CVE List - 2014 / May
Showing 1 - 100 of 550 CVEs for May 2014 (Page 1 of 6)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2013-7374 | 2014-05-01 | The Ubuntu Date and Time Indicator (aka indicator-datetime) 13.10.0+13.10.x before 13.10.0+13.10.20131023.2-0ubuntu1.1 does not properly restrict access to Evolution, which allows local users to bypass the greeter screen restrictions by clicking... |
| CVE-2014-2881 | 2014-05-01 | Unspecified vulnerability in the Diffie-Hellman key agreement implementation in the management GUI Java applet in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17... |
| CVE-2014-2882 | 2014-05-01 | Unspecified vulnerability in the management GUI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unspecified impact and vectors, related to certificate... |
| CVE-2013-6323 | 2014-05-01 | Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, and WebSphere Virtual Enterprise 7.x before... |
| CVE-2014-0646 | 2014-05-01 | The runtime WS component in the server in EMC RSA Access Manager 6.1.3 before 6.1.3.39, 6.1.4 before 6.1.4.22, 6.2.0 before 6.2.0.11, and 6.2.1 before 6.2.1.03, when INFO logging is enabled,... |
| CVE-2014-0823 | 2014-05-01 | IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote attackers to read arbitrary files via a crafted URL. |
| CVE-2014-0857 | 2014-05-01 | The Administrative Console in IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote authenticated users to obtain sensitive information via a crafted request. |
| CVE-2014-0859 | 2014-05-01 | The web-server plugin in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, when POST retries are enabled, allows remote attackers to cause a... |
| CVE-2014-0896 | 2014-05-01 | IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information via a crafted request. |
| CVE-2014-0941 | 2014-05-01 | Cross-site scripting (XSS) vulnerability in webtop/eventviewer/eventViewer.jsp in the Web GUI in IBM Netcool/OMNIbus 7.4.0 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted... |
| CVE-2014-0942 | 2014-05-01 | Cross-site scripting (XSS) vulnerability in webtop/eventviewer/eventViewer.jsp in the Web GUI in IBM Netcool/OMNIbus 7.4.0 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted... |
| CVE-2014-3138 | 2014-05-02 | SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to... |
| CVE-2013-2073 | 2014-05-02 | Transifex command-line client before 0.9 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate. |
| CVE-2013-7110 | 2014-05-02 | Transifex command-line client before 0.10 does not validate X.509 certificates for data transfer connections, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate. NOTE: this vulnerability... |
| CVE-2014-1441 | 2014-05-02 | Core FTP Server 1.2 before build 515 allows remote attackers to cause a denial of service (reachable assertion and crash) via an AUTH SSL command with malformed data, as demonstrated... |
| CVE-2014-1442 | 2014-05-02 | Directory traversal vulnerability in Core FTP Server 1.2 before build 515 allows remote authenticated users to determine the existence of arbitrary files via a /../ sequence in an XCRC command. |
| CVE-2014-1443 | 2014-05-02 | Core FTP Server 1.2 before build 515 allows remote authenticated users to obtain sensitive information (password for the previous user) via a USER command with a specific length, possibly related... |
| CVE-2014-1988 | 2014-05-02 | The Phone Messages feature in Cybozu Garoon 2.0.0 through 3.7 SP2 allows remote authenticated users to cause a denial of service (resource consumption) via unspecified vectors. |
| CVE-2014-1989 | 2014-05-02 | Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to bypass intended access restrictions and delete schedule information via unspecified API calls. |
| CVE-2014-2156 | 2014-05-02 | Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45739. |
| CVE-2014-2157 | 2014-05-02 | Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45733. |
| CVE-2014-2158 | 2014-05-02 | Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45720. |
| CVE-2014-2159 | 2014-05-02 | The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCtq78722. |
| CVE-2014-2160 | 2014-05-02 | The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCty45745. |
| CVE-2014-2161 | 2014-05-02 | The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCty45731. |
| CVE-2014-2162 | 2014-05-02 | The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted... |
| CVE-2014-2163 | 2014-05-02 | The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x allows remote attackers to cause a denial of service (device reload) via crafted SIP packets,... |
| CVE-2014-2164 | 2014-05-02 | The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted... |
| CVE-2014-2165 | 2014-05-02 | The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted... |
| CVE-2014-2166 | 2014-05-02 | The SIP implementation in Cisco TelePresence TC Software 4.x and TE Software 4.x allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug... |
| CVE-2014-2167 | 2014-05-02 | The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted... |
| CVE-2014-2168 | 2014-05-02 | Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to execute arbitrary code via crafted DNS response packets, aka Bug... |
| CVE-2014-2169 | 2014-05-02 | Cisco TelePresence TC Software 4.x through 6.x before 6.2.0 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as arguments to... |
| CVE-2014-2170 | 2014-05-02 | Cisco TelePresence TC Software 4.x and 5.x before 5.1.7 and 6.x before 6.0.1 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the... |
| CVE-2014-2171 | 2014-05-02 | Heap-based buffer overflow in Cisco TelePresence TC Software 4.x through 6.x before 6.0.1 and TE Software 4.x and 6.0.x before 6.0.2 allows remote attackers to execute arbitrary code via crafted... |
| CVE-2014-2172 | 2014-05-02 | Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows local users to gain privileges by leveraging improper handling of the u-boot compiler... |
| CVE-2014-2173 | 2014-05-02 | Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 do not properly restrict access to the serial port, which allows local users to gain privileges via... |
| CVE-2014-2175 | 2014-05-02 | Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allow remote attackers to cause a denial of service (memory consumption) via crafted H.225 packets, aka Bug... |
| CVE-2014-3139 | 2014-05-02 | recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 allows remote attackers to bypass authentication by setting the auth parameter to a certain string. |
| CVE-2013-7060 | 2014-05-02 | Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope. |
| CVE-2013-7061 | 2014-05-02 | Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API. |
| CVE-2014-0189 | 2014-05-02 | virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to obtain password for hypervisors by reading the file. |
| CVE-2014-1899 | 2014-05-02 | Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) 9.x before 9.3.66.5 and 10.x before 10.1.123.9 allows remote attackers to inject arbitrary web script or... |
| CVE-2014-2322 | 2014-05-02 | lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) downloaded_file or (2) url variable. |
| CVE-2014-2905 | 2014-05-02 | fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check the credentials, which allows local users to gain privileges via the universal variable socket, related to /tmp/fishd.socket.user permissions. |
| CVE-2014-3000 | 2014-05-02 | The TCP reassembly function in the inet module in FreeBSD 8.3 before p16, 8.4 before p9, 9.1 before p12, 9.2 before p5, and 10.0 before p2 allows remote attackers to... |
| CVE-2014-3001 | 2014-05-02 | The device file system (aka devfs) in FreeBSD 10.0 before p2 does not load default rulesets when booting, which allows context-dependent attackers to bypass intended restrictions by leveraging a jailed... |
| CVE-2014-3006 | 2014-05-02 | Sitepark Information Enterprise Server (IES) 2.9 before 2.9.6, when upgraded from an earlier version, does not properly restrict access, which allows remote attackers to change the manager account password and... |
| CVE-2014-3125 | 2014-05-02 | Xen 4.4.x, when running on an ARM system, does not properly context switch the CNTKCTL_EL1 register, which allows local guest users to modify the hardware timers and cause a denial... |
| CVE-2014-0469 | 2014-05-05 | Stack-based buffer overflow in a certain Debian patch for xbuffy before 3.3.bl.3.dfsg-9 allows remote attackers to execute arbitrary code via the subject of an email, possibly related to indent subject... |
| CVE-2014-2916 | 2014-05-05 | Cross-site request forgery (CSRF) vulnerability in the subscription page editor (spageedit) in phpList before 3.0.6 allows remote attackers to hijack the authentication of administrators via a request to admin/. |
| CVE-2010-5109 | 2014-05-05 | Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers... |
| CVE-2013-0350 | 2014-05-05 | tmp_smtp.c in pktstat 1.8.5 allows local users to overwrite arbitrary files via a symlink attack on /tmp/smtp.log. |
| CVE-2013-1803 | 2014-05-05 | Multiple SQL injection vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to execute arbitrary SQL commands via the (1) orderby parameter to downloads.php; or remote authenticated users with certain permissions... |
| CVE-2013-3736 | 2014-05-05 | Cross-site scripting (XSS) vulnerability in the MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via... |
| CVE-2013-4215 | 2014-05-05 | The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping. |
| CVE-2013-6418 | 2014-05-05 | PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the-middle attackers to spoof a peer via an arbitrary certificate. |
| CVE-2013-6444 | 2014-05-05 | PyWBEM 0.7 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows... |
| CVE-2013-7003 | 2014-05-05 | Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) full name field, (2) company field, or (3)... |
| CVE-2013-7034 | 2014-05-05 | The setCookieValue function in _lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitrary PHP code via a serialized PHP object in a cookie. |
| CVE-2013-7375 | 2014-05-05 | SQL injection vulnerability in includes/classes/Authenticate.class.php in PHP-Fusion 7.02.01 through 7.02.05 allows remote attackers to execute arbitrary SQL commands via the user ID in a user cookie, a different vulnerability than... |
| CVE-2014-0149 | 2014-05-05 | Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss Web Framework Kit 2.5.0 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter or (2) id... |
| CVE-2014-0164 | 2014-05-05 | openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive... |
| CVE-2014-3220 | 2014-05-05 | F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page... |
| CVE-2014-0185 | 2014-05-06 | sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via... |
| CVE-2014-0198 | 2014-05-06 | The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to... |
| CVE-2014-1736 | 2014-05-06 | Integer overflow in api.cc in Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allows remote attackers to cause a... |
| CVE-2014-2347 | 2014-05-06 | AMTELCO miSecure Information Exposure |
| CVE-2014-0193 | 2014-05-06 | WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption)... |
| CVE-2014-2558 | 2014-05-06 | The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a \' (backslash quote) in the setting... |
| CVE-2014-3202 | 2014-05-06 | Unity before 7.2.1 does not properly handle entry activation, which allows physically proximate attackers to bypass the lock screen by holding the ENTER key, which triggers the process to crash. |
| CVE-2014-3203 | 2014-05-06 | Unity before 7.2.1, as used in Ubuntu 14.04, does not properly restrict access to the Dash when the lock screen is active, which allows physically proximate attackers to bypass the... |
| CVE-2014-3204 | 2014-05-06 | Unity before 7.2.1, as used in Ubuntu 14.04, does not properly handle keyboard shortcuts, which allows physically proximate attackers to bypass the lock screen and execute arbitrary commands, as demonstrated... |
| CVE-2013-7353 | 2014-05-06 | Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which... |
| CVE-2013-7354 | 2014-05-06 | Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which... |
| CVE-2013-6726 | 2014-05-07 | Multiple cross-site scripting (XSS) vulnerabilities in WebProcess.srv in IBM TRIRIGA Application Platform 3.2.x and 3.3.x before 3.3.1.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified... |
| CVE-2013-7336 | 2014-05-07 | The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service... |
| CVE-2014-0684 | 2014-05-07 | Cisco NX-OS 6.2(2) on Nexus 7000 switches allows local users to cause a denial of service via crafted sed input, aka Bug ID CSCui56136. |
| CVE-2014-0685 | 2014-05-07 | Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware allows remote attackers to bypass ACL deny statements via crafted (1) IGMPv2 or (2) IGMPv3 packets, aka Bug ID CSCug61691. |
| CVE-2014-0911 | 2014-05-07 | inetd in IBM WebSphere MQ 7.1.x before 7.1.0.5 and 7.5.x before 7.5.0.4 allows remote attackers to cause a denial of service (disk or CPU consumption) via unspecified vectors. |
| CVE-2014-2181 | 2014-05-07 | Cisco Adaptive Security Appliance (ASA) Software allows remote authenticated users to read files by sending a crafted URL to the HTTP server, as demonstrated by reading the running configuration, aka... |
| CVE-2014-2190 | 2014-05-07 | Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Broadcast Access Center for Telco and Wireless (aka BAC-TW) allows remote attackers to hijack the authentication of arbitrary users... |
| CVE-2014-2191 | 2014-05-07 | Cross-site scripting (XSS) vulnerability in the web framework in Cisco Broadcast Access Center for Telco and Wireless (aka BAC-TW) allows remote attackers to inject arbitrary web script or HTML via... |
| CVE-2014-2891 | 2014-05-07 | strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload. |
| CVE-2014-2913 | 2014-05-07 | Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to... |
| CVE-2014-3124 | 2014-05-07 | The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a separate... |
| CVE-2014-0130 | 2014-05-07 | Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows... |
| CVE-2014-0196 | 2014-05-07 | The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause... |
| CVE-2013-5016 | 2014-05-08 | Symantec Critical System Protection (SCSP) before 5.2.9, when installed on an unpatched Windows Server 2003 R2 platform, allows remote attackers to bypass policy settings via unspecified vectors. |
| CVE-2014-0116 | 2014-05-08 | CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the... |
| CVE-2014-0362 | 2014-05-08 | Cross-site scripting (XSS) vulnerability on Google Search Appliance (GSA) devices before 7.0.14.G.216 and 7.2 before 7.2.0.G.114, when dynamic navigation is configured, allows remote attackers to inject arbitrary web script or... |
| CVE-2014-0595 | 2014-05-08 | /opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2 does not properly manage a certain array, which allows local users to obtain the S... |
| CVE-2014-0930 | 2014-05-08 | The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from... |
| CVE-2014-0963 | 2014-05-08 | The Reverse Proxy feature in IBM Global Security Kit (aka GSKit) in IBM Security Access Manager (ISAM) for Web 7.0 before 7.0.0-ISS-SAM-IF0006 and 8.0 before 8.0.0.3-ISS-WGA-IF0002 allows remote attackers to... |
| CVE-2014-2132 | 2014-05-08 | Cisco WebEx Recording Format (WRF) player and Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allow remote attackers to cause a... |
| CVE-2014-2133 | 2014-05-08 | Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause... |
| CVE-2014-2134 | 2014-05-08 | Heap-based buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or... |
| CVE-2014-2135 | 2014-05-08 | Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause... |
| CVE-2014-2136 | 2014-05-08 | Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause... |
| CVE-2014-2602 | 2014-05-08 | Unspecified vulnerability in HP OneView 1.0 and 1.01 allows remote authenticated users to gain privileges via unknown vectors. |