Total
5442 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-0854 | 1 Ibm | 1 Cognos Business Intelligence | 2024-08-06 | N/A |
The server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||
CVE-2014-0833 | 1 Ibm | 1 Financial Transaction Manager | 2024-08-06 | N/A |
The OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 does not properly enforce operator-intervention requirements, which allows remote authenticated users to bypass intended access restrictions via an unspecified process step. | ||||
CVE-2014-0817 | 1 Cybozu | 1 Garoon | 2024-08-06 | N/A |
Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not properly manage sessions, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors. | ||||
CVE-2014-0875 | 1 Ibm | 2 Storwize Unified V7000, Storwize Unified V7000 Software | 2024-08-06 | N/A |
Active Cloud Engine (ACE) in IBM Storwize V7000 Unified 1.3.0.0 through 1.4.3.x allows remote attackers to bypass intended ACL restrictions in opportunistic circumstances by leveraging incorrect ACL synchronization over an unreliable NFS connection that requires retransmissions. | ||||
CVE-2014-0908 | 1 Ibm | 1 Business Process Manager | 2024-08-06 | N/A |
The User Attribute implementation in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access to attribute values, which allows remote authenticated users to obtain sensitive information, configure e-mail notifications, or modify task assignments via REST API calls. | ||||
CVE-2014-0839 | 1 Ibm | 1 Rational Focal Point | 2024-08-06 | N/A |
IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to modify data via vectors involving a direct object reference. | ||||
CVE-2014-0906 | 1 Ibm | 1 Sametime | 2024-08-06 | N/A |
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not check whether a session cookie is current, which allows remote attackers to conduct user-search actions by leveraging possession of a (1) expired or (2) invalidated cookie. | ||||
CVE-2014-0858 | 1 Ibm | 1 Content Navigator | 2024-08-06 | N/A |
IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to bypass intended access restrictions and conduct deleteAction attacks via a modified URL. | ||||
CVE-2014-0816 | 1 Norman | 1 Security Suite | 2024-08-06 | N/A |
Unspecified vulnerability in Norman Security Suite 10.1 and earlier allows local users to gain privileges via unknown vectors. | ||||
CVE-2014-0686 | 1 Cisco | 1 Unified Communications Manager | 2024-08-06 | N/A |
Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908. | ||||
CVE-2014-0731 | 1 Cisco | 1 Unified Communications Manager | 2024-08-06 | N/A |
The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, aka Bug ID CSCum46497. | ||||
CVE-2014-0682 | 1 Cisco | 1 Webex Meetings Server | 2024-08-06 | N/A |
Cisco WebEx Meetings Server allows remote authenticated users to bypass authorization checks and (1) join arbitrary meetings, or (2) terminate a meeting without having a host role, via a crafted URL, aka Bug ID CSCuj42346. | ||||
CVE-2014-0752 | 1 Ecava | 1 Integraxor | 2024-08-06 | N/A |
The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL. | ||||
CVE-2014-0721 | 1 Cisco | 1 Unified Sip Phone 3905 | 2024-08-06 | N/A |
The Cisco Unified SIP Phone 3905 with firmware before 9.4(1) allows remote attackers to obtain root access via a session on the test interface on TCP port 7870, aka Bug ID CSCuh75574. | ||||
CVE-2014-0676 | 1 Cisco | 1 Nx-os | 2024-08-06 | N/A |
Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367. | ||||
CVE-2014-0685 | 1 Cisco | 1 Cisco Nexus 1000v Intercloud | 2024-08-06 | N/A |
Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware allows remote attackers to bypass ACL deny statements via crafted (1) IGMPv2 or (2) IGMPv3 packets, aka Bug ID CSCug61691. | ||||
CVE-2014-0719 | 1 Cisco | 1 Ips Sensor Software | 2024-08-06 | N/A |
The control-plane access-list implementation in Cisco IPS Software before 7.1(8p2)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (MainApp process outage) via crafted packets to TCP port 7000, aka Bug ID CSCui67394. | ||||
CVE-2014-0678 | 1 Cisco | 1 Secure Access Control System | 2024-08-06 | N/A |
The portal interface in Cisco Secure Access Control System (ACS) does not properly manage sessions, which allows remote authenticated users to hijack sessions and gain privileges via unspecified vectors, aka Bug ID CSCue65951. | ||||
CVE-2014-0669 | 1 Cisco | 1 Asr 5000 Series Software | 2024-08-06 | N/A |
The Wireless Session Protocol (WSP) feature in the Gateway GPRS Support Node (GGSN) component on Cisco ASR 5000 series devices allows remote attackers to bypass intended Top-Up payment restrictions via unspecified WSP packets, aka Bug ID CSCuh28371. | ||||
CVE-2014-0642 | 1 Emc | 1 Documentum Content Server | 2024-08-06 | N/A |
EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, 7.0 before P13, and 7.1 before P02 allows remote authenticated users to bypass intended access restrictions and read metadata from certain folders via unspecified vectors. |