CVE List - 2014 / December
Showing 301 - 400 of 614 CVEs for December 2014 (Page 4 of 7)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2014-8270 | 2014-12-12 | BMC Track-It! 11.3 allows remote attackers to gain privileges and... |
| CVE-2014-9365 | 2014-12-12 | The HTTP clients in the (1) httplib, (2) urllib, (3)... |
| CVE-2013-4399 | 2014-12-12 | The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when... |
| CVE-2014-6381 | 2014-12-12 | Juniper WLC devices with WLAN Software releases 8.0.x before 8.0.4,... |
| CVE-2014-6407 | 2014-12-12 | Docker before 1.3.2 allows remote attackers to write to arbitrary... |
| CVE-2014-6408 | 2014-12-12 | Docker 1.3.0 through 1.3.1 allows remote attackers to modify the... |
| CVE-2014-7136 | 2014-12-12 | Heap-based buffer overflow in the K7FWFilt.sys kernel mode driver (aka... |
| CVE-2014-7840 | 2014-12-12 | The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM... |
| CVE-2014-8124 | 2014-12-12 | OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does... |
| CVE-2014-8489 | 2014-12-12 | Open redirect vulnerability in startSSO.ping in the SP Endpoints in... |
| CVE-2014-8515 | 2014-12-12 | The web interface in BitTorrent allows remote attackers to execute... |
| CVE-2014-8608 | 2014-12-12 | The K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver)... |
| CVE-2014-8956 | 2014-12-12 | Stack-based buffer overflow in the K7Sentry.sys kernel mode driver (aka... |
| CVE-2014-9374 | 2014-12-12 | Double free vulnerability in the WebSocket Server (res_http_websocket module) in... |
| CVE-2014-6209 | 2014-12-12 | IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through... |
| CVE-2014-6210 | 2014-12-12 | IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through... |
| CVE-2014-2516 | 2014-12-12 | Open redirect vulnerability in EMC RSA Authentication Manager 8.x before... |
| CVE-2014-4628 | 2014-12-12 | Cross-site scripting (XSS) vulnerability in EMC Isilon InsightIQ 2.x and... |
| CVE-2014-4633 | 2014-12-12 | Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platform... |
| CVE-2014-8134 | 2014-12-12 | The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through... |
| CVE-2014-3364 | 2014-12-13 | Multiple cross-site scripting (XSS) vulnerabilities in the web framework in... |
| CVE-2014-8269 | 2014-12-13 | Multiple stack-based buffer overflows in (1) HWOPOSScale.ocx and (2) HWOPOSSCANNER.ocx... |
| CVE-2014-1569 | 2014-12-15 | The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services... |
| CVE-2014-3583 | 2014-12-15 | The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in... |
| CVE-2014-6052 | 2014-12-15 | The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier... |
| CVE-2014-6053 | 2014-12-15 | The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier... |
| CVE-2014-6253 | 2014-12-15 | Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss Core through... |
| CVE-2014-6254 | 2014-12-15 | Multiple cross-site scripting (XSS) vulnerabilities in Zenoss Core through 5... |
| CVE-2014-6255 | 2014-12-15 | Open redirect vulnerability in the login form in Zenoss Core... |
| CVE-2014-6256 | 2014-12-15 | Zenoss Core through 5 Beta 3 allows remote attackers to... |
| CVE-2014-6257 | 2014-12-15 | Zenoss Core through 5 Beta 3 allows remote attackers to... |
| CVE-2014-6258 | 2014-12-15 | An unspecified endpoint in Zenoss Core through 5 Beta 3... |
| CVE-2014-6259 | 2014-12-15 | Zenoss Core through 5 Beta 3 does not properly detect... |
| CVE-2014-6260 | 2014-12-15 | Zenoss Core through 5 Beta 3 does not require a... |
| CVE-2014-6261 | 2014-12-15 | Zenoss Core through 5 Beta 3 does not properly implement... |
| CVE-2014-7911 | 2014-12-15 | luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does... |
| CVE-2014-8507 | 2014-12-15 | Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java... |
| CVE-2014-8609 | 2014-12-15 | The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in... |
| CVE-2014-8610 | 2014-12-15 | AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS... |
| CVE-2014-8967 | 2014-12-15 | Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to... |
| CVE-2014-9245 | 2014-12-15 | Zenoss Core through 5 Beta 3 allows remote attackers to... |
| CVE-2014-9247 | 2014-12-15 | Zenoss Core through 5 Beta 3 allows remote authenticated users... |
| CVE-2014-9248 | 2014-12-15 | Zenoss Core through 5 Beta 3 does not require complex... |
| CVE-2014-9249 | 2014-12-15 | The default configuration of Zenoss Core before 5 allows remote... |
| CVE-2014-9250 | 2014-12-15 | Zenoss Core through 5 Beta 3 does not include the... |
| CVE-2014-9251 | 2014-12-15 | Zenoss Core through 5 Beta 3 uses a weak algorithm... |
| CVE-2014-9252 | 2014-12-15 | Zenoss Core through 5 Beta 3 stores cleartext passwords in... |
| CVE-2014-9385 | 2014-12-15 | Cross-site request forgery (CSRF) vulnerability in Zenoss Core through 5... |
| CVE-2014-9386 | 2014-12-15 | Zenoss Core before 4.2.5 SP161 sets an infinite lifetime for... |
| CVE-2013-6435 | 2014-12-16 | Race condition in RPM 4.11.1 and earlier allows remote attackers... |
| CVE-2014-4936 | 2014-12-16 | The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3... |
| CVE-2014-5359 | 2014-12-16 | Directory traversal vulnerability in SafeNet Authentication Service (SAS) Outlook Web... |
| CVE-2014-5466 | 2014-12-16 | Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Web... |
| CVE-2014-8118 | 2014-12-16 | Integer overflow in RPM 4.12 and earlier allows remote attackers... |
| CVE-2014-8340 | 2014-12-16 | SQL injection vulnerability in Php/Functions/log_function.php in phpTrafficA 2.3 and earlier... |
| CVE-2014-8583 | 2014-12-16 | mod_wsgi before 4.2.4 for Apache, when creating a daemon process... |
| CVE-2014-8751 | 2014-12-16 | Multiple cross-site scripting (XSS) vulnerabilities in goYWP WebPress 13.00.06 allow... |
| CVE-2014-8964 | 2014-12-16 | Heap-based buffer overflow in PCRE 8.36 and earlier allows remote... |
| CVE-2014-9057 | 2014-12-16 | SQL injection vulnerability in the XML-RPC interface in Movable Type... |
| CVE-2014-9323 | 2014-12-16 | The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before... |
| CVE-2014-9357 | 2014-12-16 | Docker 1.3.2 allows remote attackers to execute arbitrary code with... |
| CVE-2014-9358 | 2014-12-16 | Docker before 1.3.3 does not properly validate image IDs, which... |
| CVE-2014-9371 | 2014-12-16 | The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows... |
| CVE-2014-9372 | 2014-12-16 | Directory traversal vulnerability in the UploadAccountActivities servlet in ManageEngine Password... |
| CVE-2014-9373 | 2014-12-16 | Directory traversal vulnerability in the CollectorConfInfoServlet servlet in ManageEngine NetFlow... |
| CVE-2014-5353 | 2014-12-16 | The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka... |
| CVE-2014-5354 | 2014-12-16 | plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x... |
| CVE-2014-6176 | 2014-12-16 | IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0,... |
| CVE-2014-8246 | 2014-12-16 | Cross-site request forgery (CSRF) vulnerability in CA Release Automation (formerly... |
| CVE-2014-8247 | 2014-12-16 | Cross-site scripting (XSS) vulnerability in CA Release Automation (formerly iTKO... |
| CVE-2014-8248 | 2014-12-16 | SQL injection vulnerability in CA Release Automation (formerly iTKO LISA... |
| CVE-2014-4844 | 2014-12-17 | The import/export functionality in IBM Business Process Manager (BPM) 7.5.x... |
| CVE-2014-6182 | 2014-12-17 | Directory traversal vulnerability in an export function in the Process... |
| CVE-2014-8006 | 2014-12-17 | The Disaster Recovery (DRA) feature on the Cisco ISB8320-E High-Definition... |
| CVE-2014-4626 | 2014-12-17 | EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2... |
| CVE-2014-8133 | 2014-12-17 | arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the... |
| CVE-2014-9322 | 2014-12-17 | arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly... |
| CVE-2014-7285 | 2014-12-17 | The management console on the Symantec Web Gateway (SWG) appliance... |
| CVE-2014-7880 | 2014-12-17 | Multiple unspecified vulnerabilities in the POP implementation in HP OpenVMS... |
| CVE-2014-5437 | 2014-12-17 | Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS Touchstone TG862G/CT... |
| CVE-2014-5438 | 2014-12-17 | Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway... |
| CVE-2014-9253 | 2014-12-17 | The default file type whitelist configuration in conf/mime.conf in the... |
| CVE-2013-7402 | 2014-12-17 | Multiple unspecified vulnerabilities in request.c in c-icap 0.2.x allow remote... |
| CVE-2014-7170 | 2014-12-17 | Race condition in Puppet Server 0.2.0 allows local users to... |
| CVE-2014-8116 | 2014-12-17 | The ELF parser (readelf.c) in file before 5.21 allows remote... |
| CVE-2014-8117 | 2014-12-17 | softmagic.c in file before 5.21 does not properly limit recursion,... |
| CVE-2014-8553 | 2014-12-17 | The mci_account_get_array_by_id function in api/soap/mc_account_api.php in MantisBT before 1.2.18 allows... |
| CVE-2014-9387 | 2014-12-17 | SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the... |
| CVE-2014-9388 | 2014-12-17 | bug_report.php in MantisBT before 1.2.18 allows remote attackers to assign... |
| CVE-2014-3580 | 2014-12-18 | The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x... |
| CVE-2014-8108 | 2014-12-18 | The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x... |
| CVE-2014-8120 | 2014-12-18 | The agent in Thermostat before 1.0.6, when using unspecified configurations,... |
| CVE-2014-9406 | 2014-12-18 | ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier... |
| CVE-2014-6076 | 2014-12-18 | IBM Security Access Manager for Mobile 8.x before 8.0.1 and... |
| CVE-2014-6077 | 2014-12-18 | Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager... |
| CVE-2014-6078 | 2014-12-18 | IBM Security Access Manager for Mobile 8.x before 8.0.1 and... |
| CVE-2014-6080 | 2014-12-18 | SQL injection vulnerability in IBM Security Access Manager for Mobile... |
| CVE-2014-6082 | 2014-12-18 | IBM Security Access Manager for Mobile 8.x before 8.0.1 and... |
| CVE-2014-6083 | 2014-12-18 | IBM Security Access Manager for Mobile 8.x before 8.0.1 and... |
| CVE-2014-6084 | 2014-12-18 | IBM Security Access Manager for Mobile 8.x before 8.0.1 and... |