CVE List - 2014 / October
Showing 301 - 400 of 1413 CVEs for October 2014 (Page 4 of 15)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2014-8747 | 2014-10-13 | Cross-site scripting (XSS) vulnerability in the Drupal Commons module 7.x-3.x before 7.x-3.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to content creation... |
| CVE-2014-8748 | 2014-10-13 | Cross-site scripting (XSS) vulnerability in the Google Doubleclick for Publishers (DFP) module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer dfp" permission to inject arbitrary web... |
| CVE-2014-3818 | 2014-10-14 | Juniper Junos OS 9.1 through 11.4 before 11.4R11, 12.1 before R10, 12.1X44 before D40, 12.1X46 before D30, 12.1X47 before D11 and 12.147-D15, 12.1X48 before D41 and D62, 12.2 before R8,... |
| CVE-2014-3825 | 2014-10-14 | The Juniper SRX Series devices with Junos 11.4 before 11.4R12-S4, 12.1X44 before 12.1X44-D40, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D25, and 12.1X47 before 12.1X47-D10, when an Application Layer Gateway (ALG) is... |
| CVE-2014-6313 | 2014-10-14 | Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the range parameter on the wc-reports page... |
| CVE-2014-6377 | 2014-10-14 | Juniper JunosE before 13.3.3p0-1, 14.x before 14.3.2, and 15.x before 15.1.0, when DEBUG severity icmpTraffic logging is enabled, allows remote attackers to cause a denial of service (SRP reset) via... |
| CVE-2014-6378 | 2014-10-14 | Juniper Junos 11.4 before R12-S4, 12.1X44 before D35, 12.1X45 before D30, 12.1X46 before D25, 12.1X47 before D10, 12.2 before R9, 12.2X50 before D70, 12.3 before R7, 13.1 before R4 before... |
| CVE-2014-6379 | 2014-10-14 | Juniper Junos 11.4 before R12, 12.1 before R10, 12.1X44 before D35, 12.1X45 before D25, 12.1X46 before D20, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1... |
| CVE-2014-6380 | 2014-10-14 | Juniper Junos 11.4 before R11, 12.1 before R9, 12.1X44 before D30, 12.1X45 before D20, 12.1X46 before D15, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1... |
| CVE-2014-8069 | 2014-10-14 | Multiple cross-site scripting (XSS) vulnerabilities in YOOtheme Pagekit CMS 0.8.7 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP Referer header to index.php/user or (2)... |
| CVE-2014-8070 | 2014-10-14 | Open redirect vulnerability in YOOtheme Pagekit CMS 0.8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to... |
| CVE-2014-8766 | 2014-10-14 | Multiple SQL injection vulnerabilities in Allomani Weblinks 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter in a browse action to index.php or (2) unspecified... |
| CVE-2014-8765 | 2014-10-14 | Multiple cross-site scripting (XSS) vulnerabilities in the Project Issue File Review module (PIFR) module 6.x-2.x before 6.x-2.17 for Drupal allow (1) remote attackers to inject arbitrary web script or HTML... |
| CVE-2014-3566 | 2014-10-15 | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a... |
| CVE-2014-0558 | 2014-10-15 | Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302,... |
| CVE-2014-0564 | 2014-10-15 | Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302,... |
| CVE-2014-0569 | 2014-10-15 | Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR... |
| CVE-2014-0570 | 2014-10-15 | Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows... |
| CVE-2014-0571 | 2014-10-15 | Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote... |
| CVE-2014-0572 | 2014-10-15 | Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows local users to bypass intended IP-based... |
| CVE-2014-1574 | 2014-10-15 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allow remote attackers to cause a denial of... |
| CVE-2014-1575 | 2014-10-15 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary... |
| CVE-2014-1576 | 2014-10-15 | Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via... |
| CVE-2014-1577 | 2014-10-15 | The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to obtain sensitive information... |
| CVE-2014-1578 | 2014-10-15 | The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to cause a denial of service (out-of-bounds write and... |
| CVE-2014-1580 | 2014-10-15 | Mozilla Firefox before 33.0 does not properly initialize memory for GIF images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers... |
| CVE-2014-1581 | 2014-10-15 | Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via text that is... |
| CVE-2014-1582 | 2014-10-15 | The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 does not properly consider the connection-coalescing behavior of SPDY and HTTP/2 in the case of a shared IP address,... |
| CVE-2014-1583 | 2014-10-15 | The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls, which allows remote attackers to bypass the Same Origin Policy... |
| CVE-2014-1584 | 2014-10-15 | The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 skips pinning checks upon an unspecified issuer-verification error, which makes it easier for remote attackers to bypass an intended... |
| CVE-2014-1585 | 2014-10-15 | The WebRTC video-sharing feature in dom/media/MediaManager.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not properly recognize Stop Sharing actions for videos... |
| CVE-2014-1586 | 2014-10-15 | content/base/src/nsDocument.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not consider whether WebRTC video sharing is occurring, which allows remote attackers to... |
| CVE-2014-4073 | 2014-10-15 | Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the ClickOnce installer, which allows remote attackers to gain privileges via vectors... |
| CVE-2014-4075 | 2014-10-15 | Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted web... |
| CVE-2014-4115 | 2014-10-15 | fastfat.sys (aka the FASTFAT driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly allocate memory, which allows physically proximate... |
| CVE-2014-4117 | 2014-10-15 | Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint... |
| CVE-2014-4121 | 2014-10-15 | Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifiers, which allows remote attackers to execute arbitrary code or cause a... |
| CVE-2014-4122 | 2014-10-15 | Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 omits the ASLR protection mechanism, which allows remote attackers to obtain potentially sensitive information about memory addresses by leveraging the predictability of... |
| CVE-2014-4124 | 2014-10-15 | Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-4123. |
| CVE-2014-4126 | 2014-10-15 | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2014-4127 | 2014-10-15 | Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2014-4128 | 2014-10-15 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2014-4129 | 2014-10-15 | Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." |
| CVE-2014-4130 | 2014-10-15 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability,"... |
| CVE-2014-4132 | 2014-10-15 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability,"... |
| CVE-2014-4133 | 2014-10-15 | Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2014-4134 | 2014-10-15 | Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2014-4137 | 2014-10-15 | Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2014-4138 | 2014-10-15 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability,"... |
| CVE-2014-4140 | 2014-10-15 | Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability." |
| CVE-2014-4141 | 2014-10-15 | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2014-6942 | 2014-10-15 | The Alisha Marie (Unofficial) (aka com.automon.ay.alisha.marie) application 1.4.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via... |
| CVE-2014-6943 | 2014-10-15 | The Konigsleiten (aka com.knigsleiten) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted... |
| CVE-2014-6944 | 2014-10-15 | The mitfahrgelegenheit.at (aka com.carpooling.android.at) application 2.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted... |
| CVE-2014-6945 | 2014-10-15 | The Neeku Naaku Dash Dash (aka com.dakshaa.nndd) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information... |
| CVE-2014-6946 | 2014-10-15 | The Re:kyu (aka com.appzone619) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted... |
| CVE-2014-6947 | 2014-10-15 | The Archie Comics (aka com.iversecomics.archie.android) application 1.07 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a... |
| CVE-2014-6948 | 2014-10-15 | The TH3 professional Al Mohtarif (aka com.th3professional.almohtarif) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information... |
| CVE-2014-6949 | 2014-10-15 | The Akne Ernahrung (aka com.rareartifact.akneernahrung72010074) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a... |
| CVE-2014-6950 | 2014-10-15 | The Mt. Airy News (aka com.soln.SBE4A803AD6430A6E9DBA5688AA644148) application 1.0069.b0069 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via... |
| CVE-2014-6951 | 2014-10-15 | The OneFile Ignite (aka uk.co.onefile.ignite) application 1.19 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a... |
| CVE-2014-6952 | 2014-10-15 | The Manga Facts (aka app.mangafacts.ar) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a... |
| CVE-2014-4113 | 2014-10-15 | win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server... |
| CVE-2014-4114 | 2014-10-15 | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1... |
| CVE-2014-4123 | 2014-10-15 | Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," as exploited in the wild in... |
| CVE-2014-4148 | 2014-10-15 | win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server... |
| CVE-2014-1829 | 2014-10-15 | Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request. |
| CVE-2014-1830 | 2014-10-15 | Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request. |
| CVE-2014-2022 | 2014-10-15 | SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API... |
| CVE-2014-2576 | 2014-10-15 | plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle... |
| CVE-2014-2927 | 2014-10-15 | The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise... |
| CVE-2014-3593 | 2014-10-15 | Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration. |
| CVE-2014-3664 | 2014-10-15 | Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors. |
| CVE-2014-3681 | 2014-10-15 | Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2014-6312 | 2014-10-15 | Cross-site request forgery (CSRF) vulnerability in the Login Widget With Shortcode (login-sidebar-widget) plugin before 3.2.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct... |
| CVE-2014-7206 | 2014-10-15 | The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file. |
| CVE-2014-8750 | 2014-10-15 | Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance that triggers... |
| CVE-2014-8293 | 2014-10-15 | Cross-site scripting (XSS) vulnerability in Voice Of Web AllMyGuests 0.4.1 allows remote attackers to inject arbitrary web script or HTML via the AMG_signin_topic parameter to index.php. |
| CVE-2014-8294 | 2014-10-15 | Multiple SQL injection vulnerabilities in Voice Of Web AllMyGuests 0.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) allmyphp_cookie cookie to admin.php or the (2) Username or... |
| CVE-2014-8295 | 2014-10-15 | SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote attackers to execute arbitrary SQL commands via the jobid parameter. |
| CVE-2014-2472 | 2014-10-15 | Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv), a... |
| CVE-2014-2473 | 2014-10-15 | Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv) and... |
| CVE-2014-2474 | 2014-10-15 | Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv), a... |
| CVE-2014-2475 | 2014-10-15 | Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 4.63, 4.71, 5.0, and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server... |
| CVE-2014-2476 | 2014-10-15 | Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv), a... |
| CVE-2014-2478 | 2014-10-15 | Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote attackers to affect confidentiality via unknown vectors. |
| CVE-2014-4274 | 2014-10-15 | Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to SERVER:MyISAM. |
| CVE-2014-4275 | 2014-10-15 | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vectors related to SMB server kernel module. |
| CVE-2014-4276 | 2014-10-15 | Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Common Internet File System (CIFS). |
| CVE-2014-4277 | 2014-10-15 | Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality via unknown vectors related to Automated Install Engine, a different vulnerability than CVE-2014-4283. |
| CVE-2014-4278 | 2014-10-15 | Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown... |
| CVE-2014-4280 | 2014-10-15 | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to IPS transfer module, a different vulnerability than CVE-2014-4284. |
| CVE-2014-4281 | 2014-10-15 | Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via unknown vectors related to Portal Integration. |
| CVE-2014-4282 | 2014-10-15 | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel/X86. |
| CVE-2014-4283 | 2014-10-15 | Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality via unknown vectors related to Automated Install Engine, a different vulnerability than CVE-2014-4277. |
| CVE-2014-4284 | 2014-10-15 | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to IPS transfer module, a different vulnerability than CVE-2014-4280. |
| CVE-2014-4285 | 2014-10-15 | Unspecified vulnerability in the Oracle Applications Technology component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to Reports Configuration. |
| CVE-2014-4287 | 2014-10-15 | Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS. |
| CVE-2014-4288 | 2014-10-15 | Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493,... |
| CVE-2014-4289 | 2014-10-15 | Unspecified vulnerability in the JDBC component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability... |