# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
43501 |
CVE-2014-0636 |
310 |
|
|
2014-04-11 |
2016-09-06 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
EMC RSA BSAFE Micro Edition Suite (MES) 3.2.x before 3.2.6 and 4.0.x before 4.0.5 does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate chain. |
43502 |
CVE-2014-0634 |
20 |
|
+Info |
2014-04-01 |
2014-04-01 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. |
43503 |
CVE-2014-0630 |
264 |
|
|
2014-03-06 |
2014-03-07 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 allows remote authenticated users to read arbitrary files via a modified imaging-service URL. |
43504 |
CVE-2014-0628 |
20 |
|
DoS |
2014-03-25 |
2014-03-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The server in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.5 does not properly process certificate chains, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. |
43505 |
CVE-2014-0627 |
310 |
|
|
2014-02-17 |
2014-02-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state. |
43506 |
CVE-2014-0626 |
310 |
|
Bypass |
2014-02-17 |
2014-02-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated. |
43507 |
CVE-2014-0625 |
399 |
|
DoS |
2014-02-17 |
2014-02-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered. |
43508 |
CVE-2014-0624 |
|
|
+Priv Bypass |
2014-03-06 |
2014-03-07 |
2.7 |
None |
Local Network |
Low |
Single system |
Partial |
None |
None |
EMC RSA Data Loss Prevention (DLP) 9.x before 9.6-SP2 does not properly manage sessions, which allows remote authenticated users to gain privileges and bypass intended content-reading restrictions via unspecified vectors. |
43509 |
CVE-2014-0623 |
79 |
|
XSS |
2014-03-27 |
2014-03-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the Self-Service Console in EMC RSA Authentication Manager 7.1 before SP4 P32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "cross frame scripting" issue. |
43510 |
CVE-2014-0621 |
352 |
1
|
CSRF |
2014-01-08 |
2014-02-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall. |
43511 |
CVE-2014-0620 |
79 |
1
|
XSS |
2014-01-08 |
2015-07-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to inject arbitrary web script or HTML via the (1) ADDNewDomain parameter to parental/website-filters.asp or (2) VmTracerouteHost parameter to goform/status/diagnostics-route. |
43512 |
CVE-2014-0619 |
|
|
Exec Code |
2014-10-23 |
2017-08-28 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Untrusted search path vulnerability in Hamster Free ZIP Archiver 2.0.1.7 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the current working directory. |
43513 |
CVE-2014-0612 |
|
|
DoS |
2014-04-14 |
2014-04-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Unspecified vulnerability in Juniper Junos before 11.4R10-S1, before 11.4R11, 12.1X44 before 12.1X44-D26, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, and 12.1X46 before 12.1X46-D10, when Dynamic IPsec VPN is configured, allows remote attackers to cause a denial of service (new Dynamic VPN connection failures and CPU and disk consumption) via unknown vectors. |
43514 |
CVE-2014-0611 |
79 |
|
XSS |
2015-07-22 |
2017-09-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 2012 before Support Pack 4 and 2014 before Support Pack 2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
43515 |
CVE-2014-0599 |
79 |
|
XSS |
2014-06-18 |
2014-06-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Maintenance Update 9151 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
43516 |
CVE-2014-0595 |
119 |
|
Overflow |
2014-05-08 |
2017-12-21 |
2.6 |
None |
Local |
High |
Not required |
Partial |
Partial |
None |
/opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2 does not properly manage a certain array, which allows local users to obtain the S permission in opportunistic circumstances by leveraging the granting of the F permission by an administrator. |
43517 |
CVE-2014-0594 |
352 |
|
CSRF |
2018-06-08 |
2019-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent. |
43518 |
CVE-2014-0591 |
119 |
|
DoS Overflow |
2014-01-13 |
2018-10-30 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a crafted DNS query to an authoritative nameserver that uses the NSEC3 signing feature. |
43519 |
CVE-2014-0578 |
284 |
|
Bypass |
2015-07-09 |
2017-09-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, and CVE-2015-5116. |
43520 |
CVE-2014-0572 |
264 |
|
Bypass |
2014-10-15 |
2014-11-18 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows local users to bypass intended IP-based access restrictions via unspecified vectors. |
43521 |
CVE-2014-0571 |
79 |
|
XSS |
2014-10-15 |
2014-11-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
43522 |
CVE-2014-0570 |
352 |
|
CSRF |
2014-10-15 |
2014-11-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
43523 |
CVE-2014-0562 |
79 |
|
XSS |
2014-09-17 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)." |
43524 |
CVE-2014-0533 |
79 |
|
XSS |
2014-06-11 |
2017-12-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-0531 and CVE-2014-0532. |
43525 |
CVE-2014-0532 |
79 |
|
XSS |
2014-06-11 |
2017-12-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-0531 and CVE-2014-0533. |
43526 |
CVE-2014-0531 |
79 |
|
XSS |
2014-06-11 |
2017-12-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-0532 and CVE-2014-0533. |
43527 |
CVE-2014-0521 |
200 |
|
+Info |
2014-05-14 |
2014-05-14 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X do not properly implement JavaScript APIs, which allows remote attackers to obtain sensitive information via a crafted PDF document. |
43528 |
CVE-2014-0509 |
79 |
|
XSS |
2014-04-08 |
2017-12-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
43529 |
CVE-2014-0508 |
264 |
|
Bypass +Info |
2014-04-08 |
2017-12-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. |
43530 |
CVE-2014-0504 |
200 |
|
+Info |
2014-03-12 |
2018-12-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows attackers to read the clipboard via unspecified vectors. |
43531 |
CVE-2014-0503 |
264 |
|
Bypass |
2014-03-12 |
2018-12-13 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. |
43532 |
CVE-2014-0488 |
20 |
|
|
2014-11-03 |
2014-11-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data. |
43533 |
CVE-2014-0486 |
20 |
|
DoS |
2018-03-27 |
2018-04-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Knot DNS before 1.5.2 allows remote attackers to cause a denial of service (application crash) via a crafted DNS message. |
43534 |
CVE-2014-0483 |
264 |
|
+Info |
2014-08-26 |
2018-10-30 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a to_field parameter in a popup action to an admin change form page, as demonstrated by a /admin/auth/user/?pop=1&t=password URI. |
43535 |
CVE-2014-0482 |
287 |
|
|
2014-08-26 |
2018-10-30 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header. |
43536 |
CVE-2014-0481 |
399 |
|
DoS |
2014-08-26 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a denial of service (CPU consumption) by unloading a multiple files with the same name. |
43537 |
CVE-2014-0480 |
20 |
|
|
2014-08-26 |
2018-10-30 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL to be generated. |
43538 |
CVE-2014-0479 |
94 |
|
Exec Code |
2014-08-06 |
2017-08-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
reportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 allows remote attackers to execute arbitrary commands via vectors related to compare_versions and reportbug/checkversions.py. |
43539 |
CVE-2014-0478 |
20 |
|
|
2014-06-17 |
2017-12-21 |
4.0 |
None |
Remote |
High |
Not required |
None |
Partial |
Partial |
APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature. |
43540 |
CVE-2014-0477 |
|
|
DoS |
2014-07-03 |
2015-11-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The parse function in Email::Address module before 1.905 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via an empty quoted string in an RFC 2822 address. |
43541 |
CVE-2014-0476 |
20 |
|
Exec Code |
2014-10-25 |
2017-09-18 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option. |
43542 |
CVE-2014-0475 |
22 |
|
Dir. Trav. Bypass |
2014-07-29 |
2016-11-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable. |
43543 |
CVE-2014-0473 |
264 |
|
Bypass CSRF |
2014-04-23 |
2017-01-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users. |
43544 |
CVE-2014-0472 |
94 |
|
|
2014-04-23 |
2017-01-06 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path." |
43545 |
CVE-2014-0471 |
22 |
|
Dir. Trav. |
2014-04-30 |
2015-06-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting." |
43546 |
CVE-2014-0469 |
119 |
|
Exec Code Overflow |
2014-05-05 |
2014-05-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Stack-based buffer overflow in a certain Debian patch for xbuffy before 3.3.bl.3.dfsg-9 allows remote attackers to execute arbitrary code via the subject of an email, possibly related to indent subject lines. |
43547 |
CVE-2014-0467 |
119 |
|
DoS Overflow |
2014-03-14 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion. |
43548 |
CVE-2014-0466 |
|
|
Exec Code |
2014-04-03 |
2017-12-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file. |
43549 |
CVE-2014-0465 |
|
|
|
2014-04-15 |
2014-04-16 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity via unknown vectors related to Admin Console. |
43550 |
CVE-2014-0464 |
|
|
|
2014-04-15 |
2017-01-06 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting, a different vulnerability than CVE-2014-0463. |