| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2014-9000 | Mule Enterprise Management Console (MMC) does not properly restrict access to handler/securityServic... | E | |
| CVE-2014-9001 | reminders/index.php in Incredible PBX 11 2.0.6.5.0 allows remote authenticated users to execute arbi... | E | |
| CVE-2014-9002 | Lantronix xPrintServer does not properly restrict access to ips/, which allows remote attackers to e... | E | |
| CVE-2014-9003 | Cross-site request forgery (CSRF) vulnerability in Lantronix xPrintServer allows remote attackers to... | E | |
| CVE-2014-9004 | Cross-site scripting (XSS) vulnerability in vldPersonals before 2.7.1 allows remote attackers to inj... | E | |
| CVE-2014-9005 | Multiple SQL injection vulnerabilities in vldPersonals before 2.7.1 allow remote attackers to execut... | E | |
| CVE-2014-9006 | Monstra 3.0.1 and earlier uses a cookie to track how many login attempts have been attempted, which ... | E | |
| CVE-2014-9013 | The ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin 2.4.0 for WordPres... | | |
| CVE-2014-9014 | Directory traversal vulnerability in the ajaxinit function in wpmarketplace/libs/cart.php in the WP ... | E | |
| CVE-2014-9015 | Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to hijack sessions via a crafted ... | | |
| CVE-2014-9016 | The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) modul... | S | |
| CVE-2014-9017 | Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 (build 23338) allows remote authent... | E | |
| CVE-2014-9018 | Icecast before 2.4.1 transmits the output of the on-connect script, which might allow remote attacke... | E | |
| CVE-2014-9019 | Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attacker... | E | |
| CVE-2014-9020 | Cross-site scripting (XSS) vulnerability in the Quick Stats page (psilan.cgi) in ZTE ZXDSL 831 and 8... | E | |
| CVE-2014-9021 | Multiple cross-site scripting (XSS) vulnerabilities in ZTE ZXDSL 831 allow remote attackers to injec... | E | |
| CVE-2014-9022 | The Webform Component Roles module 6.x-1.x before 6.x-1.8 and 7.x-1.x before 7.x-1.8 for Drupal allo... | S | |
| CVE-2014-9023 | The Twilio module 7.x-1.x before 7.x-1.9 for Drupal does not properly restrict access to the Twilio ... | | |
| CVE-2014-9024 | The Protected Pages module 7.x-2.x before 7.x-2.4 for Drupal allows remote attackers to bypass the p... | S | |
| CVE-2014-9025 | The default checkout completion rule in the commerce_order module in the Drupal Commerce module 7.x-... | | |
| CVE-2014-9026 | The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order h... | S | |
| CVE-2014-9027 | Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attacker... | E | |
| CVE-2014-9028 | Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to ex... | | |
| CVE-2014-9029 | Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions ... | | |
| CVE-2014-9030 | The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page... | S | |
| CVE-2014-9031 | Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.... | S | |
| CVE-2014-9032 | Cross-site scripting (XSS) vulnerability in the media-playlists feature in WordPress before 3.9.x be... | S | |
| CVE-2014-9033 | Cross-site request forgery (CSRF) vulnerability in wp-login.php in WordPress 3.7.4, 3.8.4, 3.9.2, an... | S | |
| CVE-2014-9034 | wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and ... | S | |
| CVE-2014-9035 | Cross-site scripting (XSS) vulnerability in Press This in WordPress before 3.7.5, 3.8.x before 3.8.5... | S | |
| CVE-2014-9036 | Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before... | S | |
| CVE-2014-9037 | WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow rem... | S | |
| CVE-2014-9038 | wp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x befo... | S | |
| CVE-2014-9039 | wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1... | S | |
| CVE-2014-9041 | The import functionality in the bookmarks application in ownCloud server before 5.0.18, 6.x before 6... | | |
| CVE-2014-9042 | Cross-site scripting (XSS) vulnerability in the import functionality in the bookmarks application in... | | |
| CVE-2014-9043 | The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.... | | |
| CVE-2014-9044 | Asset Pipeline in ownCloud 7.x before 7.0.3 uses an MD5 hash of the absolute file paths of the origi... | | |
| CVE-2014-9045 | The FTP backend in user_external in ownCloud Server before 5.0.18 and 6.x before 6.0.6 allows remote... | | |
| CVE-2014-9046 | The OC_Util::getUrlContent function in ownCloud Server before 5.0.18, 6.x before 6.0.6, and 7.x befo... | | |
| CVE-2014-9047 | Multiple unspecified vulnerabilities in the preview system in ownCloud 6.x before 6.0.6 and 7.x befo... | | |
| CVE-2014-9048 | The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote att... | | |
| CVE-2014-9049 | The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote aut... | | |
| CVE-2014-9050 | Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.98.5 allo... | E S | |
| CVE-2014-9057 | SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.1... | | |
| CVE-2014-9059 | lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7... | S | |
| CVE-2014-9060 | The LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.... | | |
| CVE-2014-9065 | common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allo... | S | |
| CVE-2014-9066 | Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write l... | S | |
| CVE-2014-9087 | Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows ... | S | |
| CVE-2014-9089 | Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT before 1.2.18 allow remo... | E S | |
| CVE-2014-9090 | The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not ... | | |
| CVE-2014-9091 | Icecast before 2.4.0 does not change the supplementary group privileges when | E | |
| CVE-2014-9092 | libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafte... | S | |
| CVE-2014-9093 | LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operati... | | |
| CVE-2014-9094 | Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zo... | | |
| CVE-2014-9095 | Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4.2.1 allow remote attackers to... | E | |
| CVE-2014-9096 | Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0.1 and earlier allow remote at... | E | |
| CVE-2014-9097 | Multiple SQL injection vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) ... | E S | |
| CVE-2014-9098 | Multiple cross-site scripting (XSS) vulnerabilities in the Apptha WordPress Video Gallery (contus-vi... | E | |
| CVE-2014-9099 | Cross-site request forgery (CSRF) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress al... | E | |
| CVE-2014-9100 | Cross-site scripting (XSS) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows re... | E | |
| CVE-2014-9101 | Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall 1.7.0 (build 7907 and 7906) and... | E | |
| CVE-2014-9102 | Multiple SQL injection vulnerabilities in the Kunena component before 3.0.6 for Joomla! allow remote... | E | |
| CVE-2014-9103 | Multiple cross-site scripting (XSS) vulnerabilities in the Kunena component before 3.0.6 for Joomla!... | E S | |
| CVE-2014-9104 | Multiple cross-site request forgery (CSRF) vulnerabilities in the XML-RPC API in the Desktop Client ... | E | |
| CVE-2014-9112 | Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers ... | E | |
| CVE-2014-9113 | CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) 7.1 and earlier uses weak permission... | E | |
| CVE-2014-9114 | Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.... | S | |
| CVE-2014-9115 | SQL injection vulnerability in the rate_picture function in include/functions_rate.inc.php in Piwigo... | E S | |
| CVE-2014-9116 | The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the begi... | E | |
| CVE-2014-9117 | MantisBT before 1.2.18 uses the public_key parameter value as the key to the CAPTCHA answer, which a... | | |
| CVE-2014-9118 | The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to ex... | E | |
| CVE-2014-9119 | Directory traversal vulnerability in download.php in the DB Backup plugin 4.5 and earlier for Wordpr... | E | |
| CVE-2014-9120 | Cross-site scripting (XSS) vulnerability in Subrion CMS before 3.2.3 allows remote attackers to inje... | | |
| CVE-2014-9126 | Multiple cross-site scripting (XSS) vulnerabilities in Open-School Community Edition 2.2 allow remot... | E | |
| CVE-2014-9127 | Open-School Community Edition 2.2 does not properly restrict access to the export functionality, whi... | E | |
| CVE-2014-9129 | Cross-site request forgery (CSRF) vulnerability in the CreativeMinds CM Downloads Manager plugin bef... | E | |
| CVE-2014-9130 | scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, all... | E | |
| CVE-2014-9134 | Unrestricted file upload vulnerability in Huawei Honor Cube Wireless Router WS860s before V100R001C0... | | |
| CVE-2014-9135 | The PackageInstaller module in Huawei P7-L10 smartphones before V100R001C00B136 allows remote attack... | | |
| CVE-2014-9136 | Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remot... | | |
| CVE-2014-9137 | Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with softw... | | |
| CVE-2014-9140 | Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and earlier allows remote a... | E S | |
| CVE-2014-9141 | The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier uses weak permissions for connec... | E | |
| CVE-2014-9142 | Cross-site scripting (XSS) vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allow... | E | |
| CVE-2014-9143 | Open redirect vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote atta... | E | |
| CVE-2014-9144 | Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary comm... | E | |
| CVE-2014-9145 | Multiple SQL injection vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to execute arbitra... | E | |
| CVE-2014-9146 | Multiple cross-site scripting (XSS) vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to in... | E | |
| CVE-2014-9147 | Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive information via a direct request to the... | E | |
| CVE-2014-9148 | Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the (1) ... | E | |
| CVE-2014-9150 | Race condition in the MoveFileEx call hook feature in Adobe Reader and Acrobat 11.x before 11.0.09 o... | S | |
| CVE-2014-9151 | The Services module 7.x-3.x before 7.x-3.10 for Drupal does not properly limit the rate of authentic... | | |
| CVE-2014-9152 | The _user_resource_create function in the Services module 7.x-3.x before 7.x-3.10 for Drupal uses a ... | | |
| CVE-2014-9153 | Cross-site scripting (XSS) vulnerability in the Services module 7.x-3.x before 7.x-3.10 for Drupal a... | | |
| CVE-2014-9154 | The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or ... | S | |
| CVE-2014-9155 | Directory traversal vulnerability in the Avatar Uploader module 6.x-1.x before 6.x-1.2 and 7.x-1.x b... | S | |
| CVE-2014-9156 | The FileField module 6.x-3.x before 6.x-3.13 for Drupal does not properly check permissions to view ... | | |
| CVE-2014-9157 | Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote a... | E | |
| CVE-2014-9158 | Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attac... | | |
| CVE-2014-9159 | Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 o... | | |
| CVE-2014-9160 | Multiple heap-based buffer overflows in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before... | S | |
| CVE-2014-9161 | CoolType.dll in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows, and... | | |
| CVE-2014-9162 | Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and... | | |
| CVE-2014-9163 | Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.... | KEV | |
| CVE-2014-9164 | Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and... | | |
| CVE-2014-9165 | Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10... | | |
| CVE-2014-9166 | Adobe ColdFusion 10 before Update 15 and 11 before Update 3 allows attackers to cause a denial of se... | S | |
| CVE-2014-9167 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-9168 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-9169 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-9170 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-9171 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-9172 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-9173 | SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPres... | E | |
| CVE-2014-9174 | Cross-site scripting (XSS) vulnerability in the Google Analytics by Yoast (google-analytics-for-word... | | |
| CVE-2014-9175 | SQL injection vulnerability in wpdatatables.php in the wpDataTables plugin 1.5.3 and earlier for Wor... | E | |
| CVE-2014-9176 | Cross-site scripting (XSS) vulnerability in the InstaSqueeze Sexy Squeeze Pages plugin for WordPress... | E | |
| CVE-2014-9177 | The HTML5 MP3 Player with Playlist Free plugin before 2.7 for WordPress allows remote attackers to o... | E S | |
| CVE-2014-9178 | Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & ... | E | |
| CVE-2014-9179 | Cross-site scripting (XSS) vulnerability in the SupportEzzy Ticket System plugin 1.2.5 for WordPress... | E | |
| CVE-2014-9180 | Open redirect vulnerability in go.php in Eleanor CMS allows remote attackers to redirect users to ar... | E | |
| CVE-2014-9181 | Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attack... | E S | |
| CVE-2014-9182 | models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary heade... | E | |
| CVE-2014-9183 | ZTE ZXDSL 831CII has a default password of admin for the admin account, which allows remote attacker... | | |
| CVE-2014-9184 | ZTE ZXDSL 831CII allows remote attackers to bypass authentication via a direct request to (1) main.c... | E | |
| CVE-2014-9185 | Static code injection vulnerability in install.php in Morfy CMS 1.05 allows remote authenticated use... | E | |
| CVE-2014-9186 | A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before ... | | |
| CVE-2014-9187 | Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions pri... | M | |
| CVE-2014-9188 | Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 all... | S | |
| CVE-2014-9189 | Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versio... | M | |
| CVE-2014-9190 | Stack-based buffer overflow in Schneider Electric Wonderware InTouch Access Anywhere Server 10.6 and... | | |
| CVE-2014-9191 | The CodeWrights HART Device Type Manager (DTM) library in Emerson HART DTM before 1.4.181 allows phy... | | |
| CVE-2014-9192 | Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x... | | |
| CVE-2014-9193 | Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allows remote authenticated admins... | | |
| CVE-2014-9194 | Arbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption)... | | |
| CVE-2014-9195 | Phoenix Contact ProConOs and MultiProg do not require authentication, which allows remote attackers ... | E | |
| CVE-2014-9196 | Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 controls and Idea and IdeaPLU... | | |
| CVE-2014-9197 | The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.ja... | S | |
| CVE-2014-9198 | The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 ... | S | |
| CVE-2014-9199 | The Clorius Controls Java web client before 01.00.0009g allows remote attackers to discover credenti... | | |
| CVE-2014-9200 | Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electri... | | |
| CVE-2014-9201 | Beckwith Electric M-6200 Digital Voltage Regulator Control with firmware before D-0198V04.07.00, M-6... | | |
| CVE-2014-9202 | Multiple stack-based buffer overflows in an unspecified DLL file in Advantech WebAccess before 8.0_2... | | |
| CVE-2014-9203 | Buffer overflow in the Field Device Tool (FDT) Frame application in the HART Device Type Manager (DT... | | |
| CVE-2014-9204 | Stack-based buffer overflow in OPCTest.exe in Rockwell Automation RSLinx Classic before 3.73.00 allo... | | |
| CVE-2014-9205 | Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration applicati... | | |
| CVE-2014-9206 | Stack-based buffer overflow in Device Type Manager (DTM) 3.1.6 and earlier for Schneider Electric In... | | |
| CVE-2014-9207 | Untrusted search path vulnerability in CmnView.exe in CIMON CmnView 2.14.0.1 and 3.x before Ultimate... | | |
| CVE-2014-9208 | Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 a... | E | |
| CVE-2014-9209 | Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryT... | | |
| CVE-2014-9210 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-9211 | ClickDesk version 4.3 and below has persistent cross site scripting... | E | |
| CVE-2014-9212 | Multiple cross-site scripting (XSS) vulnerabilities in Altitude uAgent in Altitude uCI (Unified Cust... | E | |
| CVE-2014-9215 | SQL injection vulnerability in the CheckEmail function in includes/functions.class.php in PBBoard 3.... | E | |
| CVE-2014-9217 | Graylog2 before 0.92 allows remote attackers to bypass LDAP authentication via crafted wildcards.... | E S | |
| CVE-2014-9218 | libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x befor... | E | |
| CVE-2014-9219 | Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x b... | E | |
| CVE-2014-9220 | SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attac... | S | |
| CVE-2014-9221 | strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (in... | | |
| CVE-2014-9222 | AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and... | | |
| CVE-2014-9223 | Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other... | | |
| CVE-2014-9224 | Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in ... | | |
| CVE-2014-9225 | The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 thr... | | |
| CVE-2014-9226 | The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec D... | | |
| CVE-2014-9227 | Multiple untrusted search path vulnerabilities in the Manager component in Symantec Endpoint Protect... | | |
| CVE-2014-9228 | sysplant.sys in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allows loc... | | |
| CVE-2014-9229 | Multiple SQL injection vulnerabilities in interface PHP scripts in the Manager component in Symantec... | | |
| CVE-2014-9230 | Cross-site scripting (XSS) vulnerability in the administration console in the Enforce Server in Syma... | | |
| CVE-2014-9231 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-9232 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-9233 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-9234 | Directory traversal vulnerability in cgi-bin/sddownload.cgi in D-link IP camera DCS-2103 with firmwa... | E | |
| CVE-2014-9235 | Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allow r... | E | |
| CVE-2014-9236 | Cross-site scripting (XSS) vulnerability in php/edit_photos.php in Zoph (aka Zoph Organizes Photos) ... | E | |
| CVE-2014-9237 | SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote attackers to execute arbitrar... | E | |
| CVE-2014-9238 | D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to obtain the installation pat... | E | |
| CVE-2014-9239 | SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invi... | E S | |
| CVE-2014-9240 | SQL injection vulnerability in member.php in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allows re... | E S | |
| CVE-2014-9241 | Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2... | E S | |
| CVE-2014-9242 | SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers ... | E | |
| CVE-2014-9243 | Multiple cross-site scripting (XSS) vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to ... | E | |
| CVE-2014-9244 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-9245 | Zenoss Core through 5 Beta 3 allows remote attackers to obtain sensitive information by attempting a... | | |
| CVE-2014-9246 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9385, CVE-2014-9386. Reaso... | R | |
| CVE-2014-9247 | Zenoss Core through 5 Beta 3 allows remote authenticated users to obtain sensitive (1) user account,... | | |
| CVE-2014-9248 | Zenoss Core through 5 Beta 3 does not require complex passwords, which makes it easier for remote at... | | |
| CVE-2014-9249 | The default configuration of Zenoss Core before 5 allows remote attackers to read or modify database... | | |
| CVE-2014-9250 | Zenoss Core through 5 Beta 3 does not include the HTTPOnly flag in a Set-Cookie header for the authe... | | |
| CVE-2014-9251 | Zenoss Core through 5 Beta 3 uses a weak algorithm to hash passwords, which makes it easier for cont... | | |
| CVE-2014-9252 | Zenoss Core through 5 Beta 3 stores cleartext passwords in the session database, which might allow l... | | |
| CVE-2014-9253 | The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki bef... | S | |
| CVE-2014-9254 | bb_func_unsub.php in MiniBB 3.1 before 20141127 uses an incorrect regular expression, which allows r... | E | |
| CVE-2014-9258 | SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authent... | E S | |
| CVE-2014-9260 | The basic_settings function in the download manager plugin for WordPress before 2.7.3 allows remote ... | E | |
| CVE-2014-9261 | The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory travers... | E | |
| CVE-2014-9262 | The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and dow... | E | |
| CVE-2014-9263 | Multiple buffer overflows in the PocketNetNVRMediaClientAxCtrl.NVRMediaViewer.1 control in 3S Pocket... | | |
| CVE-2014-9264 | Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to... | | |
| CVE-2014-9265 | Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ActiveX control in Samsung Sma... | | |
| CVE-2014-9266 | The STWConfig ActiveX control in Samsung SmartViewer does not properly initialize a variable, which ... | | |
| CVE-2014-9267 | Heap-based buffer overflow in the PTC IsoView ActiveX control allows remote attackers to execute arb... | | |
| CVE-2014-9268 | The AdView.AdViewer.1 ActiveX control in Autodesk Design Review (ADR) before 2013 Hotfix 1 allows re... | S | |
| CVE-2014-9269 | Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 through 1.2.x before ... | | |
| CVE-2014-9270 | Cross-site scripting (XSS) vulnerability in the projax_array_serialize_for_autocomplete function in ... | | |
| CVE-2014-9271 | Cross-site scripting (XSS) vulnerability in file_download.php in MantisBT before 1.2.18 allows remot... | E S | |
| CVE-2014-9272 | The string_insert_href function in MantisBT 1.2.0a1 through 1.2.x before 1.2.18 does not properly va... | | |
| CVE-2014-9273 | lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges... | E S | |
| CVE-2014-9274 | UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary co... | E | |
| CVE-2014-9275 | UnRTF allows remote attackers to cause a denial of service (out-of-bounds memory access and crash) a... | | |
| CVE-2014-9276 | Cross-site request forgery (CSRF) vulnerability in the Special:ExpandedTemplates page in MediaWiki b... | S | |
| CVE-2014-9277 | The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.... | E S | |
| CVE-2014-9278 | The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos ... | | |
| CVE-2014-9279 | The print_test_result function in admin/upgrade_unattended.php in MantisBT 1.1.0a3 through 1.2.x bef... | | |
| CVE-2014-9280 | The current_user_get_bug_filter function in core/current_user_api.php in MantisBT before 1.2.18 allo... | E | |
| CVE-2014-9281 | Cross-site scripting (XSS) vulnerability in admin/copy_field.php in MantisBT before 1.2.18 allows re... | | |
| CVE-2014-9282 | Directory traversal vulnerability in the Speed Root Explorer application before 3.2 for Android and ... | | |
| CVE-2014-9283 | The BestWebSoft Captcha plugin before 4.0.7 for WordPress allows remote attackers to bypass the CAPT... | | |
| CVE-2014-9284 | The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, WHR-600D 1.60 and earlier, WH... | | |
| CVE-2014-9285 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-9286 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-9287 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-9288 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-9289 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-9290 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-9291 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-9292 | Server-side request forgery (SSRF) vulnerability in proxy.php in the jRSS Widget plugin 1.2 and earl... | E | |
| CVE-2014-9293 | The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, imprope... | E | |
| CVE-2014-9294 | util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier ... | E | |
| CVE-2014-9295 | Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute ... | E | |
| CVE-2014-9296 | The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting... | E | |
| CVE-2014-9297 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reaso... | R | |
| CVE-2014-9298 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reaso... | R | |
| CVE-2014-9299 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-8870. Reason: This candida... | R | |
| CVE-2014-9300 | Cross-site request forgery (CSRF) vulnerability in the cmisbrowser servlet in Content Management Int... | E | |
| CVE-2014-9301 | Server-side request forgery (SSRF) vulnerability in the proxy servlet in Alfresco Community Edition ... | E | |
| CVE-2014-9302 | Server-side request forgery (SSRF) vulnerability in the cmisbrowser servlet in Content Management In... | E | |
| CVE-2014-9303 | EntryPass N5200 Active Network Control Panel allows remote attackers to read device memory and obtai... | E | |
| CVE-2014-9304 | Plex Media Server before 0.9.9.3 allows remote attackers to bypass the web server whitelist, conduct... | E | |
| CVE-2014-9305 | SQL injection vulnerability in the shortcodeProductsTable function in models/Cart66Ajax.php in the C... | E S | |
| CVE-2014-9308 | Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the ... | E S | |
| CVE-2014-9310 | Cross-site scripting (XSS) vulnerability in the WordPress Backup to Dropbox plugin before 4.1 for Wo... | | |
| CVE-2014-9311 | Cross-site scripting (XSS) vulnerability in admin.php in the Shareaholic plugin before 7.6.1.0 for W... | E S | |
| CVE-2014-9312 | Unrestricted File Upload vulnerability in Photo Gallery 1.2.5.... | E | |
| CVE-2014-9316 | The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, ... | | |
| CVE-2014-9317 | The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, a... | | |
| CVE-2014-9318 | The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.... | | |
| CVE-2014-9319 | The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg before 2.1.6, 2.2.x through 2.... | | |
| CVE-2014-9320 | SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_T... | S | |
| CVE-2014-9322 | arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associa... | E S | |
| CVE-2014-9323 | The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote att... | E | |
| CVE-2014-9324 | The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.... | | |
| CVE-2014-9325 | Multiple cross-site scripting (XSS) vulnerabilities in TWiki 6.0.1 allow remote attackers to inject ... | E | |
| CVE-2014-9326 | The automatic signature update functionality in the (1) Phone Home feature in F5 BIG-IP LTM, AAM, AF... | | |
| CVE-2014-9328 | ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer f... | | |
| CVE-2014-9330 | Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows remote attackers to cause a de... | | |
| CVE-2014-9331 | Cross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine Desktop Central before 9 build ... | E S | |
| CVE-2014-9334 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Bird Feeder plugin 1.2.3 for WordP... | E | |
| CVE-2014-9335 | Multiple cross-site request forgery (CSRF) vulnerabilities in the DandyID Services plugin 1.5.9 and ... | E | |
| CVE-2014-9336 | Multiple cross-site request forgery (CSRF) vulnerabilities in the iTwitter plugin 0.04 and earlier f... | E | |
| CVE-2014-9337 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Mikiurl Wordpress Eklentisi plugin... | E | |
| CVE-2014-9338 | Multiple cross-site request forgery (CSRF) vulnerabilities in the O2Tweet plugin 0.0.4 and earlier f... | E | |
| CVE-2014-9339 | Multiple cross-site request forgery (CSRF) vulnerabilities in the SPNbabble plugin 1.4.1 and earlier... | E | |
| CVE-2014-9340 | Multiple cross-site request forgery (CSRF) vulnerabilities in the wpCommentTwit plugin 0.5 and earli... | E | |
| CVE-2014-9341 | Multiple cross-site request forgery (CSRF) vulnerabilities in the yURL ReTwitt plugin 1.4 and earlie... | E | |
| CVE-2014-9342 | Cross-site scripting (XSS) vulnerability in the tree view (pl_tree.php) feature in Application Secur... | | |
| CVE-2014-9343 | Open redirect vulnerability in modules/system/controller/selectlanguage.class.php in Snowfox CMS 1.0... | E | |
| CVE-2014-9344 | Cross-site request forgery (CSRF) vulnerability in Snowfox CMS before 1.0.10 allows remote attackers... | E S | |
| CVE-2014-9345 | SQL injection vulnerability in Guruperl.net Advertise With Pleasure! Professional (aka AWP PRO) 6.6 ... | E | |
| CVE-2014-9346 | Multiple cross-site scripting (XSS) vulnerabilities in the Hierarchical Select module 6.x-3.x before... | S | |
| CVE-2014-9347 | SQL injection vulnerability in dosearch.php in phpMyRecipes 1.2.2 allows remote attackers to execute... | E | |
| CVE-2014-9348 | SQL injection vulnerability in the formulaireRobot function in admin/robots.lib.php in RobotStats 1.... | E | |
| CVE-2014-9349 | Multiple cross-site scripting (XSS) vulnerabilities in admin/robots.lib.php in RobotStats 1.0 allow ... | E | |
| CVE-2014-9350 | TP-Link TL-WR740N 4 with firmware 3.17.0 Build 140520, 3.16.6 Build 130529, and 3.16.4 Build 130205 ... | E | |
| CVE-2014-9351 | engine/server/server.cpp in Teeworlds 0.6.x before 0.6.3 allows remote attackers to read memory and ... | S | |
| CVE-2014-9352 | Cross-site scripting (XSS) vulnerability in the mail administration login panel in Scalix Web Access... | | |
| CVE-2014-9353 | NetApp OnCommand Balance before 4.2P2 contains a "default privileged account," which allows remote a... | | |
| CVE-2014-9354 | NetApp OnCommand Balance before 4.2P3 allows local users to obtain sensitive information via unspeci... | | |
| CVE-2014-9355 | Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate... | | |
| CVE-2014-9356 | Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary fi... | | |
| CVE-2014-9357 | Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1... | | |
| CVE-2014-9358 | Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct p... | | |
| CVE-2014-9360 | XML external entity (XXE) vulnerability in Scalix Web Access 11.4.6.12377 and 12.2.0.14697 allows re... | | |
| CVE-2014-9361 | The LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal does not properly unset the authorized us... | S | |
| CVE-2014-9362 | Cross-site scripting (XSS) vulnerability in the path-based meta tag editing form in the Meta tags qu... | S | |
| CVE-2014-9363 | Open redirect vulnerability in the path-based meta tag editing form in the Meta tags quick module 7.... | S | |
| CVE-2014-9364 | Cross-site scripting (XSS) vulnerability in the Unified Login form in the LoginToboggan module 7.x-1... | S | |
| CVE-2014-9365 | The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython... | E | |
| CVE-2014-9367 | Incomplete blacklist vulnerability in the urlEncode function in lib/TWiki.pm in TWiki 6.0.0 and 6.0.... | E | |
| CVE-2014-9368 | Cross-site request forgery (CSRF) vulnerability in the twitterDash plugin 2.1 and earlier for WordPr... | E | |
| CVE-2014-9369 | Siemens SPC controllers SPC4000, SPC5000, and SPC6000 before 3.6.0 allow remote attackers to cause a... | | |
| CVE-2014-9371 | The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to exe... | | |
| CVE-2014-9372 | Directory traversal vulnerability in the UploadAccountActivities servlet in ManageEngine Password Ma... | | |
| CVE-2014-9373 | Directory traversal vulnerability in the CollectorConfInfoServlet servlet in ManageEngine NetFlow An... | | |
| CVE-2014-9374 | Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Sourc... | S | |
| CVE-2014-9375 | Directory traversal vulnerability in the LibraryFileUploadServlet servlet in Lexmark Markvision Ente... | | |
| CVE-2014-9376 | Integer underflow in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bou... | | |
| CVE-2014-9377 | Heap-based buffer overflow in the nbns_spoof function in plug-ins/nbns_spoof/nbns_spoof.c in Etterca... | | |
| CVE-2014-9378 | Ettercap 0.8.1 does not validate certain return values, which allows remote attackers to cause a den... | | |
| CVE-2014-9379 | The radius_get_attribute function in dissectors/ec_radius.c in Ettercap 0.8.1 performs an incorrect ... | | |
| CVE-2014-9380 | The dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause... | | |
| CVE-2014-9381 | Integer signedness error in the dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allo... | S | |
| CVE-2014-9382 | Freebox OS Web interface 3.0.2 has CSRF which can allow VPN user account creation... | E | |
| CVE-2014-9385 | Cross-site request forgery (CSRF) vulnerability in Zenoss Core through 5 Beta 3 allows remote attack... | | |
| CVE-2014-9386 | Zenoss Core before 4.2.5 SP161 sets an infinite lifetime for the session ID cookie, which makes it e... | | |
| CVE-2014-9387 | SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_T... | | |
| CVE-2014-9388 | bug_report.php in MantisBT before 1.2.18 allows remote attackers to assign arbitrary issues via the ... | | |
| CVE-2014-9389 | Directory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attac... | S | |
| CVE-2014-9390 | Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2... | S | |
| CVE-2014-9391 | Multiple cross-site request forgery (CSRF) vulnerabilities in the gSlideShow plugin 0.1 and earlier ... | E | |
| CVE-2014-9392 | Cross-site request forgery (CSRF) vulnerability in the PictoBrowser (pictobrowser-gallery) plugin 0.... | E | |
| CVE-2014-9393 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Post to Twitter plugin 0.7 and ear... | E | |
| CVE-2014-9394 | Multiple cross-site request forgery (CSRF) vulnerabilities in the PWGRandom plugin 1.11 and earlier ... | E | |
| CVE-2014-9395 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Simplelife plugin 1.2 and earlier ... | E | |
| CVE-2014-9396 | Multiple cross-site request forgery (CSRF) vulnerabilities in the SimpleFlickr plugin 3.0.3 and earl... | E | |
| CVE-2014-9397 | Cross-site request forgery (CSRF) vulnerability in the twimp-wp plugin for WordPress allows remote a... | E | |
| CVE-2014-9398 | Cross-site request forgery (CSRF) vulnerability in the Twitter LiveBlog plugin 1.1.2 and earlier for... | E | |
| CVE-2014-9399 | Cross-site request forgery (CSRF) vulnerability in the TweetScribe plugin 1.1 and earlier for WordPr... | E | |
| CVE-2014-9400 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Wp Unique Article Header Image plu... | E | |
| CVE-2014-9401 | Cross-site request forgery (CSRF) vulnerability in the WP Limit Posts Automatically plugin 0.7 and e... | E | |
| CVE-2014-9402 | The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS ba... | E | |
| CVE-2014-9403 | The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZNC before 1.4 allows remote authenti... | | |
| CVE-2014-9404 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5005. Reason: This candidate... | R | |
| CVE-2014-9405 | A Cross-Site Scripting (XSS) vulnerability exists in the description field of an Download RSS item o... | E | |
| CVE-2014-9406 | ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier has a default pass... | | |
| CVE-2014-9407 | Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.0.5 allow rem... | S | |
| CVE-2014-9408 | Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.... | E | |
| CVE-2014-9410 | The vfe31_proc_general function in drivers/media/video/msm/vfe/msm_vfe31.c in the MSM-VFE31 driver f... | | |
| CVE-2014-9411 | In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of... | | |
| CVE-2014-9412 | Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.1 all... | E | |
| CVE-2014-9413 | Multiple cross-site request forgery (CSRF) vulnerabilities in the IP Ban (simple-ip-ban) plugin 1.2.... | E S | |
| CVE-2014-9414 | The W3 Total Cache plugin before 0.9.4.1 for WordPress does not properly handle empty nonces, which ... | E | |
| CVE-2014-9415 | Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program ex... | S | |
| CVE-2014-9416 | Multiple untrusted search path vulnerabilities in Huawei eSpace Desktop before V200R003C00 allow loc... | | |
| CVE-2014-9417 | The Meeting component in Huawei eSpace Desktop before V100R001C03 allows local users to cause a deni... | | |
| CVE-2014-9418 | The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei eSpace Desktop before V200R001C0... | | |
| CVE-2014-9419 | The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not... | | |
| CVE-2014-9420 | The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict t... | | |
| CVE-2014-9421 | The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) thro... | | |
| CVE-2014-9422 | The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb... | | |
| CVE-2014-9423 | The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1... | | |
| CVE-2014-9424 | Double free vulnerability in the ssl_parse_clienthello_use_srtp_ext function in d1_srtp.c in LibreSS... | | |
| CVE-2014-9425 | Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zen... | | |
| CVE-2014-9426 | The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4... | | |
| CVE-2014-9427 | sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x thro... | E | |
| CVE-2014-9428 | The batadv_frag_merge_packets function in net/batman-adv/fragmentation.c in the B.A.T.M.A.N. impleme... | S | |
| CVE-2014-9429 | Multiple cross-site scripting (XSS) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remo... | E | |
| CVE-2014-9430 | Cross-site scripting (XSS) vulnerability in httpd/cgi-bin/vpn.cgi/vpnconfig.dat in Smoothwall Expres... | E | |
| CVE-2014-9431 | Multiple cross-site request forgery (CSRF) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 all... | E | |
| CVE-2014-9432 | Multiple cross-site scripting (XSS) vulnerabilities in templates/2k11/admin/overview.inc.tpl in Sere... | E | |
| CVE-2014-9433 | Multiple cross-site scripting (XSS) vulnerabilities in cms/front_content.php in Contenido before 4.9... | E | |
| CVE-2014-9434 | Cross-site scripting (XSS) vulnerability in admin/managerrelated.php in the administrative backend i... | E | |
| CVE-2014-9435 | Multiple SQL injection vulnerabilities in Absolut Engine 1.73 allow remote authenticated users to ex... | E | |
| CVE-2014-9436 | Absolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to ... | E | |
| CVE-2014-9437 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Sliding Social Icons plugin 1.61 f... | E | |
| CVE-2014-9438 | Cross-site request forgery (CSRF) vulnerability in the Moderator Control Panel in vBulletin 4.2.2 al... | E | |
| CVE-2014-9439 | Cross-site scripting (XSS) vulnerability in Easy File Sharing Web Server 6.8 allows remote attackers... | E | |
| CVE-2014-9440 | SQL injection vulnerability in browse.php in phpMyRecipes 1.2.2 allows remote attackers to execute a... | E | |
| CVE-2014-9441 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Lightbox Photo Gallery plugin 1.0 ... | E | |
| CVE-2014-9442 | SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for Word... | E S | |
| CVE-2014-9443 | Cross-site scripting (XSS) vulnerability in the Relevanssi plugin before 3.3.8 for WordPress allows ... | S | |
| CVE-2014-9444 | Cross-site scripting (XSS) vulnerability in the Frontend Uploader plugin 0.9.2 for WordPress allows ... | E | |
| CVE-2014-9445 | SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remo... | E | |
| CVE-2014-9446 | Multiple cross-site scripting (XSS) vulnerabilities in the Staff client in Koha before 3.16.6 and 3.... | E S | |
| CVE-2014-9447 | Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils ... | | |
| CVE-2014-9448 | Buffer overflow in Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 allows remote attackers to execut... | E | |
| CVE-2014-9449 | Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows rem... | | |
| CVE-2014-9450 | Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0... | | |
| CVE-2014-9451 | Multiple stack-based buffer overflows in the DIVA web service API (/webservice) in VDG Security SENS... | E | |
| CVE-2014-9452 | Directory traversal vulnerability in VDG Security SENSE (formerly DIVA) 2.3.13 allows remote attacke... | E | |
| CVE-2014-9453 | Multiple cross-site scripting (XSS) vulnerabilities in simple-visitor-stat.php in the Simple visitor... | E | |
| CVE-2014-9454 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Sticky Footer plugin before... | E S | |
| CVE-2014-9455 | SQL injection vulnerability in showads.php in CTS Projects & Software ClassAd 3.0 allows remote atta... | E | |
| CVE-2014-9456 | Buffer overflow in NotePad++ 6.6.9 allows remote attackers to have unspecified impact via a long Tim... | E | |
| CVE-2014-9457 | SQL injection vulnerability in classes/mono_display.class.php in PMB 4.1.3 and earlier allows remote... | E | |
| CVE-2014-9458 | Heap-based buffer overflow in the GDB debugger module in Hex-Rays IDA Pro before 6.6 cumulative fix ... | | |
| CVE-2014-9459 | Cross-site request forgery (CSRF) vulnerability in the AdminObserver function in e107_admin/users.ph... | | |
| CVE-2014-9460 | Multiple cross-site request forgery (CSRF) vulnerabilities in the WP-ViperGB plugin before 1.3.11 fo... | E | |
| CVE-2014-9461 | Directory traversal vulnerability in models/Cart66.php in the Cart66 Lite plugin before 1.5.4 for Wo... | E | |
| CVE-2014-9462 | The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute a... | E | |
| CVE-2014-9463 | functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to exec... | E | |
| CVE-2014-9464 | SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote att... | E | |
| CVE-2014-9465 | senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (... | E | |
| CVE-2014-9466 | Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before... | | |
| CVE-2014-9468 | Multiple cross-site scripting (XSS) vulnerabilities in InstantASP InstantForum.NET 4.1.3, 4.1.2, 4.1... | | |
| CVE-2014-9469 | Cross-site scripting (XSS) vulnerability in vBulletin 3.5.4, 3.6.0, 3.6.7, 3.8.7, 4.2.2, 5.0.5, and ... | | |
| CVE-2014-9470 | Cross-site scripting (XSS) vulnerability in the loadForm function in Frontend/Modules/Search/Actions... | E S | |
| CVE-2014-9471 | The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (c... | E | |
| CVE-2014-9472 | The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.1... | | |
| CVE-2014-9473 | Unrestricted file upload vulnerability in lib_nonajax.php in the CformsII plugin 14.7 and earlier fo... | | |
| CVE-2014-9474 | Buffer overflow in the mpfr_strtofr function in GNU MPFR before 3.1.2-p11 allows context-dependent a... | | |
| CVE-2014-9475 | Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.19.23, 1.2x before 1.22.... | | |
| CVE-2014-9476 | MediaWiki 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote attacker... | E | |
| CVE-2014-9477 | Multiple cross-site scripting (XSS) vulnerabilities in the Listings extension for MediaWiki allow re... | E | |
| CVE-2014-9478 | Cross-site scripting (XSS) vulnerability in the preview in the ExpandTemplates extension for MediaWi... | E | |
| CVE-2014-9479 | Cross-site scripting (XSS) vulnerability in the preview in the TemplateSandbox extension for MediaWi... | E | |
| CVE-2014-9480 | Cross-site scripting (XSS) vulnerability in the Hovercards extension for MediaWiki allows remote att... | E | |
| CVE-2014-9481 | The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possi... | S | |
| CVE-2014-9482 | Use-after-free vulnerability in dwarfdump in libdwarf 20130126 through 20140805 might allow remote a... | | |
| CVE-2014-9483 | Emacs 24.4 allows remote attackers to bypass security restrictions.... | | |
| CVE-2014-9485 | Directory traversal vulnerability in the do_extract_currentfile function in miniunz.c in miniunzip i... | | |
| CVE-2014-9486 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9447. Reason: This candida... | R | |
| CVE-2014-9487 | The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote attackers t... | | |
| CVE-2014-9488 | The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified ... | | |
| CVE-2014-9489 | The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency... | S | |
| CVE-2014-9490 | The numtok function in lib/raven/okjson.rb in the raven-ruby gem before 0.12.2 for Ruby allows remot... | | |
| CVE-2014-9491 | The devzvol_readdir function in illumos does not check the return value of a strchr call, which allo... | | |
| CVE-2014-9492 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9323. Reason: This candida... | R | |
| CVE-2014-9493 | The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 al... | S | |
| CVE-2014-9494 | RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted... | | |
| CVE-2014-9495 | Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before ... | | |
| CVE-2014-9496 | The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact ... | E S | |
| CVE-2014-9497 | Buffer overflow in mpg123 before 1.18.0.... | | |
| CVE-2014-9498 | Cross-site scripting (XSS) vulnerability in the Webform Invitation module 7.x-1.x before 7.x-1.3 and... | S | |
| CVE-2014-9499 | Cross-site scripting (XSS) vulnerability in the Godwin's Law module before 7.x-1.1 for Drupal, when ... | S | |
| CVE-2014-9500 | Cross-site scripting (XSS) vulnerability in the Moip module 7.x-1.x before 7.x-1.4 for Drupal allows... | S | |
| CVE-2014-9501 | Cross-site scripting (XSS) vulnerability in the Poll Chart Block module 7.x-1.x before 7.x-1.2 for D... | S | |
| CVE-2014-9502 | Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified sub modules in the Open At... | S | |
| CVE-2014-9503 | The Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remot... | S | |
| CVE-2014-9504 | The OG Subgroups module, when used with the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal, a... | S | |
| CVE-2014-9505 | Cross-site scripting (XSS) vulnerability in the School Administration module 7.x-1.x before 7.x-1.8 ... | E S | |
| CVE-2014-9506 | MantisBT before 1.2.18 does not properly check permissions when sending an email that indicates when... | | |
| CVE-2014-9507 | MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is en... | S | |
| CVE-2014-9508 | The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and... | E | |
| CVE-2014-9509 | The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and... | E | |
| CVE-2014-9510 | Cross-site request forgery (CSRF) vulnerability in the administration console in TP-Link TL-WR840N (... | S | |
| CVE-2014-9512 | rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in th... | E | |
| CVE-2014-9513 | Insecure use of temporary files in xbindkeys-config 0.1.3-2 allows remote attackers to execute arbit... | | |
| CVE-2014-9514 | Cross-site scripting (XSS) vulnerability in BMC Footprints Service Core 11.5.... | E | |
| CVE-2014-9515 | Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attac... | | |
| CVE-2014-9516 | Cross-site scripting (XSS) vulnerability in Social Microblogging PRO 1.5 allows remote attackers to ... | E | |
| CVE-2014-9517 | Cross-site scripting (XSS) vulnerability in D-link IP camera DCS-2103 with firmware before 1.20 allo... | E | |
| CVE-2014-9518 | Cross-site scripting (XSS) vulnerability in login.cgi in D-Link router DIR-655 (rev Bx) with firmwar... | E | |
| CVE-2014-9519 | SQL injection vulnerability in login.php in InfiniteWP Admin Panel before 2.4.3 allows remote attack... | | |
| CVE-2014-9520 | SQL injection vulnerability in execute.php in InfiniteWP Admin Panel before 2.4.4 allows remote atta... | | |
| CVE-2014-9521 | Unrestricted file upload vulnerability in uploadScript.php in InfiniteWP Admin Panel before 2.4.4, w... | | |
| CVE-2014-9522 | Multiple cross-site scripting (XSS) vulnerabilities in CMS Papoo Light 6.0.0 (Rev 4701) allow remote... | E | |
| CVE-2014-9523 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Our Team Showcase (our-team-enhanc... | E | |
| CVE-2014-9524 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Facebook Like Box (cardoza-faceboo... | E S | |
| CVE-2014-9525 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Timed Popup (wp-timed-popup) plugi... | E | |
| CVE-2014-9526 | Multiple cross-site scripting (XSS) vulnerabilities in concrete5 5.7.2.1, 5.7.2, and earlier allow r... | E | |
| CVE-2014-9527 | HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infini... | | |
| CVE-2014-9528 | SQL injection vulnerability in the actionIndex function in protected/modules_core/notification/contr... | E | |
| CVE-2014-9529 | Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through ... | S | |
| CVE-2014-9530 | A vulnerability exists in nw.js before 0.11.3 when calling nw methods from normal frames, which has ... | | |
| CVE-2014-9556 | Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a... | E | |
| CVE-2014-9557 | Multiple cross-site scripting (XSS) vulnerabilities in SmartCMS v.2.... | | |
| CVE-2014-9558 | Multiple SQL injection vulnerabilities in SmartCMS v.2.... | | |
| CVE-2014-9559 | Cross-site scripting (XSS) vulnerability in SnipSnap 0.5.2a, 1.0b1, and 1.0b2 allows remote attacker... | | |
| CVE-2014-9560 | SQL injection vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to e... | | |
| CVE-2014-9561 | Cross-site scripting (XSS) vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote a... | | |
| CVE-2014-9562 | Cross-site scripting (XSS) vulnerability in display_dialog.php in M2 OptimalSite 0.1 and 2.4 allows ... | | |
| CVE-2014-9563 | CRLF injection vulnerability in the web-based management (WBM) interface in Unify (former Siemens) O... | | |
| CVE-2014-9564 | CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Swit... | | |
| CVE-2014-9565 | Cross-site request forgery (CSRF) vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 4... | | |
| CVE-2014-9566 | Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx ser... | E | |
| CVE-2014-9567 | Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 thr... | E | |
| CVE-2014-9568 | puppetlabs-rabbitmq 3.0 through 4.1 stores the RabbitMQ Erlang cookie value in the facts of a node, ... | | |
| CVE-2014-9569 | Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver Business Client (NWBC) for HTML... | E | |
| CVE-2014-9570 | Multiple cross-site scripting (XSS) vulnerabilities in the MyWebsiteAdvisor Simple Security plugin 1... | E | |
| CVE-2014-9571 | Cross-site scripting (XSS) vulnerability in admin/install.php in MantisBT before 1.2.19 and 1.3.x be... | E | |
| CVE-2014-9572 | MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 does not properly restrict access to /*/install... | | |
| CVE-2014-9573 | SQL injection vulnerability in manage_user_page.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0... | E | |
| CVE-2014-9574 | Directory traversal vulnerability in install.php in FluxBB before 1.5.8 allows remote attackers to i... | E | |
| CVE-2014-9575 | VDG Security SENSE (formerly DIVA) before 2.3.15 allows remote attackers to bypass authentication, a... | E | |
| CVE-2014-9576 | VDG Security SENSE (formerly DIVA) 2.3.13 has a hardcoded password of (1) ArpaRomaWi for the root Po... | E | |
| CVE-2014-9577 | VDG Security SENSE (formerly DIVA) 2.3.13 sends the user database when a user logs in, which allows ... | E | |
| CVE-2014-9578 | VDG Security SENSE (formerly DIVA) 2.3.13 performs authentication with a password hash instead of a ... | E | |
| CVE-2014-9579 | VDG Security SENSE (formerly DIVA) 2.3.13 stores administrator credentials in cleartext, which allow... | E | |
| CVE-2014-9580 | Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) r561 allows remote attackers... | E | |
| CVE-2014-9581 | Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remo... | E | |
| CVE-2014-9582 | Cross-site scripting (XSS) vulnerability in components/filemanager/dialog.php in Codiad 2.4.3 allows... | E | |
| CVE-2014-9583 | common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versio... | E | |
| CVE-2014-9584 | The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 do... | S | |
| CVE-2014-9585 | The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly c... | E | |
| CVE-2014-9587 | Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail before 1.0.4 allow r... | S | |
| CVE-2014-9588 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-9589 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-9590 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-9591 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-9592 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2014-9593 | Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys... | | |
| CVE-2014-9594 | Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows rem... | | |
| CVE-2014-9595 | Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows rem... | | |
| CVE-2014-9596 | Panasonic Arbitrator Back-End Server (BES) MK 2.0 VPU before 9.3.1 build 4.08.003.0, when USB Wi-Fi ... | | |
| CVE-2014-9597 | The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows re... | | |
| CVE-2014-9598 | The picture_Release function in misc/picture.c in VideoLAN VLC media player 2.1.5 allows remote atta... | | |
| CVE-2014-9599 | Cross-site scripting (XSS) vulnerability in the filemanager in b2evolution before 5.2.1 allows remot... | E S | |
| CVE-2014-9600 | Untrusted search path vulnerability in Macroplant iExplorer 3.6.3.0 allows local users to execute ar... | E | |
| CVE-2014-9601 | Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk... | | |
| CVE-2014-9602 | libavcodec/xface.h in FFmpeg before 2.5.2 establishes certain digits and words array dimensions that... | | |
| CVE-2014-9603 | The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before 2.5.2 does not validate the relati... | | |
| CVE-2014-9604 | libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, wh... | | |
| CVE-2014-9605 | WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote att... | E S | |
| CVE-2014-9606 | Multiple cross-site scripting (XSS) vulnerabilities in Netsweeper before 3.1.10, 4.0.x before 4.0.9,... | | |
| CVE-2014-9607 | Cross-site scripting (XSS) vulnerability in remotereporter/load_logfiles.php in Netsweeper 4.0.3 and... | | |
| CVE-2014-9608 | Cross-site scripting (XSS) vulnerability in webadmin/policy/group_table_ajax.php/ in Netsweeper befo... | | |
| CVE-2014-9609 | Directory traversal vulnerability in webadmin/reporter/view_server_log.php in Netsweeper before 3.1.... | | |
| CVE-2014-9610 | Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypa... | E | |
| CVE-2014-9611 | Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accoun... | E | |
| CVE-2014-9612 | SQL injection vulnerability in remotereporter/load_logfiles.php in Netsweeper before 3.1.10, 4.0.x b... | | |
| CVE-2014-9613 | Multiple SQL injection vulnerabilities in Netsweeper before 2.6.29.10 allow remote attackers to exec... | | |
| CVE-2014-9614 | The Web Panel in Netsweeper before 4.0.5 has a default password of branding for the branding account... | | |
| CVE-2014-9615 | Cross-site scripting (XSS) vulnerability in Netsweeper 4.0.4 allows remote attackers to inject arbit... | | |
| CVE-2014-9616 | Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to obta... | | |
| CVE-2014-9617 | Open redirect vulnerability in remotereporter/load_logfiles.php in Netsweeper before 4.0.5 allows re... | | |
| CVE-2014-9618 | The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1... | E | |
| CVE-2014-9619 | Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper... | E | |
| CVE-2014-9620 | The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a ... | | |
| CVE-2014-9621 | The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a ... | | |
| CVE-2014-9622 | Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identi... | E | |
| CVE-2014-9623 | OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users ... | E | |
| CVE-2014-9624 | CAPTCHA bypass vulnerability in MantisBT before 1.2.19.... | | |
| CVE-2014-9625 | The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6... | S | |
| CVE-2014-9626 | Integer underflow in the MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC m... | S | |
| CVE-2014-9627 | The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.... | S | |
| CVE-2014-9628 | The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.... | S | |
| CVE-2014-9629 | Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player... | S | |
| CVE-2014-9630 | The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player b... | S | |
| CVE-2014-9632 | The TDI driver (avgtdix.sys) in AVG Internet Security before 2013.3495 Hot Fix 18 and 2015.x before ... | E | |
| CVE-2014-9633 | The bdisk.sys driver in COMODO Backup before 4.4.1.23 allows remote attackers to gain privileges via... | E | |
| CVE-2014-9634 | Jenkins before 1.586 does not set the secure flag on session cookies when run on Tomcat 7.0.41 or la... | S | |
| CVE-2014-9635 | Jenkins before 1.586 does not set the HttpOnly flag in a Set-Cookie header for session cookies when ... | S | |
| CVE-2014-9636 | unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and cras... | S | |
| CVE-2014-9637 | GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption... | S | |
| CVE-2014-9638 | oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero er... | E | |
| CVE-2014-9639 | Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of servic... | E | |
| CVE-2014-9640 | oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-b... | | |
| CVE-2014-9641 | The tmeext.sys driver before 2.0.0.1015 in Trend Micro Antivirus Plus, Internet Security, and Maximu... | E | |
| CVE-2014-9642 | bdagent.sys in BullGuard Antivirus, Internet Security, Premium Protection, and Online Backup before ... | E | |
| CVE-2014-9643 | K7Sentry.sys in K7 Computing Ultimate Security, Anti-Virus Plus, and Total Security before 14.2.0.25... | E | |
| CVE-2014-9644 | The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules... | S | |
| CVE-2014-9645 | The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass ... | S | |
| CVE-2014-9646 | Unquoted Windows search path vulnerability in the GoogleChromeDistribution::DoPostUninstallOperation... | | |
| CVE-2014-9647 | Use-after-free vulnerability in PDFium, as used in Google Chrome before 40.0.2214.91, allows remote ... | | |
| CVE-2014-9648 | components/navigation_interception/intercept_navigation_resource_throttle.cc in Google Chrome before... | | |
| CVE-2014-9649 | Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x be... | | |
| CVE-2014-9650 | CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 a... | | |
| CVE-2014-9651 | Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, and before 5.0 allows attacke... | | |
| CVE-2014-9652 | The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP b... | | |
| CVE-2014-9653 | readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before ... | | |
| CVE-2014-9654 | The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-... | | |
| CVE-2014-9655 | The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c... | | |
| CVE-2014-9656 | The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly ... | E | |
| CVE-2014-9657 | The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a m... | E S | |
| CVE-2014-9658 | The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minim... | E S | |
| CVE-2014-9659 | cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional h... | E S | |
| CVE-2014-9660 | The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a m... | E S | |
| CVE-2014-9661 | type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without... | E | |
| CVE-2014-9662 | cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functio... | E | |
| CVE-2014-9663 | The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length ... | E S | |
| CVE-2014-9664 | FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which a... | E S | |
| CVE-2014-9665 | The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and... | E | |
| CVE-2014-9666 | The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to... | E S | |
| CVE-2014-9667 | sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting ... | E | |
| CVE-2014-9668 | The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length ca... | E | |
| CVE-2014-9669 | Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause... | E S | |
| CVE-2014-9670 | Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType be... | E S | |
| CVE-2014-9671 | Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows... | E S | |
| CVE-2014-9672 | Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote ... | E S | |
| CVE-2014-9673 | Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before ... | E | |
| CVE-2014-9674 | The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding t... | E S | |
| CVE-2014-9675 | bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial su... | E | |
| CVE-2014-9676 | The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the... | E | |
| CVE-2014-9677 | Cross-site scripting (XSS) vulnerability in FlexPaperViewer.swf in Flexpaper before 2.3.1 allows rem... | | |
| CVE-2014-9678 | FlexPaperViewer.swf in Flexpaper before 2.3.1 allows remote attackers to conduct content-spoofing at... | | |
| CVE-2014-9679 | Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allow... | | |
| CVE-2014-9680 | sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo fi... | E | |
| CVE-2014-9681 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2014-9682 | The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary... | | |
| CVE-2014-9683 | Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCrypt... | | |
| CVE-2014-9684 | OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly rem... | E | |
| CVE-2014-9685 | Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums before 2.0.18.13 and 2.1.x bef... | S | |
| CVE-2014-9686 | The Googlemaps plugin 3.2 and earlier for Joomla! allows remote attackers with control of a sub-doma... | E | |
| CVE-2014-9687 | eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier ... | E | |
| CVE-2014-9688 | Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact a... | | |
| CVE-2014-9689 | content/renderer/device_sensors/device_orientation_event_pump.cc in Google Chrome before 41.0.2272.7... | | |
| CVE-2014-9690 | Huawei home gateways WS318 with software V100R001C01B022 and earlier versions are affected by the PI... | | |
| CVE-2014-9691 | Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH... | | |
| CVE-2014-9692 | Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH... | | |
| CVE-2014-9693 | Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH... | | |
| CVE-2014-9694 | Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH... | | |
| CVE-2014-9695 | The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earli... | | |
| CVE-2014-9696 | The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earli... | | |
| CVE-2014-9697 | Huawei USG9560/9520/9580 before V300R001C01SPC300 allows remote attackers to cause a memory leak or ... | | |
| CVE-2014-9699 | The MakerBot Replicator 5G printer runs an Apache HTTP Server with directory indexing enabled. Apach... | | |
| CVE-2014-9701 | Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 all... | S | |
| CVE-2014-9702 | system/classes/DbPDO.php in Cmfive through 2015-03-15, when database connectivity malfunctions, allo... | E | |
| CVE-2014-9705 | Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in P... | E | |
| CVE-2014-9706 | The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to ex... | E | |
| CVE-2014-9707 | EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . (dot)... | E | |
| CVE-2014-9708 | Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of serv... | E S | |
| CVE-2014-9709 | The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x... | E | |
| CVE-2014-9710 | The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr stat... | S | |
| CVE-2014-9711 | Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON ... | E | |
| CVE-2014-9712 | Websense TRITON V-Series appliances before 7.8.3 Hotfix 03 and 7.8.4 before Hotfix 01 allow remote a... | | |
| CVE-2014-9713 | The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows re... | | |
| CVE-2014-9714 | Cross-site scripting (XSS) vulnerability in the WddxPacket::recursiveAddVar function in HHVM (aka th... | E | |
| CVE-2014-9715 | include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.... | | |
| CVE-2014-9716 | Cross-site scripting (XSS) vulnerability in WebODF before 0.5.4 allows remote attackers to inject ar... | S | |
| CVE-2014-9717 | fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH umount2 system calls without ve... | | |
| CVE-2014-9718 | The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have mu... | | |
| CVE-2014-9720 | Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with ... | S | |
| CVE-2014-9721 | libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and ... | | |
| CVE-2014-9727 | AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the ... | E | |
| CVE-2014-9728 | The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain length... | | |
| CVE-2014-9729 | The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a ce... | | |
| CVE-2014-9730 | The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on componen... | | |
| CVE-2014-9731 | The UDF filesystem implementation in the Linux kernel before 3.18.2 does not ensure that space is av... | | |
| CVE-2014-9732 | The cabd_extract function in cabd.c in libmspack before 0.5 does not properly maintain decompression... | E | |
| CVE-2014-9733 | nw.js before 0.11.5 can simulate user input events in a normal frame, which allows remote attackers ... | | |
| CVE-2014-9734 | Directory traversal vulnerability in the Slider Revolution (revslider) plugin before 4.2 for WordPre... | E | |
| CVE-2014-9735 | The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plug... | E | |
| CVE-2014-9736 | GE Healthcare Centricity Clinical Archive Audit Trail Repository has a default password of initinit ... | | |
| CVE-2014-9737 | Open redirect vulnerability in the Language Switcher Dropdown module 7.x-1.x before 7.x-1.4 for Drup... | S | |
| CVE-2014-9738 | Multiple cross-site scripting (XSS) vulnerabilities in the Tournament module 7.x-1.x before 7.x-1.2 ... | S | |
| CVE-2014-9739 | Cross-site scripting (XSS) vulnerability in the Node Field module 7.x-2.x before 7.x-2.45 for Drupal... | S | |
| CVE-2014-9740 | Cross-site scripting (XSS) vulnerability in the Rules Link module 7.x-1.x before 7.x-1.1 for Drupal ... | S | |
| CVE-2014-9741 | Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Desktop, ArcGIS for Engine, a... | S | |
| CVE-2014-9742 | The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x before 1.11.9 improperly uses a s... | | |
| CVE-2014-9743 | Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the w... | E | |
| CVE-2014-9744 | Memory leak in PolarSSL before 1.3.9 allows remote attackers to cause a denial of service (memory co... | S | |
| CVE-2014-9745 | The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to ca... | | |
| CVE-2014-9746 | The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/c... | | |
| CVE-2014-9747 | The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly upda... | | |
| CVE-2014-9748 | The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does no... | S | |
| CVE-2014-9749 | Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remo... | | |
| CVE-2014-9750 | ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remot... | S | |
| CVE-2014-9751 | The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X doe... | S | |
| CVE-2014-9752 | Unrestricted file upload vulnerability in mods/_core/properties/lib/course.inc.php in ATutor before ... | | |
| CVE-2014-9753 | confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain acce... | E S | |
| CVE-2014-9754 | The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does no... | | |
| CVE-2014-9755 | The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does no... | | |
| CVE-2014-9756 | The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (di... | E S | |
| CVE-2014-9757 | The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.... | S | |
| CVE-2014-9758 | Cross-site scripting (XSS) vulnerability in Magento E-Commerce Platform 1.9.0.1.... | E | |
| CVE-2014-9759 | Incomplete blacklist vulnerability in the config_is_private function in config_api.php in MantisBT 1... | S | |
| CVE-2014-9760 | Cross-site scripting (XSS) vulnerability in the displayLogin function in html/index.php in GOsa allo... | S | |
| CVE-2014-9761 | Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow co... | | |
| CVE-2014-9762 | imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a ... | | |
| CVE-2014-9763 | imlib2 before 1.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and a... | | |
| CVE-2014-9764 | imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a ... | | |
| CVE-2014-9765 | Buffer overflow in the main_get_appheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows ... | | |
| CVE-2014-9766 | Integer overflow in the create_bits function in pixman-bits-image.c in Pixman before 0.32.6 allows r... | S | |
| CVE-2014-9767 | Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP ... | E | |
| CVE-2014-9768 | IBM Tivoli NetView Access Services (NVAS) allows remote authenticated users to gain privileges by en... | | |
| CVE-2014-9769 | pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, w... | | |
| CVE-2014-9770 | tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions for journal files under (1) /run... | | |
| CVE-2014-9771 | Integer overflow in imlib2 before 1.4.7 allows remote attackers to cause a denial of service (memory... | | |
| CVE-2014-9772 | The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scri... | E M | |
| CVE-2014-9773 | modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS be... | | |
| CVE-2014-9777 | The vid_dec_set_meta_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm co... | | |
| CVE-2014-9778 | The vid_dec_set_h264_mv_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm... | | |
| CVE-2014-9779 | arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on... | | |
| CVE-2014-9780 | drivers/video/msm/mdss/mdp3_ctrl.c in the Qualcomm components in Android before 2016-07-05 on Nexus ... | | |
| CVE-2014-9781 | Buffer overflow in drivers/video/fbcmap.c in the Qualcomm components in Android before 2016-07-05 on... | | |
| CVE-2014-9782 | drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in An... | | |
| CVE-2014-9783 | drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android befo... | | |
| CVE-2014-9784 | Multiple buffer overflows in drivers/char/diag/diag_debugfs.c in the Qualcomm components in Android ... | | |
| CVE-2014-9785 | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) dev... | | |
| CVE-2014-9786 | Heap-based buffer overflow in drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in... | | |
| CVE-2014-9787 | Integer overflow in drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 o... | | |
| CVE-2014-9788 | Multiple buffer overflows in the voice drivers in the Qualcomm components in Android before 2016-07-... | S | |
| CVE-2014-9789 | The (1) alloc and (2) free APIs in arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm compone... | S | |
| CVE-2014-9790 | drivers/mmc/core/debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 ... | | |
| CVE-2014-9791 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0196. Reason: This candida... | R | |
| CVE-2014-9792 | arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 de... | | |
| CVE-2014-9793 | platform/msm_shared/mmc.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) ... | | |
| CVE-2014-9794 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0973. Reason: This candida... | R | |
| CVE-2014-9795 | app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices does no... | | |
| CVE-2014-9796 | app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) de... | | |
| CVE-2014-9797 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0974. Reason: This candida... | R | |
| CVE-2014-9798 | platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 de... | | |
| CVE-2014-9799 | The makefile in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices... | | |
| CVE-2014-9800 | Integer overflow in lib/heap/heap.c in the Qualcomm components in Android before 2016-07-05 on Nexus... | | |
| CVE-2014-9801 | Multiple integer overflows in lib/libfdt/fdt_rw.c in the Qualcomm components in Android before 2016-... | | |
| CVE-2014-9802 | Multiple integer overflows in lib/libfdt/fdt.c in the Qualcomm components in Android before 2016-07-... | | |
| CVE-2014-9803 | arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Andro... | S | |
| CVE-2014-9804 | vision.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via vec... | S | |
| CVE-2014-9805 | ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application... | S | |
| CVE-2014-9806 | ImageMagick allows remote attackers to cause a denial of service (file descriptor consumption) via a... | S | |
| CVE-2014-9807 | The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via ... | S | |
| CVE-2014-9808 | ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application... | S | |
| CVE-2014-9809 | ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application... | S | |
| CVE-2014-9810 | The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentati... | S | |
| CVE-2014-9811 | The xwd file handler in ImageMagick allows remote attackers to cause a denial of service (segmentati... | S | |
| CVE-2014-9812 | ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a cr... | S | |
| CVE-2014-9813 | ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted v... | S | |
| CVE-2014-9814 | ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a cr... | S | |
| CVE-2014-9815 | ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted w... | S | |
| CVE-2014-9816 | ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafte... | S | |
| CVE-2014-9817 | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a c... | S | |
| CVE-2014-9818 | ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a malfor... | S | |
| CVE-2014-9819 | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a c... | S | |
| CVE-2014-9820 | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a c... | S | |
| CVE-2014-9821 | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a c... | S | |
| CVE-2014-9822 | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a c... | S | |
| CVE-2014-9823 | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a c... | S | |
| CVE-2014-9824 | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a c... | S | |
| CVE-2014-9825 | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a c... | S | |
| CVE-2014-9826 | ImageMagick allows remote attackers to have unspecified impact via vectors related to error handling... | S | |
| CVE-2014-9827 | coders/xpm.c in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm fil... | S | |
| CVE-2014-9828 | coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd fil... | S | |
| CVE-2014-9829 | coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds acce... | S | |
| CVE-2014-9830 | coders/sun.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted sun f... | S | |
| CVE-2014-9831 | coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg f... | S | |
| CVE-2014-9832 | Heap overflow in ImageMagick 6.8.9-9 via a crafted pcx file.... | | |
| CVE-2014-9833 | Heap overflow in ImageMagick 6.8.9-9 via a crafted psd file.... | | |
| CVE-2014-9834 | Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file.... | | |
| CVE-2014-9835 | Heap overflow in ImageMagick 6.8.9-9 via a crafted wpf file.... | | |
| CVE-2014-9836 | ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service via a crafted xpm file.... | | |
| CVE-2014-9837 | coders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of se... | S | |
| CVE-2014-9838 | magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (crash).... | | |
| CVE-2014-9839 | magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of servic... | | |
| CVE-2014-9840 | ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access) via ... | | |
| CVE-2014-9841 | The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have un... | S | |
| CVE-2014-9842 | Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attac... | S | |
| CVE-2014-9843 | The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have ... | S | |
| CVE-2014-9844 | The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a ... | S | |
| CVE-2014-9845 | The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial o... | S | |
| CVE-2014-9846 | Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote at... | S | |
| CVE-2014-9847 | The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact.... | S | |
| CVE-2014-9848 | Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption)... | S | |
| CVE-2014-9849 | The png coder in ImageMagick allows remote attackers to cause a denial of service (crash).... | S | |
| CVE-2014-9850 | Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource co... | S | |
| CVE-2014-9851 | ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash).... | S | |
| CVE-2014-9852 | distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remot... | S | |
| CVE-2014-9853 | Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (mem... | S | |
| CVE-2014-9854 | coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash... | S | |
| CVE-2014-9862 | Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and... | | |
| CVE-2014-9863 | Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexu... | S | |
| CVE-2014-9864 | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (201... | S | |
| CVE-2014-9865 | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (201... | S | |
| CVE-2014-9866 | drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm components in Android be... | S | |
| CVE-2014-9867 | drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android be... | S | |
| CVE-2014-9868 | drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Androi... | S | |
| CVE-2014-9869 | drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Qualcomm components in Android ... | S | |
| CVE-2014-9870 | The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7... | S | |
| CVE-2014-9871 | Multiple buffer overflows in drivers/media/platform/msm/camera_v2/isp/msm_isp_util.c in the Qualcomm... | S | |
| CVE-2014-9872 | The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ... | S | |
| CVE-2014-9873 | Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-... | S | |
| CVE-2014-9874 | Buffer overflow in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2... | S | |
| CVE-2014-9875 | drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (201... | S | |
| CVE-2014-9876 | drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, ... | S | |
| CVE-2014-9877 | drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in An... | S | |
| CVE-2014-9878 | drivers/mmc/card/mmc_block_test.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5... | S | |
| CVE-2014-9879 | The mdss mdp3 driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does... | S | |
| CVE-2014-9880 | drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in Android before 2016-08-05 on ... | S | |
| CVE-2014-9881 | drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 ... | S | |
| CVE-2014-9882 | Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 201... | S | |
| CVE-2014-9883 | Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-0... | S | |
| CVE-2014-9884 | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (201... | S | |
| CVE-2014-9885 | Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android b... | S | |
| CVE-2014-9886 | arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 o... | S | |
| CVE-2014-9887 | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (201... | S | |
| CVE-2014-9888 | arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM platforms, as used in Android befor... | S | |
| CVE-2014-9889 | drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android befor... | S | |
| CVE-2014-9890 | Off-by-one error in drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm compon... | S | |
| CVE-2014-9891 | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices do... | S | |
| CVE-2014-9892 | The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as u... | S | |
| CVE-2014-9893 | drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in Android before 2016-08-05 on Nexu... | S | |
| CVE-2014-9894 | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) dev... | S | |
| CVE-2014-9895 | drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 o... | S | |
| CVE-2014-9896 | drivers/char/adsprpc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (201... | S | |
| CVE-2014-9897 | sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in Android before 2016-08-05 on Ne... | S | |
| CVE-2014-9898 | arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 o... | S | |
| CVE-2014-9899 | drivers/usb/host/ehci-msm2.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devi... | S | |
| CVE-2014-9900 | The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Andro... | S | |
| CVE-2014-9901 | The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snp... | S | |
| CVE-2014-9902 | Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android be... | S | |
| CVE-2014-9903 | The sched_read_attr function in kernel/sched/core.c in the Linux kernel 3.14-rc before 3.14-rc4 uses... | | |
| CVE-2014-9904 | The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the ... | S | |
| CVE-2014-9905 | Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow r... | S | |
| CVE-2014-9906 | Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of servic... | S | |
| CVE-2014-9907 | coders/dds.c in ImageMagick allows remote attackers to cause a denial of service via a crafted DDS f... | S | |
| CVE-2014-9908 | A Denial of Service vulnerability exists in Google Android 4.4.4, 5.0.2, and 5.1.1, which allows mal... | S | |
| CVE-2014-9909 | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious ... | | |
| CVE-2014-9910 | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious ... | | |
| CVE-2014-9911 | Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in Inte... | S | |
| CVE-2014-9912 | The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.... | S | |
| CVE-2014-9913 | Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers t... | | |
| CVE-2014-9914 | Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel be... | S | |
| CVE-2014-9915 | Off-by-one error in ImageMagick before 6.6.0-4 allows remote attackers to cause a denial of service ... | | |
| CVE-2014-9916 | Multiple cross-site scripting (XSS) vulnerabilities in Bilboplanet 2.0 allow remote attackers to inj... | E | |
| CVE-2014-9917 | An issue was discovered in Bilboplanet 2.0. There is a stored XSS vulnerability when adding a tag vi... | E | |
| CVE-2014-9918 | An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the user_id parameter to signup.php... | E | |
| CVE-2014-9919 | An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the fullname parameter to signup.ph... | E | |
| CVE-2014-9920 | Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Con... | | |
| CVE-2014-9921 | Information disclosure vulnerability in McAfee (now Intel Security) Cloud Analysis and Deconstructiv... | | |
| CVE-2014-9922 | The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a l... | S | |
| CVE-2014-9923 | In NAS in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size ... | S | |
| CVE-2014-9924 | In 1x in all Android releases from CAF using the Linux kernel, a Signed to Unsigned Conversion Error... | S | |
| CVE-2014-9925 | In HDR in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size ... | S | |
| CVE-2014-9926 | In GNSS in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability coul... | S | |
| CVE-2014-9927 | In UIM in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size ... | S | |
| CVE-2014-9928 | In GERAN in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Siz... | S | |
| CVE-2014-9929 | In WCDMA in all Android releases from CAF using the Linux kernel, a Use of Out-of-range Pointer Offs... | S | |
| CVE-2014-9930 | In WCDMA in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability cou... | S | |
| CVE-2014-9931 | A buffer overflow vulnerability in all Android releases from CAF using the Linux kernel can potentia... | S | |
| CVE-2014-9932 | In TrustZone, an integer overflow vulnerability can potentially occur in all Android releases from C... | S | |
| CVE-2014-9933 | Due to missing input validation in all Android releases from CAF using the Linux kernel, HLOS can wr... | S | |
| CVE-2014-9934 | A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux kernel... | S | |
| CVE-2014-9935 | In TrustZone an integer overflow vulnerability leading to a buffer overflow could potentially occur ... | S | |
| CVE-2014-9936 | In TrustZone a time-of-check time-of-use race condition could potentially exist in an authentication... | S | |
| CVE-2014-9937 | In TrustZone a buffer overflow vulnerability can potentially occur in a DRM routine in all Android r... | S | |
| CVE-2014-9938 | contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 varia... | E S | |
| CVE-2014-9939 | ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel... | S | |
| CVE-2014-9940 | The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 all... | S | |
| CVE-2014-9941 | In the Embedded File System in all Android releases from CAF using the Linux kernel, a Time-of-Check... | S | |
| CVE-2014-9942 | In Boot in all Android releases from CAF using the Linux kernel, a Use of Uninitialized Variable vul... | S | |
| CVE-2014-9943 | In Core Kernel in all Android releases from CAF using the Linux kernel, a Null Pointer Dereference v... | S | |
| CVE-2014-9944 | In the Secure File System in all Android releases from CAF using the Linux kernel, an Integer Overfl... | S | |
| CVE-2014-9945 | In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Authorization vuln... | S | |
| CVE-2014-9946 | In Core Kernel in all Android releases from CAF using the Linux kernel, a Use After Free vulnerabili... | S | |
| CVE-2014-9947 | In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure vulner... | S | |
| CVE-2014-9948 | In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Validation of Arra... | S | |
| CVE-2014-9949 | In TrustZone in all Android releases from CAF using the Linux kernel, an Untrusted Pointer Dereferen... | S | |
| CVE-2014-9950 | In Core Kernel in all Android releases from CAF using the Linux kernel, an Improper Authorization vu... | S | |
| CVE-2014-9951 | In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure Throug... | S | |
| CVE-2014-9952 | In the Secure File System in all Android releases from CAF using the Linux kernel, a capture-replay ... | S | |
| CVE-2014-9953 | An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Vers... | | |
| CVE-2014-9954 | An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Vers... | | |
| CVE-2014-9955 | An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Vers... | | |
| CVE-2014-9956 | An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Vers... | | |
| CVE-2014-9957 | An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Vers... | | |
| CVE-2014-9958 | An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Vers... | | |
| CVE-2014-9959 | An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Vers... | | |
| CVE-2014-9960 | In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in t... | | |
| CVE-2014-9961 | In all Android releases from CAF using the Linux kernel, a vulnerability in eMMC write protection ex... | | |
| CVE-2014-9962 | In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of a ... | | |
| CVE-2014-9963 | In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in W... | | |
| CVE-2014-9964 | In all Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in... | | |
| CVE-2014-9965 | In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of an... | | |
| CVE-2014-9966 | In all Android releases from CAF using the Linux kernel, a Time-of-check Time-of-use (TOCTOU) Race C... | | |
| CVE-2014-9967 | In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerabil... | | |
| CVE-2014-9968 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vu... | | |
| CVE-2014-9969 | In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may u... | | |
| CVE-2014-9970 | jasypt before 1.9.2 allows a timing attack against the password hash comparison.... | S | |
| CVE-2014-9971 | In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts ca... | | |
| CVE-2014-9972 | In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts ca... | | |
| CVE-2014-9973 | In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of a buff... | | |
| CVE-2014-9974 | In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer... | | |
| CVE-2014-9975 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerabi... | | |
| CVE-2014-9976 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vu... | | |
| CVE-2014-9977 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vu... | | |
| CVE-2014-9978 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vu... | | |
| CVE-2014-9979 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a variable is uninit... | | |
| CVE-2014-9980 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a Sample App failed ... | | |
| CVE-2014-9981 | In all Qualcomm products with Android releases from CAF using the Linux kernel, an overflow check in... | | |
| CVE-2014-9982 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2014-9983 | Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, incl... | E | |
| CVE-2014-9984 | nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the si... | S | |
| CVE-2014-9985 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M,... | | |
| CVE-2014-9986 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snap... | | |
| CVE-2014-9987 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snap... | | |
| CVE-2014-9988 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snap... | | |
| CVE-2014-9989 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapd... | | |
| CVE-2014-9990 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapd... | | |
| CVE-2014-9991 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapd... | | |
| CVE-2014-9992 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2014-9993 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snap... | | |
| CVE-2014-9994 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 an... | | |
| CVE-2014-9995 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 an... | | |
| CVE-2014-9996 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 an... | | |
| CVE-2014-9997 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapd... | | |
| CVE-2014-9998 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snap... | | |
| CVE-2014-9999 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This ID is frequently ... | R |