Total
5442 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-2819 | 1 Microsoft | 1 Internet Explorer | 2024-08-06 | N/A |
Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." | ||||
CVE-2014-2816 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2024-08-06 | N/A |
Microsoft SharePoint Server 2013 Gold and SP1 and SharePoint Foundation 2013 Gold and SP1 allow remote authenticated users to gain privileges via a Trojan horse app that executes a custom action in the context of the SharePoint extensibility model, aka "SharePoint Page Content Vulnerability." | ||||
CVE-2014-2783 | 1 Microsoft | 1 Internet Explorer | 2024-08-06 | N/A |
Microsoft Internet Explorer 7 through 11 does not prevent use of wildcard EV SSL certificates, which might allow remote attackers to spoof a trust level by leveraging improper issuance of a wildcard certificate by a recognized Certification Authority, aka "Extended Validation (EV) Certificate Security Feature Bypass Vulnerability." | ||||
CVE-2014-2781 | 1 Microsoft | 8 Windows 7, Windows 8, Windows 8.1 and 5 more | 2024-08-06 | N/A |
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly restrict the exchange of keyboard and mouse data between programs at different integrity levels, which allows attackers to bypass intended access restrictions by leveraging control over a low-integrity process to launch the On-Screen Keyboard (OSK) and then upload a crafted application, aka "On-Screen Keyboard Elevation of Privilege Vulnerability." | ||||
CVE-2014-2780 | 1 Microsoft | 6 Windows 7, Windows 8, Windows 8.1 and 3 more | 2024-08-06 | N/A |
DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows local users to gain privileges by leveraging control over a low-integrity process to execute a crafted application, aka "DirectShow Elevation of Privilege Vulnerability." | ||||
CVE-2014-2748 | 1 Sap | 2 Enhancement Package, Erp | 2024-08-06 | N/A |
The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for SAP ERP 6.0 allows remote attackers to modify or delete arbitrary log classes via unspecified vectors. NOTE: some of these details are obtained from third party information. | ||||
CVE-2014-2743 | 1 Lightwitch | 1 Metronome | 2024-08-06 | N/A |
plugins/mod_compression.lua in Lightwitch Metronome through 3.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack. | ||||
CVE-2014-2741 | 1 Igniterealtime | 1 Openfire | 2024-08-06 | N/A |
nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack. | ||||
CVE-2014-2745 | 1 Prosody | 1 Prosody | 2024-08-06 | N/A |
Prosody before 0.9.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack, related to core/portmanager.lua and util/xmppstream.lua. | ||||
CVE-2014-2690 | 1 Citrix | 1 Vdi-in-a-box | 2024-08-06 | N/A |
Citrix VDI-in-a-Box 5.3.x before 5.3.6 and 5.4.x before 5.4.3 allows local users to obtain administrator credentials by reading the log. | ||||
CVE-2014-2742 | 1 Isode | 1 M-link | 2024-08-06 | N/A |
Isode M-Link before 16.0v7 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack. | ||||
CVE-2014-2746 | 1 Tigase | 1 Tigase | 2024-08-06 | N/A |
net/IOService.java in Tigase before 5.2.1 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack. | ||||
CVE-2014-2684 | 1 Zend | 2 Zend Framework, Zendopenid | 2024-08-06 | N/A |
The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 does not verify that the openid_op_endpoint value identifies the same Identity Provider as the provider used in the association handle, which allows remote attackers to bypass authentication and spoof arbitrary OpenID identities by using a malicious OpenID Provider that generates OpenID tokens with arbitrary identifier and claimed_id values. | ||||
CVE-2014-2573 | 1 Openstack | 1 Compute | 2024-08-06 | N/A |
The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image. | ||||
CVE-2014-2646 | 1 Hp | 1 Network Automation | 2024-08-06 | N/A |
Unspecified vulnerability in HP Network Automation 9.10 and 9.20 allows local users to bypass intended access restrictions via unknown vectors. | ||||
CVE-2014-2572 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
mod/assign/externallib.php in Moodle 2.6.x before 2.6.2 does not properly handle assignment web-service parameters, which might allow remote authenticated users to modify grade metadata via unspecified vectors. | ||||
CVE-2014-2629 | 1 Hp | 1 Nonstop Safeguard Security | 2024-08-06 | N/A |
HP NonStop Safeguard Security Software G, H06.03 through H06.28.01, and J06.03 through J06.17.01 does not properly evaluate the DISKFILE-PATTERN ACL of a program object file, which allows remote authenticated users to bypass intended restrictions on program access via vectors related to process-creation time. | ||||
CVE-2014-2593 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-08-06 | N/A |
The management console in Aruba Networks ClearPass Policy Manager 6.3.0.60730 allows local users to execute arbitrary commands via shell metacharacters in certain arguments of a valid command, as demonstrated by the (1) system status-rasession and (2) network ping commands. | ||||
CVE-2014-2552 | 1 Brookinsconsulting | 1 Collected Information Export | 2024-08-06 | N/A |
Brookins Consulting (BC) Collected Information Export extension for eZ Publish 1.1.0 does not properly restrict access, which allows remote attackers to gain access to sensitive data. | ||||
CVE-2014-2533 | 1 Blackberry | 1 Qnx Neutrino Rtos | 2024-08-06 | N/A |
/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument. |