CVE List - 2014 / April
Showing 101 - 200 of 665 CVEs for April 2014 (Page 2 of 7)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2014-2542 | 2014-04-08 | Cross-site scripting (XSS) vulnerability in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance... |
| CVE-2014-2543 | 2014-04-08 | Buffer overflow in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1,... |
| CVE-2014-0315 | 2014-04-08 | Untrusted search path vulnerability in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8,... |
| CVE-2014-0507 | 2014-04-08 | Buffer overflow in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android,... |
| CVE-2014-0508 | 2014-04-08 | Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK... |
| CVE-2014-0509 | 2014-04-08 | Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83... |
| CVE-2014-1751 | 2014-04-08 | Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability,"... |
| CVE-2014-1752 | 2014-04-08 | Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2014-1753 | 2014-04-08 | Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2014-1755 | 2014-04-08 | Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability,"... |
| CVE-2014-1757 | 2014-04-08 | Microsoft Word 2007 SP3 and 2010 SP1 and SP2, and Office Compatibility Pack SP3, allocates memory incorrectly for file conversions from a binary (aka .doc) format to a newer format,... |
| CVE-2014-1758 | 2014-04-08 | Stack-based buffer overflow in Microsoft Word 2003 SP3 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Word Stack Overflow Vulnerability." |
| CVE-2014-1759 | 2014-04-08 | pubconv.dll in Microsoft Publisher 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via a... |
| CVE-2014-1760 | 2014-04-08 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." |
| CVE-2014-1716 | 2014-04-09 | Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime.cc in Google V8, as used in Google Chrome before 34.0.1847.116, allows remote attackers to inject arbitrary web script or HTML... |
| CVE-2014-1717 | 2014-04-09 | Google V8, as used in Google Chrome before 34.0.1847.116, does not properly use numeric casts during handling of typed arrays, which allows remote attackers to cause a denial of service... |
| CVE-2014-1718 | 2014-04-09 | Integer overflow in the SoftwareFrameManager::SwapToNewFrame function in content/browser/renderer_host/software_frame_manager.cc in the software compositor in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified... |
| CVE-2014-1719 | 2014-04-09 | Use-after-free vulnerability in the WebSharedWorkerStub::OnTerminateWorkerContext function in content/worker/websharedworker_stub.cc in the Web Workers implementation in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service (heap memory corruption)... |
| CVE-2014-1720 | 2014-04-09 | Use-after-free vulnerability in the HTMLBodyElement::insertedInto function in core/html/HTMLBodyElement.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified... |
| CVE-2014-1721 | 2014-04-09 | Google V8, as used in Google Chrome before 34.0.1847.116, does not properly implement lazy deoptimization, which allows remote attackers to cause a denial of service (memory corruption) or possibly have... |
| CVE-2014-1722 | 2014-04-09 | Use-after-free vulnerability in the RenderBlock::addChildIgnoringAnonymousColumnBlocks function in core/rendering/RenderBlock.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified... |
| CVE-2014-1723 | 2014-04-09 | The UnescapeURLWithOffsetsImpl function in net/base/escape.cc in Google Chrome before 34.0.1847.116 does not properly handle bidirectional Internationalized Resource Identifiers (IRIs), which makes it easier for remote attackers to spoof URLs via... |
| CVE-2014-1724 | 2014-04-09 | Use-after-free vulnerability in Free(b)soft Laboratory Speech Dispatcher 0.7.1, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service (application hang) or possibly have unspecified... |
| CVE-2014-1725 | 2014-04-09 | The base64DecodeInternal function in wtf/text/Base64.cpp in Blink, as used in Google Chrome before 34.0.1847.116, does not properly handle string data composed exclusively of whitespace characters, which allows remote attackers to... |
| CVE-2014-1726 | 2014-04-09 | The drag implementation in Google Chrome before 34.0.1847.116 allows user-assisted remote attackers to bypass the Same Origin Policy and forge local pathnames by leveraging renderer access. |
| CVE-2014-1727 | 2014-04-09 | Use-after-free vulnerability in content/renderer/renderer_webcolorchooser_impl.h in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to forms. |
| CVE-2014-1728 | 2014-04-09 | Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. |
| CVE-2014-1729 | 2014-04-09 | Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22, as used in Google Chrome before 34.0.1847.116, allow attackers to cause a denial of service or possibly have other impact via unknown... |
| CVE-2014-0165 | 2014-04-09 | WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php. |
| CVE-2014-0166 | 2014-04-09 | The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to... |
| CVE-2014-2544 | 2014-04-09 | Unspecified vulnerability in Spotfire Web Player Engine, Spotfire Desktop, and Spotfire Server Authentication Module in TIBCO Spotfire Server 3.3.x before 3.3.4, 4.5.x before 4.5.1, 5.0.x before 5.0.2, 5.5.x before 5.5.1,... |
| CVE-2014-2126 | 2014-04-10 | Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47), 8.4 before 8.4(7.5), 8.7 before 8.7(1.11), 9.0 before 9.0(3.10), and 9.1 before 9.1(3.4) allows remote authenticated users to gain privileges by... |
| CVE-2014-2127 | 2014-04-10 | Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), 8.3 before 8.3(2.40), 8.4 before 8.4(7.9), 8.6 before 8.6(1.13), 9.0 before 9.0(4.1), and 9.1 before 9.1(4.3) does not properly process management-session... |
| CVE-2014-2128 | 2014-04-10 | The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47, 8.3 before 8.3(2.40), 8.4 before 8.4(7.3), 8.6 before 8.6(1.13), 9.0 before 9.0(3.8), and 9.1 before 9.1(3.2)... |
| CVE-2014-2129 | 2014-04-10 | The SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.48), 8.4 before 8.4(6.5), 9.0 before 9.0(3.1), and 9.1 before 9.1(2.5) allows remote attackers to cause a... |
| CVE-2014-2141 | 2014-04-10 | The session-termination functionality on Cisco ONS 15454 controller cards with software 9.6 and earlier does not initialize an unspecified pointer, which allows remote authenticated users to cause a denial of... |
| CVE-2012-4921 | 2014-04-10 | Multiple cross-site request forgery (CSRF) vulnerabilities in the DVS Custom Notification plugin 1.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1)... |
| CVE-2013-2033 | 2014-04-10 | Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary... |
| CVE-2013-2693 | 2014-04-10 | Cross-site request forgery (CSRF) vulnerability in the Options in the WP-Print plugin before 2.52 for WordPress allows remote attackers to hijack the authentication of administrators for requests that manipulate plugin... |
| CVE-2013-2699 | 2014-04-10 | Cross-site request forgery (CSRF) vulnerability in the underConstruction plugin before 1.09 for WordPress allows remote attackers to hijack the authentication of administrators for requests that deactivate a plugin via unspecified... |
| CVE-2013-3251 | 2014-04-10 | Cross-site request forgery (CSRF) vulnerability in the qTranslate plugin 2.5.34 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via... |
| CVE-2013-3252 | 2014-04-10 | Cross-site request forgery (CSRF) vulnerability in the options admin page in the WP-PostViews plugin before 1.63 for WordPress allows remote attackers to hijack the authentication of administrators for requests that... |
| CVE-2013-6468 | 2014-04-10 | JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a (1) MVFLEX Expression... |
| CVE-2014-0331 | 2014-04-10 | Cross-site scripting (XSS) vulnerability in the web administration interface in FortiADC with firmware before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the locale parameter to... |
| CVE-2014-1455 | 2014-04-10 | SQL injection vulnerability in the password reset functionality in Pearson eSIS Enterprise Student Information System, possibly 3.3.0.13 and earlier, allows remote attackers to execute arbitrary SQL commands via the new... |
| CVE-2014-2583 | 2014-04-10 | Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot... |
| CVE-2014-2708 | 2014-04-10 | Multiple SQL injection vulnerabilities in graph_xport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary SQL commands via the (1) graph_start, (2) graph_end, (3) graph_height, (4) graph_width,... |
| CVE-2013-7365 | 2014-04-10 | Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. |
| CVE-2014-2748 | 2014-04-10 | The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for SAP ERP 6.0 allows remote attackers to modify or delete arbitrary log classes via unspecified vectors. NOTE: some... |
| CVE-2014-2749 | 2014-04-10 | The HANA ICM process in SAP HANA allows remote attackers to obtain the platform version, host name, instance number, and possibly other sensitive information via a malformed HTTP GET request. |
| CVE-2014-2751 | 2014-04-10 | SAP Print and Output Management has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. |
| CVE-2014-2752 | 2014-04-10 | SAP Business Object Processing Framework (BOPF) for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. |
| CVE-2013-7355 | 2014-04-10 | SQL injection vulnerability in SAP BI Universal Data Integration allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to the J2EE schema. |
| CVE-2013-7356 | 2014-04-10 | Unspecified vulnerability in the SAP CCMS / Database Monitors for Oracle allows attackers to obtain the database password via unknown vectors. |
| CVE-2013-7357 | 2014-04-10 | Unspecified vulnerability in the configuration service in SAP J2EE Engine allows remote attackers to obtain credential information via unknown vectors. |
| CVE-2013-7358 | 2014-04-10 | Unspecified vulnerability in SAP Guided Procedures Archive Monitor allows remote attackers to obtain usernames, roles, profiles, and possibly other identity information via unknown vectors. |
| CVE-2013-7359 | 2014-04-10 | Unspecified vulnerability in SAP Mobile Infrastructure allows remote attackers to obtain sensitive port information via unknown vectors, related to an "internal port scanning" issue. |
| CVE-2013-7360 | 2014-04-10 | Unspecified vulnerability in SAP adminadapter allows remote attackers to read or write to arbitrary files via unknown vectors. |
| CVE-2013-7361 | 2014-04-10 | Directory traversal vulnerability in SAP CMS and CM Services allows attackers to upload arbitrary files via unspecified vectors. |
| CVE-2013-7362 | 2014-04-10 | An unspecified RFC function in SAP CCMS Agent allows remote attackers to execute arbitrary commands via unknown vectors. |
| CVE-2013-7363 | 2014-04-10 | Unspecified vulnerability in the Diagnostics (SMD) agent in SAP Solution Manager allows remote attackers to obtain sensitive information, modify the configuration of applications, and install or remove applications via vectors... |
| CVE-2013-7364 | 2014-04-10 | An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown... |
| CVE-2013-7366 | 2014-04-10 | The SAP Software Deployment Manager (SDM), in certain unspecified conditions, allows remote attackers to cause a denial of service via vectors related to failed authentications. |
| CVE-2013-7367 | 2014-04-10 | SAP Enterprise Portal does not properly restrict access to the Federation configuration pages, which allows remote attackers to gain privileges via unspecified vectors. |
| CVE-2012-6132 | 2014-04-10 | Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter. |
| CVE-2013-0740 | 2014-04-10 | Open redirect vulnerability in Dell OpenManage Server Administrator (OMSA) before 7.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the... |
| CVE-2014-0908 | 2014-04-10 | The User Attribute implementation in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access to... |
| CVE-2014-0920 | 2014-04-10 | IBM SPSS Analytic Server 1.0 before IF002 and 1.0.1 before IF004 logs cleartext passwords, which allows remote authenticated users to obtain sensitive information via unspecified vectors. |
| CVE-2014-2741 | 2014-04-11 | nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via... |
| CVE-2014-2742 | 2014-04-11 | Isode M-Link before 16.0v7 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP... |
| CVE-2014-2743 | 2014-04-11 | plugins/mod_compression.lua in Lightwitch Metronome through 3.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a... |
| CVE-2014-2744 | 2014-04-11 | plugins/mod_compression.lua in (1) Prosody before 0.9.4 and (2) Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cause a denial of service... |
| CVE-2014-2745 | 2014-04-11 | Prosody before 0.9.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream,... |
| CVE-2014-2746 | 2014-04-11 | net/IOService.java in Tigase before 5.2.1 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted... |
| CVE-2014-2829 | 2014-04-11 | Erlang Solutions MongooseIM through 1.3.1 rev. 2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via... |
| CVE-2013-2706 | 2014-04-11 | Cross-site request forgery (CSRF) vulnerability in the Stream Video Player plugin 1.4.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via... |
| CVE-2013-2708 | 2014-04-11 | Cross-site request forgery (CSRF) vulnerability in the Content Slide plugin 1.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified... |
| CVE-2013-4795 | 2014-04-11 | Cross-site scripting (XSS) vulnerability in the Submitters list in Review Board 1.6.x before 1.6.18 and 1.7.x before 1.7.12 allows remote attackers to inject arbitrary web script or HTML via a... |
| CVE-2013-6369 | 2014-04-11 | Stack-based buffer overflow in the jbg_dec_in function in libjbig/jbig.c in JBIG-KIT before 2.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via... |
| CVE-2014-1985 | 2014-04-11 | Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x before 2.5.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing... |
| CVE-2014-2333 | 2014-04-11 | Cross-site scripting (XSS) vulnerability in the Lazyest Gallery plugin before 1.1.21 for WordPress allows remote attackers to inject arbitrary web script or HTML via an EXIF tag. NOTE: some of... |
| CVE-2014-2540 | 2014-04-11 | SQL injection vulnerability in OrbitScripts Orbit Open Ad Server before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the site_directory_sort_field parameter to guest/site_directory. |
| CVE-2012-6130 | 2014-04-11 | Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link. |
| CVE-2012-6131 | 2014-04-11 | Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1. |
| CVE-2014-0172 | 2014-04-11 | Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service... |
| CVE-2014-2847 | 2014-04-11 | SQL injection vulnerability in default.asp in CIS Manager CMS allows remote attackers to execute arbitrary SQL commands via the TroncoID parameter. |
| CVE-2014-2848 | 2014-04-11 | A race condition in the wmi_malware_scan.nbin plugin before 201402262215 for Nessus 5.2.1 allows local users to gain privileges by replacing the dissolvable agent executable in the Windows temp directory with... |
| CVE-2014-2849 | 2014-04-11 | The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request. |
| CVE-2014-2850 | 2014-04-11 | The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter. |
| CVE-2014-0777 | 2014-04-11 | OServer Out of Bounds Read |
| CVE-2014-1969 | 2014-04-11 | Directory traversal vulnerability in the apps4u@android SD Card Manager application before 20140224 for Android allows attackers to overwrite or create arbitrary files via a crafted filename. |
| CVE-2014-0636 | 2014-04-11 | EMC RSA BSAFE Micro Edition Suite (MES) 3.2.x before 3.2.6 and 4.0.x before 4.0.5 does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof SSL servers via... |
| CVE-2014-1209 | 2014-04-11 | VMware vSphere Client 4.0, 4.1, 5.0 before Update 3, and 5.1 before Update 2 does not properly validate updates to Client files, which allows remote attackers to trigger the downloading... |
| CVE-2014-1210 | 2014-04-11 | VMware vSphere Client 5.0 before Update 3 and 5.1 before Update 2 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate. |
| CVE-2013-2809 | 2014-04-12 | The DNP Master Driver in the OSIsoft PI Interface before 3.1.2.54 for DNP3 allows remote attackers to cause a denial of service (interface shutdown) via a crafted TCP packet. |
| CVE-2013-2828 | 2014-04-12 | The DNP Master Driver in the OSIsoft PI Interface before 3.1.2.54 for DNP3 allows physically proximate attackers to cause a denial of service (interface shutdown) via crafted input over a... |
| CVE-2013-6216 | 2014-04-12 | Unspecified vulnerability in HP Array Configuration Utility, Array Diagnostics Utility, ProLiant Array Diagnostics, and SmartSSD Wear Gauge Utility 9.40 and earlier allows local users to gain privileges via unknown vectors. |
| CVE-2014-0347 | 2014-04-12 | The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before... |
| CVE-2014-0349 | 2014-04-12 | Multiple unspecified vulnerabilities in J2k-Codec allow remote attackers to execute arbitrary code via a crafted JPEG 2000 file. |
| CVE-2014-0763 | 2014-04-12 | Advantech WebAccess SQL Injection |