| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
9751 |
CVE-2014-2415 |
|
|
|
2014-04-15 |
2016-05-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Data Quality, a different vulnerability than CVE-2014-2407, CVE-2014-2416, CVE-2014-2417, and CVE-2014-2418. |
|
9752 |
CVE-2014-2407 |
|
|
|
2014-04-15 |
2016-05-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Data Quality, a different vulnerability than CVE-2014-2415, CVE-2014-2416, CVE-2014-2417, and CVE-2014-2418. |
|
9753 |
CVE-2014-2403 |
|
|
|
2014-04-15 |
2018-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via vectors related to JAXP. |
|
9754 |
CVE-2014-2401 |
|
|
|
2014-04-15 |
2018-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality via unknown vectors related to 2D. |
|
9755 |
CVE-2014-2386 |
189 |
|
DoS Overflow |
2014-03-25 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, allow remote attackers to cause a denial of service (crash) via unspecified vectors to the (1) display_nav_table, (2) print_export_link, (3) page_num_selector, or (4) page_limit_selector function in cgi/cgiutils.c or (5) status_page_num_selector function in cgi/status.c, which triggers a stack-based buffer overflow. |
|
9756 |
CVE-2014-2379 |
310 |
|
|
2014-09-05 |
2014-09-08 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not use encryption, which allows remote attackers to interfere with traffic control by replaying transmissions on a wireless network. |
|
9757 |
CVE-2014-2377 |
200 |
|
+Info |
2014-09-15 |
2014-09-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag. |
|
9758 |
CVE-2014-2368 |
200 |
|
+Info |
2014-07-19 |
2014-07-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call. |
|
9759 |
CVE-2014-2365 |
|
|
|
2014-07-19 |
2014-07-23 |
5.5 |
None |
Remote |
Low |
Single system |
None |
Partial |
Partial |
|
Unspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to create or delete arbitrary files via unknown vectors. |
|
9760 |
CVE-2014-2356 |
200 |
|
+Info |
2014-07-30 |
2014-08-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request. |
|
9761 |
CVE-2014-2354 |
255 |
|
|
2014-05-30 |
2014-06-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack. |
|
9762 |
CVE-2014-2342 |
20 |
|
DoS |
2014-05-30 |
2014-06-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote attackers to cause a denial of service (excessive data processing) via a crafted DNP3 packet. |
|
9763 |
CVE-2014-2332 |
20 |
|
|
2015-08-31 |
2015-09-01 |
5.5 |
None |
Remote |
Low |
Single system |
None |
Partial |
Partial |
|
Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allows remote authenticated users to delete arbitrary files via a request to an unspecified link, related to "Insecure Direct Object References." NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330. |
|
9764 |
CVE-2014-2324 |
22 |
|
Dir. Trav. |
2014-03-14 |
2016-08-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname. |
|
9765 |
CVE-2014-2319 |
310 |
|
+Info |
2014-03-14 |
2014-03-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Encrypt Files feature in ConeXware PowerArchiver before 14.02.05 uses legacy ZIP encryption even if the AES 256-bit selection is chosen, which makes it easier for context-dependent attackers to obtain sensitive information via a known-plaintext attack. |
|
9766 |
CVE-2014-2310 |
20 |
|
DoS |
2014-04-17 |
2014-04-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-6151. |
|
9767 |
CVE-2014-2301 |
200 |
|
+Info |
2014-05-12 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
OrbiTeam BSCW before 5.0.8 allows remote attackers to obtain sensitive metadata via the inf operations (op=inf) to an object in pub/bscw.cgi/. |
|
9768 |
CVE-2014-2284 |
20 |
|
DoS |
2014-03-24 |
2014-09-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors. |
|
9769 |
CVE-2014-2278 |
20 |
|
Exec Code |
2014-10-17 |
2014-10-23 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Unrestricted file upload vulnerability in op/op.AddFile2.php in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension specified by the partitionIndex parameter and leveraging CVE-2014-2279.2 to access it via the directory specified by the fileId parameter. |
|
9770 |
CVE-2014-2276 |
264 |
|
+Info |
2014-03-21 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The FileUploadController servlet in EMC Connectrix Manager Converged Network Edition (CMCNE) before 12.1.5 does not properly restrict additions to the Connectrix Manager repository, which allows remote attackers to obtain sensitive information by importing a crafted firmware file. |
|
9771 |
CVE-2014-2268 |
264 |
1
|
|
2014-11-15 |
2017-11-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the db_name parameter. |
|
9772 |
CVE-2014-2265 |
264 |
|
Bypass |
2014-03-14 |
2014-04-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Rock Lobster Contact Form 7 before 3.7.2 allows remote attackers to bypass the CAPTCHA protection mechanism and submit arbitrary form data by omitting the _wpcf7_captcha_challenge_captcha-719 parameter. |
|
9773 |
CVE-2014-2249 |
352 |
|
CSRF |
2014-03-16 |
2014-03-26 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 and SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
|
9774 |
CVE-2014-2247 |
|
|
|
2014-03-16 |
2014-03-25 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
The integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to inject headers via unspecified vectors. |
|
9775 |
CVE-2014-2243 |
362 |
|
|
2014-03-01 |
2014-03-03 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
includes/User.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 terminates validation of a user token upon encountering the first incorrect character, which makes it easier for remote attackers to obtain access via a brute-force attack that relies on timing differences in responses to incorrect token guesses. |
|
9776 |
CVE-2014-2237 |
264 |
|
Bypass |
2014-04-01 |
2015-04-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being invalidated by bulk token revocation and allows the trustee to bypass intended access restrictions. |
|
9777 |
CVE-2014-2233 |
|
|
|
2014-12-01 |
2014-12-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Server-side request forgery (SSRF) vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to trigger requests to intranet servers via unspecified vectors. |
|
9778 |
CVE-2014-2232 |
21 |
|
|
2014-12-01 |
2018-12-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Absolute path traversal vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to read arbitrary files via unspecified vectors. |
|
9779 |
CVE-2014-2230 |
|
|
|
2014-10-23 |
2017-08-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php. |
|
9780 |
CVE-2014-2224 |
254 |
|
Bypass |
2014-12-29 |
2014-12-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Plogger 1.0 RC1 and earlier, when the Lucid theme is used, does not assign new values for certain codes, which makes it easier for remote attackers to bypass the CAPTCHA protection mechanism via a series of form submissions. |
|
9781 |
CVE-2014-2212 |
255 |
|
+Info |
2014-04-01 |
2014-04-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The remember me feature in portal/scr_authentif.php in POSH (aka Posh portal or Portaneo) 3.0, 3.2.1, 3.3.0, and earlier stores the username and MD5 digest of the password in cleartext in a cookie, which allows attackers to obtain sensitive information by reading this cookie. |
|
9782 |
CVE-2014-2209 |
264 |
|
Bypass |
2014-12-28 |
2014-12-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory. |
|
9783 |
CVE-2014-2199 |
200 |
|
+Info |
2014-05-20 |
2016-09-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before 27.32.31.16, 28 before 28.12.13.18, and 29 before 29.5.1.12 allows remote attackers to obtain sensitive meeting information by leveraging knowledge of a meeting identifier, aka Bug IDs CSCuo68624 and CSCue46738. |
|
9784 |
CVE-2014-2188 |
287 |
|
Bypass |
2015-02-26 |
2015-02-27 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connection attempt with a blank password, aka Bug IDs CSCuo09400 and CSCun16016. |
|
9785 |
CVE-2014-2184 |
20 |
|
+Info |
2014-04-29 |
2014-04-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCun74352. |
|
9786 |
CVE-2014-2179 |
20 |
|
|
2014-11-07 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a crafted HTTP request, aka Bug ID CSCuh86998. |
|
9787 |
CVE-2014-2155 |
20 |
|
DoS |
2014-04-19 |
2014-04-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The DHCPv6 server module in Cisco CNS Network Registrar 7.1 allows remote attackers to cause a denial of service (daemon reload) via a malformed DHCPv6 packet, aka Bug ID CSCuo07437. |
|
9788 |
CVE-2014-2154 |
399 |
|
DoS |
2014-04-23 |
2014-04-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in the SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to cause a denial of service (memory consumption and instability) via crafted SIP packets, aka Bug ID CSCuf67469. |
|
9789 |
CVE-2014-2143 |
|
|
DoS |
2014-04-04 |
2014-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The IKE implementation in Cisco IOS 15.4(1)T and earlier and IOS XE allows remote attackers to cause a denial of service (security-association drop) via crafted Main Mode packets, aka Bug ID CSCun31021. |
|
9790 |
CVE-2014-2142 |
|
|
DoS |
2014-04-12 |
2014-04-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco ONS 15454 controller cards with software 10.0 and earlier allow remote attackers to cause a denial of service (card reload) via a crafted HTTP URI, aka Bug ID CSCun06870. |
|
9791 |
CVE-2014-2140 |
|
|
DoS |
2014-04-12 |
2014-04-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco ONS 15454 controller cards with software 9.6 and earlier allow remote attackers to cause a denial of service (card reset) via a TCP FIN attack that triggers file-descriptor exhaustion and a failure to open a CAL pipe, aka Bug ID CSCug97348. |
|
9792 |
CVE-2014-2139 |
|
|
DoS |
2014-04-12 |
2014-04-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco ONS 15454 controller cards with software 9.6 and earlier allow remote attackers to cause a denial of service (flash write outage) via a TCP FIN attack that triggers file-descriptor exhaustion, aka Bug ID CSCug97315. |
|
9793 |
CVE-2014-2128 |
287 |
|
Bypass |
2014-04-10 |
2014-04-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47, 8.3 before 8.3(2.40), 8.4 before 8.4(7.3), 8.6 before 8.6(1.13), 9.0 before 9.0(3.8), and 9.1 before 9.1(3.2) allows remote attackers to bypass authentication via (1) a crafted cookie value within modified HTTP POST data or (2) a crafted URL, aka Bug ID CSCua85555. |
|
9794 |
CVE-2014-2122 |
20 |
|
DoS |
2014-03-18 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in the GUI in the Impact server in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, aka Bug ID CSCub58999. |
|
9795 |
CVE-2014-2121 |
20 |
|
DoS |
2014-03-18 |
2016-09-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Java-based software in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (closing of TCP ports) via unspecified vectors, aka Bug IDs CSCug77633, CSCug77667, CSCug78266, CSCug82795, and CSCuh58643. |
|
9796 |
CVE-2014-2078 |
200 |
|
+Info |
2018-04-10 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The backend in Open-Xchange (OX) AppSuite 7.4.2 before 7.4.2-rev9 allows remote attackers to obtain sensitive information about user email addresses in opportunistic circumstances by leveraging a failure in e-mail auto configuration for external accounts. |
|
9797 |
CVE-2014-2069 |
22 |
|
Dir. Trav. |
2018-04-16 |
2018-05-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Absolute path traversal vulnerability in Eshtery CMS allows remote attackers to read arbitrary files via a full pathname in the file parameter to FileManager.aspx. |
|
9798 |
CVE-2014-2064 |
200 |
|
+Info |
2014-10-17 |
2016-06-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts. |
|
9799 |
CVE-2014-2061 |
310 |
|
|
2014-10-17 |
2016-06-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value. |
|
9800 |
CVE-2014-2060 |
|
|
|
2014-10-17 |
2016-06-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors. |
