CVE List - 2014 / April
Showing 501 - 600 of 665 CVEs for April 2014 (Page 6 of 7)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2014-1315 | 2014-04-23 | Format string vulnerability in CoreServicesUIAgent in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string... |
| CVE-2014-1316 | 2014-04-23 | Heimdal, as used in Apple OS X through 10.9.2, allows remote attackers to cause a denial of service (abort and daemon exit) via ASN.1 data encountered in the Kerberos 5... |
| CVE-2014-1318 | 2014-04-23 | The Intel Graphics Driver in Apple OS X through 10.9.2 does not properly validate a certain pointer, which allows attackers to execute arbitrary code via a crafted application. |
| CVE-2014-1319 | 2014-04-23 | Buffer overflow in ImageIO in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG... |
| CVE-2014-1320 | 2014-04-23 | IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local... |
| CVE-2014-1321 | 2014-04-23 | Power Management in Apple OS X 10.9.x through 10.9.2 allows physically proximate attackers to bypass an intended transition into the locked-screen state by touching (1) a key or (2) the... |
| CVE-2014-1322 | 2014-04-23 | The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to... |
| CVE-2014-1648 | 2014-04-23 | Cross-site scripting (XSS) vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to inject arbitrary web script or HTML via the displayTab... |
| CVE-2014-2154 | 2014-04-23 | Memory leak in the SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to cause a denial of service (memory consumption and instability) via crafted SIP... |
| CVE-2014-0472 | 2014-04-23 | The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by... |
| CVE-2014-0473 | 2014-04-23 | The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows... |
| CVE-2014-0474 | 2014-04-23 | The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly... |
| CVE-2014-2327 | 2014-04-23 | Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify... |
| CVE-2014-2328 | 2014-04-23 | lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors. |
| CVE-2014-2554 | 2014-04-23 | OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element. |
| CVE-2014-2709 | 2014-04-23 | lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters. |
| CVE-2014-2855 | 2014-04-23 | The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does... |
| CVE-2014-2888 | 2014-04-23 | lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the module name in a JSON request. |
| CVE-2014-2893 | 2014-04-23 | The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories... |
| CVE-2014-2894 | 2014-04-23 | Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command... |
| CVE-2014-2976 | 2014-04-23 | Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 18081. |
| CVE-2014-2983 | 2014-04-23 | Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input... |
| CVE-2014-0892 | 2014-04-23 | IBM Notes and Domino 8.5.x before 8.5.3 FP6 IF3 and 9.x before 9.0.1 FP1 on 32-bit Linux platforms use incorrect gcc options, which makes it easier for remote attackers to... |
| CVE-2014-1646 | 2014-04-23 | Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform memory copies, which allows remote attackers to cause a denial of service... |
| CVE-2014-1647 | 2014-04-23 | Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of service... |
| CVE-2011-5279 | 2014-04-23 | CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment... |
| CVE-2012-3946 | 2014-04-24 | Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not... |
| CVE-2012-5723 | 2014-04-24 | Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2)... |
| CVE-2013-6738 | 2014-04-24 | Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter... |
| CVE-2014-2907 | 2014-04-24 | The srtp_add_address function in epan/dissectors/packet-rtp.c in the RTP dissector in Wireshark 1.10.x before 1.10.7 does not properly update SRTP conversation data, which allows remote attackers to cause a denial of... |
| CVE-2014-0188 | 2014-04-24 | The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and... |
| CVE-2014-2736 | 2014-04-24 | Multiple SQL injection vulnerabilities in MODX Revolution before 2.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) session ID (PHPSESSID) to index.php or remote authenticated users to... |
| CVE-2014-2915 | 2014-04-24 | Xen 4.4.x, when running on ARM systems, does not properly restrict access to hardware features, which allows local guest users to cause a denial of service (host or guest crash)... |
| CVE-2014-2601 | 2014-04-24 | The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic... |
| CVE-2014-2734 | 2014-04-24 | The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context... |
| CVE-2014-0760 | 2014-04-25 | Festo CECX-X-(C1/M1) Controller Improper Authentication |
| CVE-2014-0769 | 2014-04-25 | Festo CECX-X-(C1/M1) Controller Improper Authentication |
| CVE-2014-2908 | 2014-04-25 | Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified... |
| CVE-2014-2909 | 2014-04-25 | CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors. |
| CVE-2014-0780 | 2014-04-25 | InduSoft Web Studio Path Traversal |
| CVE-2012-4230 | 2014-04-25 | The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the (1) encoding directive and (2) valid_elements attribute, which allows attackers to conduct cross-site scripting... |
| CVE-2013-5954 | 2014-04-25 | Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers... |
| CVE-2013-5956 | 2014-04-25 | Cross-site scripting (XSS) vulnerability in includes/flvthumbnail.php in the Youtube Gallery (com_youtubegallery) component 3.4.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the videofile parameter. |
| CVE-2014-2729 | 2014-04-25 | Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS 8.7 before 8.7.0.055 allows remote authenticated users to inject arbitrary web script or HTML via the category0 parameter, which is not... |
| CVE-2013-2025 | 2014-04-25 | Cross-site scripting (XSS) vulnerability in Ushahidi Platform 2.5.x through 2.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2013-3069 | 2014-04-25 | Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Password to... |
| CVE-2013-4565 | 2014-04-25 | Heap-based buffer overflow in the __OLEdecode function in ppthtml 0.5.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted... |
| CVE-2013-4722 | 2014-04-25 | Multiple cross-site scripting (XSS) vulnerabilities in Admin/login/default.asp in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allow remote attackers to inject arbitrary web script or... |
| CVE-2013-4723 | 2014-04-25 | Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing... |
| CVE-2013-4726 | 2014-04-25 | Cross-site request forgery (CSRF) vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to hijack the authentication of unspecified victims via... |
| CVE-2013-5660 | 2014-04-25 | Buffer overflow in Power Software WinArchiver 3.2 allows remote attackers to execute arbitrary code via a crafted .zip file. |
| CVE-2014-2579 | 2014-04-25 | Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.5 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrator password via... |
| CVE-2014-2996 | 2014-04-25 | XCloner Standalone 3.5 and earlier, when enable_db_backup and sql_mem are enabled, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the dbbackup_comp parameter in a generate action... |
| CVE-2014-0350 | 2014-04-26 | The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison... |
| CVE-2014-2992 | 2014-04-26 | The Misli.com application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| CVE-2014-2993 | 2014-04-26 | The Birebin.com application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| CVE-2014-1730 | 2014-04-26 | Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to... |
| CVE-2014-1731 | 2014-04-26 | core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state... |
| CVE-2014-1732 | 2014-04-26 | Use-after-free vulnerability in browser/ui/views/speech_recognition_bubble_views.cc in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allows remote attackers to cause a denial of service or possibly... |
| CVE-2014-1733 | 2014-04-26 | The PointerCompare function in codegen.cc in Seccomp-BPF, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly merge blocks, which... |
| CVE-2014-1734 | 2014-04-26 | Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allow attackers to cause a denial of service or possibly have other... |
| CVE-2014-1735 | 2014-04-26 | Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allow attackers to cause a... |
| CVE-2014-2889 | 2014-04-27 | Off-by-one error in the bpf_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 3.1.8, when BPF JIT is enabled, allows local users to cause a denial of service (system crash)... |
| CVE-2014-0181 | 2014-04-27 | The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to... |
| CVE-2014-2994 | 2014-04-27 | Stack-based buffer overflow in Acunetix Web Vulnerability Scanner (WVS) 8 build 20120704 allows remote attackers to execute arbitrary code via an HTML file containing an IMG element with a long... |
| CVE-2014-1762 | 2014-04-27 | Unspecified vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code with medium-integrity privileges and bypass a sandbox protection mechanism via unknown vectors, as demonstrated... |
| CVE-2014-1763 | 2014-04-27 | Use-after-free vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during... |
| CVE-2014-1764 | 2014-04-27 | Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism by leveraging "object confusion" in a broker process, as demonstrated by... |
| CVE-2014-1765 | 2014-04-27 | Multiple use-after-free vulnerabilities in Microsoft Internet Explorer 6 through 11 allow remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by Sebastian Apelt and Andreas Schmidt during a... |
| CVE-2014-1766 | 2014-04-27 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as demonstrated by Sebastian... |
| CVE-2014-1776 | 2014-04-27 | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup... |
| CVE-2010-5105 | 2014-04-27 | The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file.... |
| CVE-2011-3152 | 2014-04-27 | DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 on Ubuntu 8.04 through 11.10 does not verify the GPG signature... |
| CVE-2013-6887 | 2014-04-27 | OpenJPEG 1.5.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger NULL pointer dereferences, division-by-zero, and other errors. |
| CVE-2014-0162 | 2014-04-27 | The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image... |
| CVE-2014-3007 | 2014-04-27 | Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py. |
| CVE-2011-3602 | 2014-04-27 | Directory traversal vulnerability in device-linux.c in the router advertisement daemon (radvd) before 1.8.2 allows local users to overwrite arbitrary files, and remote attackers to overwrite certain files, via a ..... |
| CVE-2011-3603 | 2014-04-27 | The router advertisement daemon (radvd) before 1.8.2 does not properly handle errors in the privsep_init function, which causes the radvd daemon to run as root and has an unspecified impact. |
| CVE-2013-0296 | 2014-04-27 | Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might... |
| CVE-2013-6053 | 2014-04-27 | OpenJPEG 1.5.1 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read. |
| CVE-2014-2285 | 2014-04-27 | The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community... |
| CVE-2014-2383 | 2014-04-28 | dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter,... |
| CVE-2013-4285 | 2014-04-28 | A certain Gentoo patch for the PAM S/Key module does not properly clear credentials from memory, which allows local users to obtain sensitive information by reading system memory. |
| CVE-2014-0037 | 2014-04-28 | The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2 allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the... |
| CVE-2014-0079 | 2014-04-28 | The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (crash) via vectors related to... |
| CVE-2014-0187 | 2014-04-28 | The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group... |
| CVE-2014-1217 | 2014-04-28 | Livetecs Timelive before 6.2.8 does not properly restrict access to systemsetting.aspx, which allows remote attackers to change configurations and obtain the database connection string and credentials via unspecified vectors. |
| CVE-2014-2042 | 2014-04-28 | Unrestricted file upload vulnerability in the Manage Project functionality in Livetecs Timelive before 6.5.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension,... |
| CVE-2014-2657 | 2014-04-28 | Unspecified vulnerability in the print release functionality in PaperCut MF before 14.1 (Build 26983) has unknown impact and remote vectors, related to embedded MFPs. |
| CVE-2014-2658 | 2014-04-28 | Unspecified vulnerability in Papercut MF and NG before 14.1 (Build 26983) allows attacker to cause a denial of service via unknown vectors. |
| CVE-2014-2715 | 2014-04-28 | Multiple cross-site scripting (XSS) vulnerabilities in vwrooms\templates\logout.tpl.php in the VideoWhisper Webcam plugins for Drupal 7.x allow remote attackers to inject arbitrary web script or HTML via the (1) module or... |
| CVE-2014-2846 | 2014-04-28 | Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a... |
| CVE-2014-2980 | 2014-04-28 | Tools/gdomap.c in gdomap in GNUstep Base 1.24.6 and earlier, when run in daemon mode, does not properly handle the file descriptor for the logger, which allows remote attackers to cause... |
| CVE-2014-2986 | 2014-04-28 | The vgic_distr_mmio_write function in the virtual guest interrupt controller (GIC) distributor (arch/arm/vgic.c) in Xen 4.4.x, when running on an ARM system, allows local guest users to cause a denial of... |
| CVE-2014-3008 | 2014-04-28 | Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconsole/bpl/snmpd.php. |
| CVE-2014-0112 | 2014-04-29 | ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted... |
| CVE-2014-0113 | 2014-04-29 | CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader... |
| CVE-2014-0515 | 2014-04-29 | Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux, allows remote attackers to execute arbitrary... |
| CVE-2014-1841 | 2014-04-29 | Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with... |
| CVE-2014-1842 | 2014-04-29 | Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot... |