| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
11451 |
CVE-2014-4639 |
189 |
|
|
2015-01-06 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
EMC Documentum Web Development Kit (WDK) before 6.8 does not properly generate random numbers for a certain parameter related to Webtop components, which makes it easier for remote attackers to conduct phishing attacks via brute-force attempts to predict the parameter value. |
|
11452 |
CVE-2014-4638 |
200 |
|
+Info |
2015-01-06 |
2016-12-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to conduct frame-injection attacks and obtain sensitive information via unspecified vectors. |
|
11453 |
CVE-2014-4631 |
287 |
|
Bypass |
2014-12-08 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phone (Authentify) functionality, conducts permanent device binding even when authentication fails, which allows remote attackers to bypass authentication. |
|
11454 |
CVE-2014-4624 |
264 |
|
|
2014-10-25 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and GSAN passwords via a crafted call. |
|
11455 |
CVE-2014-4617 |
20 |
|
DoS |
2014-06-25 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence. |
|
11456 |
CVE-2014-4615 |
200 |
|
+Info |
2014-08-19 |
2017-01-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request). |
|
11457 |
CVE-2014-4611 |
20 |
|
DoS Overflow Mem. Corr. |
2014-07-03 |
2018-12-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4_uncompress function in lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run that would be improperly handled by programs not complying with an API limitation, a different vulnerability than CVE-2014-4715. |
|
11458 |
CVE-2014-4608 |
119 |
|
DoS Overflow Mem. Corr. |
2014-07-03 |
2015-06-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
** DISPUTED ** Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is *not* affected; media hype." |
|
11459 |
CVE-2014-4577 |
22 |
|
Dir. Trav. |
2014-10-21 |
2014-11-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Absolute path traversal vulnerability in reviews.php in the WP AmASIN - The Amazon Affiliate Shop plugin 0.9.6 and earlier for WordPress allows remote attackers to read arbitrary files via a full pathname in the url parameter. |
|
11460 |
CVE-2014-4496 |
264 |
|
Bypass |
2015-01-30 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app. |
|
11461 |
CVE-2014-4491 |
200 |
|
Bypass +Info |
2015-01-30 |
2015-11-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app. |
|
11462 |
CVE-2014-4465 |
20 |
|
Bypass |
2014-12-10 |
2015-02-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an SVG file in the SRC attribute of an IMG element. |
|
11463 |
CVE-2014-4462 |
399 |
|
DoS Exec Code Mem. Corr. |
2014-11-18 |
2017-08-28 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4452. |
|
11464 |
CVE-2014-4458 |
200 |
|
+Info |
2014-11-18 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The "System Profiler About This Mac" component in Apple OS X before 10.10.1 includes extraneous cookie data in system-model requests, which might allow remote attackers to obtain sensitive information via unspecified vectors. |
|
11465 |
CVE-2014-4453 |
200 |
|
+Info |
2014-11-18 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors. |
|
11466 |
CVE-2014-4452 |
399 |
|
DoS Exec Code Mem. Corr. |
2014-11-18 |
2019-07-16 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462. |
|
11467 |
CVE-2014-4428 |
310 |
|
|
2014-10-17 |
2017-08-28 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Bluetooth in Apple OS X before 10.10 does not require encryption for HID Low Energy devices, which allows remote attackers to spoof a device by leveraging previous pairing. |
|
11468 |
CVE-2014-4417 |
20 |
|
DoS |
2014-10-17 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Safari in Apple OS X before 10.10 allows remote attackers to cause a denial of service (universal Push Notification outage) via a web site that triggers an uncaught SafariNotificationAgent exception by providing a crafted Push Notification. |
|
11469 |
CVE-2014-4378 |
119 |
|
DoS Overflow +Info |
2014-09-18 |
2017-08-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted PDF document. |
|
11470 |
CVE-2014-4374 |
|
|
|
2014-09-18 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. |
|
11471 |
CVE-2014-4366 |
255 |
|
+Info |
2014-09-18 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Mail in Apple iOS before 8 does not prevent sending a LOGIN command to a LOGINDISABLED IMAP server, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. |
|
11472 |
CVE-2014-4363 |
255 |
|
+Info |
2014-09-18 |
2019-07-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509 certificate, or (3) an IFRAME element. |
|
11473 |
CVE-2014-4362 |
200 |
|
+Info |
2014-09-18 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted app. |
|
11474 |
CVE-2014-4361 |
200 |
|
+Info |
2014-09-18 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a crafted background app. |
|
11475 |
CVE-2014-4354 |
264 |
|
Bypass |
2014-09-18 |
2017-08-28 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session. |
|
11476 |
CVE-2014-4347 |
200 |
|
+Info |
2014-07-16 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) before 9.3-62.4 and 10.x before 10.1-126.12 allows attackers to obtain sensitive information via vectors related to a cookie. |
|
11477 |
CVE-2014-4342 |
119 |
|
DoS Overflow |
2014-07-20 |
2017-11-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session. |
|
11478 |
CVE-2014-4341 |
119 |
|
DoS Overflow |
2014-07-20 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session. |
|
11479 |
CVE-2014-4336 |
77 |
|
Exec Code |
2014-06-22 |
2018-01-03 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. |
|
11480 |
CVE-2014-4311 |
200 |
1
|
+Info |
2014-11-03 |
2014-11-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allows attackers to obtain the (1) Database Connection and (2) E-mail Connection passwords by reading HTML source code of the database connection and email settings page. |
|
11481 |
CVE-2014-4306 |
22 |
|
Dir. Trav. |
2014-06-18 |
2014-06-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in logs-x.php in WebTitan before 4.04 allows remote attackers to read arbitrary files via a .. (dot dot) in the logfile parameter in a download action. |
|
11482 |
CVE-2014-4277 |
|
|
|
2014-10-15 |
2015-11-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality via unknown vectors related to Automated Install Engine, a different vulnerability than CVE-2014-4283. |
|
11483 |
CVE-2014-4271 |
|
|
|
2014-07-17 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the Hyperion Essbase component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to affect availability via unknown vectors related to Agent. |
|
11484 |
CVE-2014-4268 |
|
|
|
2014-07-17 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Swing. |
|
11485 |
CVE-2014-4266 |
|
|
|
2014-07-17 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Serviceability. |
|
11486 |
CVE-2014-4265 |
|
|
|
2014-07-17 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment. |
|
11487 |
CVE-2014-4264 |
|
|
|
2014-07-17 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect availability via unknown vectors related to Security. |
|
11488 |
CVE-2014-4260 |
|
|
|
2014-07-17 |
2018-10-09 |
5.5 |
None |
Remote |
Low |
Single system |
None |
Partial |
Partial |
|
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR. |
|
11489 |
CVE-2014-4256 |
|
|
|
2014-07-17 |
2018-10-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality and integrity via vectors related to WLS - Deployment. |
|
11490 |
CVE-2014-4253 |
|
|
|
2014-07-17 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect availability via vectors related to WebLogic Server JVM. |
|
11491 |
CVE-2014-4252 |
|
|
|
2014-07-17 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security. |
|
11492 |
CVE-2014-4249 |
|
|
|
2014-07-17 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the BI Publisher component in Oracle Fusion Middleware 11.1.1.7 allows remote attackers to affect confidentiality via unknown vectors related to Mobile Service. |
|
11493 |
CVE-2014-4234 |
|
|
|
2014-07-17 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3, 6.3.1, 6.3.2, 6.3.3, and 6.3.4 allows remote attackers to affect confidentiality via unknown vectors related to Data, Domain & Function Security. |
|
11494 |
CVE-2014-4229 |
|
|
|
2014-07-17 |
2018-10-09 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.2, 6.3, 6.3.1, 6.3.2, 6.3.3, and 6.3.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Data, Domain, and Function Security. |
|
11495 |
CVE-2014-4226 |
|
|
|
2014-07-17 |
2018-10-09 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in the PeopleSoft Enterprise FIN Install component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. |
|
11496 |
CVE-2014-4220 |
|
|
|
2014-07-17 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4208. |
|
11497 |
CVE-2014-4218 |
|
|
|
2014-07-17 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries. |
|
11498 |
CVE-2014-4211 |
|
|
|
2014-07-17 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.7 and 11.1.1.8 allows remote attackers to affect integrity via unknown vectors related to Portlet Services. |
|
11499 |
CVE-2014-4210 |
|
|
|
2014-07-17 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services. |
|
11500 |
CVE-2014-4202 |
|
|
|
2014-07-17 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect availability via vectors related to WLS - Web Services. |
