# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
42651 |
CVE-2014-2422 |
|
|
|
2014-04-15 |
2018-01-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX 2.2.51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. |
42652 |
CVE-2014-2420 |
|
|
|
2014-04-15 |
2018-01-04 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Deployment. |
42653 |
CVE-2014-2419 |
|
|
|
2014-04-15 |
2017-12-20 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition. |
42654 |
CVE-2014-2418 |
|
|
|
2014-04-15 |
2016-05-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Data Quality, a different vulnerability than CVE-2014-2407, CVE-2014-2415, CVE-2014-2416, and CVE-2014-2417. |
42655 |
CVE-2014-2417 |
|
|
|
2014-04-15 |
2016-05-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Data Quality, a different vulnerability than CVE-2014-2407, CVE-2014-2415, CVE-2014-2416, and CVE-2014-2418. |
42656 |
CVE-2014-2416 |
|
|
|
2014-04-15 |
2016-05-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Data Quality, a different vulnerability than CVE-2014-2407, CVE-2014-2415, CVE-2014-2417, and CVE-2014-2418. |
42657 |
CVE-2014-2415 |
|
|
|
2014-04-15 |
2016-05-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Data Quality, a different vulnerability than CVE-2014-2407, CVE-2014-2416, CVE-2014-2417, and CVE-2014-2418. |
42658 |
CVE-2014-2413 |
|
|
|
2014-04-15 |
2018-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries. |
42659 |
CVE-2014-2411 |
|
|
|
2014-04-15 |
2014-04-16 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
Unspecified vulnerability in the Oracle Identity Analytics component in Oracle Fusion Middleware Oracle Identity Analytics 11.1.1.5 and Sun Role Manager 5.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Security. |
42660 |
CVE-2014-2409 |
|
|
|
2014-04-15 |
2018-01-04 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment. |
42661 |
CVE-2014-2408 |
|
|
|
2014-04-15 |
2014-04-16 |
6.6 |
None |
Remote |
High |
Single system |
Complete |
Complete |
None |
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to the "Grant Any Object Privilege." |
42662 |
CVE-2014-2407 |
|
|
|
2014-04-15 |
2016-05-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Data Quality, a different vulnerability than CVE-2014-2415, CVE-2014-2416, CVE-2014-2417, and CVE-2014-2418. |
42663 |
CVE-2014-2404 |
|
|
|
2014-04-15 |
2014-06-21 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 10.1.4.3, 11.1.1.3.0, 11.1.1.5.0, 11.1.1.7.0, 11.1.2.0.0, 11.1.2.1.0, and 11.1.2.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to WebGate. |
42664 |
CVE-2014-2403 |
|
|
|
2014-04-15 |
2018-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via vectors related to JAXP. |
42665 |
CVE-2014-2401 |
|
|
|
2014-04-15 |
2018-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality via unknown vectors related to 2D. |
42666 |
CVE-2014-2400 |
|
|
|
2014-04-15 |
2018-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 2.2.2 allows remote attackers to affect integrity via unknown vectors related to Oracle Endeca Information Discovery (Formerly Latitude), a different vulnerability than CVE-2014-2399. |
42667 |
CVE-2014-2399 |
|
1
|
|
2014-04-15 |
2018-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 2.2.2 allows remote attackers to affect integrity via unknown vectors related to Oracle Endeca Information Discovery (Formerly Latitude), a different vulnerability than CVE-2014-2400. |
42668 |
CVE-2014-2398 |
|
|
|
2014-04-15 |
2018-01-04 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc. |
42669 |
CVE-2014-2393 |
79 |
|
XSS |
2014-04-24 |
2014-04-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive filename that is not properly handled during use of the composer to add an e-mail attachment. |
42670 |
CVE-2014-2392 |
200 |
|
+Info |
2014-04-24 |
2014-04-24 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. |
42671 |
CVE-2014-2391 |
200 |
|
+Info |
2014-04-24 |
2014-04-24 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potentially useful password-pattern information by reading (1) a web-server access log, (2) a web-server Referer log, or (3) browser history that contains this string because of its presence in a GET request. |
42672 |
CVE-2014-2390 |
352 |
|
CSRF |
2014-08-29 |
2018-12-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site request forgery (CSRF) vulnerability in the User Management module in McAfee Network Security Manager (NSM) before 6.1.15.39 7.1.5.x before 7.1.5.15, 7.1.15.x before 7.1.15.7, 7.5.x before 7.5.5.9, and 8.x before 8.1.7.3 allows remote attackers to hijack the authentication of users for requests that modify user accounts via unspecified vectors. |
42673 |
CVE-2014-2388 |
264 |
|
|
2014-08-18 |
2018-10-09 |
6.1 |
None |
Local Network |
Low |
Not required |
Complete |
None |
None |
The Storage and Access service in BlackBerry OS 10.x before 10.2.1.1925 on Q5, Q10, Z10, and Z30 devices does not enforce the password requirement for SMB filesystem access, which allows context-dependent attackers to read arbitrary files via (1) a session over a Wi-Fi network or (2) a session over a USB connection in Development Mode. |
42674 |
CVE-2014-2386 |
189 |
|
DoS Overflow |
2014-03-25 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, allow remote attackers to cause a denial of service (crash) via unspecified vectors to the (1) display_nav_table, (2) print_export_link, (3) page_num_selector, or (4) page_limit_selector function in cgi/cgiutils.c or (5) status_page_num_selector function in cgi/status.c, which triggers a stack-based buffer overflow. |
42675 |
CVE-2014-2385 |
79 |
|
XSS |
2014-07-22 |
2018-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in the web UI in Sophos Anti-Virus for Linux before 9.6.1 allow local users to inject arbitrary web script or HTML via the (1) newListList:ExcludeFileOnExpression, (2) newListList:ExcludeFilesystems, or (3) newListList:ExcludeMountPaths parameter to exclusion/configure or (4) text:EmailServer or (5) newListList:Email parameter to notification/configure. |
42676 |
CVE-2014-2384 |
399 |
|
DoS |
2014-04-15 |
2014-04-16 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player 6.0.1 build 1379776 on Windows might allow local users to cause a denial of service (read access violation and system crash) via a crafted buffer in an IOCTL call. NOTE: the researcher reports "Vendor rated issue as non-exploitable." |
42677 |
CVE-2014-2383 |
200 |
|
Bypass +Info |
2014-04-28 |
2018-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter. |
42678 |
CVE-2014-2381 |
|
|
+Info |
2014-08-27 |
2014-08-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file. |
42679 |
CVE-2014-2379 |
310 |
|
|
2014-09-05 |
2014-09-08 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not use encryption, which allows remote attackers to interfere with traffic control by replaying transmissions on a wireless network. |
42680 |
CVE-2014-2377 |
200 |
|
+Info |
2014-09-15 |
2014-09-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag. |
42681 |
CVE-2014-2370 |
79 |
|
XSS |
2014-07-24 |
2015-10-08 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to inject arbitrary web script or HTML via crafted data. |
42682 |
CVE-2014-2369 |
352 |
|
CSRF |
2014-07-24 |
2014-07-24 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
Cross-site request forgery (CSRF) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. |
42683 |
CVE-2014-2368 |
200 |
|
+Info |
2014-07-19 |
2014-07-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call. |
42684 |
CVE-2014-2367 |
200 |
|
+Info |
2014-07-19 |
2014-07-23 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call. |
42685 |
CVE-2014-2366 |
200 |
|
+Info |
2014-07-19 |
2014-07-23 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code. |
42686 |
CVE-2014-2365 |
|
|
|
2014-07-19 |
2014-07-23 |
5.5 |
None |
Remote |
Low |
Single system |
None |
Partial |
Partial |
Unspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to create or delete arbitrary files via unknown vectors. |
42687 |
CVE-2014-2359 |
200 |
|
+Info |
2018-04-06 |
2018-05-15 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
OleumTech Wireless Sensor Network devices allow remote attackers to obtain sensitive information about sensor nodes or spoof devices by reading cleartext protocol data. |
42688 |
CVE-2014-2358 |
352 |
|
CSRF |
2014-10-18 |
2014-12-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative web interface in the proxy server on Fox-IT Fox DataDiode appliances before 1.7.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create administrative users, (2) remove administrative users, or (3) change permissions. |
42689 |
CVE-2014-2356 |
200 |
|
+Info |
2014-07-30 |
2014-08-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request. |
42690 |
CVE-2014-2355 |
119 |
|
Overflow +Priv |
2015-01-16 |
2015-01-21 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file. |
42691 |
CVE-2014-2354 |
255 |
|
|
2014-05-30 |
2014-06-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Cogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack. |
42692 |
CVE-2014-2353 |
79 |
|
XSS |
2014-05-30 |
2014-06-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
42693 |
CVE-2014-2352 |
22 |
|
DoS Dir. Trav. |
2014-05-30 |
2014-06-05 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
Directory traversal vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to read arbitrary files of unspecified types, or cause a web-server denial of service, via a crafted pathname. |
42694 |
CVE-2014-2349 |
264 |
|
|
2014-05-22 |
2014-05-23 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 allows local users to modify or read configuration files by leveraging engineering-level privileges. |
42695 |
CVE-2014-2347 |
264 |
|
+Info |
2014-05-06 |
2014-05-06 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
Amtelco miSecureMessages (aka MSM) 6.2 does not properly manage sessions, which allows remote authenticated users to obtain sensitive information via a modified message request. |
42696 |
CVE-2014-2346 |
20 |
|
DoS |
2014-06-05 |
2014-06-05 |
4.0 |
None |
Local |
High |
Not required |
None |
None |
Complete |
COPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11 through 7.11 SP0 build 10238 and zenon DNP3 Process Gateway (DNP3 outstation) 7.11 SP0 build 10238 and earlier allow physically proximate attackers to cause a denial of service (infinite loop and process crash) via crafted input over a serial line. |
42697 |
CVE-2014-2343 |
20 |
|
DoS |
2014-05-30 |
2014-06-04 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows physically proximate attackers to cause a denial of service (excessive data processing) via a crafted DNP request over a serial line. |
42698 |
CVE-2014-2342 |
20 |
|
DoS |
2014-05-30 |
2014-06-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote attackers to cause a denial of service (excessive data processing) via a crafted DNP3 packet. |
42699 |
CVE-2014-2341 |
287 |
1
|
|
2014-04-22 |
2017-08-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter. |
42700 |
CVE-2014-2340 |
352 |
1
|
CSRF |
2014-04-03 |
2018-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site request forgery (CSRF) vulnerability in the XCloner plugin before 3.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that create website backups via a request to wp-admin/plugins.php. |