and R2 allows... | | |
| CVE-2014-2815 | Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote f... | S | |
| CVE-2014-2816 | Microsoft SharePoint Server 2013 Gold and SP1 and SharePoint Foundation 2013 Gold and SP1 allow remo... | | |
| CVE-2014-2817 | Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted we... | KEV S | |
| CVE-2014-2818 | Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2014-2819 | Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted we... | | |
| CVE-2014-2820 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-2821 | Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a den... | | |
| CVE-2014-2822 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2014-2823 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2014-2824 | Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of... | | |
| CVE-2014-2825 | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d... | | |
| CVE-2014-2826 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-2827 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2014-2828 | The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 ... | | |
| CVE-2014-2829 | Erlang Solutions MongooseIM through 1.3.1 rev. 2 does not properly restrict the processing of compre... | E S | |
| CVE-2014-2830 | Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils before 6.4, as used in pam_cif... | | |
| CVE-2014-2838 | Multiple cross-site request forgery (CSRF) vulnerabilities in the GD Star Rating plugin 19.22 for Wo... | E | |
| CVE-2014-2839 | SQL injection vulnerability in the GD Star Rating plugin 19.22 for WordPress allows remote administr... | | |
| CVE-2014-2842 | Juniper ScreenOS 6.3 and earlier allows remote attackers to cause a denial of service (crash and res... | | |
| CVE-2014-2843 | Cross-site scripting (XSS) vulnerability in infoware MapSuite MapAPI 1.0.x before 1.0.36 and 1.1.x b... | | |
| CVE-2014-2844 | Cross-site scripting (XSS) vulnerability in F-Secure Messaging Secure Gateway 7.5.0 before Patch 186... | E | |
| CVE-2014-2845 | Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows ... | E | |
| CVE-2014-2846 | Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual applia... | E | |
| CVE-2014-2847 | SQL injection vulnerability in default.asp in CIS Manager CMS allows remote attackers to execute arb... | E | |
| CVE-2014-2848 | A race condition in the wmi_malware_scan.nbin plugin before 201402262215 for Nessus 5.2.1 allows loc... | | |
| CVE-2014-2849 | The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote ... | E | |
| CVE-2014-2850 | The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows ... | E | |
| CVE-2014-2851 | Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.... | E S | |
| CVE-2014-2852 | OpenAFS before 1.6.7 delays the listen thread when an RXS_CheckResponse fails, which allows remote a... | | |
| CVE-2014-2853 | Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki before 1.21... | | |
| CVE-2014-2854 | Cross-site scripting (XSS) vulnerability in the SemanticTitle extension before 1.1.0 for MediaWiki a... | S | |
| CVE-2014-2855 | The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to ca... | | |
| CVE-2014-2856 | Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS)... | | |
| CVE-2014-2857 | The default configuration of the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 throug... | | |
| CVE-2014-2858 | Directory traversal vulnerability in the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.... | | |
| CVE-2014-2859 | PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to bypass intended ac... | | |
| CVE-2014-2860 | Multiple cross-site scripting (XSS) vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x bef... | | |
| CVE-2014-2861 | Incomplete blacklist vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows ... | | |
| CVE-2014-2862 | PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not check authorization in unspecified s... | | |
| CVE-2014-2863 | Multiple absolute path traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before... | | |
| CVE-2014-2864 | Multiple directory traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0... | | |
| CVE-2014-2865 | PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to bypass intended ac... | | |
| CVE-2014-2866 | PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on client JavaScript code for access r... | | |
| CVE-2014-2867 | Unrestricted file upload vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 all... | | |
| CVE-2014-2868 | PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to modify the flow of... | | |
| CVE-2014-2869 | PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to obtain sensitive i... | | |
| CVE-2014-2870 | The default configuration of PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 uses cleartext f... | | |
| CVE-2014-2871 | PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on an HTTP session for entering creden... | | |
| CVE-2014-2872 | PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to obtain potentially... | | |
| CVE-2014-2873 | PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not require authentication for access to... | | |
| CVE-2014-2874 | PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary ... | | |
| CVE-2014-2875 | The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based ... | | |
| CVE-2014-2879 | Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earli... | E | |
| CVE-2014-2880 | Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.... | E | |
| CVE-2014-2881 | Unspecified vulnerability in the Diffie-Hellman key agreement implementation in the management GUI J... | | |
| CVE-2014-2882 | Unspecified vulnerability in the management GUI in Citrix NetScaler Application Delivery Controller ... | | |
| CVE-2014-2884 | The ProcessVolumeDeviceControlIrp function in Ntdriver.c in TrueCrypt 7.1a allows local users to byp... | | |
| CVE-2014-2885 | Multiple integer overflows in TrueCrypt 7.1a allow local users to (1) obtain sensitive information v... | | |
| CVE-2014-2886 | GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) characters in a gksu-run-helper arg... | E | |
| CVE-2014-2887 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2014-2888 | lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows remote attackers to execute a... | E | |
| CVE-2014-2889 | Off-by-one error in the bpf_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel ... | | |
| CVE-2014-2890 | Cross-site scripting (XSS) vulnerability in the wrap_html function in MyID.php in phpMyID 0.9 allows... | E | |
| CVE-2014-2891 | strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereferen... | | |
| CVE-2014-2892 | Heap-based buffer overflow in the get_answer function in mmsh.c in libmms before 0.6.4 allows remote... | E S | |
| CVE-2014-2893 | The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to ... | | |
| CVE-2014-2894 | Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.... | | |
| CVE-2014-2895 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2014-2896 | The DoAlert function in the (1) TLS and (2) DTLS implementations in wolfSSL CyaSSL before 2.9.4 allo... | | |
| CVE-2014-2897 | The SSL 3 HMAC functionality in wolfSSL CyaSSL 2.5.0 before 2.9.4 does not check the padding length ... | | |
| CVE-2014-2898 | wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact via multiple calls to... | | |
| CVE-2014-2899 | wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial of service (NULL pointer deref... | | |
| CVE-2014-2900 | wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical exte... | | |
| CVE-2014-2901 | wolfssl before 3.2.0 does not properly issue certificates for a server's hostname.... | | |
| CVE-2014-2902 | wolfssl before 3.2.0 does not properly authorize CA certificate for signing other certificates.... | S | |
| CVE-2014-2903 | CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to... | | |
| CVE-2014-2904 | wolfssl before 3.2.0 has a server certificate that is not properly authorized for server authenticat... | S | |
| CVE-2014-2905 | fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check the credentials, which allows loca... | | |
| CVE-2014-2906 | The psub function in fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly create temporary fi... | | |
| CVE-2014-2907 | The srtp_add_address function in epan/dissectors/packet-rtp.c in the RTP dissector in Wireshark 1.10... | E | |
| CVE-2014-2908 | Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU... | E | |
| CVE-2014-2909 | CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x... | | |
| CVE-2014-2913 | Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlie... | E | |
| CVE-2014-2914 | fish (aka fish-shell) 2.0.0 before 2.1.1 does not restrict access to the configuration service (aka ... | | |
| CVE-2014-2915 | Xen 4.4.x, when running on ARM systems, does not properly restrict access to hardware features, whic... | | |
| CVE-2014-2916 | Cross-site request forgery (CSRF) vulnerability in the subscription page editor (spageedit) in phpLi... | E S | |
| CVE-2014-2921 | The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4... | E S | |
| CVE-2014-2922 | The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4... | E | |
| CVE-2014-2925 | Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other... | E | |
| CVE-2014-2926 | kapfa.sys in Kaseya Virtual System Administrator (VSA) 6.5 before 6.5.0.17 and 7.0 before 7.0.0.16 a... | | |
| CVE-2014-2927 | The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 befor... | E | |
| CVE-2014-2928 | The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and... | E | |
| CVE-2014-2933 | Directory traversal vulnerability in dirmng/index.php in Caldera 9.20 allows remote attackers to acc... | | |
| CVE-2014-2934 | Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary S... | E | |
| CVE-2014-2935 | costview3/xmlrpc_server/xmlrpc.php in CostView in Caldera 9.20 allows remote attackers to execute ar... | | |
| CVE-2014-2936 | The directory manager in Caldera 9.20 allows remote attackers to conduct variable-injection attacks ... | E | |
| CVE-2014-2937 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3220. Reason: This candida... | R | |
| CVE-2014-2938 | Hanvon FaceID before 1.007.110 does not require authentication, which allows remote attackers to mod... | | |
| CVE-2014-2939 | Multiple cross-site scripting (XSS) vulnerabilities in Alfresco Enterprise before 4.1.6.13 allow rem... | | |
| CVE-2014-2940 | Cobham Sailor 900 and 6000 satellite terminals with firmware 1.08 MFHF and 2.11 VHF have hardcoded c... | | |
| CVE-2014-2941 | Cobham Sailor 6000 satellite terminals have hardcoded Tbus 2 credentials, which allows remote attack... | | |
| CVE-2014-2942 | Cobham Aviator 700D and 700E satellite terminals use an improper algorithm for PIN codes, which make... | | |
| CVE-2014-2943 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2886, CVE-2014-2942. Reaso... | R | |
| CVE-2014-2944 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-2945 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-2946 | Cross-site request forgery (CSRF) vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 o... | | |
| CVE-2014-2947 | Cross-site scripting (XSS) vulnerability in Login.aspx in Bizagi BPM Suite before 10.3 allows remote... | | |
| CVE-2014-2948 | SQL injection vulnerability in workflowenginesoa.asmx in Bizagi BPM Suite through 10.4 allows remote... | | |
| CVE-2014-2949 | SQL injection vulnerability in the web service in F5 ARX Data Manager 3.0.0 through 3.1.0 allows rem... | | |
| CVE-2014-2950 | Datum Systems SnIP on PSM-500 and PSM-4500 devices does not require authentication for FTP sessions,... | | |
| CVE-2014-2951 | Datum Systems SnIP on PSM-500 and PSM-4500 devices has a hardcoded password of admin for the admin a... | | |
| CVE-2014-2955 | Raritan PX before 1.5.11 on DPXR20A-16 devices allows remote attackers to bypass authentication and ... | | |
| CVE-2014-2956 | ScriptHelperApi in the AVG ScriptHelper ActiveX control in ScriptHelper.exe in AVG Secure Search too... | | |
| CVE-2014-2957 | The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, all... | S | |
| CVE-2014-2959 | logViewer.htm on the Dell ML6000 tape backup system with firmware before i8.2.0.2 (641G.GS103) and t... | | |
| CVE-2014-2960 | Vision Critical before 2014-05-30 allows attackers to read arbitrary files via unspecified vectors, ... | | |
| CVE-2014-2962 | Absolute path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router... | E S | |
| CVE-2014-2963 | Multiple cross-site scripting (XSS) vulnerabilities in group/control_panel/manage in Liferay Portal ... | | |
| CVE-2014-2964 | Cobham Aviator 700D and 700E satellite terminals have hardcoded passwords for the (1) debug, (2) pro... | | |
| CVE-2014-2965 | Cross-site scripting (XSS) vulnerability in auth-settings-x.php in SpamTitan before 6.04 allows remo... | | |
| CVE-2014-2966 | The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations,... | S | |
| CVE-2014-2967 | Autodesk VRED Professional 2014 before SR1 SP8 allows remote attackers to execute arbitrary code via... | | |
| CVE-2014-2968 | Cross-site scripting (XSS) vulnerability in the web interface on the Huawei E355 CH1E355SM modem wit... | | |
| CVE-2014-2969 | NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpasswo... | | |
| CVE-2014-2970 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5139. Reason: This candida... | R | |
| CVE-2014-2971 | Cross-site scripting (XSS) vulnerability in AddStdLetter.jsp in MicroPact iComplaints before 8.0.2.1... | | |
| CVE-2014-2972 | expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gai... | S | |
| CVE-2014-2973 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-5753. Reason: This candida... | R | |
| CVE-2014-2974 | Cross-site request forgery (CSRF) vulnerability in php/user_account.php in Silver Peak VX through 6.... | | |
| CVE-2014-2975 | Cross-site scripting (XSS) vulnerability in php/user_account.php in Silver Peak VX before 6.2.4 allo... | | |
| CVE-2014-2976 | Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 allows remote attackers to read ar... | E | |
| CVE-2014-2977 | Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurfa... | | |
| CVE-2014-2978 | The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.4 allo... | | |
| CVE-2014-2980 | Tools/gdomap.c in gdomap in GNUstep Base 1.24.6 and earlier, when run in daemon mode, does not prope... | E S | |
| CVE-2014-2983 | Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate the cached data of different an... | S | |
| CVE-2014-2984 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2650. Reason: This candida... | R | |
| CVE-2014-2986 | The vgic_distr_mmio_write function in the virtual guest interrupt controller (GIC) distributor (arch... | S | |
| CVE-2014-2987 | Multiple cross-site request forgery (CSRF) vulnerabilities in EGroupware Enterprise Line (EPL) befor... | E | |
| CVE-2014-2988 | EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20... | E | |
| CVE-2014-2989 | Cross-site request forgery (CSRF) vulnerability in Open Assessment Technologies TAO 2.5.6 allows rem... | E | |
| CVE-2014-2992 | The Misli.com application for Android does not verify X.509 certificates from SSL servers, which all... | | |
| CVE-2014-2993 | The Birebin.com application for Android does not verify X.509 certificates from SSL servers, which a... | | |
| CVE-2014-2994 | Stack-based buffer overflow in Acunetix Web Vulnerability Scanner (WVS) 8 build 20120704 allows remo... | E | |
| CVE-2014-2995 | Multiple cross-site scripting (XSS) vulnerabilities in twitget.php in the Twitget plugin before 3.3.... | E | |
| CVE-2014-2996 | XCloner Standalone 3.5 and earlier, when enable_db_backup and sql_mem are enabled, allows remote aut... | E |