# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2014-2671 |
119 |
1
|
DoS Overflow Mem. Corr. |
2014-03-31 |
2017-08-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted WAV file. |
2 |
CVE-2014-2670 |
79 |
|
XSS |
2014-03-29 |
2015-07-24 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Properties.do in ZOHO ManageEngine OpStor before build 8500 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter, a different vulnerability than CVE-2014-0344. |
3 |
CVE-2014-2669 |
189 |
|
Overflow |
2014-03-31 |
2017-12-16 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
Multiple integer overflows in contrib/hstore/hstore_io.c in PostgreSQL 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact via vectors related to the (1) hstore_recv, (2) hstore_from_arrays, and (3) hstore_from_array functions in contrib/hstore/hstore_io.c; and the (4) hstoreArrayToPairs function in contrib/hstore/hstore_op.c, which triggers a buffer overflow. NOTE: this issue was SPLIT from CVE-2014-0064 because it has a different set of affected versions. |
4 |
CVE-2014-2668 |
20 |
1
|
DoS |
2014-03-28 |
2017-12-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids. |
5 |
CVE-2014-2653 |
20 |
|
|
2014-03-27 |
2017-01-07 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate. |
6 |
CVE-2014-2599 |
20 |
|
DoS |
2014-03-28 |
2017-01-07 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
The HVMOP_set_mem_access HVM control operations in Xen 4.1.x for 32-bit and 4.1.x through 4.4.x for 64-bit allow local guest administrators to cause a denial of service (CPU consumption) by leveraging access to certain service domains for HVM guests and a large input. |
7 |
CVE-2014-2589 |
79 |
|
XSS |
2014-03-24 |
2018-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the Dashboard Backend service (stats/dashboard.jsp) in SonicWall Network Security Appliance (NSA) 2400 allows remote attackers to inject arbitrary web script or HTML via the sn parameter. |
8 |
CVE-2014-2588 |
22 |
1
|
Dir. Trav. |
2014-03-24 |
2017-08-29 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
Directory traversal vulnerability in servlet/downloadReport in McAfee Asset Manager 6.6 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the reportFileName parameter. |
9 |
CVE-2014-2587 |
89 |
1
|
Exec Code Sql |
2014-03-24 |
2017-08-29 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remote authenticated users to execute arbitrary SQL commands via the username of an audit report (aka user parameter). |
10 |
CVE-2014-2586 |
79 |
1
|
XSS |
2014-03-24 |
2014-03-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the login audit form in McAfee Cloud Single Sign On (SSO) allows remote attackers to inject arbitrary web script or HTML via a crafted password. |
11 |
CVE-2014-2585 |
20 |
|
|
2014-03-24 |
2014-03-24 |
4.9 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
None |
ownCloud before 5.0.15 and 6.x before 6.0.2, when the file_external app is enabled, allows remote authenticated users to mount the local filesystem in the user's ownCloud via the mount configuration. |
12 |
CVE-2014-2573 |
264 |
|
DoS Bypass |
2014-03-25 |
2014-03-26 |
2.3 |
None |
Local Network |
Medium |
??? |
None |
None |
Partial |
The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image. |
13 |
CVE-2014-2572 |
264 |
|
|
2014-03-24 |
2020-12-01 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
mod/assign/externallib.php in Moodle 2.6.x before 2.6.2 does not properly handle assignment web-service parameters, which might allow remote authenticated users to modify grade metadata via unspecified vectors. |
14 |
CVE-2014-2571 |
79 |
|
XSS |
2014-03-24 |
2020-12-01 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the quiz_question_tostring function in mod/quiz/editlib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to inject arbitrary web script or HTML via a quiz question. |
15 |
CVE-2014-2568 |
416 |
|
+Info |
2014-03-24 |
2019-05-10 |
2.9 |
None |
Local Network |
Medium |
Not required |
Partial |
None |
None |
Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. NOTE: the affected code was moved to the skb_zerocopy function in net/core/skbuff.c before the vulnerability was announced. |
16 |
CVE-2014-2567 |
200 |
|
+Info |
2014-03-21 |
2014-03-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The OpenConnectionTask::handleStateHelper function in Imap/Tasks/OpenConnectionTask.cpp in Trojita before 0.4.1 allows man-in-the-middle attackers to trigger use of cleartext for saving a message into a (1) sent or (2) draft folder via a PREAUTH response that prevents later use of the STARTTLS command. |
17 |
CVE-2014-2538 |
79 |
|
XSS |
2014-03-25 |
2015-10-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in lib/rack/ssl.rb in the rack-ssl gem before 1.4.0 for Ruby allows remote attackers to inject arbitrary web script or HTML via a URI, which might not be properly handled by third-party adapters such as JRuby-Rack. |
18 |
CVE-2014-2537 |
399 |
|
DoS |
2014-03-18 |
2014-04-01 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. |
19 |
CVE-2014-2536 |
22 |
|
Dir. Trav. |
2014-03-18 |
2014-04-01 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in McAfee Cloud Identity Manager 3.0, 3.1, and 3.5.1, McAfee Cloud Single Sign On (MCSSO) before 4.0.1, and Intel Expressway Cloud Access 360-SSO 2.1 and 2.5 allows remote authenticated users to read an unspecified file containing a hash of the administrator password via unknown vectors. |
20 |
CVE-2014-2535 |
22 |
|
Dir. Trav. |
2014-03-18 |
2018-12-13 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
Directory traversal vulnerability in McAfee Web Gateway (MWG) 7.4.x before 7.4.1, 7.3.x before 7.3.2.6, and 7.2.0.9 and earlier allows remote authenticated users to read arbitrary files via a crafted request to the web filtering port. |
21 |
CVE-2014-2534 |
264 |
1
|
+Info |
2014-03-18 |
2014-04-01 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading "bad parameter" lines in error messages, as demonstrated by reading the root password hash in /etc/shadow. |
22 |
CVE-2014-2533 |
264 |
1
|
+Priv |
2014-03-18 |
2018-10-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument. |
23 |
CVE-2014-2532 |
264 |
|
Bypass |
2014-03-18 |
2018-07-19 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. |
24 |
CVE-2014-2526 |
79 |
|
XSS |
2014-03-25 |
2021-05-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive before 6.7 allow remote attackers to inject arbitrary web script or HTML via the (1) sForumName or (2) sDescription parameter to Forum/manage/ForumManager.lsp; (3) sHint, (4) sWord, or (5) nId parameter to Forum/manage/hangman.lsp; (6) user parameter to rtl/protected/admin/wizard/setuser.lsp; (7) name or (8) email parameter to feedback.lsp; (9) lname or (10) url parameter to private/manage/PageManager.lsp; (11) cmd parameter to fs; (12) newname, (13) description, (14) firstname, (15) lastname, or (16) id parameter to rtl/protected/mail/manage/list.lsp; or (17) PATH_INFO to fs/. |
25 |
CVE-2014-2525 |
119 |
|
Exec Code Overflow |
2014-03-28 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file. |
26 |
CVE-2014-2523 |
20 |
|
DoS Exec Code |
2014-03-24 |
2020-08-25 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function. |
27 |
CVE-2014-2497 |
399 |
|
DoS |
2014-03-21 |
2017-01-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file. |
28 |
CVE-2014-2386 |
189 |
|
DoS Overflow |
2014-03-25 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, allow remote attackers to cause a denial of service (crash) via unspecified vectors to the (1) display_nav_table, (2) print_export_link, (3) page_num_selector, or (4) page_limit_selector function in cgi/cgiutils.c or (5) status_page_num_selector function in cgi/status.c, which triggers a stack-based buffer overflow. |
29 |
CVE-2014-2339 |
89 |
|
Exec Code Sql |
2014-03-19 |
2017-08-29 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
Multiple SQL injection vulnerabilities in bbs/ajax.autosave.php in GNUboard 5.x and possibly earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) subject or (2) content parameter. |
30 |
CVE-2014-2326 |
79 |
|
XSS |
2014-03-27 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
31 |
CVE-2014-2325 |
79 |
|
XSS |
2014-03-14 |
2014-03-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway before 3.1-5829 allow remote attackers to inject arbitrary web script or HTML via the (1) state parameter to objects/who/index.htm or (2) User email address to quarantine/spam/manage.htm. |
32 |
CVE-2014-2324 |
22 |
|
Dir. Trav. |
2014-03-14 |
2021-02-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname. |
33 |
CVE-2014-2323 |
89 |
|
Exec Code Sql |
2014-03-14 |
2021-02-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname. |
34 |
CVE-2014-2321 |
264 |
|
|
2014-03-11 |
2014-03-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials. |
35 |
CVE-2014-2319 |
310 |
|
+Info |
2014-03-14 |
2014-03-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The Encrypt Files feature in ConeXware PowerArchiver before 14.02.05 uses legacy ZIP encryption even if the AES 256-bit selection is chosen, which makes it easier for context-dependent attackers to obtain sensitive information via a known-plaintext attack. |
36 |
CVE-2014-2318 |
89 |
|
Exec Code Sql |
2014-03-11 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in ATCOM Netvolution 3 allows remote attackers to execute arbitrary SQL commands via the m parameter. |
37 |
CVE-2014-2317 |
89 |
|
Exec Code Sql |
2014-03-09 |
2014-03-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. NOTE: some of these details are obtained from third party information. |
38 |
CVE-2014-2316 |
89 |
|
Exec Code Sql |
2014-03-09 |
2015-08-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in se_search_default in the Search Everything plugin before 7.0.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the s parameter to index.php. NOTE: some of these details are obtained from third party information. |
39 |
CVE-2014-2315 |
79 |
|
XSS |
2014-03-09 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in the Thank You Counter Button plugin 1.8.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) thanks_caption, (2) thanks_caption_style, or (3) thanks_style parameter to wp-admin/options.php. |
40 |
CVE-2014-2314 |
22 |
1
|
Dir. Trav. |
2014-03-09 |
2015-07-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors. |
41 |
CVE-2014-2313 |
22 |
|
Dir. Trav. |
2014-03-09 |
2014-03-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Directory traversal vulnerability in the Importers plugin in Atlassian JIRA before 6.0.5 allows remote attackers to create arbitrary files via unspecified vectors. |
42 |
CVE-2014-2311 |
89 |
|
Exec Code Sql |
2014-03-11 |
2019-10-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in modx.class.php in MODX Revolution 2.0.0 before 2.2.13 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
43 |
CVE-2014-2309 |
119 |
|
DoS Overflow |
2014-03-11 |
2020-08-27 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets. |
44 |
CVE-2014-2299 |
119 |
1
|
DoS Exec Code Overflow |
2014-03-11 |
2016-06-02 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data. |
45 |
CVE-2014-2292 |
|
|
+Priv |
2014-03-14 |
2014-03-17 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the Linux Network Connect client in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows local users to gain privileges via unspecified vectors. |
46 |
CVE-2014-2291 |
79 |
|
XSS |
2014-03-14 |
2017-08-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
47 |
CVE-2014-2284 |
20 |
|
DoS |
2014-03-24 |
2014-09-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors. |
48 |
CVE-2014-2283 |
|
|
DoS |
2014-03-11 |
2015-08-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 uses inconsistent memory-management approaches, which allows remote attackers to cause a denial of service (use-after-free error and application crash) via a crafted UMTS Radio Link Control packet. |
49 |
CVE-2014-2282 |
119 |
|
DoS Overflow |
2014-03-11 |
2016-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The dissect_protocol_data_parameter function in epan/dissectors/packet-m3ua.c in the M3UA dissector in Wireshark 1.10.x before 1.10.6 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted SS7 MTP3 packet. |
50 |
CVE-2014-2281 |
20 |
|
DoS Mem. Corr. |
2014-03-11 |
2015-08-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The nfs_name_snoop_add_name function in epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 does not validate a certain length value, which allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted NFS packet. |