| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
11801 |
CVE-2014-2199 |
200 |
|
+Info |
2014-05-20 |
2016-09-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before 27.32.31.16, 28 before 28.12.13.18, and 29 before 29.5.1.12 allows remote attackers to obtain sensitive meeting information by leveraging knowledge of a meeting identifier, aka Bug IDs CSCuo68624 and CSCue46738. |
|
11802 |
CVE-2014-2188 |
287 |
|
Bypass |
2015-02-26 |
2015-02-27 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connection attempt with a blank password, aka Bug IDs CSCuo09400 and CSCun16016. |
|
11803 |
CVE-2014-2184 |
20 |
|
+Info |
2014-04-29 |
2014-04-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCun74352. |
|
11804 |
CVE-2014-2179 |
20 |
|
|
2014-11-07 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a crafted HTTP request, aka Bug ID CSCuh86998. |
|
11805 |
CVE-2014-2155 |
20 |
|
DoS |
2014-04-19 |
2014-04-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The DHCPv6 server module in Cisco CNS Network Registrar 7.1 allows remote attackers to cause a denial of service (daemon reload) via a malformed DHCPv6 packet, aka Bug ID CSCuo07437. |
|
11806 |
CVE-2014-2154 |
399 |
|
DoS |
2014-04-23 |
2014-04-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in the SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to cause a denial of service (memory consumption and instability) via crafted SIP packets, aka Bug ID CSCuf67469. |
|
11807 |
CVE-2014-2143 |
|
|
DoS |
2014-04-04 |
2014-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The IKE implementation in Cisco IOS 15.4(1)T and earlier and IOS XE allows remote attackers to cause a denial of service (security-association drop) via crafted Main Mode packets, aka Bug ID CSCun31021. |
|
11808 |
CVE-2014-2142 |
|
|
DoS |
2014-04-12 |
2014-04-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco ONS 15454 controller cards with software 10.0 and earlier allow remote attackers to cause a denial of service (card reload) via a crafted HTTP URI, aka Bug ID CSCun06870. |
|
11809 |
CVE-2014-2140 |
|
|
DoS |
2014-04-12 |
2014-04-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco ONS 15454 controller cards with software 9.6 and earlier allow remote attackers to cause a denial of service (card reset) via a TCP FIN attack that triggers file-descriptor exhaustion and a failure to open a CAL pipe, aka Bug ID CSCug97348. |
|
11810 |
CVE-2014-2139 |
|
|
DoS |
2014-04-12 |
2014-04-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco ONS 15454 controller cards with software 9.6 and earlier allow remote attackers to cause a denial of service (flash write outage) via a TCP FIN attack that triggers file-descriptor exhaustion, aka Bug ID CSCug97315. |
|
11811 |
CVE-2014-2128 |
287 |
|
Bypass |
2014-04-10 |
2014-04-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47, 8.3 before 8.3(2.40), 8.4 before 8.4(7.3), 8.6 before 8.6(1.13), 9.0 before 9.0(3.8), and 9.1 before 9.1(3.2) allows remote attackers to bypass authentication via (1) a crafted cookie value within modified HTTP POST data or (2) a crafted URL, aka Bug ID CSCua85555. |
|
11812 |
CVE-2014-2122 |
20 |
|
DoS |
2014-03-18 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in the GUI in the Impact server in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, aka Bug ID CSCub58999. |
|
11813 |
CVE-2014-2121 |
20 |
|
DoS |
2014-03-18 |
2016-09-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Java-based software in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (closing of TCP ports) via unspecified vectors, aka Bug IDs CSCug77633, CSCug77667, CSCug78266, CSCug82795, and CSCuh58643. |
|
11814 |
CVE-2014-2078 |
200 |
|
+Info |
2018-04-10 |
2019-04-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The backend in Open-Xchange (OX) AppSuite 7.4.2 before 7.4.2-rev9 allows remote attackers to obtain sensitive information about user email addresses in opportunistic circumstances by leveraging a failure in e-mail auto configuration for external accounts. |
|
11815 |
CVE-2014-2069 |
22 |
|
Dir. Trav. |
2018-04-16 |
2018-05-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Absolute path traversal vulnerability in Eshtery CMS allows remote attackers to read arbitrary files via a full pathname in the file parameter to FileManager.aspx. |
|
11816 |
CVE-2014-2064 |
200 |
|
+Info |
2014-10-17 |
2016-06-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts. |
|
11817 |
CVE-2014-2061 |
310 |
|
|
2014-10-17 |
2016-06-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value. |
|
11818 |
CVE-2014-2060 |
|
|
|
2014-10-17 |
2016-06-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors. |
|
11819 |
CVE-2014-2049 |
264 |
|
|
2014-03-14 |
2014-03-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors. |
|
11820 |
CVE-2014-2037 |
20 |
|
DoS |
2014-11-26 |
2019-07-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466. |
|
11821 |
CVE-2014-2020 |
189 |
|
+Info |
2014-02-18 |
2014-03-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226. |
|
11822 |
CVE-2014-2017 |
93 |
|
Http R.Spl. |
2018-01-18 |
2018-02-06 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
CRLF injection vulnerability in OXID eShop Professional Edition before 4.7.11 and 4.8.x before 4.8.4, Enterprise Edition before 5.0.11 and 5.1.x before 5.1.4, and Community Edition before 4.7.11 and 4.8.x before 4.8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. |
|
11823 |
CVE-2014-2009 |
200 |
1
|
+Info |
2014-09-12 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to obtain credentials, the installation path, and other sensitive information via a direct request to api/curllog.log. |
|
11824 |
CVE-2014-2004 |
119 |
|
DoS Overflow |
2014-06-16 |
2014-06-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The PPP Access Concentrator (PPPAC) on SEIL SEIL/x86 routers 1.00 through 3.10, SEIL/X1 routers 1.00 through 4.50, SEIL/X2 routers 1.00 through 4.50, SEIL/B1 routers 1.00 through 4.50, SEIL/Turbo routers 1.80 through 2.17, and SEIL/neu 2FE Plus routers 1.80 through 2.17 allows remote attackers to cause a denial of service (session termination or concentrator outage) via a crafted TCP packet. |
|
11825 |
CVE-2014-2001 |
310 |
|
+Info |
2014-06-19 |
2014-06-19 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The East Japan Railway Company JR East Japan application before 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate. |
|
11826 |
CVE-2014-1991 |
20 |
|
|
2014-05-09 |
2014-05-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Open redirect vulnerability in WebPlatform / AppFramework 6.0 through 7.2 in NTT DATA INTRAMART intra-mart allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. |
|
11827 |
CVE-2014-1986 |
264 |
|
Bypass |
2014-04-15 |
2014-04-19 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The Content Provider in the KOKUYO CamiApp application 1.21.1 and earlier for Android allows attackers to bypass intended access restrictions and read database information via a crafted application. |
|
11828 |
CVE-2014-1985 |
20 |
|
|
2014-04-11 |
2017-12-15 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x before 2.5.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the back url (back_url parameter). |
|
11829 |
CVE-2014-1976 |
310 |
|
+Info |
2014-03-18 |
2014-03-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The Demaecan application 2.1.0 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
|
11830 |
CVE-2014-1975 |
22 |
|
Dir. Trav. |
2014-03-18 |
2015-07-30 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Directory traversal vulnerability in the R-Company Unzipper application 1.0.1 and earlier for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename. |
|
11831 |
CVE-2014-1973 |
22 |
|
Dir. Trav. |
2014-07-20 |
2015-08-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Directory traversal vulnerability in the NextApp File Explorer application before 2.1.0.3 for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename. |
|
11832 |
CVE-2014-1970 |
22 |
|
Dir. Trav. |
2014-03-20 |
2014-03-20 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Directory traversal vulnerability in the ES File Explorer File Manager application before 3.0.4 for Android allows remote attackers to overwrite or create arbitrary files via unspecified vectors. |
|
11833 |
CVE-2014-1969 |
22 |
|
Dir. Trav. |
2014-04-11 |
2014-04-14 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Directory traversal vulnerability in the [email protected] SD Card Manager application before 20140224 for Android allows attackers to overwrite or create arbitrary files via a crafted filename. |
|
11834 |
CVE-2014-1967 |
310 |
|
+Info |
2014-02-26 |
2014-02-27 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The Denny's application before 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
|
11835 |
CVE-2014-1963 |
|
|
DoS |
2014-02-14 |
2018-12-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allows remote attackers to cause a denial of service via unknown attack vectors. |
|
11836 |
CVE-2014-1962 |
200 |
|
+Info |
2014-02-14 |
2018-12-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue. |
|
11837 |
CVE-2014-1961 |
|
|
+Info |
2014-02-14 |
2018-12-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain sensitive path information via unknown attack vectors. |
|
11838 |
CVE-2014-1960 |
264 |
|
+Info |
2014-02-14 |
2018-12-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors. |
|
11839 |
CVE-2014-1959 |
264 |
|
Bypass |
2014-03-06 |
2016-11-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates. |
|
11840 |
CVE-2014-1956 |
|
|
Http R.Spl. |
2014-04-30 |
2014-07-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
CRLF injection vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. |
|
11841 |
CVE-2014-1943 |
399 |
|
DoS |
2014-02-18 |
2014-11-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file. |
|
11842 |
CVE-2014-1916 |
399 |
|
DoS |
2014-02-07 |
2014-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The (1) opus_packet_get_nb_frames and (2) opus_packet_get_samples_per_frame functions in the client in MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d and Mumble for iOS 1.1 through 1.2.2 do not properly check the return value of the copyDataBlock method, which allow remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted length prefix value in an Opus voice packet. |
|
11843 |
CVE-2014-1910 |
310 |
|
+Info |
2014-02-21 |
2015-11-04 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2.4.4 for Android do not verify X.509 certificates from SSL servers, which allow man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
|
11844 |
CVE-2014-1908 |
200 |
|
+Info |
2014-12-29 |
2014-12-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. |
|
11845 |
CVE-2014-1900 |
200 |
|
Bypass +Info |
2015-05-13 |
2015-05-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and YCW003; and Y-cam Original Range YCB001, YCW001, running firmware 4.30 and earlier, allow remote attackers to bypass authentication and obtain sensitive information via a leading "/./" in a request to en/account/accedit.asp. |
|
11846 |
CVE-2014-1895 |
189 |
|
DoS +Info |
2014-04-01 |
2017-01-06 |
5.8 |
None |
Local Network |
Medium |
Single system |
Partial |
None |
Complete |
|
Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service (host crash) or obtain sensitive information from hypervisor memory by leveraging a FLASK_AVC_CACHESTAT hypercall, which triggers a buffer over-read. |
|
11847 |
CVE-2014-1894 |
189 |
|
DoS Overflow |
2014-04-01 |
2017-01-06 |
5.2 |
None |
Local Network |
Medium |
Single system |
None |
None |
Complete |
|
Multiple integer overflows in unspecified suboperations in the flask hypercall in Xen 3.2.x and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1893. |
|
11848 |
CVE-2014-1893 |
189 |
|
DoS Overflow |
2014-04-01 |
2017-01-06 |
5.2 |
None |
Local Network |
Medium |
Single system |
None |
None |
Complete |
|
Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETBOOL suboperations in the flask hypercall in Xen 4.1.x, 3.3.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1894. |
|
11849 |
CVE-2014-1892 |
119 |
|
DoS Overflow |
2014-04-01 |
2017-01-06 |
5.2 |
None |
Local Network |
Medium |
Single system |
None |
None |
Complete |
|
Xen 3.3 through 4.1, when XSM is enabled, allows local users to cause a denial of service via vectors related to a "large memory allocation," a different vulnerability than CVE-2014-1891, CVE-2014-1893, and CVE-2014-1894. |
|
11850 |
CVE-2014-1891 |
189 |
|
DoS Overflow |
2014-04-01 |
2017-01-06 |
5.2 |
None |
Local Network |
Medium |
Single system |
None |
None |
Complete |
|
Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1892, CVE-2014-1893, and CVE-2014-1894. |
