| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1551 |
CVE-2014-9417 |
20 |
|
DoS |
2014-12-24 |
2014-12-29 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The Meeting component in Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted image. |
|
1552 |
CVE-2014-9269 |
79 |
|
XSS |
2015-01-09 |
2017-01-02 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 through 1.2.x before 1.2.18, when Extended project browser is enabled, allows remote attackers to inject arbitrary web script or HTML via the project cookie. |
|
1553 |
CVE-2014-9252 |
200 |
|
+Info |
2014-12-15 |
2016-03-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Zenoss Core through 5 Beta 3 stores cleartext passwords in the session database, which might allow local users to obtain sensitive information by reading database entries, aka ZEN-15416. |
|
1554 |
CVE-2014-9191 |
399 |
|
DoS |
2015-01-09 |
2016-12-07 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The CodeWrights HART Device Type Manager (DTM) library in Emerson HART DTM before 1.4.181 allows physically proximate attackers to cause a denial of service (DTM outage and FDT Frame application hang) by transmitting crafted response packets on the 4-20 mA current loop. |
|
1555 |
CVE-2014-8991 |
264 |
|
DoS |
2014-11-24 |
2016-11-22 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user. |
|
1556 |
CVE-2014-8889 |
200 |
|
+Info |
2017-09-25 |
2018-10-09 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Dropbox SDK for Android before 1.6.2 might allow remote attackers to obtain sensitive information via crafted malware or via a drive-by download attack. |
|
1557 |
CVE-2014-8834 |
200 |
|
+Info |
2015-01-30 |
2017-09-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
UserAccountUpdater in Apple OS X 10.10 before 10.10.2 stores a PDF document's password in a printing preference file, which allows local users to obtain sensitive information by reading a file. |
|
1558 |
CVE-2014-8833 |
284 |
|
|
2015-01-30 |
2017-09-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
SpotlightIndex in Apple OS X before 10.10.2 does not properly perform deserialization during access to a permission cache, which allows local users to read search results associated with other users' protected files via a Spotlight query. |
|
1559 |
CVE-2014-8827 |
284 |
|
+Info |
2015-01-30 |
2017-09-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
LoginWindow in Apple OS X before 10.10.2 does not transition to the lock-screen state immediately upon being woken from sleep, which allows physically proximate attackers to obtain sensitive information by reading the screen. |
|
1560 |
CVE-2014-8733 |
200 |
|
+Info |
2015-02-10 |
2015-02-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Cloudera Manager 5.2.0, 5.2.1, and 5.3.0 stores the LDAP bind password in plaintext in unspecified world-readable files under /etc/hadoop, which allows local users to obtain this password. |
|
1561 |
CVE-2014-8716 |
125 |
|
DoS |
2017-04-11 |
2017-04-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service (out-of-bounds memory access and crash). |
|
1562 |
CVE-2014-8607 |
200 |
|
+Info |
2015-06-10 |
2015-06-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! provides the MySQL username and password on the command line, which allows local users to obtain sensitive information via the ps command. |
|
1563 |
CVE-2014-8537 |
200 |
|
+Info |
2014-10-29 |
2017-09-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading the logs. |
|
1564 |
CVE-2014-8536 |
200 |
|
+Info |
2014-10-29 |
2017-09-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading unspecified error messages. |
|
1565 |
CVE-2014-8534 |
|
|
DoS |
2014-10-29 |
2014-10-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the login form in McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to cause a denial of service via a crafted value in the domain field. |
|
1566 |
CVE-2014-8529 |
310 |
|
+Info |
2014-10-29 |
2014-10-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
McAfee Network Data Loss Prevention (NDLP) before 9.3 stores the SSH key in cleartext, which allows local users to obtain sensitive information via unspecified vectors. |
|
1567 |
CVE-2014-8528 |
200 |
|
+Info |
2014-10-29 |
2014-10-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
McAfee Network Data Loss Prevention (NDLP) before 9.3 logs session IDs, which allows local users to obtain sensitive information by reading the audit log. |
|
1568 |
CVE-2014-8526 |
200 |
|
+Info |
2014-10-29 |
2014-10-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local users to obtain sensitive information by reading a Java stack trace. |
|
1569 |
CVE-2014-8519 |
|
|
|
2014-10-29 |
2014-10-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to read arbitrary files via unknown vectors. |
|
1570 |
CVE-2014-8518 |
255 |
|
|
2014-10-29 |
2014-11-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The (1) Removable Media and (2) CD and DVD encryption offsite access options (formerly Endpoint Encryption for Removable Media or EERM) in McAfee File and Removable Media Protection (FRP) 4.3.0.x, and Endpoint Encryption for Files and Folders (EEFF) 3.2.x through 4.2.x, uses a hard-coded salt, which makes it easier for local users to obtain passwords via a brute force attack. |
|
1571 |
CVE-2014-8476 |
200 |
|
+Info |
2014-11-13 |
2014-11-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer. |
|
1572 |
CVE-2014-8399 |
|
|
DoS |
2014-10-31 |
2014-11-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The default configuration in systemd-shim 8 enables the Abandon debugging clause, which allows local users to cause a denial of service via unspecified vectors. |
|
1573 |
CVE-2014-8335 |
255 |
|
+Info |
2018-01-05 |
2018-01-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
(1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process. |
|
1574 |
CVE-2014-8180 |
287 |
|
DoS Bypass |
2017-06-06 |
2017-06-14 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service. |
|
1575 |
CVE-2014-8136 |
264 |
|
DoS |
2014-12-19 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors. |
|
1576 |
CVE-2014-8135 |
|
|
DoS |
2014-12-19 |
2015-01-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a "virsh vol-upload" command. |
|
1577 |
CVE-2014-8134 |
264 |
|
Bypass |
2014-12-12 |
2017-01-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value. |
|
1578 |
CVE-2014-8133 |
264 |
|
Bypass |
2014-12-17 |
2016-12-23 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a set_thread_area system call and later reads a 16-bit value. |
|
1579 |
CVE-2014-7954 |
22 |
|
Dir. Trav. |
2017-07-07 |
2018-10-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Directory traversal vulnerability in the doSendObjectInfo method in frameworks/av/media/mtp/MtpServer.cpp in Android 4.4.4 allows physically proximate attackers with a direct connection to the target Android device to upload files outside of the sdcard via a .. (dot dot) in a name parameter of an MTP request. |
|
1580 |
CVE-2014-7835 |
79 |
|
XSS |
2014-11-24 |
2015-09-03 |
2.1 |
None |
Remote |
High |
Single system |
None |
Partial |
None |
|
webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not ensure that a file upload is for a private or draft area, which allows remote authenticated users to upload files containing JavaScript, and consequently conduct cross-site scripting (XSS) attacks, by specifying the profile-picture area. |
|
1581 |
CVE-2014-7824 |
399 |
|
DoS |
2014-11-18 |
2017-09-07 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1. |
|
1582 |
CVE-2014-7231 |
200 |
|
+Info |
2014-10-08 |
2018-11-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log. |
|
1583 |
CVE-2014-7230 |
200 |
|
Exec Code +Info |
2014-10-08 |
2018-11-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log. |
|
1584 |
CVE-2014-6591 |
|
|
|
2015-01-21 |
2016-12-21 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585. |
|
1585 |
CVE-2014-6585 |
|
|
|
2015-01-21 |
2016-12-21 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6591. |
|
1586 |
CVE-2014-6558 |
|
|
|
2014-10-15 |
2017-01-02 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security. |
|
1587 |
CVE-2014-6551 |
|
|
|
2014-10-15 |
2018-12-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN. |
|
1588 |
CVE-2014-6527 |
|
|
|
2014-10-15 |
2015-03-16 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476. |
|
1589 |
CVE-2014-6502 |
|
|
|
2014-10-15 |
2015-03-17 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries. |
|
1590 |
CVE-2014-6501 |
|
|
|
2014-10-15 |
2015-11-06 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality via vectors related to SSH. |
|
1591 |
CVE-2014-6488 |
|
|
|
2014-10-15 |
2015-11-06 |
2.1 |
None |
Remote |
High |
Single system |
None |
Partial |
None |
|
Unspecified vulnerability in the Enterprise Manager for Oracle Database component in Oracle Enterprise Manager Grid Control EM Base Platform: 10.2.0.5, 11.1.0.1 EM DB Control: 11.1.0.7, 11.2.0.3, 11.2.0.4 EM Plugin for DB: 12.1.0.4, 12.1.0.5, and 12.1.0.6 allows remote authenticated users to affect integrity via unknown vectors related to Content Management. |
|
1592 |
CVE-2014-6381 |
20 |
|
DoS |
2014-12-12 |
2014-12-16 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
|
Juniper WLC devices with WLAN Software releases 8.0.x before 8.0.4, 9.0.x before 9.0.2.11, 9.0.3.x before 9.0.3.5, and 9.1.x before 9.1.1, when "Proxy ARP" or "No Broadcast" features are enabled in a clustered setup, allows remote attackers to cause a denial of service (device disconnect) via unspecified vectors. |
|
1593 |
CVE-2014-6211 |
200 |
|
+Info |
2015-05-19 |
2017-01-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The command-line scripts in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 2 through 8, when debugging is configured, do not properly restrict the logging of personal data, which allows local users to obtain sensitive information by reading a log file. |
|
1594 |
CVE-2014-6160 |
264 |
|
Bypass |
2014-12-28 |
2017-09-07 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
IBM WebSphere Service Registry and Repository (WSRR) 8.5 before 8.5.0.1, when Chrome and WebSEAL are used, does not properly process ServiceRegistryDashboard logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. |
|
1595 |
CVE-2014-6147 |
200 |
|
+Priv +Info |
2015-02-18 |
2017-09-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Flex System Manager (FSM) 1.1.x.x, 1.2.0.x, 1.2.1.x, 1.3.0.0, 1.3.1.0, and 1.3.2.0 allows local users to obtain sensitive information, and consequently gain privileges or conduct impersonation attacks, via unspecified vectors. |
|
1596 |
CVE-2014-6143 |
200 |
|
+Info |
2014-12-11 |
2017-09-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows local users to obtain sensitive information by reading a response. |
|
1597 |
CVE-2014-6133 |
|
|
+Info |
2014-10-26 |
2017-09-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM API Management 3.x before 3.0.1.0 allows local users to obtain sensitive ciphertext information via unspecified vectors. |
|
1598 |
CVE-2014-6123 |
200 |
|
+Info |
2014-12-28 |
2017-09-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow local users to obtain sensitive credential information by reading installation logs. |
|
1599 |
CVE-2014-6111 |
255 |
|
|
2018-04-20 |
2018-05-22 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleartext in configuration files, which allows local users to decrypt SIM credentials via unspecified vectors. IBM X-Force ID: 96180. |
|
1600 |
CVE-2014-6110 |
284 |
|
|
2014-11-17 |
2017-09-07 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not properly perform logout actions, which allows remote attackers to access sessions by leveraging an unattended workstation. |
