| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-3947 |
264 |
|
Overflow +Priv |
2018-04-24 |
2018-06-04 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in MedCoreD.sys in AhnLab V3 Internet Security 8.0.7.5 (Build 1373) allows local users to gain privileges via a crafted 0xA3350014 IOCTL call. |
|
2 |
CVE-2013-5391 |
310 |
|
|
2018-04-27 |
2018-06-04 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
IBM Worklight Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix Pack 2 and 6.0.x before 6.0.0 Fix Pack 2, and Mobile Foundation Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix Pack 2 and 6.0.0 Fix Pack 2 make it easier for attackers to defeat cryptographic protection mechanisms by leveraging improper initialization of the pseudo random number generator (PRNG) in Android and use of the Java Cryptography Architecture (JCA) by a Worklight program. IBM X-Force ID: 87128. |
|
3 |
CVE-2013-5461 |
255 |
|
|
2018-04-27 |
2018-06-04 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Endpoint Manager for Remote Control 9.0.0 and 9.0.1 and Tivoli Remote Control 5.1.2 store multiple hashes of partial passwords, which makes it easier for remote attackers to decrypt passwords by leveraging access to the hashes. IBM X-Force ID: 88309. |
|
4 |
CVE-2013-6739 |
284 |
|
Bypass |
2018-04-27 |
2018-06-04 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
IBM SPSS Modeler before 16 on UNIX allows remote authenticated users to bypass intended access restrictions via an SSO token. IBM X-Force ID: 89855. |
|
5 |
CVE-2013-6876 |
264 |
|
+Priv |
2018-04-06 |
2018-10-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The (1) pty_init_terminal and (2) pipe_init_terminal functions in main.c in s3dvt 0.2.2 and earlier allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: this vulnerability was fixed with commit ad732f00b411b092c66a04c359da0f16ec3b387, but the version number was not changed. |
|
6 |
CVE-2013-7201 |
295 |
|
+Info |
2018-04-27 |
2018-06-13 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
WebHybridClient.java in PayPal 5.3 and earlier for Android ignores SSL errors, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information. |
|
7 |
CVE-2013-7202 |
264 |
|
|
2018-04-27 |
2018-06-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The WebHybridClient class in PayPal 5.3 and earlier for Android allows remote attackers to execute arbitrary JavaScript on the system. |
|
8 |
CVE-2013-7245 |
285 |
|
Bypass |
2018-04-24 |
2018-06-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows remote attackers to bypass access restrictions and perform database dumps by leveraging failure to validate credentials, aka SAP Security Note 1927859. |
|
9 |
CVE-2014-0158 |
119 |
|
DoS Overflow |
2018-04-10 |
2020-09-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file because of incorrect j2k_decode, j2k_read_eoc, and tcd_decode_tile interaction, a related issue to CVE-2013-6045. NOTE: this is not a duplicate of CVE-2013-1447, because the scope of CVE-2013-1447 was specifically defined in http://openwall.com/lists/oss-security/2013/12/04/6 as only "null pointer dereferences, division by zero, and anything that would just fit as DoS." |
|
10 |
CVE-2014-0841 |
326 |
|
|
2018-04-27 |
2018-06-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Rational Focal Point 6.4.0, 6.4.1, 6.5.1, 6.5.2, and 6.6.0 use a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack. IBM X-Force ID: 90704. |
|
11 |
CVE-2014-0872 |
255 |
|
+Info |
2018-04-25 |
2018-06-13 |
1.5 |
None |
Local |
Medium |
??? |
Partial |
None |
None |
|
The installation process in IBM Security Key Lifecycle Manager 2.5 stores unencrypted credentials, which might allow local users to obtain sensitive information by leveraging root access. IBM X-Force ID: 90988. |
|
12 |
CVE-2014-0881 |
284 |
|
DoS +Info |
2018-04-25 |
2018-06-04 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
The TPM on Integrated Management Module II (IMM2) on IBM Flex System x222 servers with firmware 1.00 through 3.56 allows remote attackers to obtain sensitive key information or cause a denial of service by leveraging an incorrect configuration. IBM X-Force ID: 91146. |
|
13 |
CVE-2014-0882 |
200 |
|
+Info |
2018-04-25 |
2018-06-04 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via vectors related to generated Service Advisor data (FFDC). IBM X-Force ID: 91149. |
|
14 |
CVE-2014-0883 |
79 |
|
XSS |
2018-04-20 |
2018-05-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in IBM Power Hardware Management Console (HMC) 7R7.1.0, 7R7.2.0, 7R7.3.0 through 7R7.3.5, 7R7.7.0 through SP3, and 7R7.8.0 before SP1 allows remote attackers to inject arbitrary web script or HTML via the user name on the logon screen. IBM X-Force ID: 91163. |
|
15 |
CVE-2014-0900 |
20 |
|
Bypass |
2018-04-20 |
2018-05-23 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
The Device Administrator code in Android before 4.4.1_r1 might allow attackers to spoof device administrators and consequently bypass MDM restrictions by leveraging failure to update the mAdminMap data structure. |
|
16 |
CVE-2014-0912 |
200 |
|
+Info |
2018-04-20 |
2018-05-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to obtain sensitive product information via vectors related to an error page. IBM X-Force ID: 92072. |
|
17 |
CVE-2014-0927 |
287 |
|
Bypass |
2018-04-20 |
2018-05-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The ActiveMQ admin user interface in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote attackers to bypass authentication by leveraging knowledge of the port number and webapp path. IBM X-Force ID: 92259. |
|
18 |
CVE-2014-0931 |
611 |
|
DoS |
2018-04-20 |
2018-05-22 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) CMI and OSLC-based ClearQuest integrations components in IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 through 7.1.2.13, 8.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92263. |
|
19 |
CVE-2014-0950 |
611 |
|
DoS |
2018-04-20 |
2018-05-24 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
None |
Partial |
|
Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92623. |
|
20 |
CVE-2014-1226 |
264 |
|
+Priv |
2018-04-06 |
2018-10-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The pipe_init_terminal function in main.c in s3dvt allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-6876. |
|
21 |
CVE-2014-1398 |
284 |
|
Bypass |
2018-04-10 |
2018-05-18 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors. |
|
22 |
CVE-2014-1399 |
284 |
|
Bypass |
2018-04-10 |
2018-05-18 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors. |
|
23 |
CVE-2014-1400 |
284 |
|
Bypass |
2018-04-10 |
2018-05-18 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors. |
|
24 |
CVE-2014-1686 |
200 |
|
+Info |
2018-04-16 |
2018-05-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation. |
|
25 |
CVE-2014-1845 |
264 |
|
+Priv |
2018-04-27 |
2018-06-07 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment. |
|
26 |
CVE-2014-1846 |
264 |
|
+Priv |
2018-04-27 |
2018-06-07 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method. |
|
27 |
CVE-2014-1889 |
264 |
|
|
2018-04-10 |
2019-04-26 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check. |
|
28 |
CVE-2014-1946 |
264 |
|
Bypass |
2018-04-10 |
2019-04-26 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
OpenDocMan 1.2.7 and earlier does not properly validate allowed actions, which allows remote authenticated users to bypass an intended access restrictions and assign administrative privileges to themselves via a crafted request to signup.php. |
|
29 |
CVE-2014-2069 |
22 |
|
Dir. Trav. |
2018-04-16 |
2018-05-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Absolute path traversal vulnerability in Eshtery CMS allows remote attackers to read arbitrary files via a full pathname in the file parameter to FileManager.aspx. |
|
30 |
CVE-2014-2073 |
787 |
|
Exec Code Overflow |
2018-04-10 |
2021-09-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in Dassault Systemes CATIA V5-6R2013 allows remote attackers to execute arbitrary code via a crafted packet, related to "CATV5_Backbone_Bus." |
|
31 |
CVE-2014-2078 |
200 |
|
+Info |
2018-04-10 |
2019-04-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The backend in Open-Xchange (OX) AppSuite 7.4.2 before 7.4.2-rev9 allows remote attackers to obtain sensitive information about user email addresses in opportunistic circumstances by leveraging a failure in e-mail auto configuration for external accounts. |
|
32 |
CVE-2014-2294 |
74 |
|
|
2018-04-17 |
2018-05-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Open Web Analytics (OWA) before 1.5.7 allows remote attackers to conduct PHP object injection attacks via a crafted serialized object in the owa_event parameter to queue.php. |
|
33 |
CVE-2014-2359 |
200 |
|
+Info |
2018-04-06 |
2018-05-15 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
OleumTech Wireless Sensor Network devices allow remote attackers to obtain sensitive information about sensor nodes or spoof devices by reading cleartext protocol data. |
|
34 |
CVE-2014-2552 |
264 |
|
|
2018-04-27 |
2018-06-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Brookins Consulting (BC) Collected Information Export extension for eZ Publish 1.1.0 does not properly restrict access, which allows remote attackers to gain access to sensitive data. |
|
35 |
CVE-2014-3114 |
77 |
|
Exec Code |
2018-04-10 |
2018-05-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The EZPZ One Click Backup (ezpz-one-click-backup) plugin 12.03.10 and earlier for WordPress allows remote attackers to execute arbitrary commands via the cmd parameter to functions/ezpz-archive-cmd.php. |
|
36 |
CVE-2014-3413 |
798 |
|
+Info |
2018-04-05 |
2018-08-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access. |
|
37 |
CVE-2014-3539 |
|
|
Exec Code |
2018-04-06 |
2020-09-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
base/oi/doa.py in the Rope library in CPython (aka Python) allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load. |
|
38 |
CVE-2014-3999 |
287 |
|
Bypass |
2018-04-10 |
2018-05-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The Horde_Ldap library before 2.0.6 for Horde allows remote attackers to bypass authentication by leveraging knowledge of the LDAP bind user DN. |
|
39 |
CVE-2014-4782 |
200 |
|
+Info |
2018-04-20 |
2018-05-22 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM InfoSphere BigInsights 2.1.2 allows remote authenticated users to discover SMTP server credentials via vectors related to the Alert management service. IBM X-Force ID: 95029. |
|
40 |
CVE-2014-5014 |
77 |
|
Exec Code |
2018-04-25 |
2018-05-25 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows remote attackers to execute arbitrary commands via vectors related to invalid characters in image_magic_path. |
|
41 |
CVE-2014-5034 |
352 |
|
CSRF |
2018-04-06 |
2018-05-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the Brute Force Login Protection module 1.3 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that have unknown impact via a crafted request to the brute-force-login-protection page to wp-admin/options-general.php. |
|
42 |
CVE-2014-5072 |
352 |
|
CSRF |
2018-04-06 |
2018-05-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in WP Security Audit Log plugin before 1.2.5 for WordPress allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
|
43 |
CVE-2014-6108 |
200 |
|
+Info |
2018-04-20 |
2018-05-22 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 might allow man-in-the-middle attackers to obtain sensitive information by leveraging an unencrypted connection for interfaces. IBM X-Force ID: 96172. |
|
44 |
CVE-2014-6109 |
200 |
|
Bypass +Info |
2018-04-20 |
2018-05-22 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via vectors related to server side LDAP queries. IBM X-Force ID: 96173. |
|
45 |
CVE-2014-6111 |
255 |
|
|
2018-04-20 |
2018-05-22 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleartext in configuration files, which allows local users to decrypt SIM credentials via unspecified vectors. IBM X-Force ID: 96180. |
|
46 |
CVE-2014-6112 |
200 |
|
+Info |
2018-04-20 |
2018-05-22 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 make it easier for remote attackers to obtain sensitive information by leveraging support for weak SSL ciphers. IBM X-Force ID: 96184. |
|
47 |
CVE-2014-6120 |
77 |
|
Exec Code |
2018-04-12 |
2018-05-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow remote attackers to execute arbitrary commands on the installation server via unspecified vectors. IBM X-Force ID: 96721. |
|
48 |
CVE-2014-6169 |
79 |
|
XSS |
2018-04-12 |
2018-05-11 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in IBM Forms Experience Builder 8.5.0 and 8.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 97777. |
|
49 |
CVE-2014-6309 |
200 |
|
+Info |
2018-04-12 |
2021-04-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The HTTP and WebSocket engine components in the server in Kaazing Gateway 4.0.2, 4.0.3, and 4.0.4 and Gateway - JMS Edition 4.0.2, 4.0.3, and 4.0.4 allow remote attackers to obtain sensitive information via vectors related to HTTP request handling. |
|
50 |
CVE-2014-6412 |
640 |
|
|
2018-04-12 |
2018-05-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach. |
