CVE-2014-4xxx

There are 888 CVE in this subgroup.

Last updated:

← Back to 2014

ID	Summary	Flags
CVE-2014-4000	Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and exe...
CVE-2014-4002	Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject...	S
CVE-2014-4003	The System Landscape Directory (SLD) in SAP NetWeaver allows remote attackers to modify information ...
CVE-2014-4004	The (1) Structures and (2) Project-Oriented Procurement components in SAP Project System has hardcod...
CVE-2014-4005	SAP Brazil add-on has hardcoded credentials, which makes it easier for remote attackers to obtain ac...
CVE-2014-4006	The SAP Trader's and Scheduler's Workbench (TSW) for SAP Oil & Gas has hardcoded credentials, which ...
CVE-2014-4007	The SAP Upgrade tools for ABAP has hardcoded credentials, which makes it easier for remote attackers...
CVE-2014-4008	SAP Web Services Tool (CA-WUI-WST) has hardcoded credentials, which makes it easier for remote attac...
CVE-2014-4009	SAP CCMS Monitoring (BC-CCM-MON) has hardcoded credentials, which makes it easier for remote attacke...
CVE-2014-4010	SAP Transaction Data Pool has hardcoded credentials, which makes it easier for remote attackers to o...
CVE-2014-4011	SAP Capacity Leveling has hardcoded credentials, which makes it easier for remote attackers to obtai...
CVE-2014-4012	SAP Open Hub Service has hardcoded credentials, which makes it easier for remote attackers to obtain...
CVE-2014-4013	SQL injection vulnerability in the Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x thro...
CVE-2014-4014	The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that na...	E
CVE-2014-4017	Cross-site scripting (XSS) vulnerability in the Conversion Ninja plugin for WordPress allows remote ...	E
CVE-2014-4018	The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the a...	E
CVE-2014-4019	ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web ro...	E
CVE-2014-4020	The dissect_frame function in epan/dissectors/packet-frame.c in the frame metadissector in Wireshark...	E
CVE-2014-4021	Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows loc...	S
CVE-2014-4022	The alloc_domain_struct function in arch/arm/domain.c in Xen 4.4.x, when running on an ARM platform,...
CVE-2014-4023	Cross-site scripting (XSS) vulnerability in tmui/dashboard/echo.jsp in the Configuration utility in ...	E
CVE-2014-4024	SSL virtual servers in F5 BIG-IP systems 10.x before 10.2.4 HF9, 11.x before 11.2.1 HF12, 11.3.0 bef...
CVE-2014-4027	The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.1...	S
CVE-2014-4030	Cross-site request forgery (CSRF) vulnerability in the JW Player plugin before 2.1.4 for WordPress a...	E S
CVE-2014-4031	The Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through ...
CVE-2014-4032	Cross-site scripting (XSS) vulnerability in apps/app_comment/form_comment.php in Fiyo CMS 1.5.7 allo...	E
CVE-2014-4033	Cross-site scripting (XSS) vulnerability in libraries/includes/personal/profile.php in Epignosis eFr...	E
CVE-2014-4034	SQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to execu...	E
CVE-2014-4035	Cross-site scripting (XSS) vulnerability in booking_details.php in Best Soft Inc. (BSI) Advance Hote...	E
CVE-2014-4036	Cross-site scripting (XSS) vulnerability in modules/system/admin.php in ImpressCMS 1.3.6.1 allows re...	E
CVE-2014-4037	Cross-site scripting (XSS) vulnerability in editor/dialog/fck_spellerpages/spellerpages/server-scrip...	E S
CVE-2014-4038	ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to (1)...
CVE-2014-4039	ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permission...
CVE-2014-4040	snap in powerpc-utils 1.2.20 produces an archive with fstab and yaboot.conf files potentially contai...
CVE-2014-4043	The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument i...	E
CVE-2014-4044	OpenAFS 1.6.8 does not properly clear the fields in the host structure, which allows remote attacker...
CVE-2014-4045	The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3...	S
CVE-2014-4046	Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 1...	S
CVE-2014-4047	Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certifie...	S
CVE-2014-4048	The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a de...	S
CVE-2014-4049	Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and e...	S
CVE-2014-4050	Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d...
CVE-2014-4051	Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2014-4052	Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a de...
CVE-2014-4053	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4054	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4055	Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d...
CVE-2014-4056	Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause ...
CVE-2014-4057	Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o...
CVE-2014-4058	Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2014-4059	Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2014-4060	Use-after-free vulnerability in MCPlayer.dll in Microsoft Windows Media Center TV Pack for Windows V...	S
CVE-2014-4061	Microsoft SQL Server 2008 SP3, 2008 R2 SP2, and 2012 SP1 does not properly control use of stack memo...
CVE-2014-4062	Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, and 3.5.1 does not properly implement the A...
CVE-2014-4063	Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2014-4064	The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows ...	S
CVE-2014-4065	Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2014-4066	Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o...	S
CVE-2014-4067	Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d...
CVE-2014-4068	The Response Group Service in Microsoft Lync Server 2010 and 2013 and the Core Components in Lync Se...
CVE-2014-4069	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4070	Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2013 ...
CVE-2014-4071	The Server in Microsoft Lync Server 2013 allows remote attackers to cause a denial of service (NULL ...
CVE-2014-4072	Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not pr...
CVE-2014-4073	Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data dur...
CVE-2014-4074	The Task Scheduler in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows...	S
CVE-2014-4075	Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Contr...
CVE-2014-4076	Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to ...	E
CVE-2014-4077	Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 ...	KEV S
CVE-2014-4078	The IP Security feature in Microsoft Internet Information Services (IIS) 8.0 and 8.5 does not proper...
CVE-2014-4079	Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2014-4080	Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d...
CVE-2014-4081	Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2014-4082	Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause ...
CVE-2014-4083	Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2014-4084	Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial o...
CVE-2014-4085	Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2014-4086	Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a...
CVE-2014-4087	Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o...
CVE-2014-4088	Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2014-4089	Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d...
CVE-2014-4090	Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2014-4091	Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d...
CVE-2014-4092	Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2014-4093	Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial o...
CVE-2014-4094	Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2014-4095	Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o...
CVE-2014-4096	Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o...
CVE-2014-4097	Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2014-4098	Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2014-4099	Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2014-4100	Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2014-4101	Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o...
CVE-2014-4102	Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d...
CVE-2014-4103	Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2014-4104	Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2014-4105	Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2014-4106	Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2014-4107	Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2014-4108	Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2014-4109	Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2014-4110	Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2014-4111	Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2014-4112	Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o...	S
CVE-2014-4113	win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windo...	KEV E S
CVE-2014-4114	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8...	KEV E S
CVE-2014-4115	fastfat.sys (aka the FASTFAT driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2...
CVE-2014-4116	Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2 allows remote a...
CVE-2014-4117	Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for...
CVE-2014-4118	XML Core Services (aka MSXML) 3.0 in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows S...	S
CVE-2014-4119	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4120	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4121	Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse inter...
CVE-2014-4122	Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 omits the ASLR protection mechanism, which allows r...
CVE-2014-4123	Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted we...	KEV S
CVE-2014-4124	Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted we...
CVE-2014-4125	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4126	Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d...
CVE-2014-4127	Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause ...
CVE-2014-4128	Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2014-4129	Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of...
CVE-2014-4130	Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o...
CVE-2014-4131	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4132	Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o...
CVE-2014-4133	Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a den...
CVE-2014-4134	Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a...
CVE-2014-4135	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4136	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4137	Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a den...
CVE-2014-4138	Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o...	E
CVE-2014-4139	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4140	Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the ASLR protection mecha...
CVE-2014-4141	Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause ...	E
CVE-2014-4142	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4143	Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ...
CVE-2014-4144	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4145	Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o...	S
CVE-2014-4146	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4147	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4148	win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windo...	KEV S
CVE-2014-4149	Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly pe...
CVE-2014-4150	The scheme48-send-definition function in cmuscheme48.el in Scheme 48 allows local users to write to ...	S
CVE-2014-4151	The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbit...
CVE-2014-4152	The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbi...
CVE-2014-4153	The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitra...
CVE-2014-4154	ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web ro...	E
CVE-2014-4155	Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0....	E
CVE-2014-4156	Proxmox VE prior to 3.2: 'AccessControl.pm' User Enumeration Vulnerability...	S
CVE-2014-4157	arch/mips/include/asm/thread_info.h in the Linux kernel before 3.14.8 on the MIPS platform does not ...	E S
CVE-2014-4158	Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a l...	E
CVE-2014-4159	Open redirect vulnerability in in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) al...	E
CVE-2014-4160	Multiple cross-site scripting (XSS) vulnerabilities in the testcanvas node in SAP NetWeaver Business...	E
CVE-2014-4161	Cross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management...
CVE-2014-4162	Multiple cross-site request forgery (CSRF) vulnerabilities in the Zyxel P-660HW-T1 (v3) wireless rou...	E
CVE-2014-4163	Multiple cross-site request forgery (CSRF) vulnerabilities in the Featured Comments plugin 1.2.1 for...	E
CVE-2014-4164	Cross-site scripting (XSS) vulnerability in AlgoSec FireFlow 6.3-b230 allows remote attackers to inj...	E
CVE-2014-4165	Cross-site scripting (XSS) vulnerability in ntop allows remote attackers to inject arbitrary web scr...	E
CVE-2014-4166	Cross-site scripting (XSS) vulnerability in the song history in SHOUTcast DNAS 2.2.1 allows remote a...	E
CVE-2014-4167	The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 al...
CVE-2014-4168	(1) iodined.c and (2) user.c in iodine before 0.7.0 allows remote attackers to bypass authentication...
CVE-2014-4170	A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insuffi...
CVE-2014-4171	mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between ra...
CVE-2014-4172	A URL parameter injection vulnerability was found in the back-channel ticket validation step of the ...	S
CVE-2014-4174	wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x before 1.10.4 allows remote attacke...	E S
CVE-2014-4187	Cross-site scripting (XSS) vulnerability in signup.php in ClipBucket allows remote attackers to inje...
CVE-2014-4188	Cross-site request forgery (CSRF) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x be...
CVE-2014-4189	Cross-site scripting (XSS) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8....
CVE-2014-4190	Multiple heap-based buffer overflows in Huawei Campus Series Switches S3700HI, S5700, S6700, S3300HI...
CVE-2014-4191	The TLS implementation in EMC RSA BSAFE-C Toolkits (aka Share for C and C++) sends a long series of ...
CVE-2014-4192	The Dual_EC_DRBG implementation in EMC RSA BSAFE-C Toolkits (aka Share for C and C++) processes cert...
CVE-2014-4193	The TLS implementation in EMC RSA BSAFE-Java Toolkits (aka Share for Java) supports the Extended Ran...
CVE-2014-4194	SQL injection vulnerability in zero_transact_article.php in ZeroCMS 1.0 allows remote attackers to e...	E
CVE-2014-4195	Cross-site scripting (XSS) vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attac...	E
CVE-2014-4196	Cross-site scripting (XSS) vulnerability in bsi.dll in Bank Soft Systems (BSS) RBS BS-Client 3.17.9 ...	E
CVE-2014-4197	Multiple SQL injection vulnerabilities in Bank Soft Systems (BSS) RBS BS-Client 3.17.9 allow remote ...	E
CVE-2014-4198	A Two-Factor Authentication Bypass Vulnerability exists in BS-Client Private Client 2.4 and 2.5 via ...	E
CVE-2014-4199	vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other pro...	E
CVE-2014-4200	vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other pro...	E
CVE-2014-4201	Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6...
CVE-2014-4202	Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2...
CVE-2014-4203	Unspecified vulnerability in the Hyperion Enterprise Performance Management Architect component in O...
CVE-2014-4204	Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft...
CVE-2014-4205	Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 ...
CVE-2014-4206	Unspecified vulnerability in the Hyperion Enterprise Performance Management Architect component in O...
CVE-2014-4207	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows re...
CVE-2014-4208	Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and 8u5 allows remote atta...
CVE-2014-4209	Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to a...
CVE-2014-4210	Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2...
CVE-2014-4211	Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1....
CVE-2014-4212	Unspecified vulnerability in the Oracle Fusion Middleware component in Oracle Fusion Middleware 11.1...
CVE-2014-4213	Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12...
CVE-2014-4214	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows re...
CVE-2014-4215	Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability vi...
CVE-2014-4216	Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to a...
CVE-2014-4217	Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2...
CVE-2014-4218	Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to a...
CVE-2014-4219	Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect co...
CVE-2014-4220	Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity...
CVE-2014-4221	Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect confident...
CVE-2014-4222	Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0...
CVE-2014-4223	Unspecified vulnerability in Oracle Java SE 7u60 allows remote attackers to affect confidentiality, ...
CVE-2014-4224	Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 allows local users to affect avai...
CVE-2014-4225	Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, int...
CVE-2014-4226	Unspecified vulnerability in the PeopleSoft Enterprise FIN Install component in Oracle PeopleSoft Pr...
CVE-2014-4227	Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect co...
CVE-2014-4228	Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox ...
CVE-2014-4229	Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain P...
CVE-2014-4230	Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 ...
CVE-2014-4231	Unspecified vulnerability in the Siebel Travel & Transportation component in Oracle Siebel CRM 8.1.1...
CVE-2014-4232	Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) component in Oracle Virtualizati...
CVE-2014-4233	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows re...
CVE-2014-4234	Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain P...
CVE-2014-4235	Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0....
CVE-2014-4236	Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.2.0.4 and 12.1.0....
CVE-2014-4237	Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.2.0.4 and 12.1.0....
CVE-2014-4238	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows re...
CVE-2014-4239	Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 allows remote authenticated users...
CVE-2014-4240	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows lo...
CVE-2014-4241	Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2...
CVE-2014-4242	Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2...
CVE-2014-4243	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.1...
CVE-2014-4244	Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRo...
CVE-2014-4245	Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.1.0.7, 11.2.0.3, ...
CVE-2014-4246	Unspecified vulnerability in the Hyperion Analytic Provider Services component in Oracle Hyperion 11...
CVE-2014-4247	Unspecified vulnerability in Oracle Java SE 8u5 allows remote attackers to affect confidentiality, i...
CVE-2014-4248	Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Su...
CVE-2014-4249	Unspecified vulnerability in the BI Publisher component in Oracle Fusion Middleware 11.1.1.7 allows ...
CVE-2014-4250	Unspecified vulnerability in the Siebel Core - Server OM Frwks component in Oracle Siebel CRM 8.1.1 ...
CVE-2014-4251	Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0...
CVE-2014-4252	Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to a...
CVE-2014-4253	Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2...
CVE-2014-4254	Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6...
CVE-2014-4255	Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6...
CVE-2014-4256	Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2...
CVE-2014-4257	Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1....
CVE-2014-4258	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.1...
CVE-2014-4259	Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 ...	S
CVE-2014-4260	Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6....
CVE-2014-4261	Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox ...
CVE-2014-4262	Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to a...
CVE-2014-4263	Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28...
CVE-2014-4264	Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect availabil...
CVE-2014-4265	Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect in...
CVE-2014-4266	Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity...
CVE-2014-4267	Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2...
CVE-2014-4268	Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to a...
CVE-2014-4269	Unspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11....
CVE-2014-4270	Unspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11....
CVE-2014-4271	Unspecified vulnerability in the Hyperion Essbase component in Oracle Hyperion 11.1.2.2 and 11.1.2.3...
CVE-2014-4272	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4273	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4274	Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows lo...	S
CVE-2014-4275	Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vec...	S
CVE-2014-4276	Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality...	S
CVE-2014-4277	Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality...	S
CVE-2014-4278	Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business...	S
CVE-2014-4279	Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Pr...	S
CVE-2014-4280	Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, int...	S
CVE-2014-4281	Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite ...	S
CVE-2014-4282	Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, int...	S
CVE-2014-4283	Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality...	S
CVE-2014-4284	Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, int...	S
CVE-2014-4285	Unspecified vulnerability in the Oracle Applications Technology component in Oracle E-Business Suite...	S
CVE-2014-4286	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-4286. Reason: This candida...	R
CVE-2014-4287	Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows re...	S
CVE-2014-4288	Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect c...	S
CVE-2014-4289	Unspecified vulnerability in the JDBC component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0...	S
CVE-2014-4290	Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, ...	S
CVE-2014-4291	Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, ...	S
CVE-2014-4292	Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, ...	S
CVE-2014-4293	Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, ...	S
CVE-2014-4294	Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11....	S
CVE-2014-4295	Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11....	S
CVE-2014-4296	Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, ...	S
CVE-2014-4297	Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, ...	S
CVE-2014-4298	Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0...	S
CVE-2014-4299	Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0...	S
CVE-2014-4300	Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0...	S
CVE-2014-4301	Multiple cross-site scripting (XSS) vulnerabilities in the respond_error function in routing.py in E...	E S
CVE-2014-4302	Cross-site scripting (XSS) vulnerability in rating/rating.php in HAM3D Shop Engine allows remote att...	E
CVE-2014-4303	Multiple cross-site scripting (XSS) vulnerabilities in the Touch theme 7.x-1.x before 7.x-1.9 for Dr...	S
CVE-2014-4304	Cross-site scripting (XSS) vulnerability in browse.php in SQL Buddy 1.3.3 and earlier allows remote ...	E
CVE-2014-4305	Multiple SQL injection vulnerabilities in NICE Recording eXpress (aka Cybertech eXpress) 6.5.7 and e...
CVE-2014-4306	Directory traversal vulnerability in logs-x.php in WebTitan before 4.04 allows remote attackers to r...
CVE-2014-4307	SQL injection vulnerability in categories-x.php in WebTitan before 4.04 allows remote attackers to e...	E
CVE-2014-4308	Multiple cross-site scripting (XSS) vulnerabilities in NICE Recording eXpress (aka Cybertech eXpress...	E
CVE-2014-4309	Multiple cross-site scripting (XSS) vulnerabilities in Openfiler 2.99 allow remote attackers to inje...	E
CVE-2014-4310	Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, ...	S
CVE-2014-4311	Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allows attackers to obtain the (1) Database Conn...	E
CVE-2014-4312	Multiple cross-site scripting (XSS) vulnerabilities in Epicor Enterprise 7.4 before FS74SP6_HotfixTL...	E
CVE-2014-4313	SQL injection vulnerability in Epicor Procurement before 7.4 SP2 allows remote attackers to execute ...
CVE-2014-4314	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA who allocated...	R
CVE-2014-4315	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA who allocated...	R
CVE-2014-4322	drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovatio...	S
CVE-2014-4323	The mdp_lut_hw_update function in drivers/video/msm/mdp.c in the MDP display driver for the Linux ke...
CVE-2014-4325	The cmd_boot function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with...	S
CVE-2014-4326	Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrar...
CVE-2014-4329	Cross-site scripting (XSS) vulnerability in lua/host_details.lua in ntopng 1.1 allows remote attacke...	E
CVE-2014-4330	The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-d...	E
CVE-2014-4331	Cross-site scripting (XSS) vulnerability in admin/viewer.php in OctavoCMS allows remote attackers to...	E
CVE-2014-4333	Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and ...	E
CVE-2014-4334	Stack-based buffer overflow in Ubisoft Rayman Legends before 1.3.140380 allows remote attackers to e...	E
CVE-2014-4335	Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive 6.7.2 allow remote attackers t...	E
CVE-2014-4336	The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0...	S
CVE-2014-4337	The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0....	S
CVE-2014-4338	cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restric...
CVE-2014-4341	MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer...	S
CVE-2014-4342	MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a deni...	S
CVE-2014-4343	Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/sp...	S
CVE-2014-4344	The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos ...	S
CVE-2014-4345	Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_princ...
CVE-2014-4346	Cross-site scripting (XSS) vulnerability in administration user interface in Citrix NetScaler Applic...
CVE-2014-4347	Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gatewa...
CVE-2014-4348	Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote au...	E S
CVE-2014-4349	Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x be...	E S
CVE-2014-4350	Buffer overflow in QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execut...
CVE-2014-4351	Buffer overflow in QuickTime in Apple OS X before 10.10 allows remote attackers to execute arbitrary...
CVE-2014-4352	Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it...
CVE-2014-4353	Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by...
CVE-2014-4354	Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote at...
CVE-2014-4355	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4356	Apple iOS before 8 does not follow the intended configuration setting for text-message preview on th...
CVE-2014-4357	Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows attackers to obtain sensitive ...
CVE-2014-4358	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4359	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4360	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4361	The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API fo...
CVE-2014-4362	The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party...
CVE-2014-4363	Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which...
CVE-2014-4364	The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authenticat...
CVE-2014-4365	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4366	Mail in Apple iOS before 8 does not prevent sending a LOGIN command to a LOGINDISABLED IMAP server, ...
CVE-2014-4367	Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physical...
CVE-2014-4368	The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking ...
CVE-2014-4369	The IOAcceleratorFamily API implementation in Apple iOS before 8 and Apple TV before 7 allows attack...
CVE-2014-4370	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4371	The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not ...
CVE-2014-4372	syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to ch...
CVE-2014-4373	The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV ...
CVE-2014-4374	NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML dat...
CVE-2014-4375	Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain pri...
CVE-2014-4376	IOKit in IOAcceleratorFamily in Apple OS X before 10.9.5 allows attackers to execute arbitrary code ...
CVE-2014-4377	Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers...
CVE-2014-4378	CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive...
CVE-2014-4379	An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV before 7 lacks proper bounds ...
CVE-2014-4380	The IOHIDFamily kernel extension in Apple iOS before 8 and Apple TV before 7 lacks proper bounds che...
CVE-2014-4381	Libnotify in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operatio...
CVE-2014-4382	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4383	The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers ...
CVE-2014-4384	Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local...
CVE-2014-4385	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4386	Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain priv...
CVE-2014-4387	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4388	IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object meta...
CVE-2014-4389	Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute ar...
CVE-2014-4390	Bluetooth in Apple OS X before 10.9.5 does not properly validate API calls, which allows attackers t...
CVE-2014-4391	The Code Signing feature in Apple OS X before 10.10 does not properly handle incomplete resource env...
CVE-2014-4392	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4393	Buffer overflow in the shader compiler in the Intel Graphics Driver subsystem in Apple OS X before 1...
CVE-2014-4394	An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS...
CVE-2014-4395	An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS...
CVE-2014-4396	An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS...
CVE-2014-4397	An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS...
CVE-2014-4398	An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS...
CVE-2014-4399	An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS...
CVE-2014-4400	An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS...
CVE-2014-4401	An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS...
CVE-2014-4402	An unspecified IOAcceleratorFamily function in Apple OS X before 10.9.5 lacks proper bounds checking...
CVE-2014-4403	The kernel in Apple OS X before 10.9.5 allows local users to obtain sensitive address information an...
CVE-2014-4404	Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attacke...	KEV
CVE-2014-4405	IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code i...
CVE-2014-4406	Cross-site scripting (XSS) vulnerability in Xcode Server in CoreCollaboration in Apple OS X Server b...
CVE-2014-4407	IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which ...
CVE-2014-4408	The rt_setgate function in the kernel in Apple iOS before 8 and Apple TV before 7 allows local users...
CVE-2014-4409	WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private brow...
CVE-2014-4410	WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbi...
CVE-2014-4411	WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbi...
CVE-2014-4412	WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbi...
CVE-2014-4413	WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbi...
CVE-2014-4414	WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbi...
CVE-2014-4415	WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbi...
CVE-2014-4416	An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS...
CVE-2014-4417	Safari in Apple OS X before 10.10 allows remote attackers to cause a denial of service (universal Pu...
CVE-2014-4418	IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object meta...
CVE-2014-4419	The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not ...
CVE-2014-4420	The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not ...
CVE-2014-4421	The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not ...
CVE-2014-4422	The kernel in Apple iOS before 8 and Apple TV before 7 uses a predictable random number generator du...
CVE-2014-4423	The Accounts subsystem in Apple iOS before 8 allows attackers to bypass a sandbox protection mechani...
CVE-2014-4424	SQL injection vulnerability in Wiki Server in CoreCollaboration in Apple OS X Server before 2.2.3 an...
CVE-2014-4425	CFPreferences in Apple OS X before 10.10 does not properly enforce the "require password after sleep...
CVE-2014-4426	AFP File Server in Apple OS X before 10.10 allows remote attackers to discover the network addresses...
CVE-2014-4427	App Sandbox in Apple OS X before 10.10 allows attackers to bypass a sandbox protection mechanism via...
CVE-2014-4428	Bluetooth in Apple OS X before 10.10 does not require encryption for HID Low Energy devices, which a...
CVE-2014-4429	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4430	CoreStorage in Apple OS X before 10.10 retains a volume's encryption keys upon an eject action in th...
CVE-2014-4431	Dock in Apple OS X before 10.10 does not properly manage the screen-lock state, which allows physica...
CVE-2014-4432	fdesetup in Apple OS X before 10.10 does not properly display the encryption status in between a set...
CVE-2014-4433	Heap-based buffer overflow in the kernel in Apple OS X before 10.10 allows physically proximate atta...
CVE-2014-4434	The kernel in Apple OS X before 10.10 allows physically proximate attackers to cause a denial of ser...
CVE-2014-4435	The "iCloud Find My Mac" feature in Apple OS X before 10.10 does not properly enforce rate limiting ...
CVE-2014-4436	IOHIDFamily in Apple OS X before 10.10 allows attackers to cause denial of service (out-of-bounds re...
CVE-2014-4437	LaunchServices in Apple OS X before 10.10 allows attackers to bypass intended sandbox restrictions v...
CVE-2014-4438	Race condition in LoginWindow in Apple OS X before 10.10 allows physically proximate attackers to ob...
CVE-2014-4439	Mail in Apple OS X before 10.10 does not properly recognize the removal of a recipient address from ...
CVE-2014-4440	The MCX Desktop Config Profiles implementation in Apple OS X before 10.10 retains web-proxy settings...
CVE-2014-4441	NetFS Client Framework in Apple OS X before 10.10 does not ensure that the disabling of File Sharing...
CVE-2014-4442	The kernel in Apple OS X before 10.10 allows local users to cause a denial of service (panic) via a ...
CVE-2014-4443	Apple OS X before 10.10 allows remote attackers to cause a denial of service (NULL pointer dereferen...
CVE-2014-4444	SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for ...
CVE-2014-4445	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4446	Mail Service in Apple OS X Server before 4.0 does not enforce SACL changes until after a service res...
CVE-2014-4447	Profile Manager in Apple OS X Server before 4.0 allows local users to discover cleartext passwords b...
CVE-2014-4448	House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes ...
CVE-2014-4449	iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, whic...
CVE-2014-4450	The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction ...
CVE-2014-4451	Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier fo...
CVE-2014-4452	WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to exec...	S
CVE-2014-4453	Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotl...
CVE-2014-4454	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4455	dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segmen...
CVE-2014-4456	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4457	The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver...
CVE-2014-4458	The "System Profiler About This Mac" component in Apple OS X before 10.10.1 includes extraneous cook...
CVE-2014-4459	Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attacker...
CVE-2014-4460	CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cac...
CVE-2014-4461	The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDa...
CVE-2014-4462	WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to exec...
CVE-2014-4463	Apple iOS before 8.1.1 allows physically proximate attackers to bypass the lock-screen protection me...
CVE-2014-4464	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4465	WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers ...
CVE-2014-4466	WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote ...	S
CVE-2014-4467	WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during t...
CVE-2014-4468	WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote ...	S
CVE-2014-4469	WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote ...	S
CVE-2014-4470	WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote ...	S
CVE-2014-4471	WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote ...	S
CVE-2014-4472	WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote ...	S
CVE-2014-4473	WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote ...	S
CVE-2014-4474	WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote ...	S
CVE-2014-4475	WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote ...	S
CVE-2014-4476	WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x befo...	S
CVE-2014-4477	WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x befo...	S
CVE-2014-4478	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4479	WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x befo...	S
CVE-2014-4480	Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV ...
CVE-2014-4481	Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV ...
CVE-2014-4482	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4483	Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV bef...
CVE-2014-4484	FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows re...
CVE-2014-4485	Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2...
CVE-2014-4486	IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 ...
CVE-2014-4487	Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV be...
CVE-2014-4488	IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not...
CVE-2014-4489	IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not...
CVE-2014-4490	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4491	The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV ...
CVE-2014-4492	libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not ...	E
CVE-2014-4493	The app-installation functionality in MobileInstallation in Apple iOS before 8.1.3 allows attackers ...
CVE-2014-4494	Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether...
CVE-2014-4495	The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not ...
CVE-2014-4496	The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 do...
CVE-2014-4497	Integer signedness error in IOBluetoothFamily in the Bluetooth implementation in Apple OS X before 1...
CVE-2014-4498	The CPU Software in Apple OS X before 10.10.2 allows physically proximate attackers to modify firmwa...
CVE-2014-4499	The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credenti...
CVE-2014-4501	Multiple stack-based buffer overflows in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner be...	E S
CVE-2014-4502	Multiple heap-based buffer overflows in the parse_notify function in sgminer before 4.2.2, cgminer b...	E S
CVE-2014-4503	The parse_notify function in util.c in sgminer before 4.2.2 and cgminer 3.3.0 through 4.0.1 allows m...	E S
CVE-2014-4505	Cross-site scripting (XSS) vulnerability in the Easy Breadcrumb module 7.x-2.x before 7.x-2.10 for D...	S
CVE-2014-4506	Cross-site scripting (XSS) vulnerability in the Custom Meta module 6.x-1.x before 6.x-1.2 and 7.x-1....	S
CVE-2014-4507	Directory traversal vulnerability in Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allo...	S
CVE-2014-4508	arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall ...
CVE-2014-4509	The MKDQUOTESAFE function in the Fan-out driver scripts in Fan-Out Platform Services in Novell Ident...	S
CVE-2014-4510	Cross-site scripting (XSS) vulnerability in job.cc in apt-cacher-ng 0.7.26 allows remote attackers t...	E
CVE-2014-4511	Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters ...	E
CVE-2014-4513	Multiple cross-site scripting (XSS) vulnerabilities in server/offline.php in the ActiveHelper LiveHe...	E S
CVE-2014-4514	Cross-site scripting (XSS) vulnerability in includes/api_tenpay/inc.tenpay_notify.php in the Alipay ...	E S
CVE-2014-4515	Cross-site scripting (XSS) vulnerability in mce_anyfont/dialog.php in the AnyFont plugin 2.2.3 and e...	E
CVE-2014-4516	Cross-site scripting (XSS) vulnerability in bicm-carousel-preview.php in the BIC Media Widget plugin...	E
CVE-2014-4517	Cross-site scripting (XSS) vulnerability in getNetworkSites.php in the CBI Referral Manager plugin 1...	E
CVE-2014-4518	Cross-site scripting (XSS) vulnerability in xd_resize.php in the Contact Form by ContactMe.com plugi...	E
CVE-2014-4519	Cross-site scripting (XSS) vulnerability in the Conversador plugin 2.61 and earlier for WordPress al...	E
CVE-2014-4520	Cross-site scripting (XSS) vulnerability in phprack.php in the DMCA WaterMarker plugin before 1.1 fo...	E S
CVE-2014-4521	Cross-site scripting (XSS) vulnerability in client-assist.php in the dsIDXpress IDX plugin before 2....	E S
CVE-2014-4522	Cross-site scripting (XSS) vulnerability in client-assist.php in the dsSearchAgent: WordPress Editio...	E
CVE-2014-4523	Cross-site scripting (XSS) vulnerability in the Easy Career Openings plugin 0.4 and earlier for Word...	E
CVE-2014-4524	Cross-site scripting (XSS) vulnerability in classes/custom-image/media.php in the WP Easy Post Types...	E S
CVE-2014-4525	Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in the Ebay Feeds for...	E
CVE-2014-4526	Multiple cross-site scripting (XSS) vulnerabilities in callback.php in the efence plugin 1.3.2 and e...	E
CVE-2014-4527	Multiple cross-site scripting (XSS) vulnerabilities in paginas/vista-previa-form.php in the EnvialoS...	E
CVE-2014-4528	Multiple cross-site scripting (XSS) vulnerabilities in admin/swarm-settings.php in the Bugs Go Viral...	E
CVE-2014-4529	Cross-site scripting (XSS) vulnerability in fpg_preview.php in the Flash Photo Gallery plugin 0.7 an...	E
CVE-2014-4530	flog plugin 0.1 for WordPress has XSS...	E
CVE-2014-4531	Cross-site scripting (XSS) vulnerability in main_page.php in the Game tabs plugin 0.4.0 and earlier ...	E
CVE-2014-4532	Cross-site scripting (XSS) vulnerability in templates/printAdminUsersList_Footer.tpl.php in the Gara...	E S
CVE-2014-4533	Cross-site scripting (XSS) vulnerability in ajax_functions.php in the GEO Redirector plugin 1.0.1 an...	E
CVE-2014-4534	Multiple cross-site scripting (XSS) vulnerabilities in videoplayer/autoplay.php in the HTML5 Video P...	E
CVE-2014-4535	Cross-site scripting (XSS) vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordP...	E
CVE-2014-4536	Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_test_ContactService_pauseCampai...	E
CVE-2014-4537	Cross-site scripting (XSS) vulnerability in inpage.tpl.php in the Keyword Strategy Internal Links pl...	E
CVE-2014-4538	Cross-site scripting (XSS) vulnerability in process.php in the Malware Finder plugin 1.1 and earlier...	E
CVE-2014-4539	Cross-site scripting (XSS) vulnerability in the Movies plugin 0.6 and earlier for WordPress allows r...	E
CVE-2014-4540	Cross-site scripting (XSS) vulnerability in oleggo-twitter/twitter_login_form.php in the Oleggo Live...	E
CVE-2014-4541	Cross-site scripting (XSS) vulnerability in shortcode-generator/preview-shortcode-external.php in th...	E
CVE-2014-4542	Cross-site scripting (XSS) vulnerability in redirect.php in the Ooorl plugin for WordPress allows re...	E
CVE-2014-4543	Multiple cross-site scripting (XSS) vulnerabilities in payper/payper.php in the Pay Per Media Player...	E
CVE-2014-4544	Cross-site scripting (XSS) vulnerability in the Podcast Channels plugin 0.20 and earlier for WordPre...
CVE-2014-4545	Multiple cross-site scripting (XSS) vulnerabilities in pq_dialog.php in the Pro Quoter plugin 1.0 an...	E
CVE-2014-4546	Cross-site scripting (XSS) vulnerability in book_ajax.php in the Rezgo plugin 1.4.2 and earlier for ...	E
CVE-2014-4547	Multiple cross-site scripting (XSS) vulnerabilities in templates/default/index_ajax.php in the Rezgo...	E
CVE-2014-4548	Cross-site scripting (XSS) vulnerability in tinymce/popup.php in the Ruven Toolkit plugin 1.1 and ea...	E
CVE-2014-4549	Multiple cross-site scripting (XSS) vulnerabilities in pages/3DComplete.php in the WooCommerce SageP...	E S
CVE-2014-4550	Cross-site scripting (XSS) vulnerability in preview-shortcode-external.php in the Shortcode Ninja pl...	E
CVE-2014-4551	Cross-site scripting (XSS) vulnerability in diagnostics/test.php in the Social Connect plugin 1.0.4 ...	E
CVE-2014-4552	Cross-site scripting (XSS) vulnerability in library/includes/payment/paypalexpress/DoDirectPayment.p...	E
CVE-2014-4553	Cross-site Scripting (XSS) in the spreadshirt-rss-3d-cube-flash-gallery plugin 2014 for WordPress al...	E
CVE-2014-4554	Cross-site scripting (XSS) vulnerability in templates/download.php in the SS Downloads plugin before...	E S
CVE-2014-4555	Cross-site scripting (XSS) vulnerability in fonts/font-form.php in the Style It plugin 1.0 and earli...	E
CVE-2014-4556	Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for eShop plugin 3...	E
CVE-2014-4557	Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for Jigoshop (swip...	E
CVE-2014-4558	Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce pl...	E
CVE-2014-4559	Multiple cross-site scripting (XSS) vulnerabilities in test-plugin.php in the Swipe Checkout for WP ...	E
CVE-2014-4560	Cross-site scripting (XSS) vulnerability in includes/getTipo.php in the ToolPage plugin 1.6.1 and ea...	E
CVE-2014-4561	The ultimate-weather plugin 1.0 for WordPress has XSS...	E
CVE-2014-4563	Cross-site scripting (XSS) vulnerability in go.php in the URL Cloak & Encrypt (url-cloak-encrypt) pl...	E
CVE-2014-4564	Cross-site scripting (XSS) vulnerability in check.php in the Validated plugin 1.0.2 and earlier for ...	E
CVE-2014-4565	Multiple cross-site scripting (XSS) vulnerabilities in vcc.js.php in the Verification Code for Comme...	E
CVE-2014-4566	Cross-site scripting (XSS) vulnerability in res/fake_twitter/frame.php in the "verwei.se - WordPress...	E
CVE-2014-4567	Cross-site scripting (XSS) vulnerability in comments/videowhisper2/r_logout.php in the Video Comment...	E S
CVE-2014-4568	Cross-site scripting (XSS) vulnerability in posts/videowhisper/r_logout.php in the Video Posts Webca...	E
CVE-2014-4569	Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the VideoWhisper Live Streaming Integ...	E S
CVE-2014-4570	Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Video Presentation plugin be...	E
CVE-2014-4571	Multiple cross-site scripting (XSS) vulnerabilities in vncal.js.php in the VN-Calendar plugin 1.0 an...	E
CVE-2014-4572	Cross-site scripting (XSS) vulnerability in bvc.php in the Votecount for Balatarin plugin 0.1.1 and ...	E
CVE-2014-4573	Multiple cross-site scripting (XSS) vulnerabilities in frame-maker.php in the Walk Score plugin 0.5....	E
CVE-2014-4574	Cross-site scripting (XSS) vulnerability in resize.php in the WebEngage plugin before 2.0.1 for Word...	E S
CVE-2014-4575	Cross-site scripting (XSS) vulnerability in js/window.php in the Wikipop plugin 2.0 and earlier for ...	E
CVE-2014-4576	Cross-site scripting (XSS) vulnerability in services/diagnostics.php in the WordPress Social Login p...	E
CVE-2014-4577	Absolute path traversal vulnerability in reviews.php in the WP AmASIN - The Amazon Affiliate Shop pl...	E
CVE-2014-4578	Cross-site scripting (XSS) vulnerability in asset-studio/icons-launcher.php in the WP App Maker plug...	E
CVE-2014-4579	Cross-site scripting (XSS) vulnerability in js/test.php in the Appointments Scheduler plugin 1.5 and...	E
CVE-2014-4580	Cross-site scripting (XSS) vulnerability in blipbot.ajax.php in the WP BlipBot plugin 3.0.9 and earl...	E
CVE-2014-4581	Cross-site scripting (XSS) vulnerability in facture.php in the WPCB plugin 2.4.8 and earlier for Wor...	E
CVE-2014-4582	Cross-site scripting (XSS) vulnerability in admin/admin_show_dialogs.php in the WP Consultant plugin...	E
CVE-2014-4583	Multiple cross-site scripting (XSS) vulnerabilities in forms/messages.php in the WP-Contact (wp-cont...	E
CVE-2014-4584	Cross-site scripting (XSS) vulnerability in admin/editFacility.php in the wp-easybooking plugin 1.0....	E
CVE-2014-4585	Cross-site scripting (XSS) vulnerability in the WP-FaceThumb plugin possibly 1.0 and earlier for Wor...	E
CVE-2014-4586	Multiple cross-site scripting (XSS) vulnerabilities in the wp-football plugin 1.1 and earlier for Wo...	E
CVE-2014-4587	Multiple cross-site scripting (XSS) vulnerabilities in the WP GuestMap plugin 1.8 and earlier for Wo...	E
CVE-2014-4588	Cross-site scripting (XSS) vulnerability in tpls/editmedia.php in the Hot Files: File Sharing and Do...	E
CVE-2014-4589	Cross-site scripting (XSS) vulnerability in uploader.php in the WP Silverlight Media Player (wp-medi...	E
CVE-2014-4590	Cross-site scripting (XSS) vulnerability in get.php in the WP Microblogs plugin 0.4.0 and earlier fo...	E
CVE-2014-4591	Cross-site scripting (XSS) vulnerability in picasa_upload.php in the WP-Picasa-Image plugin 1.0 and ...	E
CVE-2014-4592	Cross-site scripting (XSS) vulnerability in rss.class/scripts/magpie_debug.php in the WP-Planet plug...	E
CVE-2014-4593	Cross-site scripting (XSS) vulnerability in wp-plugins-net/index.php in the WP Plugin Manager (wppm)...	E
CVE-2014-4594	Cross-site scripting (XSS) vulnerability in index.php in the WordPress Responsive Preview plugin bef...	E S
CVE-2014-4595	Multiple cross-site scripting (XSS) vulnerabilities in the WP RESTful plugin 0.1 and earlier for Wor...	E
CVE-2014-4596	Multiple cross-site scripting (XSS) vulnerabilities in js/button-snapapp.php in the SnapApp plugin 1...	E
CVE-2014-4597	Cross-site scripting (XSS) vulnerability in test.php in the WP Social Invitations plugin before 1.4....	E S
CVE-2014-4598	Cross-site scripting (XSS) vulnerability in wp-tmkm-amazon-search.php in the wp-tmkm-amazon plugin 1...	E
CVE-2014-4599	Multiple cross-site scripting (XSS) vulnerabilities in forms/search.php in the WP-Business Directory...	E
CVE-2014-4600	Multiple cross-site scripting (XSS) vulnerabilities in contact/edit.php in the WP Ultimate Email Mar...	E
CVE-2014-4601	Cross-site scripting (XSS) vulnerability in wu-ratepost.php in the Wu-Rating plugin 1.0 12319 and ea...	E
CVE-2014-4602	Multiple cross-site scripting (XSS) vulnerabilities in xencarousel-admin.js.php in the XEN Carousel ...	E
CVE-2014-4603	Multiple cross-site scripting (XSS) vulnerabilities in yupdates_application.php in the Yahoo! Update...	E
CVE-2014-4604	Cross-site scripting (XSS) vulnerability in settings/pwsettings.php in the Your Text Manager plugin ...	E
CVE-2014-4605	Cross-site scripting (XSS) vulnerability in cal/test.php in the ZdStatistics (zdstats) plugin 2.0.1 ...	E
CVE-2014-4606	Cross-site scripting (XSS) vulnerability in redirect_to_zeenshare.php in the ZeenShare plugin 1.0.1 ...	E
CVE-2014-4607	Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit p...	E
CVE-2014-4608	Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c ...	S
CVE-2014-4609	Integer overflow in the get_len function in libavutil/lzo.c in Libav before 0.8.13, 9.x before 9.14,...	E
CVE-2014-4610	Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1...	E S
CVE-2014-4611	Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in ...
CVE-2014-4612	Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Phot...	S
CVE-2014-4613	Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo before 2.6.2 a...	E
CVE-2014-4614	Multiple cross-site request forgery (CSRF) vulnerabilities in Piwigo before 2.6.2 allow remote attac...
CVE-2014-4615	The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before ...
CVE-2014-4616	Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simpl...	E S
CVE-2014-4617	The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows...
CVE-2014-4618	EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated ...
CVE-2014-4619	EMC RSA Identity Management and Governance (IMG) 6.5.x before 6.5.1 P11, 6.5.2 before P02HF01, and 6...
CVE-2014-4620	The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint an...
CVE-2014-4621	EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not prope...
CVE-2014-4622	EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not prope...
CVE-2014-4623	EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AV...
CVE-2014-4624	EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not r...
CVE-2014-4626	EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before...
CVE-2014-4627	SQL injection vulnerability in EMC RSA Web Threat Detection 4.x before 4.6.1.1 allows remote authent...
CVE-2014-4628	Cross-site scripting (XSS) vulnerability in EMC Isilon InsightIQ 2.x and 3.x before 3.1 allows remot...
CVE-2014-4629	EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19 allows remote authenti...
CVE-2014-4630	EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not e...
CVE-2014-4631	RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Chal...
CVE-2014-4632	VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy clien...
CVE-2014-4633	Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 allows re...
CVE-2014-4634	Unquoted Windows search path vulnerability in EMC Replication Manager through 5.5.2 and AppSync befo...
CVE-2014-4635	Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum Web Development Kit (WDK) befo...
CVE-2014-4636	Cross-site request forgery (CSRF) vulnerability in EMC Documentum Web Development Kit (WDK) before 6...
CVE-2014-4637	Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote att...
CVE-2014-4638	EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to conduct frame-injecti...
CVE-2014-4639	EMC Documentum Web Development Kit (WDK) before 6.8 does not properly generate random numbers for a ...
CVE-2014-4640	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in...	R
CVE-2014-4641	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in...	R
CVE-2014-4642	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in...	R
CVE-2014-4643	Multiple heap-based buffer overflows in the client in Core FTP LE 2.2 build 1798 allow remote FTP se...	E
CVE-2014-4644	SQL injection vulnerability in superlinks.php in the superlinks plugin 1.4-2 for Cacti allows remote...	E
CVE-2014-4645	Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link DSL-2760U-E1 allows remote attac...	E
CVE-2014-4646	Buffer overflow in the FPDFBookmark_GetTitle method in Foxit PDF SDK DLL before 3.1.1.5005 allows co...
CVE-2014-4647	Stack-based buffer overflow in the loadExtensionFactory method in the TSVisualization ActiveX contro...
CVE-2014-4648	Unspecified vulnerability in Piwigo before 2.6.3 has unknown impact and attack vectors, related to a...
CVE-2014-4649	SQL injection vulnerability in the photo-edit subsystem in Piwigo 2.6.x and 2.7.x before 2.7.0beta2 ...
CVE-2014-4650	The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encodi...	E S
CVE-2014-4651	It was found that the jclouds scriptbuilder Statements class wrote a temporary file to a predictable...	E S
CVE-2014-4652	Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/...	S
CVE-2014-4653	sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not e...	S
CVE-2014-4654	The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linu...	S
CVE-2014-4655	The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linu...	S
CVE-2014-4656	Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux k...	S
CVE-2014-4657	The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which all...
CVE-2014-4658	The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification o...
CVE-2014-4659	Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain...
CVE-2014-4660	Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb li...	S
CVE-2014-4661	Cross-site scripting (XSS) vulnerability in HP Records Manager before 7.3.5 and 8.x before 8.1 Patch...
CVE-2014-4663	TimThumb 2.8.13 and WordThumb 1.07, when Webshot (aka Webshots) is enabled, allows remote attackers ...	E
CVE-2014-4664	Cross-site scripting (XSS) vulnerability in the Wordfence Security plugin before 5.1.4 for WordPress...	E S
CVE-2014-4667	The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does no...	S
CVE-2014-4668	The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when...
CVE-2014-4669	HP Enterprise Maps 1.00 allows remote authenticated users to read arbitrary files via a WSDL documen...	E
CVE-2014-4670	Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allo...
CVE-2014-4671	Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2....	E
CVE-2014-4672	The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP ...
CVE-2014-4677	The installPackage function in the installerHelper subcomponent in Libmacgpg in GPG Suite before 201...	E
CVE-2014-4678	The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which all...	S
CVE-2014-4682	The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, all...
CVE-2014-4683	The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, all...
CVE-2014-4684	The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows ...
CVE-2014-4685	Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain pri...
CVE-2014-4686	The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and othe...
CVE-2014-4687	Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.1.4 allow remote attackers t...
CVE-2014-4688	pfSense before 2.1.4 allows remote authenticated users to execute arbitrary commands via (1) the hos...	E
CVE-2014-4689	Absolute path traversal vulnerability in pkg_edit.php in pfSense before 2.1.4 allows remote attacker...
CVE-2014-4690	Multiple directory traversal vulnerabilities in pfSense before 2.1.4 allow (1) remote attackers to r...
CVE-2014-4691	Session fixation vulnerability in pfSense before 2.1.4 allows remote attackers to hijack web session...
CVE-2014-4692	pfSense before 2.1.4, when HTTP is used, does not include the HTTPOnly flag in a Set-Cookie header f...
CVE-2014-4693	Multiple cross-site scripting (XSS) vulnerabilities in the Snort package before 3.0.13 for pfSense t...
CVE-2014-4694	Multiple cross-site scripting (XSS) vulnerabilities in suricata_select_alias.php in the Suricata pac...
CVE-2014-4695	Multiple open redirect vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 ...
CVE-2014-4696	Multiple open redirect vulnerabilities in the Suricata package before 1.0.6 for pfSense through 2.1....
CVE-2014-4698	Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allow...
CVE-2014-4699	The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical...	E S
CVE-2014-4700	Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDeskto...	S
CVE-2014-4701	The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive informat...	E S
CVE-2014-4702	The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive informat...	S
CVE-2014-4703	lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a sym...	E S
CVE-2014-4705	Multiple heap-based buffer overflows in the eSap software platform in Huawei Campus S9300, S7700, S9...
CVE-2014-4706	Huawei Campus S3700HI with software V200R001C00SPC300; Campus S5700 with software V200R002C00SPC100;...
CVE-2014-4707	Huawei Campus S7700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300; S9300 wit...
CVE-2014-4710	Cross-site scripting (XSS) vulnerability in zero_user_account.php in ZeroCMS 1.0 allows remote attac...	E
CVE-2014-4714	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4715	Yann Collet LZ4 before r119, when used on certain 32-bit platforms that allocate memory beyond 0x800...
CVE-2014-4716	Cross-site request forgery (CSRF) vulnerability in Thomson TWG87OUIR allows remote attackers to hija...	E
CVE-2014-4717	Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin ...	E S
CVE-2014-4718	Multiple cross-site request forgery (CSRF) vulnerabilities in Lunar CMS before 3.3-3 allow remote at...	E S
CVE-2014-4719	Cross-site scripting (XSS) vulnerability in the login panel (svn/login/) in User-Friendly SVN (aka U...	E
CVE-2014-4720	Email::Address module before 1.904 for Perl uses an inefficient regular expression, which allows rem...
CVE-2014-4721	The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does ...	E
CVE-2014-4722	Multiple cross-site scripting (XSS) vulnerabilities in the OCS Reports Web Interface in OCS Inventor...
CVE-2014-4723	Cross-site scripting (XSS) vulnerability in the Easy Banners plugin 1.4 for WordPress allows remote ...	E
CVE-2014-4724	Cross-site scripting (XSS) vulnerability in the Custom Banners plugin 1.2.2.2 for WordPress allows r...	E
CVE-2014-4725	The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attack...	E S
CVE-2014-4726	Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for W...	S
CVE-2014-4727	Cross-site scripting (XSS) vulnerability in the DHCP clients page in the TP-LINK N750 Wireless Dual ...	E
CVE-2014-4728	The web server in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware befo...	E
CVE-2014-4734	Cross-site scripting (XSS) vulnerability in e107_admin/db.php in e107 2.0 alpha2 and earlier allows ...	E
CVE-2014-4735	Cross-site scripting (XSS) vulnerability in MyWebSQL 3.4 and earlier allows remote attackers to inje...	E
CVE-2014-4736	SQL injection vulnerability in E2 before 2.4 (2845) allows remote attackers to execute arbitrary SQL...	E
CVE-2014-4737	Cross-site scripting (XSS) vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to ...	E S
CVE-2014-4738	Multiple cross-site scripting (XSS) vulnerabilities in FortiGuard FortiWeb 5.0.x, 5.1.x, and 5.2.x b...
CVE-2014-4740	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-4907, CVE-2014-4908. Reaso...	R
CVE-2014-4741	SQL injection vulnerability in demo/ads.php in Artifectx xClassified 1.2 allows remote attackers to ...	E
CVE-2014-4742	Cross-site scripting (XSS) vulnerability in system/class_link.php in the System module (module_syste...	E S
CVE-2014-4743	Multiple cross-site scripting (XSS) vulnerabilities in (1) search_ajax.tpl and (2) search_ajax_small...	E S
CVE-2014-4744	Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers ...	E S
CVE-2014-4746	IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF13 and 8.5.0 through CF01 provides different error codes...	S
CVE-2014-4747	The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows physically proximate attackers...
CVE-2014-4748	Cross-site scripting (XSS) vulnerability in the Classic Meeting Server in IBM Sametime 8.x through 8...
CVE-2014-4749	IBM PowerVC 1.2.0 before FixPack3 does not properly use the known_hosts file, which allows man-in-th...
CVE-2014-4750	IBM PowerVC Express Edition 1.2.0 before FixPack3 establishes an FTP session for transferring files ...
CVE-2014-4751	Cross-site scripting (XSS) vulnerability in IBM Security Access Manager for Mobile 8.0.0.0, 8.0.0.1,...	S
CVE-2014-4752	IBM System Networking G8052, G8124, G8124-E, G8124-ER, G8264, G8316, and G8264-T switches before 7.9...
CVE-2014-4756	The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4...	S
CVE-2014-4757	The Outlook Extension in IBM Content Collector 4.0.0.x before 4.0.0.0-ICC-OE-IF004 allows local user...	S
CVE-2014-4758	IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.x allow re...	S
CVE-2014-4759	An unspecified Ajax service in the Content Management toolkit in IBM Business Process Manager (BPM) ...	S
CVE-2014-4760	Open redirect vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6....	S
CVE-2014-4761	IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF2...	S
CVE-2014-4762	Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF13 and 8.5....	S
CVE-2014-4763	Cross-site scripting (XSS) vulnerability in Content Navigator in Content Engine in IBM FileNet Conte...
CVE-2014-4764	IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.3, when Load Bal...
CVE-2014-4765	IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7....	S
CVE-2014-4766	IBM Sametime Classic Meeting Server 8.0.x and 8.5.x allows remote attackers to obtain sensitive info...
CVE-2014-4767	IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.3 does not properly use th...
CVE-2014-4768	IBM Unified Extensible Firmware Interface (UEFI) on Flex System x880 X6, System x3850 X6, and System...
CVE-2014-4769	IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 allows remote authenticated user...
CVE-2014-4770	Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.x through 6.1.0...	S
CVE-2014-4771	IBM WebSphere MQ 7.0.1 before 7.0.1.13, 7.1 before 7.1.0.6, 7.5 before 7.5.0.5, and 8 before 8.0.0.1...	S
CVE-2014-4774	Cross-site request forgery (CSRF) vulnerability in the login page in IBM License Metric Tool 9 befor...
CVE-2014-4775	IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1-FP11 and 11.x before ...	S
CVE-2014-4776	IBM License Metric Tool 9 before 9.1.0.2 does not have an off autocomplete attribute for authenticat...	S
CVE-2014-4778	IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1...
CVE-2014-4781	The alert module in IBM InfoSphere BigInsights 2.1.2 and 3.x before 3.0.0.2 allows remote attackers ...	S
CVE-2014-4782	IBM InfoSphere BigInsights 2.1.2 allows remote authenticated users to discover SMTP server credentia...	S
CVE-2014-4783	Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.0...	S
CVE-2014-4784	IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.0930...	S
CVE-2014-4785	Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.0...	S
CVE-2014-4786	IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.0930...	S
CVE-2014-4787	Cross-site scripting (XSS) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, ...	S
CVE-2014-4788	IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.0930...	S
CVE-2014-4789	Session fixation vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before...	S
CVE-2014-4790	IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0...	S
CVE-2014-4792	IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 C...	S
CVE-2014-4793	IBM WebSphere MQ 8.x before 8.0.0.1 does not properly enforce CHLAUTH rules for blocking client conn...	S
CVE-2014-4801	Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x through 2.0.1.1, 3.x be...	S
CVE-2014-4802	The Saved Search Admin component in the Process Admin Console in IBM Business Process Manager (BPM) ...	S
CVE-2014-4803	CRLF injection vulnerability in the Universal Access implementation in IBM Curam Social Program Mana...
CVE-2014-4804	Curam Universal Access in IBM Curam Social Program Management 5.2 before SP6 EP6, 6.0 SP2 before EP2...	S
CVE-2014-4805	IBM DB2 10.5 before FP4 on Linux and AIX creates temporary files during CDE table LOAD operations, w...	S
CVE-2014-4806	The installation process in IBM Security AppScan Enterprise 8.x before 8.6.0.2 iFix 003, 8.7.x befor...
CVE-2014-4807	Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 9.3.0 before FP8 allows remo...
CVE-2014-4808	Unspecified vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...	S
CVE-2014-4809	The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x...	S
CVE-2014-4810	IBM Cognos Mobile 10.1.1 before FP3 IF1, 10.2.0 before FP2 IF1, and 10.2.1 before FP4 IF1 preserves ...	S
CVE-2014-4811	IBM Storwize 3500, 3700, 5000, and 7000 devices and SAN Volume Controller 6.x and 7.x before 7.2.0.8...	S
CVE-2014-4812	The installer in IBM Security AppScan Source 8.x and 9.x through 9.0.1 has an open network port for ...
CVE-2014-4813	Race condition in the client in IBM Tivoli Storage Manager (TSM) 5.4.0.0 through 5.4.3.6, 5.5.0.0 th...	S
CVE-2014-4814	IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF2...	S
CVE-2014-4815	Session fixation vulnerability in IBM Rational Lifecycle Integration Adapter for Windchill 1.x befor...
CVE-2014-4816	Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Appli...	S
CVE-2014-4817	The server in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.3.5.10 and 7.x before 7.1.1.100 ...
CVE-2014-4818	dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4.x, 5.5.x, 6.x before 6.4.3, and 7.1.x b...
CVE-2014-4819	The web user interface in IBM WebSphere Message Broker 8.0 before 8.0.0.6 and IBM Integration Bus 9....
CVE-2014-4820	Cross-site scripting (XSS) vulnerability in IBM Integration Bus Manufacturing Pack 1.x before 1.0.0....
CVE-2014-4821	IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF2...	S
CVE-2014-4822	IBM WebSphere MQ classes for Java libraries 8.0 before 8.0.0.1 and Websphere MQ Explorer 7.5 before ...
CVE-2014-4823	The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 an...	S
CVE-2014-4824	SQL injection vulnerability in IBM Security QRadar SIEM 7.2 before 7.2.3 Patch 1 allows remote authe...	S
CVE-2014-4825	IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not properly implement secure connecti...
CVE-2014-4826	IBM Security QRadar SIEM 7.2 before 7.2.3 Patch 1 does not properly handle SSH connections, which al...	S
CVE-2014-4827	Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2...
CVE-2014-4828	IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote attackers to conduct clickjac...
CVE-2014-4829	Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM and QRadar Risk Manager ...	S
CVE-2014-4830	IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not include the HTTPOnly flag in a Set...
CVE-2014-4831	IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1...	S
CVE-2014-4832	IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1...	S
CVE-2014-4833	IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote authenticated users to gain p...
CVE-2014-4834	IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 does not properly detect recursi...
CVE-2014-4835	IBM ServerGuide before 9.63, UpdateXpress System Packs Installer (UXSPI) before 9.63, and ToolsCente...
CVE-2014-4836	Cross-site scripting (XSS) vulnerability in breakOutWithName.jsp in IBM TRIRIGA Application Platform...
CVE-2014-4837	Cross-site scripting (XSS) vulnerability in NewDocument.jsp in IBM TRIRIGA Application Platform 3.2 ...
CVE-2014-4838	Cross-site scripting (XSS) vulnerability in GanttProjectSchedulerPopup.jsp in IBM TRIRIGA Applicatio...
CVE-2014-4839	Cross-site request forgery (CSRF) vulnerability in birtviewer.query in IBM TRIRIGA Application Platf...
CVE-2014-4840	IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3....
CVE-2014-4843	Curam Universal Access in IBM Curam Social Program Management (SPM) 6.0 SP2 before EP26, 6.0.4 befor...
CVE-2014-4844	The import/export functionality in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x t...
CVE-2014-4845	Cross-site scripting (XSS) vulnerability in the BannerMan plugin 0.2.4 for WordPress allows remote a...	E
CVE-2014-4846	Cross-site scripting (XSS) vulnerability in the Meta Slider (ml-slider) plugin 2.5 for WordPress all...	E
CVE-2014-4847	Cross-site scripting (XSS) vulnerability in the Random Banner plugin 1.1.2.1 for WordPress allows re...	E
CVE-2014-4848	Cross-site scripting (XSS) vulnerability in the Blogstand Banner (blogstand-smart-banner) plugin 1.0...	E
CVE-2014-4849	Multiple cross-site scripting (XSS) vulnerabilities in msg.php in FoeCMS allow remote attackers to i...	E
CVE-2014-4850	SQL injection vulnerability in index.php in FoeCMS allows remote attackers to execute arbitrary SQL ...	E
CVE-2014-4851	Open redirect vulnerability in msg.php in FoeCMS allows remote attackers to redirect users to arbitr...	E
CVE-2014-4852	SQL injection vulnerability in admin/uploads.php in The Digital Craft AtomCMS, possibly 2.0, allows ...	E
CVE-2014-4853	Cross-site scripting (XSS) vulnerability in odm-init.php in OpenDocMan before 1.2.7.3 allows remote ...	S
CVE-2014-4854	Cross-site scripting (XSS) vulnerability in the WP Construction Mode plugin 1.8 for WordPress allows...	E
CVE-2014-4855	Cross-site scripting (XSS) vulnerability in the Polylang plugin before 1.5.2 for WordPress allows re...	S
CVE-2014-4856	Cross-site scripting (XSS) vulnerability in the Polldaddy Polls & Ratings plugin before 2.0.25 for W...	S
CVE-2014-4857	Cross-site scripting (XSS) vulnerability in Gurock TestRail before 3.1.3 allows remote attackers to ...
CVE-2014-4858	Multiple SQL injection vulnerabilities in CWPLogin.aspx in Sabre AirCentre Crew products 2010.2.12.2...
CVE-2014-4859	Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the...
CVE-2014-4860	Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feat...
CVE-2014-4861	The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a ...
CVE-2014-4862	The Netmaster CBW700N cable modem with software 81.447.392110.729.024 has an SNMP community of publi...
CVE-2014-4863	The Arris Touchstone DG950A cable modem with software 7.10.131 has an SNMP community of public, whic...	E
CVE-2014-4864	The NETGEAR ProSafe Plus Configuration Utility creates configuration backup files containing clearte...
CVE-2014-4865	Cross-site request forgery (CSRF) vulnerability in gui/password-wadmin.apl in CacheGuard OS 5.7.7 al...
CVE-2014-4867	Cryoserver Security Appliance 7.3.x uses weak permissions for /etc/init.d/cryoserver, which allows l...
CVE-2014-4868	The management console on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows remote ...
CVE-2014-4869	The Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows attackers to obtain sensitive enc...
CVE-2014-4870	/opt/vyatta/bin/sudo-users/vyatta-clear-dhcp-lease.pl on the Brocade Vyatta 5400 vRouter 6.4R(x), 6....
CVE-2014-4871	Cross-site scripting (XSS) vulnerability in wlsecurity.html on NetCommWireless NB604N routers with f...
CVE-2014-4872	BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attac...
CVE-2014-4873	SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It! 11.3.0.355 allows remote aut...	E
CVE-2014-4874	BMC Track-It! 11.3.0.355 allows remote authenticated users to read arbitrary files by visiting the T...
CVE-2014-4875	CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a...
CVE-2014-4876	Toshiba 4690 Operating System 6 Release 3, when the ADXSITCF logical name is not properly restricted...
CVE-2014-4877	Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows rem...	E S
CVE-2014-4880	Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions...	E
CVE-2014-4881	The PartyTrack library for Android does not verify X.509 certificates from SSL servers, which allows...
CVE-2014-4882	Aptexx Resident Anywhere does not require authentication, which allows remote attackers to obtain se...
CVE-2014-4883	resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does n...	S
CVE-2014-4884	The Conrad Hotel (aka com.wConradHotel) application 0.1 for Android does not verify X.509 certificat...
CVE-2014-4885	The CPWORLD Close Protection World (aka com.tapatalk.closeprotectionworldcom) application 3.4.4 for ...
CVE-2014-4887	The Joint Radio Blues (aka com.nobexinc.wls_69685189.rc) application 3.2.3 for Android does not veri...
CVE-2014-4888	The BattleFriends at Sea GOLD (aka com.tequilamobile.warshipslivegold) application 1.1.0 for Android...
CVE-2014-4889	The Diabetic Diet Guide (aka com.wDiabeticDietGuide) application 2.1 for Android does not verify X.5...
CVE-2014-4890	The Nano Digest (aka com.magzter.nanodigest) application 3.0 for Android does not verify X.509 certi...
CVE-2014-4891	The CT iHub (aka com.concursive.ctihub) application 1 for Android does not verify X.509 certificates...
CVE-2014-4892	The uControl Smart Home Automation (aka de.ucontrol) application 1.2 for Android does not verify X.5...
CVE-2014-4894	The MyMetro (aka com.myrippleapps.mymetro) application 2.4.7 for Android does not verify X.509 certi...
CVE-2014-4895	The Herpin Time Radio (aka com.herpin.time.radio) application 2.0 for Android does not verify X.509 ...
CVE-2014-4896	The Parque Imperial (aka com.a792139893520606f84b2188a.a23428594a) application 1.02 for Android does...
CVE-2014-4897	The Touriosity Travelmag (aka com.magzter.touriositytravelmag) application 3.1 for Android does not ...
CVE-2014-4898	The Harivijay (aka com.upasanhar.marathi.harivijay) application 4.0 for Android does not verify X.50...
CVE-2014-4899	The Indian Cement Review (aka com.magzter.indiancementreview) application 3.01 for Android does not ...
CVE-2014-4900	The migme (aka com.projectgoth) application 4.03.002 for Android does not verify X.509 certificates ...
CVE-2014-4901	The Bond Trading (aka com.appmakr.app613309) application 197705 for Android does not verify X.509 ce...
CVE-2014-4903	The Kakao Bingo Garden (aka com.mocoga.bingogarden) application 1.0.14 for Android does not verify X...
CVE-2014-4904	The Crossmo Calendar (aka com.crossmo.calendar) application 1.7.1 for Android does not verify X.509 ...
CVE-2014-4905	The Clean Internet Browser (aka com.cleantab.browsesecure) application 1.36 for Android does not ver...
CVE-2014-4906	The Brisbane & Queensland Alert (aka com.queensland.alert) application 2.0 for Android does not veri...
CVE-2014-4907	Cross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP...	E S
CVE-2014-4908	Multiple cross-site scripting (XSS) vulnerabilities in PNP4Nagios through 0.6.22 allow remote attack...	E S
CVE-2014-4909	Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before...	E
CVE-2014-4910	Directory traversal vulnerability in tools/backlight_helper.c in X.Org xf86-video-intel 2.99.911 all...
CVE-2014-4911	The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 a...	S
CVE-2014-4912	An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation....	E
CVE-2014-4913	ZF2014-03 has a potential cross site scripting vector in multiple view helpers...
CVE-2014-4914	The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parenthe...
CVE-2014-4919	OXID eShop Professional Edition before 4.7.13 and 4.8.x before 4.8.7, Enterprise Edition before 5.0....	M
CVE-2014-4925	Cross-site scripting (XSS) vulnerability in Good for Enterprise for Android 2.8.0.398 and 1.9.0.40....
CVE-2014-4927	Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and ...	E
CVE-2014-4928	SQL injection vulnerability in Invision Power Board (aka IPB or IP.Board) before 3.4.6 allows remote...
CVE-2014-4929	Directory traversal vulnerability in the routing component in ownCloud Server before 5.0.17 and 6.0....
CVE-2014-4930	Multiple cross-site scripting (XSS) vulnerabilities in event/index2.do in ManageEngine EventLog Anal...
CVE-2014-4932	Cross-site scripting (XSS) vulnerability in the Wordfence Security plugin before 5.1.5 for WordPress...
CVE-2014-4936	The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes...	E
CVE-2014-4937	Directory traversal vulnerability in includes/bookx_export.php BookX plugin 1.7 for WordPress allows...	E
CVE-2014-4938	SQL injection vulnerability in the WP Rss Poster (wp-rss-poster) plugin 1.0.0 for WordPress allows r...	E
CVE-2014-4939	SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows...	E
CVE-2014-4940	Multiple directory traversal vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress a...	E S
CVE-2014-4941	Absolute path traversal vulnerability in Cross-RSS (wp-cross-rss) plugin 1.7 for WordPress allows re...	E
CVE-2014-4942	The EasyCart (wp-easycart) plugin before 2.0.6 for WordPress allows remote attackers to obtain confi...	E S
CVE-2014-4943	The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to...	E S
CVE-2014-4944	Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1....	E
CVE-2014-4945	Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1....
CVE-2014-4946	Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1....
CVE-2014-4947	Buffer overflow in the HVM graphics console support in Citrix XenServer 6.2 Service Pack 1 and earli...
CVE-2014-4948	Unspecified vulnerability in Citrix XenServer 6.2 Service Pack 1 and earlier allows attackers to cau...
CVE-2014-4949	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4950	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4951	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4952	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4953	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2014-4954	Cross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks function in libraries/stru...
CVE-2014-4955	Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_...
CVE-2014-4958	Cross-site scripting (XSS) vulnerability in Telerik UI for ASP.NET AJAX RadEditor control 2014.1.403...
CVE-2014-4959	DISPUTED SQL injection vulnerability in SQLiteDatabase.java in the SQLi Api in Android allows re...	E M
CVE-2014-4960	Multiple SQL injection vulnerabilities in models\gallery.php in Youtube Gallery (com_youtubegallery)...	E
CVE-2014-4962	Shopizer 1.1.5 and earlier allows remote attackers to reduce the total cost of their shopping cart v...	E
CVE-2014-4963	Shopizer 1.1.5 and earlier allows remote attackers to modify the account settings of arbitrary users...
CVE-2014-4964	Multiple cross-site request forgery (CSRF) vulnerabilities in Shopizer 1.1.5 and earlier allow remot...	E
CVE-2014-4965	Multiple cross-site scripting (XSS) vulnerabilities in Shopizer 1.1.5 and earlier allow remote attac...	E
CVE-2014-4966	Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not...	S
CVE-2014-4967	Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execut...	S
CVE-2014-4968	The WebView class and use of the WebView.addJavascriptInterface method in the Boat Browser applicati...	E
CVE-2014-4971	Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows l...	E
CVE-2014-4972	Unrestricted file upload vulnerability in the Gravity Upload Ajax plugin 1.1 and earlier for WordPre...	E
CVE-2014-4973	The ESET Personal Firewall NDIS filter (EpFwNdis.sys) driver in the Firewall Module Build 1183 (2014...	E
CVE-2014-4974	The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall modu...
CVE-2014-4975	Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2,...
CVE-2014-4976	Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to change user passwords via the...	E
CVE-2014-4977	Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticat...	E
CVE-2014-4978	The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to tru...	S
CVE-2014-4979	Apple QuickTime allows remote attackers to execute arbitrary code or cause a denial of service (memo...
CVE-2014-4980	The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows...	E
CVE-2014-4981	LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficien...
CVE-2014-4982	LPAR2RRD ≤ 4.53 and ≤ 3.5 has arbitrary command injection on the application server....
CVE-2014-4984	Déjà Vu Crescendo Sales CRM has remote SQL Injection...	E
CVE-2014-4986	Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4....
CVE-2014-4987	server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote auth...
CVE-2014-4991	(1) lib/dataset/database/mysql.rb and (2) lib/dataset/database/postgresql.rb in the codders-dataset ...	E
CVE-2014-4992	lib/cap-strap/helpers.rb in the cap-strap gem 0.1.5 for Ruby places credentials on the useradd comma...	E
CVE-2014-4993	(1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2) lib/backup/cli/utility.rb in...	E
CVE-2014-4994	lib/gyazo/client.rb in the gyazo gem 1.0.0 for Ruby allows local users to write to arbitrary files v...	E
CVE-2014-4995	Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local use...
CVE-2014-4996	lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arb...
CVE-2014-4997	lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command lin...	E
CVE-2014-4998	test/tc_database.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysq...	E
CVE-2014-4999	vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem 1.0.3.rc2 for Ruby places the ...	E