| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2014-3000 | The TCP reassembly function in the inet module in FreeBSD 8.3 before p16, 8.4 before p9, 9.1 before ... | | |
| CVE-2014-3001 | The device file system (aka devfs) in FreeBSD 10.0 before p2 does not load default rulesets when boo... | | |
| CVE-2014-3003 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-3004 | The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent ... | E | |
| CVE-2014-3005 | XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.... | E S | |
| CVE-2014-3006 | Sitepark Information Enterprise Server (IES) 2.9 before 2.9.6, when upgraded from an earlier version... | | |
| CVE-2014-3007 | Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute ... | | |
| CVE-2014-3008 | Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands vi... | E | |
| CVE-2014-3009 | The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 through 11.0... | | |
| CVE-2014-3010 | Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Reposit... | | |
| CVE-2014-3011 | IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to conduct link injection atta... | | |
| CVE-2014-3012 | Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5... | | |
| CVE-2014-3013 | Multiple cross-site scripting (XSS) vulnerabilities in IBM Curam Social Program Management 4.5 SP10 ... | | |
| CVE-2014-3014 | Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 a... | | |
| CVE-2014-3015 | Cross-site request forgery (CSRF) vulnerability in the Web player in IBM Sametime Proxy Server and W... | | |
| CVE-2014-3018 | IBM BladeCenter SAS Connectivity Module (aka NSSM) and SAS RAID Module (aka RSSM) before 1.3.3.006 a... | | |
| CVE-2014-3019 | IBM BladeCenter SAS Connectivity Module (aka NSSM) and SAS RAID Module (aka RSSM) before 1.3.3.006 a... | S | |
| CVE-2014-3020 | install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integra... | | |
| CVE-2014-3021 | IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.... | | |
| CVE-2014-3022 | IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before... | | |
| CVE-2014-3024 | Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.12 ... | | |
| CVE-2014-3025 | Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8... | S | |
| CVE-2014-3026 | CRLF injection vulnerability in IBM Maximo Asset Management 7.5 through 7.5.0.6, and 7.5 through 7.5... | | |
| CVE-2014-3031 | Cross-site scripting (XSS) vulnerability in IBM Tivoli Business Service Manager 4.2.0 before 4.2.0.0... | S | |
| CVE-2014-3032 | Cross-site scripting (XSS) vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIbus 7.3.0 before 7... | | |
| CVE-2014-3033 | Cross-site scripting (XSS) vulnerability in IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10... | | |
| CVE-2014-3034 | Cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iF... | | |
| CVE-2014-3035 | Cross-site scripting (XSS) vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1... | | |
| CVE-2014-3036 | Unspecified vulnerability in IBM API Management 3.0.0.0, when basic authentication is used for APIs,... | | |
| CVE-2014-3037 | Cross-site request forgery (CSRF) vulnerability in IBM Configuration Management Application (aka VVC... | S | |
| CVE-2014-3038 | IBM SPSS Modeler 16.0 before 16.0.0.1 on UNIX does not properly drop group privileges, which allows ... | | |
| CVE-2014-3040 | Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5... | | |
| CVE-2014-3041 | SQL injection vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0... | | |
| CVE-2014-3042 | IBM CICS Transaction Server 3.1, 3.2, 4.1, 4.2, and 5.1 on z/OS does not properly implement CEMT tra... | | |
| CVE-2014-3043 | IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.3 allows remote authenticated users to gain ... | | |
| CVE-2014-3045 | IBM Scale Out Network Attached Storage (SONAS) 1.3.x and 1.4.x before 1.4.3.3 places an administrati... | | |
| CVE-2014-3048 | Unspecified vulnerability on the IBM System Storage Virtualization Engine TS7700 allows local users ... | | |
| CVE-2014-3050 | IBM Rational Team Concert (RTC) 3.x before 3.0.1.6 IF3 and 4.x before 4.0.7 does not properly integr... | | |
| CVE-2014-3051 | The Internet Service Monitor (ISM) agent in IBM Tivoli Composite Application Manager (ITCAM) for Tra... | S | |
| CVE-2014-3052 | The reverse-proxy feature in IBM Security Access Manager (ISAM) for Web 8.0 with firmware 8.0.0.2 an... | | |
| CVE-2014-3053 | The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmw... | | |
| CVE-2014-3054 | Multiple open redirect vulnerabilities in the Unified Task List (UTL) Portlet for IBM WebSphere Port... | | |
| CVE-2014-3055 | SQL injection vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and ... | | |
| CVE-2014-3056 | The Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows... | | |
| CVE-2014-3057 | Cross-site scripting (XSS) vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Po... | | |
| CVE-2014-3058 | Cross-site request forgery (CSRF) vulnerability on the IBM WebSphere DataPower XC10 appliance 2.1 an... | | |
| CVE-2014-3059 | Unspecified vulnerability in the Administrative Console on the IBM WebSphere DataPower XC10 applianc... | S | |
| CVE-2014-3060 | Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers ... | S | |
| CVE-2014-3061 | Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4,... | | |
| CVE-2014-3062 | Unspecified vulnerability in IBM Security QRadar SIEM 7.1 MR2 and 7.2 MR2 allows remote attackers to... | | |
| CVE-2014-3063 | IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1-FP11 and 11.x before ... | S | |
| CVE-2014-3064 | The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x bef... | | |
| CVE-2014-3065 | Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before ... | | |
| CVE-2014-3066 | IBM Tivoli Endpoint Manager 9.1 before 9.1.1088.0 allows remote attackers to read arbitrary files vi... | | |
| CVE-2014-3068 | IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 b... | | |
| CVE-2014-3069 | Multiple CRLF injection vulnerabilities in the Universal Access component in IBM Curam Social Progra... | S | |
| CVE-2014-3070 | The addFileRegistryAccount Virtual Member Manager (VMM) SPI Admin Task in IBM WebSphere Application ... | | |
| CVE-2014-3071 | Cross-site scripting (XSS) vulnerability in the Data Quality Console in IBM InfoSphere Information S... | | |
| CVE-2014-3072 | Unspecified vulnerability in the Automation Server in IBM Security AppScan Source 8 through 8.0.0.2,... | S | |
| CVE-2014-3073 | Unspecified vulnerability in IBM Security Access Manager (ISAM) for Mobile 8.0 and IBM Security Acce... | | |
| CVE-2014-3074 | The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 roo... | | |
| CVE-2014-3075 | Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 8.5.5 a... | S | |
| CVE-2014-3076 | IBM Business Process Manager (BPM) 8.5 through 8.5.5 allows remote attackers to obtain potentially s... | S | |
| CVE-2014-3077 | IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 stor... | | |
| CVE-2014-3079 | The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4... | S | |
| CVE-2014-3080 | Multiple cross-site scripting (XSS) vulnerabilities on IBM GCM16 and GCM32 Global Console Manager sw... | E | |
| CVE-2014-3081 | prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.234... | E | |
| CVE-2014-3083 | IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.35, 8.0.x before 8.0.0.10, and 8.5.x befor... | | |
| CVE-2014-3084 | IBM Maximo Asset Management 6.1 through 6.5, 7.1 through 7.1.1.13, and 7.5 through 7.5.0.6; Maximo A... | | |
| CVE-2014-3085 | systest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.2344... | E | |
| CVE-2014-3086 | Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 befo... | | |
| CVE-2014-3087 | callService.do in IBM Business Process Manager (BPM) 7.5 through 8.5.5 and WebSphere Lombardi Editio... | S | |
| CVE-2014-3088 | stconf.nsf in IBM Sametime Meeting Server 8.5.1 relies on the client to validate the file format use... | | |
| CVE-2014-3089 | The RDS Java Client library in IBM Rational Directory Server (RDS) 5.1.1.x before 5.1.1.2 iFix004 an... | | |
| CVE-2014-3090 | IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows r... | S | |
| CVE-2014-3091 | Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.1.x and 7.2.x allows remote a... | | |
| CVE-2014-3092 | IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manag... | S | |
| CVE-2014-3093 | IBM PowerVC 1.2.0 before FP3 and 1.2.1 before FP2 uses cleartext passwords in (1) api-paste.ini, (2)... | | |
| CVE-2014-3094 | Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5... | S | |
| CVE-2014-3095 | The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and... | S | |
| CVE-2014-3096 | Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management before 6.0.5.5a allo... | S | |
| CVE-2014-3097 | Open redirect vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0-TIV-T... | S | |
| CVE-2014-3099 | Unspecified vulnerability in the Security component in IBM Systems Director 6.3.0 through 6.3.5 allo... | | |
| CVE-2014-3100 | Stack-based buffer overflow in the encode_key function in /system/bin/keystore in the KeyStore servi... | E | |
| CVE-2014-3101 | The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0... | S | |
| CVE-2014-3102 | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF28 and 8.0.... | S | |
| CVE-2014-3103 | The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 b... | S | |
| CVE-2014-3104 | IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows ... | S | |
| CVE-2014-3105 | The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.... | S | |
| CVE-2014-3106 | IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does no... | S | |
| CVE-2014-3110 | Multiple cross-site scripting (XSS) vulnerabilities on Honeywell FALCON XLWeb Linux controller devic... | E | |
| CVE-2014-3111 | Multiple cross-site scripting (XSS) vulnerabilities in FOG 0.27 through 0.32 allow remote authentica... | E | |
| CVE-2014-3113 | Multiple buffer overflows in RealNetworks RealPlayer before 17.0.10.8 allow remote attackers to exec... | | |
| CVE-2014-3114 | The EZPZ One Click Backup (ezpz-one-click-backup) plugin 12.03.10 and earlier for WordPress allows r... | | |
| CVE-2014-3115 | Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fort... | | |
| CVE-2014-3119 | Multiple SQL injection vulnerabilities in web2Project 3.1 and earlier allow remote authenticated use... | E S | |
| CVE-2014-3120 | The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote... | KEV E | |
| CVE-2014-3121 | rxvt-unicode before 9.20 does not properly handle OSC escape sequences, which allows user-assisted r... | | |
| CVE-2014-3122 | The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly c... | S | |
| CVE-2014-3123 | Cross-site scripting (XSS) vulnerability in admin/manage-images.php in the NextCellent Gallery plugi... | E S | |
| CVE-2014-3124 | The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cau... | S | |
| CVE-2014-3125 | Xen 4.4.x, when running on an ARM system, does not properly context switch the CNTKCTL_EL1 register,... | S | |
| CVE-2014-3127 | dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without... | | |
| CVE-2014-3129 | The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP NetWeaver allows remote attacke... | | |
| CVE-2014-3130 | The ABAP Help documentation and translation tools (BC-DOC-HLP) in Basis in SAP Netweaver ABAP Applic... | | |
| CVE-2014-3131 | SAP Profile Maintenance does not properly restrict access, which allows remote authenticated users t... | | |
| CVE-2014-3132 | SAP Background Processing does not properly restrict access, which allows remote authenticated users... | | |
| CVE-2014-3133 | SAP Netweaver Java Application Server does not properly restrict access, which allows remote attacke... | | |
| CVE-2014-3134 | Cross-site scripting (XSS) vulnerability in the InfoView application in SAP BusinessObjects allows r... | | |
| CVE-2014-3135 | Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 5.1.1 Alpha 9 allow remote attacker... | | |
| CVE-2014-3136 | Cross-site request forgery (CSRF) vulnerability in D-Link DWR-113 (Rev. Ax) with firmware before 2.0... | | |
| CVE-2014-3137 | Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit... | S | |
| CVE-2014-3138 | SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before H... | E | |
| CVE-2014-3139 | recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 allows remote attackers to bypass... | E | |
| CVE-2014-3140 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-3144 | The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filte... | E S | |
| CVE-2014-3145 | The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.... | E S | |
| CVE-2014-3146 | Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote ... | E | |
| CVE-2014-3147 | Cross-site scripting (XSS) vulnerability in the auto-complete feature in Splunk Enterprise before 6.... | | |
| CVE-2014-3148 | Cross-site scripting (XSS) vulnerability in libahttp/err.c in OkCupid OKWS (OK Web Server) allows re... | E | |
| CVE-2014-3149 | Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.3.x a... | S | |
| CVE-2014-3150 | Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the ... | | |
| CVE-2014-3152 | Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm.cc in Goo... | | |
| CVE-2014-3153 | The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that... | KEV E S | |
| CVE-2014-3154 | Use-after-free vulnerability in the ChildThread::Shutdown function in content/child/child_thread.cc ... | | |
| CVE-2014-3155 | net/spdy/spdy_write_queue.cc in the SPDY implementation in Google Chrome before 35.0.1916.153 allows... | | |
| CVE-2014-3156 | Buffer overflow in the clipboard implementation in Google Chrome before 35.0.1916.153 allows remote ... | | |
| CVE-2014-3157 | Heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer function in media/filters/ffmpe... | | |
| CVE-2014-3158 | Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4... | | |
| CVE-2014-3159 | The WebContentsDelegateAndroid::OpenURLFromTab function in components/web_contents_delegate_android/... | | |
| CVE-2014-3160 | The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Goog... | | |
| CVE-2014-3161 | The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayer_android.cc... | | |
| CVE-2014-3162 | Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.125 allow attackers to cause ... | | |
| CVE-2014-3164 | cmds/servicemanager/service_manager.c in Android before commit 7d42a3c31ba78a418f9bdde0e0ab951469f32... | | |
| CVE-2014-3165 | Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web S... | | |
| CVE-2014-3166 | The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, ... | | |
| CVE-2014-3167 | Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.143 allow attackers to cause ... | | |
| CVE-2014-3168 | Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.... | | |
| CVE-2014-3169 | Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM implementation in Blink, as us... | | |
| CVE-2014-3170 | extensions/common/url_pattern.cc in Google Chrome before 37.0.2062.94 does not prevent use of a '\0'... | | |
| CVE-2014-3171 | Use-after-free vulnerability in the V8 bindings in Blink, as used in Google Chrome before 37.0.2062.... | | |
| CVE-2014-3172 | The Debugger extension API in browser/extensions/api/debugger/debugger_api.cc in Google Chrome befor... | | |
| CVE-2014-3173 | The WebGL implementation in Google Chrome before 37.0.2062.94 does not ensure that clear calls inter... | | |
| CVE-2014-3174 | modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API implementation in Blink, as used in Google... | | |
| CVE-2014-3175 | Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.94 allow attackers to cause a... | | |
| CVE-2014-3176 | Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the s... | | |
| CVE-2014-3177 | Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the s... | | |
| CVE-2014-3178 | Use-after-free vulnerability in core/dom/Node.cpp in Blink, as used in Google Chrome before 37.0.206... | | |
| CVE-2014-3179 | Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.120 allow attackers to cause ... | | |
| CVE-2014-3180 | In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, ... | | |
| CVE-2014-3181 | Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicm... | | |
| CVE-2014-3182 | Array index error in the logi_dj_raw_event function in drivers/hid/hid-logitech-dj.c in the Linux ke... | | |
| CVE-2014-3183 | Heap-based buffer overflow in the logi_dj_ll_raw_request function in drivers/hid/hid-logitech-dj.c i... | | |
| CVE-2014-3184 | The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physic... | | |
| CVE-2014-3185 | Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat... | | |
| CVE-2014-3186 | Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD H... | | |
| CVE-2014-3187 | Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict pro... | | |
| CVE-2014-3188 | Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the int... | | |
| CVE-2014-3189 | The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium component in Google Chrome bef... | | |
| CVE-2014-3190 | Use-after-free vulnerability in the Event::currentTarget function in core/events/Event.cpp in Blink,... | | |
| CVE-2014-3191 | Use-after-free vulnerability in Blink, as used in Google Chrome before 38.0.2125.101, allows remote ... | | |
| CVE-2014-3192 | Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/Pro... | | |
| CVE-2014-3193 | The SessionService::GetLastSession function in browser/sessions/session_service.cc in Google Chrome ... | | |
| CVE-2014-3194 | Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 38.0.2125.101... | | |
| CVE-2014-3195 | Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-me... | | |
| CVE-2014-3196 | base/memory/shared_memory_win.cc in Google Chrome before 38.0.2125.101 on Windows does not properly ... | | |
| CVE-2014-3197 | The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink,... | | |
| CVE-2014-3198 | The Instance::HandleInputEvent function in pdf/instance.cc in the PDFium component in Google Chrome ... | | |
| CVE-2014-3199 | The wrap function in bindings/core/v8/custom/V8EventCustom.cpp in the V8 bindings in Blink, as used ... | | |
| CVE-2014-3200 | Multiple unspecified vulnerabilities in Google Chrome before 38.0.2125.101 allow attackers to cause ... | | |
| CVE-2014-3201 | core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used in Google Chrome before 38.0.... | | |
| CVE-2014-3202 | Unity before 7.2.1 does not properly handle entry activation, which allows physically proximate atta... | E | |
| CVE-2014-3203 | Unity before 7.2.1, as used in Ubuntu 14.04, does not properly restrict access to the Dash when the ... | E | |
| CVE-2014-3204 | Unity before 7.2.1, as used in Ubuntu 14.04, does not properly handle keyboard shortcuts, which allo... | E | |
| CVE-2014-3205 | backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '!~@##$$... | E | |
| CVE-2014-3206 | Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter t... | E | |
| CVE-2014-3207 | Cross-site scripting (XSS) vulnerability in wserver.ml in SKS Keyserver before 1.1.5 allows remote a... | E S | |
| CVE-2014-3208 | A Denial of Service vulnerability exists in askpop3d 0.7.7 in free (pszQuery),... | | |
| CVE-2014-3209 | The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, ... | | |
| CVE-2014-3210 | SQL injection vulnerability in dopbs-backend-forms.php in the Booking System (Booking Calendar) plug... | E | |
| CVE-2014-3211 | Publify before 8.0.1 is vulnerable to a Denial of Service attack... | S | |
| CVE-2014-3214 | The prefetch implementation in named in ISC BIND 9.10.0, when a recursive nameserver is enabled, all... | | |
| CVE-2014-3215 | seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in ... | | |
| CVE-2014-3216 | GOM Media Player 2.2.57.5189 and earlier allows remote attackers to cause a denial of service (crash... | E | |
| CVE-2014-3219 | fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fi... | S | |
| CVE-2014-3220 | F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authenticated users to change the pas... | E | |
| CVE-2014-3221 | Huawei Eudemon8000E firewall with software V200R001C01SPC800 and earlier versions allows users to lo... | | |
| CVE-2014-3222 | In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that ob... | | |
| CVE-2014-3223 | Huawei S9300 with software before V100R006SPH013 and S2300,S3300,S5300,S6300 with software before V1... | M | |
| CVE-2014-3224 | Huawei Quidway S9700 V200R003C00SPC500, Quidway S9300 V200R003C00SPC500, Quidway S7700 V200R003C00SP... | | |
| CVE-2014-3225 | Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows rem... | E | |
| CVE-2014-3227 | dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be complian... | | |
| CVE-2014-3230 | The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL a... | E S | |
| CVE-2014-3242 | SOAPpy 0.12.5 allows remote attackers to read arbitrary files via a SOAP request containing an exter... | E | |
| CVE-2014-3243 | SOAPpy 0.12.5 does not properly detect recursion during entity expansion, which allows remote attack... | E | |
| CVE-2014-3244 | XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows r... | E | |
| CVE-2014-3246 | SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary... | E | |
| CVE-2014-3247 | Cross-site scripting (XSS) vulnerability in Collabtive 1.2 allows remote authenticated users to inje... | E | |
| CVE-2014-3248 | Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and ... | E | |
| CVE-2014-3249 | Puppet Enterprise 2.8.x before 2.8.7 allows remote attackers to obtain sensitive information via vec... | | |
| CVE-2014-3250 | The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationChec... | S | |
| CVE-2014-3251 | The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective befor... | | |
| CVE-2014-3260 | Pacom 1000 CCU and RTU GMS devices allow remote attackers to spoof the controller-to-base data strea... | | |
| CVE-2014-3261 | Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisc... | | |
| CVE-2014-3262 | The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.3(3)S and earlier and IOS X... | | |
| CVE-2014-3263 | The ScanSafe module in Cisco IOS 15.3(3)M allows remote attackers to cause a denial of service (devi... | | |
| CVE-2014-3264 | Cisco Adaptive Security Appliance (ASA) Software 9.1(.5) and earlier allows remote authenticated use... | | |
| CVE-2014-3265 | Cross-site scripting (XSS) vulnerability in the Auto Update Server (AUS) web framework in Cisco Secu... | | |
| CVE-2014-3266 | Cross-site scripting (XSS) vulnerability in the web framework in Cisco Security Manager 4.6 and earl... | | |
| CVE-2014-3267 | Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Security Manager 4.6 a... | | |
| CVE-2014-3268 | Cisco IOS 15.2(4)M4 on Cisco Unified Border Element (CUBE) devices allows remote attackers to cause ... | | |
| CVE-2014-3269 | The SNMP module in Cisco IOS XE 3.5E allows remote authenticated users to cause a denial of service ... | | |
| CVE-2014-3270 | The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (proc... | | |
| CVE-2014-3271 | The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (devi... | | |
| CVE-2014-3272 | The Agent in Cisco Tidal Enterprise Scheduler (TES) 6.1 and earlier allows local users to gain privi... | | |
| CVE-2014-3273 | The LLDP implementation in Cisco IOS allows remote attackers to cause a denial of service (device re... | | |
| CVE-2014-3274 | Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to HTTP when certain HTTPS session... | | |
| CVE-2014-3275 | SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(.1 patc... | | |
| CVE-2014-3276 | Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does not properly handle deadlock c... | | |
| CVE-2014-3277 | The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (... | | |
| CVE-2014-3278 | The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly imp... | | |
| CVE-2014-3279 | The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (... | | |
| CVE-2014-3280 | The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier d... | | |
| CVE-2014-3281 | The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly imp... | | |
| CVE-2014-3282 | The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (... | | |
| CVE-2014-3283 | Open redirect vulnerability in Self-Care Client Portal applications in the web framework in VOSS in ... | | |
| CVE-2014-3284 | Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause... | | |
| CVE-2014-3285 | Cisco Wide Area Application Services (WAAS) 5.3(.5a) and earlier, when SharePoint acceleration is en... | | |
| CVE-2014-3286 | The web framework in Cisco WebEx Meeting Server does not properly restrict the content of reply mess... | | |
| CVE-2014-3287 | SQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unifie... | | |
| CVE-2014-3289 | Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Ema... | E | |
| CVE-2014-3290 | The mDNS implementation in Cisco IOS XE 3.12S does not properly interact with autonomic networking, ... | | |
| CVE-2014-3291 | Cisco Wireless LAN Controller (WLC) devices allow remote attackers to cause a denial of service (NUL... | | |
| CVE-2014-3292 | The Real Time Monitoring Tool (RTMT) implementation in Cisco Unified Communications Manager (Unified... | | |
| CVE-2014-3293 | Cisco IOS 15.4(3)S0b on ASR901 devices makes incorrect decisions to use the CPU for IPv4 packet proc... | | |
| CVE-2014-3294 | Cisco WebEx Meeting Server does not properly restrict the content of URLs, which allows remote authe... | | |
| CVE-2014-3295 | The HSRP implementation in Cisco NX-OS 6.2(2a) and earlier allows remote attackers to bypass authent... | | |
| CVE-2014-3296 | The XML programmatic interface (XML PI) in Cisco WebEx Meeting Server 1.5(.1.131) and earlier allows... | | |
| CVE-2014-3297 | Cisco Intelligent Automation for Cloud in Cisco Cloud Portal does not properly restrict the content ... | | |
| CVE-2014-3298 | Form Data Viewer in Cisco Intelligent Automation for Cloud in Cisco Cloud Portal places passwords in... | | |
| CVE-2014-3299 | Cisco IOS allows remote authenticated users to cause a denial of service (device reload) via malform... | | |
| CVE-2014-3300 | The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unif... | | |
| CVE-2014-3301 | The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) 1.5(.1.131) and earlier allows re... | | |
| CVE-2014-3302 | user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the toke... | | |
| CVE-2014-3303 | The web framework in Cisco WebEx Meetings Server does not properly restrict the content of query str... | | |
| CVE-2014-3304 | The OutlookAction Class in Cisco WebEx Meetings Server allows remote attackers to enumerate user acc... | | |
| CVE-2014-3305 | Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server ... | | |
| CVE-2014-3306 | The web server on Cisco DPC3010, DPC3212, DPC3825, DPC3925, DPQ3925, EPC3010, EPC3212, EPC3825, and ... | | |
| CVE-2014-3307 | The DHCP client implementation in Universal Small Cell firmware on Cisco Small Cell products allows ... | | |
| CVE-2014-3308 | Cisco IOS XR on Trident line cards in ASR 9000 devices lacks a static punt policer, which allows rem... | | |
| CVE-2014-3309 | The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group com... | | |
| CVE-2014-3310 | The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting ... | | |
| CVE-2014-3311 | Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meeti... | | |
| CVE-2014-3312 | The debug console interface on Cisco Small Business SPA300 and SPA500 phones does not properly perfo... | | |
| CVE-2014-3313 | Cross-site scripting (XSS) vulnerability in the web user interface on Cisco Small Business SPA300 an... | | |
| CVE-2014-3314 | Cisco AnyConnect on Android and OS X does not properly verify the host type, which allows remote att... | | |
| CVE-2014-3315 | Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) ... | | |
| CVE-2014-3316 | The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications ... | | |
| CVE-2014-3317 | Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) compo... | | |
| CVE-2014-3318 | Directory traversal vulnerability in dna/viewfilecontents.do in the Dialed Number Analyzer (DNA) com... | | |
| CVE-2014-3319 | Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communica... | | |
| CVE-2014-3320 | Multiple open redirect vulnerabilities in the admin web interface in the web framework in Cisco Unif... | | |
| CVE-2014-3321 | Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group virtual interface (BVI) routin... | | |
| CVE-2014-3322 | Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of I... | | |
| CVE-2014-3323 | Directory traversal vulnerability in Cisco Unified Contact Center Enterprise allows remote authentic... | | |
| CVE-2014-3324 | Multiple cross-site scripting (XSS) vulnerabilities in the login page in the administrative web inte... | | |
| CVE-2014-3325 | Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Customer Voice Portal (CVP) all... | | |
| CVE-2014-3326 | SQL injection vulnerability in the web framework in Cisco Security Manager 4.5 and 4.6 allows remote... | | |
| CVE-2014-3327 | The EnergyWise module in Cisco IOS 12.2, 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.2.xXO, 3.3.xSG, 3.4... | | |
| CVE-2014-3328 | The Intercluster Sync Agent Service in Cisco Unified Presence Server allows remote attackers to caus... | | |
| CVE-2014-3329 | Cross-site scripting (XSS) vulnerability in the web-server component in Cisco Prime Data Center Netw... | | |
| CVE-2014-3330 | Cisco NX-OS 6.1(2)I2(1) on Nexus 9000 switches does not properly process packet-drop policy checks f... | | |
| CVE-2014-3331 | The Session Manager component in Packet Data Network Gateway (aka PGW) in Cisco ASR 5000 Series Soft... | | |
| CVE-2014-3332 | Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions sett... | | |
| CVE-2014-3333 | The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote authenticated users to obtain p... | | |
| CVE-2014-3334 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-3335 | Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of p... | | |
| CVE-2014-3336 | SQL injection vulnerability in the web framework in Cisco Unity Connection 9.1(2) and earlier allows... | | |
| CVE-2014-3337 | The SIP implementation in Cisco Unified Communications Manager (CM) 8.6(.2) and earlier allows remot... | | |
| CVE-2014-3338 | The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is e... | | |
| CVE-2014-3339 | Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communic... | | |
| CVE-2014-3340 | Directory traversal vulnerability in an unspecified PHP script in the server in Cisco WebEx MeetMeNo... | | |
| CVE-2014-3341 | The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides diffe... | | |
| CVE-2014-3342 | The CLI in Cisco IOS XR allows remote authenticated users to obtain sensitive information via unspec... | | |
| CVE-2014-3343 | Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (DHCPv6 daemon crash) via a ma... | | |
| CVE-2014-3344 | Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Transport Gateway ... | | |
| CVE-2014-3345 | The web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway In... | | |
| CVE-2014-3346 | The web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway In... | | |
| CVE-2014-3347 | Cisco IOS 15.1(4)M2 on Cisco 1800 ISR devices, when the ISDN Basic Rate Interface is enabled, allows... | | |
| CVE-2014-3348 | The SSH module in the Integrated Management Controller (IMC) before 2.3.1 in Cisco Unified Computing... | | |
| CVE-2014-3349 | Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not validate file types during ... | | |
| CVE-2014-3350 | Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly implement URL redi... | | |
| CVE-2014-3351 | Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly consider whether a... | | |
| CVE-2014-3352 | Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3_SP9 and earlier does not prop... | | |
| CVE-2014-3353 | Cisco IOS XR 4.3(.2) and earlier, as used in Cisco Carrier Routing System (CRS), allows remote attac... | | |
| CVE-2014-3354 | Cisco IOS 12.0, 12.2, 12.4, 15.0, 15.1, 15.2, and 15.3 and IOS XE 2.x and 3.x before 3.7.4S; 3.2.xSE... | | |
| CVE-2014-3355 | The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS a... | | |
| CVE-2014-3356 | The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS a... | | |
| CVE-2014-3357 | Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.... | | |
| CVE-2014-3358 | Memory leak in Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO befor... | | |
| CVE-2014-3359 | Memory leak in Cisco IOS 15.1 through 15.4 and IOS XE 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.... | | |
| CVE-2014-3360 | Cisco IOS 12.4 and 15.0 through 15.4 and IOS XE 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, 3.5.xS, 3.6.xS, and ... | | |
| CVE-2014-3361 | The ALG module in Cisco IOS 15.0 through 15.4 does not properly implement SIP over NAT, which allows... | | |
| CVE-2014-3362 | Memory leak in Cisco TelePresence System Edge MXP Series Software F9.3.3 and earlier allows remote a... | | |
| CVE-2014-3363 | Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manage... | | |
| CVE-2014-3364 | Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Prime Security Man... | | |
| CVE-2014-3365 | Multiple cross-site scripting (XSS) vulnerabilities in Cisco Prime Security Manager (PRSM) 9.2(.1-2)... | | |
| CVE-2014-3366 | SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Mana... | | |
| CVE-2014-3367 | Cross-site scripting (XSS) vulnerability in the vCloud Director component in Cisco Nexus 1000V Inter... | | |
| CVE-2014-3368 | Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.2 allow remote... | | |
| CVE-2014-3369 | The SIP IX implementation in Cisco TelePresence Video Communication Server (VCS) and Expressway Soft... | | |
| CVE-2014-3370 | Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.1.1 allow remo... | | |
| CVE-2014-3371 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-3372 | Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Ci... | | |
| CVE-2014-3373 | Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in t... | | |
| CVE-2014-3374 | Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisc... | | |
| CVE-2014-3375 | Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Ci... | | |
| CVE-2014-3376 | Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) v... | | |
| CVE-2014-3377 | snmpd in Cisco IOS XR 5.1 and earlier allows remote authenticated users to cause a denial of service... | | |
| CVE-2014-3378 | tacacsd in Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (proces... | | |
| CVE-2014-3379 | Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to c... | | |
| CVE-2014-3380 | Cisco Unified Communications Domain Manager Platform Software 4.4(.3) and earlier allows remote atta... | | |
| CVE-2014-3381 | The ZIP inspection engine in Cisco AsyncOS 8.5 and earlier on the Cisco Email Security Appliance (ES... | | |
| CVE-2014-3382 | The SQL*Net inspection engine in Cisco ASA Software 7.2 before 7.2(5.13), 8.2 before 8.2(5.50), 8.3 ... | | |
| CVE-2014-3383 | The IKE implementation in the VPN component in Cisco ASA Software 9.1 before 9.1(5.1) allows remote ... | | |
| CVE-2014-3384 | The IKEv2 implementation in Cisco ASA Software 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 9.0 befor... | | |
| CVE-2014-3385 | Race condition in the Health and Performance Monitoring (HPM) for ASDM feature in Cisco ASA Software... | | |
| CVE-2014-3386 | The GPRS Tunneling Protocol (GTP) inspection engine in Cisco ASA Software 8.2 before 8.2(5.51), 8.4 ... | | |
| CVE-2014-3387 | The SunRPC inspection engine in Cisco ASA Software 7.2 before 7.2(5.14), 8.2 before 8.2(5.51), 8.3 b... | | |
| CVE-2014-3388 | The DNS inspection engine in Cisco ASA Software 9.0 before 9.0(4.13), 9.1 before 9.1(5.7), and 9.2 b... | | |
| CVE-2014-3389 | The VPN implementation in Cisco ASA Software 7.2 before 7.2(5.15), 8.2 before 8.2(5.51), 8.3 before ... | | |
| CVE-2014-3390 | The Virtual Network Management Center (VNMC) policy implementation in Cisco ASA Software 8.7 before ... | | |
| CVE-2014-3391 | Untrusted search path vulnerability in Cisco ASA Software 8.x before 8.4(3), 8.5, and 8.7 before 8.7... | | |
| CVE-2014-3392 | The Clientless SSL VPN portal in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 ... | | |
| CVE-2014-3393 | The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 before 8.2(5.51), 8.... | | |
| CVE-2014-3394 | The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 before 8.2(5.50), 8.4 before 8.4(... | | |
| CVE-2014-3395 | Cisco WebEx Meetings Server (WMS) 2.5 allows remote attackers to trigger the download of arbitrary f... | | |
| CVE-2014-3396 | Cisco IOS XR on ASR 9000 devices does not properly use compression for port-range and address-range ... | | |
| CVE-2014-3397 | The network stack in Cisco TelePresence MCU Software before 4.3(2.30) allows remote attackers to cau... | | |
| CVE-2014-3398 | The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software allows remote attacke... | | |
| CVE-2014-3399 | The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.2(.2.4) and earlier... | | |
| CVE-2014-3400 | Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive information by rea... | | |
| CVE-2014-3402 | The authentication-manager process in the web framework in Cisco Intrusion Prevention System (IPS) 7... | | |
| CVE-2014-3403 | The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate c... | | |
| CVE-2014-3404 | The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate c... | | |
| CVE-2014-3405 | Cisco IOS XE enables the IPv6 Routing Protocol for Low-Power and Lossy Networks (aka RPL) on both th... | | |
| CVE-2014-3406 | Race condition in the IP logging feature in Cisco Intrusion Prevention System (IPS) Software 7.1(7)E... | | |
| CVE-2014-3407 | The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier d... | | |
| CVE-2014-3408 | Cross-site scripting (XSS) vulnerability in the web framework in Cisco Prime Optical 10 allows remot... | | |
| CVE-2014-3409 | The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and ear... | | |
| CVE-2014-3410 | The syslog-management subsystem in Cisco Adaptive Security Appliance (ASA) Software allows remote at... | | |
| CVE-2014-3411 | Unspecified vulnerability in the NSM XDB service in Juniper NSM before 2012.2R8 allows remote attack... | | |
| CVE-2014-3412 | Unspecified vulnerability in Juniper Junos Space before 13.3R1.8, when the firewall in disabled, all... | | |
| CVE-2014-3413 | The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a h... | | |
| CVE-2014-3414 | Cross-site request forgery (CSRF) vulnerability in Sharetronix before 3.4 allows remote attackers to... | E | |
| CVE-2014-3415 | SQL injection vulnerability in Sharetronix before 3.4 allows remote authenticated users to execute a... | E | |
| CVE-2014-3416 | uPortal before 4.0.13.1 does not properly check the MANAGE permissions, which allows remote authenti... | S | |
| CVE-2014-3417 | uPortal before 4.0.13.1 does not properly check the CONFIG permission, which allows remote authentic... | S | |
| CVE-2014-3418 | config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitr... | E | |
| CVE-2014-3419 | Infoblox NetMRI before 6.8.5 has a default password of admin for the "root" MySQL database account, ... | E | |
| CVE-2014-3421 | lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files ... | | |
| CVE-2014-3422 | lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary f... | | |
| CVE-2014-3423 | lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files... | | |
| CVE-2014-3424 | lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files v... | | |
| CVE-2014-3425 | NCSA Mosaic 2.0 and earlier allows local users to cause a denial of service ("remote control" outage... | | |
| CVE-2014-3426 | NCSA Mosaic 2.1 through 2.7b5 allows local users to cause a denial of service ("remote control" outa... | | |
| CVE-2014-3427 | CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers ... | E | |
| CVE-2014-3428 | Cross-site scripting (XSS) vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remot... | E | |
| CVE-2014-3429 | IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, whi... | S | |
| CVE-2014-3430 | Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly... | S | |
| CVE-2014-3431 | Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X use... | | |
| CVE-2014-3432 | Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and ... | | |
| CVE-2014-3433 | Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and ... | | |
| CVE-2014-3434 | Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x be... | E | |
| CVE-2014-3435 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-3436 | Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP Desktop 10.0.x through 10.2.x... | | |
| CVE-2014-3437 | The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote ... | E | |
| CVE-2014-3438 | Multiple cross-site scripting (XSS) vulnerabilities in console interface scripts in Symantec Endpoin... | E | |
| CVE-2014-3439 | ConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attacker... | E | |
| CVE-2014-3440 | The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5... | | |
| CVE-2014-3441 | codec\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows remote attackers to cause a denial... | E | |
| CVE-2014-3442 | Winamp 5.666 and earlier allows remote attackers to cause a denial of service (memory corruption and... | E | |
| CVE-2014-3443 | JetMPAd.ax in JetAudio 8.1.1 and earlier allows remote attackers to cause a denial of service (crash... | E | |
| CVE-2014-3444 | The GetGUID function in codecs/dmp4.dll in RealNetworks RealPlayer 16.0.3.51 and earlier allows remo... | E | |
| CVE-2014-3445 | backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext pas... | E | |
| CVE-2014-3446 | SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in BSS Continuity CMS 4.2.22640.0... | | |
| CVE-2014-3447 | BSS Continuity CMS 4.2.22640.0 has a Remote Denial Of Service vulnerability... | | |
| CVE-2014-3448 | BSS Continuity CMS 4.2.22640.0 has a Remote Code Execution vulnerability due to unauthenticated file... | E | |
| CVE-2014-3449 | BSS Continuity CMS 4.2.22640.0 has an Authentication Bypass vulnerability... | E | |
| CVE-2014-3450 | Unspecified vulnerability in Panda Gold Protection and Global Protection 2014 7.01.01 and earlier, I... | | |
| CVE-2014-3451 | OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to ... | | |
| CVE-2014-3452 | Filters\LAV\avfilter-lav-4.dll in K-lite Codec 10.4.5 and earlier allows remote attackers to cause a... | E | |
| CVE-2014-3453 | Eval injection vulnerability in the flag_import_form_validate function in includes/flag.export.inc i... | E | |
| CVE-2014-3454 | Cross-site request forgery (CSRF) vulnerability in Special:CreateCategory in the SemanticForms exten... | S | |
| CVE-2014-3455 | Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) CreateProperty, (2) CreateTemp... | S | |
| CVE-2014-3456 | Cross-site scripting (XSS) vulnerability in GitLab Enterprise Edition (EE) 6.6.0 before 6.6.2 allows... | | |
| CVE-2014-3459 | Heap-based buffer overflow in SolarWinds Network Configuration Manager (NCM) before 7.3 allows remot... | | |
| CVE-2014-3460 | Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in Age... | | |
| CVE-2014-3461 | hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data... | | |
| CVE-2014-3462 | The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensiti... | | |
| CVE-2014-3463 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2014-3464 | The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Applicatio... | | |
| CVE-2014-3465 | The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x befo... | | |
| CVE-2014-3466 | Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25,... | E S | |
| CVE-2014-3467 | Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTL... | S | |
| CVE-2014-3468 | The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a ne... | S | |
| CVE-2014-3469 | The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows con... | S | |
| CVE-2014-3470 | The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.... | S | |
| CVE-2014-3471 | Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emulator) allows local guest OS use... | S | |
| CVE-2014-3472 | The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in ... | | |
| CVE-2014-3473 | Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in the Horizon Orchestra... | S | |
| CVE-2014-3474 | Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the La... | E S | |
| CVE-2014-3475 | Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (H... | S | |
| CVE-2014-3476 | OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does n... | E S | |
| CVE-2014-3477 | The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an ... | S | |
| CVE-2014-3478 | Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo... | E S | |
| CVE-2014-3479 | The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component... | S | |
| CVE-2014-3480 | The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP ... | S | |
| CVE-2014-3481 | org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Plat... | | |
| CVE-2014-3482 | SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter... | | |
| CVE-2014-3483 | SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting... | | |
| CVE-2014-3484 | Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl lib... | S | |
| CVE-2014-3485 | The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4,... | | |
| CVE-2014-3486 | The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib/util/M... | | |
| CVE-2014-3487 | The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP be... | S | |
| CVE-2014-3488 | The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite ... | E S | |
| CVE-2014-3489 | lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 uses a ha... | | |
| CVE-2014-3490 | RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Applicatio... | S | |
| CVE-2014-3491 | Cross-site scripting (XSS) vulnerability in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remot... | E S | |
| CVE-2014-3492 | Multiple cross-site scripting (XSS) vulnerabilities in the host YAML view in Foreman before 1.4.5 an... | E S | |
| CVE-2014-3493 | The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before ... | | |
| CVE-2014-3494 | kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not prope... | E S | |
| CVE-2014-3495 | duplicity 0.6.24 has improper verification of SSL certificates... | E | |
| CVE-2014-3496 | cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attacke... | | |
| CVE-2014-3497 | Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote atta... | | |
| CVE-2014-3498 | The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary comma... | S | |
| CVE-2014-3499 | Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allo... | | |
| CVE-2014-3500 | Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted i... | | |
| CVE-2014-3501 | Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect... | | |
| CVE-2014-3502 | Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary appli... | | |
| CVE-2014-3503 | Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easi... | | |
| CVE-2014-3504 | The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions... | | |
| CVE-2014-3505 | Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1... | | |
| CVE-2014-3506 | d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1... | | |
| CVE-2014-3507 | Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.... | | |
| CVE-2014-3508 | The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1... | | |
| CVE-2014-3509 | Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.... | | |
| CVE-2014-3510 | The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 befor... | | |
| CVE-2014-3511 | The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-m... | | |
| CVE-2014-3512 | Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before ... | | |
| CVE-2014-3513 | Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote att... | S | |
| CVE-2014-3514 | activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x bef... | | |
| CVE-2014-3515 | The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain ... | S | |
| CVE-2014-3516 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2014-3517 | api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Jun... | S | |
| CVE-2014-3518 | jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) ... | | |
| CVE-2014-3519 | The open_by_handle_at function in vzkernel before 042stab090.5 in the OpenVZ modification for the Li... | S | |
| CVE-2014-3520 | OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows... | E S | |
| CVE-2014-3521 | The component in (1) /luci/homebase and (2) /luci/cluster menu in Red Hat Conga 0.12.2 allows remote... | | |
| CVE-2014-3522 | The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 doe... | S | |
| CVE-2014-3523 | Memory leak in the winnt_accept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache ... | S | |
| CVE-2014-3524 | Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly ha... | | |
| CVE-2014-3525 | Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, 4.x before 4.2.1.1, and 5.x be... | | |
| CVE-2014-3526 | Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers... | | |
| CVE-2014-3527 | When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Ser... | | |
| CVE-2014-3528 | Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the ... | | |
| CVE-2014-3529 | The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an... | | |
| CVE-2014-3530 | The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used ... | | |
| CVE-2014-3531 | Multiple cross-site scripting (XSS) vulnerabilities in Foreman before 1.5.2 allow remote authenticat... | S | |
| CVE-2014-3532 | dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows l... | S | |
| CVE-2014-3533 | dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (dis... | | |
| CVE-2014-3534 | arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly r... | S | |
| CVE-2014-3535 | include/linux/netdevice.h in the Linux kernel before 2.6.36 incorrectly uses macros for netdev_print... | E | |
| CVE-2014-3536 | CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during re... | | |
| CVE-2014-3537 | The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files vi... | | |
| CVE-2014-3538 | file before 5.19 does not properly restrict the amount of data read during a regex search, which all... | E S | |
| CVE-2014-3539 | base/oi/doa.py in the Rope library in CPython (aka Python) allows remote attackers to execute arbitr... | | |
| CVE-2014-3540 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0114. Reason: This candida... | R | |
| CVE-2014-3541 | The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x ... | S | |
| CVE-2014-3542 | mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before ... | S | |
| CVE-2014-3543 | mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x befo... | S | |
| CVE-2014-3544 | Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before ... | E S | |
| CVE-2014-3545 | Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before... | S | |
| CVE-2014-3546 | Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before... | S | |
| CVE-2014-3547 | Multiple cross-site scripting (XSS) vulnerabilities in badges/renderer.php in Moodle 2.5.x before 2.... | S | |
| CVE-2014-3548 | Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.3.11, 2.4.x before 2.4.11, 2... | S | |
| CVE-2014-3549 | Cross-site scripting (XSS) vulnerability in the get_description function in lib/classes/event/user_l... | S | |
| CVE-2014-3550 | Multiple cross-site scripting (XSS) vulnerabilities in admin/tool/task/scheduledtasks.php in Moodle ... | S | |
| CVE-2014-3551 | Multiple cross-site scripting (XSS) vulnerabilities in the advanced-grading implementation in Moodle... | S | |
| CVE-2014-3552 | The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x be... | S | |
| CVE-2014-3553 | mod/forum/classes/post_form.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2... | S | |
| CVE-2014-3554 | Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp allows remote routers to cause a ... | S | |
| CVE-2014-3555 | OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote auth... | | |
| CVE-2014-3556 | The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6... | S | |
| CVE-2014-3557 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2014-3558 | ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before... | | |
| CVE-2014-3559 | The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 does not wipe memory snapshots wh... | | |
| CVE-2014-3560 | NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remo... | | |
| CVE-2014-3561 | The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL databas... | | |
| CVE-2014-3562 | Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attack... | | |
| CVE-2014-3563 | Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to h... | S | |
| CVE-2014-3564 | Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) en... | S | |
| CVE-2014-3565 | snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to... | E S | |
| CVE-2014-3566 | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CB... | S | |
| CVE-2014-3567 | Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1... | | |
| CVE-2014-3568 | OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the n... | | |
| CVE-2014-3569 | The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not pr... | | |
| CVE-2014-3570 | The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k do... | | |
| CVE-2014-3571 | OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to caus... | | |
| CVE-2014-3572 | The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and ... | | |
| CVE-2014-3573 | The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, ... | | |
| CVE-2014-3574 | Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of s... | S | |
| CVE-2014-3575 | The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow re... | | |
| CVE-2014-3576 | The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11... | S | |
| CVE-2014-3577 | org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpA... | E | |
| CVE-2014-3578 | Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 ... | | |
| CVE-2014-3579 | XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote con... | | |
| CVE-2014-3580 | The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1... | S | |
| CVE-2014-3581 | The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Ap... | S | |
| CVE-2014-3582 | In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari... | | |
| CVE-2014-3583 | The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Serv... | | |
| CVE-2014-3584 | The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allo... | | |
| CVE-2014-3585 | redhat-upgrade-tool: Does not check GPG signatures when upgrading versions... | | |
| CVE-2014-3586 | The default configuration for the Command Line Interface in Red Hat Enterprise Application Platform ... | | |
| CVE-2014-3587 | Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in th... | E S | |
| CVE-2014-3588 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2014-3589 | PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.... | S | |
| CVE-2014-3590 | Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in t... | | |
| CVE-2014-3591 | Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal de... | S | |
| CVE-2014-3592 | OpenShift Origin: Improperly validated team names could allow stored XSS attacks... | E | |
| CVE-2014-3593 | Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissio... | | |
| CVE-2014-3594 | Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Ho... | E S | |
| CVE-2014-3595 | Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk an... | S | |
| CVE-2014-3596 | The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname ... | S | |
| CVE-2014-3597 | Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and... | | |
| CVE-2014-3598 | The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of ser... | | |
| CVE-2014-3599 | HornetQ REST is vulnerable to XML External Entity due to insecure configuration of RestEasy... | S | |
| CVE-2014-3600 | XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers... | | |
| CVE-2014-3601 | The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculate... | E S | |
| CVE-2014-3602 | Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number info... | | |
| CVE-2014-3603 | The (1) HttpResource and (2) FileBackedHttpResource implementations in Shibboleth Identity Provider ... | E | |
| CVE-2014-3604 | Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server host... | S | |
| CVE-2014-3605 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6407. Reason: This candidate... | R | |
| CVE-2014-3606 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2014-3607 | DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not properly verify that the server host... | S | |
| CVE-2014-3608 | The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to b... | E | |
| CVE-2014-3609 | HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a... | | |
| CVE-2014-3610 | The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not ... | E S | |
| CVE-2014-3611 | Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem ... | S | |
| CVE-2014-3612 | The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Ap... | | |
| CVE-2014-3613 | cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which a... | S | |
| CVE-2014-3614 | Unspecified vulnerability in PowerDNS Recursor (aka pdns_recursor) 3.6.x before 3.6.1 allows remote ... | S | |
| CVE-2014-3615 | The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a hi... | S | |
| CVE-2014-3616 | nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key fo... | | |
| CVE-2014-3617 | The forum_print_latest_discussions function in mod/forum/lib.php in Moodle through 2.4.11, 2.5.x bef... | | |
| CVE-2014-3618 | Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause... | E | |
| CVE-2014-3619 | The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial... | | |
| CVE-2014-3620 | cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cooki... | S | |
| CVE-2014-3621 | The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.... | E S | |
| CVE-2014-3622 | Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x ... | E S | |
| CVE-2014-3623 | Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x... | | |
| CVE-2014-3624 | Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by le... | S | |
| CVE-2014-3625 | Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0... | | |
| CVE-2014-3626 | The Grails Resource Plugin often has to exchange URIs for resources with other internal components. ... | | |
| CVE-2014-3627 | The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using... | | |
| CVE-2014-3628 | Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x befo... | | |
| CVE-2014-3629 | XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote... | | |
| CVE-2014-3630 | XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.... | M | |
| CVE-2014-3631 | The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linu... | E | |
| CVE-2014-3632 | The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2... | | |
| CVE-2014-3633 | The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has... | | |
| CVE-2014-3634 | rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to ca... | E S | |
| CVE-2014-3635 | Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on ... | S | |
| CVE-2014-3636 | D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a den... | S | |
| CVE-2014-3637 | D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections f... | S | |
| CVE-2014-3638 | The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before ... | S | |
| CVE-2014-3639 | The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connection... | S | |
| CVE-2014-3640 | The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of se... | S | |
| CVE-2014-3641 | The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote auth... | | |
| CVE-2014-3642 | vmdb/app/controllers/application_controller/performance.rb in Red Hat CloudForms 3.1 Management Engi... | | |
| CVE-2014-3643 | jersey: XXE via parameter entities not disabled by the jersey SAX parser... | | |
| CVE-2014-3644 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2014-3645 | arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.12 does not have an exit handle... | S | |
| CVE-2014-3646 | arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit han... | S | |
| CVE-2014-3647 | arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly per... | S | |
| CVE-2014-3648 | The simplepush server iterates through the application installations and pushes a notification to th... | | |
| CVE-2014-3649 | JBoss AeroGear has reflected XSS via the password field... | | |
| CVE-2014-3650 | Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain ... | | |
| CVE-2014-3651 | JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource con... | | |
| CVE-2014-3652 | JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL.... | S | |
| CVE-2014-3653 | Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 al... | E | |
| CVE-2014-3654 | Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat... | S | |
| CVE-2014-3655 | JBoss KeyCloak is vulnerable to soft token deletion via CSRF... | | |
| CVE-2014-3656 | JBoss KeyCloak: XSS in login-status-iframe.html... | | |
| CVE-2014-3657 | The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up t... | | |
| CVE-2014-3658 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2014-3659 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-7169. Reason: This candida... | R | |
| CVE-2014-3660 | parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substit... | S | |
| CVE-2014-3661 | Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service (th... | | |
| CVE-2014-3662 | Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vect... | | |
| CVE-2014-3663 | Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE... | | |
| CVE-2014-3664 | Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authe... | | |
| CVE-2014-3665 | Jenkins before 1.587 and LTS before 1.580.1 do not properly ensure trust separation between a master... | | |
| CVE-2014-3666 | Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a ... | | |
| CVE-2014-3667 | Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which ... | | |
| CVE-2014-3668 | Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc... | E S | |
| CVE-2014-3669 | Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.... | E S | |
| CVE-2014-3670 | The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before ... | E S | |
| CVE-2014-3671 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6271, CVE-2014-6277, CVE-20... | R | |
| CVE-2014-3672 | The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denia... | | |
| CVE-2014-3673 | The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial... | E S | |
| CVE-2014-3674 | Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows rem... | | |
| CVE-2014-3675 | Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 ... | S | |
| CVE-2014-3676 | Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted I... | E | |
| CVE-2014-3677 | Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK ... | S | |
| CVE-2014-3678 | Cross-site scripting (XSS) vulnerability in the Monitoring plugin before 1.53.0 for Jenkins allows r... | | |
| CVE-2014-3679 | The Monitoring plugin before 1.53.0 for Jenkins allows remote attackers to obtain sensitive informat... | | |
| CVE-2014-3680 | Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ perm... | | |
| CVE-2014-3681 | Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remot... | | |
| CVE-2014-3682 | XML external entity (XXE) vulnerability in the JBPMBpmn2ResourceImpl function in designer/bpmn2/reso... | | |
| CVE-2014-3683 | Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows re... | E S | |
| CVE-2014-3684 | The tm_adopt function in lib/Libifl/tm.c in Terascale Open-Source Resource and Queue Manager (aka TO... | | |
| CVE-2014-3685 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2014-3686 | wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa... | | |
| CVE-2014-3687 | The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the ... | E S | |
| CVE-2014-3688 | The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial ... | E | |
| CVE-2014-3689 | The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu me... | | |
| CVE-2014-3690 | arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does n... | S | |
| CVE-2014-3691 | Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does ... | S | |
| CVE-2014-3692 | The customization template in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 uses a default pas... | | |
| CVE-2014-3693 | Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7... | S | |
| CVE-2014-3694 | The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pid... | S | |
| CVE-2014-3695 | markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to ... | S | |
| CVE-2014-3696 | nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remot... | S | |
| CVE-2014-3697 | Absolute path traversal vulnerability in the untar_block function in win32/untar.c in Pidgin before ... | S | |
| CVE-2014-3698 | The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin bef... | S | |
| CVE-2014-3699 | eDeploy has RCE via cPickle deserialization of untrusted data... | E | |
| CVE-2014-3700 | eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data... | E | |
| CVE-2014-3701 | eDeploy has tmp file race condition flaws... | | |
| CVE-2014-3702 | Directory traversal vulnerability in eNovance eDeploy allows remote attackers to create arbitrary di... | | |
| CVE-2014-3703 | OpenStack PackStack 2012.2.1, when the Open vSwitch (OVS) monolithic plug-in is not used, does not p... | | |
| CVE-2014-3704 | The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not... | E S | |
| CVE-2014-3705 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2014-3706 | ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by lever... | | |
| CVE-2014-3707 | The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COP... | | |
| CVE-2014-3708 | OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated us... | E S | |
| CVE-2014-3709 | The org.keycloak.services.resources.SocialResource.callback method in JBoss KeyCloak before 1.0.3.Fi... | E | |
| CVE-2014-3710 | The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.... | S | |
| CVE-2014-3711 | namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory e... | S | |
| CVE-2014-3712 | Katello allows remote attackers to cause a denial of service (memory consumption) via the (1) mode p... | E | |
| CVE-2014-3714 | The ARM image loading functionality in Xen 4.4.x does not properly validate kernel length, which all... | S | |
| CVE-2014-3715 | Buffer overflow in Xen 4.4.x allows local users to read system memory or cause a denial of service (... | S | |
| CVE-2014-3716 | Xen 4.4.x does not properly check alignment, which allows local users to cause a denial of service (... | S | |
| CVE-2014-3717 | Xen 4.4.x does not properly validate the load address for 64-bit ARM guest kernels, which allows loc... | S | |
| CVE-2014-3718 | Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/tag_m.cgi in Ex Libris ALEPH 500 (Int... | E | |
| CVE-2014-3719 | Multiple SQL injection vulnerabilities in cgi-bin/review_m.cgi in Ex Libris ALEPH 500 (Integrated li... | E | |
| CVE-2014-3730 | The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before ... | S | |
| CVE-2014-3735 | ir41_32.ax 4.51.16.3 for Intel Indeo Video 4.5 allows remote attackers to cause a denial of service ... | E | |
| CVE-2014-3737 | Cross-site scripting (XSS) vulnerability in templates/defaultheader.php in Lamp Design Storesprite b... | | |
| CVE-2014-3738 | Cross-site scripting (XSS) vulnerability in Zenoss 4.2.5 allows remote attackers to inject arbitrary... | E | |
| CVE-2014-3739 | Open redirect vulnerability in zport/acl_users/cookieAuthHelper/login_form in Zenoss 4.2.5 allows re... | E | |
| CVE-2014-3740 | Cross-site scripting (XSS) vulnerability in SpiceWorks before 7.2.00195 allows remote authenticated ... | E | |
| CVE-2014-3741 | The printDirect function in lib/printer.js in the node-printer module 0.0.1 and earlier for Node.js ... | S | |
| CVE-2014-3742 | The hapi server framework 2.0.x and 2.1.x before 2.2.0 for Node.js allows remote attackers to cause ... | | |
| CVE-2014-3743 | Multiple cross-site scripting (XSS) vulnerabilities in the Marked module before 0.3.1 for Node.js al... | | |
| CVE-2014-3744 | Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers ... | | |
| CVE-2014-3749 | SQL injection vulnerability in Construtiva CIS Manager allows remote attackers to execute arbitrary ... | E | |
| CVE-2014-3750 | The Bilyoner application before 2.3.1 for Android and before 4.6.2 for iOS does not verify X.509 cer... | E | |
| CVE-2014-3752 | The MiniIcpt.sys driver in G Data TotalProtection 2014 24.0.2.1 and earlier allows local users with ... | | |
| CVE-2014-3753 | AgileBits 1Password through 1.0.9.340 allows security feature bypass... | E | |
| CVE-2014-3755 | The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to c... | E | |
| CVE-2014-3756 | The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external ... | | |
| CVE-2014-3757 | SQL injection vulnerability in sorter.php in the phpManufaktur kitForm extension 0.43 and earlier fo... | E | |
| CVE-2014-3758 | Cross-site scripting (XSS) vulnerability in the BibTex Publications (si_bibtex) extension 0.2.3 for ... | | |
| CVE-2014-3759 | Multiple SQL injection vulnerabilities in the BibTex Publications (si_bibtex) extension 0.2.3 for TY... | | |
| CVE-2014-3760 | Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP 1150 with firmware 1.2.94 a... | E | |
| CVE-2014-3761 | Cross-site scripting (XSS) vulnerability in D-Link DAP 1150 with firmware 1.2.94 allows remote attac... | E | |
| CVE-2014-3764 | Cross-site scripting (XSS) vulnerability in the web-based device management interface in Palo Alto N... | | |
| CVE-2014-3771 | TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via the language file p... | E S | |
| CVE-2014-3772 | TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via a request to index.... | E S | |
| CVE-2014-3773 | Multiple SQL injection vulnerabilities in TeamPass before 2.1.20 allow remote attackers to execute a... | E S | |
| CVE-2014-3774 | Multiple cross-site scripting (XSS) vulnerabilities in items.php in TeamPass before 2.1.20 allow rem... | E S | |
| CVE-2014-3775 | libgadu before 1.11.4 and 1.12.0 before 1.12.0-rc3, as used in Pidgin and other products, allows rem... | | |
| CVE-2014-3776 | Buffer overflow in the "read-u8vector!" procedure in the srfi-4 unit in CHICKEN stable 4.8.0.7 and d... | | |
| CVE-2014-3777 | Directory traversal vulnerability in Reportico PHP Report Designer before 4.0 allows remote attacker... | | |
| CVE-2014-3778 | Multiple cross-site request forgery (CSRF) vulnerabilities in goform/RgDdns in ARRIS (formerly Motor... | E | |
| CVE-2014-3779 | Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ADSelfService Plus before 5.2 Build 52... | E | |
| CVE-2014-3780 | Unspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 and 5.4.x before 5.4.4 allows re... | | |
| CVE-2014-3781 | The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote a... | E | |
| CVE-2014-3782 | Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media ... | | |
| CVE-2014-3783 | SQL injection vulnerability in admin/categories.php in Dotclear before 2.6.3 allows remote authentic... | | |
| CVE-2014-3786 | Multiple cross-site scripting (XSS) vulnerabilities in the contact module (admin/modules/contact.php... | E | |
| CVE-2014-3787 | SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administra... | | |
| CVE-2014-3788 | Heap-based buffer overflow in the Web Server in Cogent Real-Time Systems Cogent DataHub before 7.3.5... | S | |
| CVE-2014-3789 | GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers t... | S | |
| CVE-2014-3790 | Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to e... | | |
| CVE-2014-3791 | Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 6.8 allows remote attackers to exe... | E | |
| CVE-2014-3792 | Cross-site request forgery (CSRF) vulnerability in Beetel 450TC2 Router with firmware TX6-0Q-005_ret... | E | |
| CVE-2014-3793 | VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion... | | |
| CVE-2014-3794 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-3795 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-3796 | VMware NSX 6.0 before 6.0.6, and vCloud Networking and Security (vCNS) 5.1 before 5.1.4.2 and 5.5 be... | S | |
| CVE-2014-3797 | Cross-site scripting (XSS) vulnerability in VMware vCenter Server Appliance (vCSA) 5.1 before Update... | | |
| CVE-2014-3798 | The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows remote attackers to cause a d... | S | |
| CVE-2014-3799 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2014-3800 | XBMC 13.0 uses world-readable permissions for .xbmc/userdata/sources.xml, which allows local users t... | | |
| CVE-2014-3801 | OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a... | | |
| CVE-2014-3802 | msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio b... | | |
| CVE-2014-3803 | The SpeechInput feature in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attac... | E | |
| CVE-2014-3804 | The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbi... | E | |
| CVE-2014-3805 | The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbi... | E | |
| CVE-2014-3806 | Directory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo Operations Manager before 4.6 ... | E | |
| CVE-2014-3807 | Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive 6.7.2 allow remote attackers t... | E | |
| CVE-2014-3808 | Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive before 6.7.2 allow remote atta... | E | |
| CVE-2014-3809 | Cross-site scripting (XSS) vulnerability in the management interface in Alcatel-Lucent 1830 Photonic... | E | |
| CVE-2014-3810 | SQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allow... | E | |
| CVE-2014-3811 | Juniper Installer Service (JIS) Client 7.x before 7.4R6 for Windows and Junos Pulse Client before 4.... | | |
| CVE-2014-3812 | The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS before 7.4r5 and 8.x bef... | | |
| CVE-2014-3813 | Unspecified vulnerability in the Juniper Networks NetScreen Firewall products with ScreenOS before 6... | | |
| CVE-2014-3814 | The Juniper Networks NetScreen Firewall devices with ScreenOS before 6.3r17, when configured to use ... | | |
| CVE-2014-3815 | Juniper Junos 12.1X46 before 12.1X46-D20 and 12.1X47 before 12.1X47-D10 on SRX Series devices allows... | | |
| CVE-2014-3816 | Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R11, 12.1X44 before 12.1X44-D35, 12.1X45 before 1... | | |
| CVE-2014-3817 | Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D32, 12.1X45 before 12.1X45-D25, 12.1X46 b... | | |
| CVE-2014-3818 | Juniper Junos OS 9.1 through 11.4 before 11.4R11, 12.1 before R10, 12.1X44 before D40, 12.1X46 befor... | | |
| CVE-2014-3819 | Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R10, 12.1X44 before 12.1X44-D35, 12.1X45 before 1... | | |
| CVE-2014-3820 | Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Se... | | |
| CVE-2014-3821 | Cross-site scripting (XSS) vulnerability in SRX Web Authentication (webauth) in Juniper Junos 11.4 b... | | |
| CVE-2014-3822 | Juniper Junos 11.4 before 11.4R8, 12.1 before 12.1R5, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.... | | |
| CVE-2014-3823 | The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 be... | | |
| CVE-2014-3824 | Cross-site scripting (XSS) vulnerability in the web server in the Juniper Junos Pulse Secure Access ... | | |
| CVE-2014-3825 | The Juniper SRX Series devices with Junos 11.4 before 11.4R12-S4, 12.1X44 before 12.1X44-D40, 12.1X4... | | |
| CVE-2014-3826 | Cross-site scripting (XSS) vulnerability in MyBB before 1.6.13 allows remote authenticated users to ... | | |
| CVE-2014-3827 | Multiple cross-site scripting (XSS) vulnerabilities in the MyBB (aka MyBulletinBoard) before 1.8.4 a... | | |
| CVE-2014-3828 | Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed i... | E | |
| CVE-2014-3829 | displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web... | E | |
| CVE-2014-3830 | Cross-site scripting (XSS) vulnerability in info.php in TomatoCart 1.1.8.6.1 allows remote attackers... | E | |
| CVE-2014-3831 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2014-3832 | Cross-site scripting (XSS) vulnerability in the Documents component in ownCloud Server 6.0.x before ... | | |
| CVE-2014-3833 | Multiple cross-site scripting (XSS) vulnerabilities in the (1) Gallery and (2) core components in ow... | | |
| CVE-2014-3834 | ownCloud Server before 6.0.3 does not properly check permissions, which allows remote authenticated ... | | |
| CVE-2014-3835 | ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not check permissions to the files_externa... | | |
| CVE-2014-3836 | Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud Server before 6.0.3 allow rem... | | |
| CVE-2014-3837 | The document application in ownCloud Server before 6.0.3 uses sequential values for the file_id, whi... | | |
| CVE-2014-3838 | ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly check permissions, which allo... | | |
| CVE-2014-3840 | Multiple cross-site scripting (XSS) vulnerabilities in apps/common/templates/calculate_form_title.ht... | E S | |
| CVE-2014-3841 | Cross-site scripting (XSS) vulnerability in the Contact Bank plugin before 2.0.20 for WordPress allo... | | |
| CVE-2014-3842 | Multiple cross-site scripting (XSS) vulnerabilities in the iMember360 plugin 3.8.012 through 3.9.001... | E | |
| CVE-2014-3843 | Cross-site request forgery (CSRF) vulnerability in the Search Everything plugin before 8.1.1 for Wor... | | |
| CVE-2014-3844 | The TinyMCE Color Picker plugin before 1.2 for WordPress does not properly check permissions, which ... | | |
| CVE-2014-3845 | Cross-site request forgery (CSRF) vulnerability in the TinyMCE Color Picker plugin before 1.2 for Wo... | | |
| CVE-2014-3846 | Cross-site scripting (XSS) vulnerability in Flying Cart allows remote attackers to inject arbitrary ... | E | |
| CVE-2014-3848 | The iMember360 plugin before 3.9.001 for WordPress does not properly restrict access, which allows r... | E | |
| CVE-2014-3849 | The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not properly restrict access, which... | E | |
| CVE-2014-3850 | Cross-site request forgery (CSRF) vulnerability in the Member Approval plugin 131109 for WordPress a... | E | |
| CVE-2014-3851 | usr/lib/cgi-bin/create_passwd_file.py in Pyplate 0.08 uses world-readable permissions for passwd.db,... | E | |
| CVE-2014-3852 | Pyplate 0.08 does not include the HTTPOnly flag in a Set-Cookie header for the id cookie, which make... | E | |
| CVE-2014-3853 | Pyplate 0.08 does not set the secure flag for the id cookie in an https session, which makes it easi... | E | |
| CVE-2014-3854 | Cross-site request forgery (CSRF) vulnerability in admin/addScript.py in Pyplate 0.08 allows remote ... | E | |
| CVE-2014-3855 | Directory traversal vulnerability in download.py in Pyplate 0.08 allows remote attackers to read arb... | E | |
| CVE-2014-3856 | The funced function in fish (aka fish-shell) 1.23.0 before 2.1.1 does not properly create temporary ... | | |
| CVE-2014-3857 | Multiple SQL injection vulnerabilities in Kerio Control Statistics in Kerio Control (formerly WinRou... | E | |
| CVE-2014-3859 | libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS options, which allows remote attac... | | |
| CVE-2014-3860 | Xilisoft Video Converter Ultimate 7.8.1 build-20140505 has a DLL Hijacking vulnerability... | E | |
| CVE-2014-3861 | Cross-site scripting (XSS) vulnerability in CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attac... | E S | |
| CVE-2014-3862 | CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs ... | E S | |
| CVE-2014-3863 | Cross-site scripting (XSS) vulnerability in the JChatSocial component before 2.3 for Joomla! allows ... | | |
| CVE-2014-3864 | Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify... | | |
| CVE-2014-3865 | Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers... | E | |
| CVE-2014-3866 | Multiple cross-site request forgery (CSRF) vulnerabilities in user_settings.php in Usercake 2.0.2 an... | E | |
| CVE-2014-3867 | The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not include the ... | | |
| CVE-2014-3868 | Multiple SQL injection vulnerabilities in ZeusCart 4.x.... | E S | |
| CVE-2014-3870 | Cross-site scripting (XSS) vulnerability in the bib2html plugin 0.9.3 for WordPress allows remote at... | E | |
| CVE-2014-3871 | Multiple SQL injection vulnerabilities in register.php in Geodesic Solutions GeoCore MAX 7.3.3 (form... | E | |
| CVE-2014-3872 | Multiple SQL injection vulnerabilities in the administration login page in D-Link DAP-1350 (Rev. A1)... | E | |
| CVE-2014-3873 | The ktrace utility in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 9.3-BETA... | S | |
| CVE-2014-3875 | The addto parameter to fup in Frams' Fast File EXchange (F*EX, aka fex) before fex-2014053 allows re... | E S | |
| CVE-2014-3876 | Multiple cross-site scripting (XSS) vulnerabilities in Frams' Fast File EXchange (F*EX, aka fex) bef... | E S | |
| CVE-2014-3877 | Incomplete blacklist vulnerability in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 ... | E S | |
| CVE-2014-3878 | Multiple cross-site scripting (XSS) vulnerabilities in the web client interface in Ipswitch IMail Se... | E | |
| CVE-2014-3879 | OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include dire... | S | |
| CVE-2014-3880 | The (1) execve and (2) fexecve system calls in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.... | | |
| CVE-2014-3881 | Cross-site request forgery (CSRF) vulnerability in Intercom Web Kyukincho 3.x before 3.0.030 allows ... | | |
| CVE-2014-3882 | Cross-site request forgery (CSRF) vulnerability in the Login rebuilder plugin before 1.2.0 for WordP... | S | |
| CVE-2014-3883 | Usermin before 1.600 allows remote attackers to execute arbitrary operating-system commands via unsp... | | |
| CVE-2014-3884 | Cross-site scripting (XSS) vulnerability in Usermin before 1.600 allows remote attackers to inject a... | | |
| CVE-2014-3885 | Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows remote authenticated users to... | | |
| CVE-2014-3886 | Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when referrer checking is disabled,... | | |
| CVE-2014-3887 | Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0... | S | |
| CVE-2014-3888 | Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 a... | E | |
| CVE-2014-3889 | silex SX-2000WG devices with firmware before 1.5.4 allow remote attackers to cause a denial of servi... | S | |
| CVE-2014-3890 | silex SX-2000WG devices with firmware before 1.5.4 allow remote attackers to cause a denial of servi... | S | |
| CVE-2014-3891 | Buffer overflow in RimArts Becky! Internet Mail before 2.68 allows remote POP3 servers to execute ar... | | |
| CVE-2014-3892 | Cross-site scripting (XSS) vulnerability in Nexa Meridian before 2014 allows remote attackers to inj... | | |
| CVE-2014-3893 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0114. Reason: This candidate... | R | |
| CVE-2014-3894 | Cross-site scripting (XSS) vulnerability in PHP Kobo Multifunctional MailForm Free 2014/1/28 and ear... | | |
| CVE-2014-3895 | The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/V camera with firmware 1.06 an... | | |
| CVE-2014-3896 | Multiple cross-site request forgery (CSRF) vulnerabilities in CGI programs in Seeds acmailer before ... | E | |
| CVE-2014-3897 | Cross-site scripting (XSS) vulnerability in Homepage Decorator PerlMailer 3.10 and earlier allows re... | | |
| CVE-2014-3898 | Cross-site scripting (XSS) vulnerability in Fujitsu ServerView Operations Manager 5.00.09 through 6.... | | |
| CVE-2014-3899 | Gretech GOM Player 2.2.51.5149 and earlier allows remote attackers to cause a denial of service (lau... | | |
| CVE-2014-3900 | Cross-site scripting (XSS) vulnerability in admin/picture_modify.php in the photo-edit subsystem in ... | | |
| CVE-2014-3901 | Raritan Japan Dominion KX2-101 switches before 2 allow remote attackers to cause a denial of service... | | |
| CVE-2014-3902 | The CyberAgent Ameba application 3.x and 4.x before 4.5.0 for Android does not verify X.509 certific... | S | |
| CVE-2014-3903 | Cross-site scripting (XSS) vulnerability in the Cakifo theme 1.x before 1.6.2 for WordPress allows r... | | |
| CVE-2014-3904 | SQL injection vulnerability in lib/admin.php in tenfourzero Shutter 0.1.4 allows remote attackers to... | | |
| CVE-2014-3905 | Cross-site scripting (XSS) vulnerability in tenfourzero Shutter 0.1.4 allows remote attackers to inj... | | |
| CVE-2014-3906 | SQL injection vulnerability in OSK Advance-Flow 4.41 and earlier and Advance-Flow Forms 4.41 and ear... | | |
| CVE-2014-3907 | Cross-site request forgery (CSRF) vulnerability in the MailPoet Newsletters (wysija-newsletters) plu... | S | |
| CVE-2014-3908 | The Amazon.com Kindle application before 4.5.0 for Android does not verify X.509 certificates from S... | | |
| CVE-2014-3909 | Session fixation vulnerability in Falcon WisePoint 4.1.19.7 and earlier allows remote attackers to h... | S | |
| CVE-2014-3910 | Emurasoft EmFTP allows local users to gain privileges via a Trojan horse executable file that is lau... | | |
| CVE-2014-3911 | Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unsp... | S | |
| CVE-2014-3912 | Stack-based buffer overflow in the FindConfigChildeKeyList method in the XNSSDKDEVICE.XnsSdkDeviceCt... | S | |
| CVE-2014-3913 | Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers... | E | |
| CVE-2014-3914 | Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket Ser... | E | |
| CVE-2014-3915 | The userRequest servlet in the Admin Center for Tivoli Storage Manager in Rocket Servergraph allows ... | | |
| CVE-2014-3916 | The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attacker... | | |
| CVE-2014-3917 | kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certai... | | |
| CVE-2014-3918 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2014-3919 | A vulnerability exists in Netgear CG3100 devices before 3.9.2421.13.mp3 V0027 via an embed malicious... | | |
| CVE-2014-3920 | Cross-site request forgery (CSRF) vulnerability in Kanboard before 1.0.6 allows remote attackers to ... | E | |
| CVE-2014-3921 | Cross-site scripting (XSS) vulnerability in popup.php in the Simple Popup Images plugin for WordPres... | E | |
| CVE-2014-3922 | Cross-site scripting (XSS) vulnerability in Trend Micro InterScan Messaging Security Virtual Applian... | E | |
| CVE-2014-3923 | Multiple cross-site scripting (XSS) vulnerabilities in the Digital Zoom Studio (DZS) Video Gallery p... | E | |
| CVE-2014-3924 | Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 ... | | |
| CVE-2014-3925 | sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 produces an archive wi... | | |
| CVE-2014-3926 | Cross-site scripting (XSS) vulnerability in lg.cgi in Cougar LG 1.9 allows remote attackers to injec... | S | |
| CVE-2014-3927 | mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to execute arbitrary shell code.... | S | |
| CVE-2014-3928 | Cougar-LG stores sensitive information under the web root with insufficient access control, which al... | S | |
| CVE-2014-3929 | The default configuration for Cougar-LG stores sensitive information under the web root with insuffi... | S | |
| CVE-2014-3930 | lg.pl in Cistron-LG 1.01 stores sensitive information under the web root with insufficient access co... | | |
| CVE-2014-3931 | fastping.c in MRLG (aka Multi-Router Looking Glass) before 5.5.0 allows remote attackers to cause an... | E | |
| CVE-2014-3932 | SQL injection vulnerability in the device registration component in wsf/webservice.php in CoSoSys En... | E | |
| CVE-2014-3933 | Cross-site scripting (XSS) vulnerability in the address components field formatter in the AddressFie... | S | |
| CVE-2014-3934 | SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to ex... | E | |
| CVE-2014-3935 | SQL injection vulnerability in glossaire-aff.php in the Glossaire module 1.0 for XOOPS allows remote... | E | |
| CVE-2014-3936 | Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) w... | E | |
| CVE-2014-3937 | SQL injection vulnerability in the Contextual Related Posts plugin before 1.8.10.2 for WordPress all... | S | |
| CVE-2014-3938 | Integer overflow in Autodesk SketchBook Pro before 6.2.6 allows remote attackers to execute arbitrar... | | |
| CVE-2014-3939 | Heap-based buffer overflow in Autodesk SketchBook Pro before 6.2.6 allows remote attackers to execut... | | |
| CVE-2014-3940 | The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which al... | | |
| CVE-2014-3941 | TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 b... | | |
| CVE-2014-3942 | The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.... | | |
| CVE-2014-3943 | Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 4.5.0... | | |
| CVE-2014-3944 | The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user... | | |
| CVE-2014-3945 | The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, doe... | | |
| CVE-2014-3946 | The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does ... | | |
| CVE-2014-3947 | Unrestricted file upload vulnerability in the powermail extension before 1.6.11 and 2.x before 2.0.1... | | |
| CVE-2014-3948 | Cross-site scripting (XSS) vulnerability in the HTML export wizard in the backend module in the powe... | | |
| CVE-2014-3949 | Cross-site scripting (XSS) vulnerability in the layout wizard in the Grid Elements (gridelements) ex... | | |
| CVE-2014-3951 | The HZ module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-depend... | | |
| CVE-2014-3952 | FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initial... | | |
| CVE-2014-3953 | FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initial... | | |
| CVE-2014-3954 | Stack-based buffer overflow in rtsold in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cau... | S | |
| CVE-2014-3955 | routed in FreeBSD 8.4 through 10.1-RC2 allows remote attackers to cause a denial of service (asserti... | S | |
| CVE-2014-3956 | The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, ... | S | |
| CVE-2014-3959 | Cross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, ... | | |
| CVE-2014-3960 | Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers ... | | |
| CVE-2014-3961 | SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.... | E S | |
| CVE-2014-3962 | Multiple SQL injection vulnerabilities in Videos Tube 1.0 allow remote attackers to execute arbitrar... | E | |
| CVE-2014-3963 | ownCloud Server before 6.0.1 does not properly check permissions, which allows remote authenticated ... | S | |
| CVE-2014-3966 | Cross-site scripting (XSS) vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.... | S | |
| CVE-2014-3967 | The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return valu... | S | |
| CVE-2014-3968 | The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators t... | S | |
| CVE-2014-3969 | Xen 4.4.x, when running on an ARM system, does not properly check write permissions on virtual addre... | S | |
| CVE-2014-3970 | The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and ea... | E | |
| CVE-2014-3971 | The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod... | | |
| CVE-2014-3972 | Directory traversal vulnerability in Apexis APM-J601-WS cameras with firmware before 17.35.2.49 allo... | | |
| CVE-2014-3973 | Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.3.21 allow remote attackers ... | E S | |
| CVE-2014-3974 | Cross-site scripting (XSS) vulnerability in filemanager.php in AuraCMS 3.0 and earlier allows remote... | E | |
| CVE-2014-3975 | Absolute path traversal vulnerability in filemanager.php in AuraCMS 3.0 allows remote attackers to l... | E | |
| CVE-2014-3976 | Buffer overflow in A10 Networks Advanced Core Operating System (ACOS) before 2.7.0-p6 and 2.7.1 befo... | E | |
| CVE-2014-3977 | libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via... | E | |
| CVE-2014-3978 | SQL injection vulnerability in TomatoCart 1.1.8.6.1 allows remote authenticated users to execute arb... | E | |
| CVE-2014-3979 | Bytemark Symbiosis allows remote attackers to cause a denial of service via a crafted username, whic... | | |
| CVE-2014-3980 | libfep 0.0.5 before 0.1.0 does not properly use UNIX domain sockets in the abstract namespace, which... | | |
| CVE-2014-3981 | acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overw... | S | |
| CVE-2014-3982 | include/tests_webservers in Lynis before 1.5.5 on AIX allows local users to overwrite arbitrary file... | S | |
| CVE-2014-3984 | Multiple unspecified vulnerabilities in Libav before 0.8.12 allow remote attackers to have unknown i... | | |
| CVE-2014-3985 | The getHTTPResponse function in miniwget.c in MiniUPnP 1.9 allows remote attackers to cause a denial... | E S | |
| CVE-2014-3986 | include/tests_webservers in Lynis before 1.5.5 allows local users to overwrite arbitrary files via a... | | |
| CVE-2014-3988 | Cross-site scripting (XSS) vulnerability in index.php in SunHater KCFinder 3.11 and earlier allows r... | E | |
| CVE-2014-3990 | The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remot... | E S | |
| CVE-2014-3991 | Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote attackers... | E | |
| CVE-2014-3992 | Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to... | E | |
| CVE-2014-3994 | Cross-site scripting (XSS) vulnerability in util/templatetags/djblets_js.py in Djblets before 0.7.30... | E S | |
| CVE-2014-3995 | Cross-site scripting (XSS) vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0.... | E S | |
| CVE-2014-3996 | SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC)... | E | |
| CVE-2014-3997 | SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP... | E | |
| CVE-2014-3999 | The Horde_Ldap library before 2.0.6 for Horde allows remote attackers to bypass authentication by le... | S |