Search Results (9530 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-1996 1 Cybozu 1 Garoon 2025-04-12 N/A
Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call.
CVE-2014-2033 1 Bluecoat 1 Proxysgos 2025-04-12 N/A
The caching feature in SGOS in Blue Coat ProxySG 5.5 through 5.5.11.3, 6.1 through 6.1.6.3, 6.2 through 6.2.15.3, 6.4 through 6.4.6.1, and 6.3 and 6.5 before 6.5.4 allows remote authenticated users to bypass intended access restrictions during a time window after account deletion or modification by leveraging knowledge of previously valid credentials.
CVE-2014-2049 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors.
CVE-2014-2068 2 Jenkins, Redhat 2 Jenkins, Openshift 2025-04-12 N/A
The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump.
CVE-2014-2173 1 Cisco 2 Telepresence Tc Software, Telepresence Te Software 2025-04-12 N/A
Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 do not properly restrict access to the serial port, which allows local users to gain privileges via unspecified commands, aka Bug ID CSCub67692.
CVE-2014-2200 1 Cisco 5 Nexus 7000, Nexus 7000 10-slot, Nexus 7000 18-slot and 2 more 2025-04-12 N/A
Cisco NX-OS 5.0 before 5.0(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via an SSH session to a management interface, aka Bug ID CSCti11629.
CVE-2014-2646 1 Hp 1 Network Automation 2025-04-12 N/A
Unspecified vulnerability in HP Network Automation 9.10 and 9.20 allows local users to bypass intended access restrictions via unknown vectors.
CVE-2014-2690 1 Citrix 1 Vdi-in-a-box 2025-04-12 N/A
Citrix VDI-in-a-Box 5.3.x before 5.3.6 and 5.4.x before 5.4.3 allows local users to obtain administrator credentials by reading the log.
CVE-2014-2684 1 Zend 2 Zend Framework, Zendopenid 2025-04-12 N/A
The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 does not verify that the openid_op_endpoint value identifies the same Identity Provider as the provider used in the association handle, which allows remote attackers to bypass authentication and spoof arbitrary OpenID identities by using a malicious OpenID Provider that generates OpenID tokens with arbitrary identifier and claimed_id values.
CVE-2014-2745 1 Prosody 1 Prosody 2025-04-12 N/A
Prosody before 0.9.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack, related to core/portmanager.lua and util/xmppstream.lua.
CVE-2014-2746 1 Tigase 1 Tigase 2025-04-12 N/A
net/IOService.java in Tigase before 5.2.1 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack.
CVE-2014-2748 1 Sap 2 Enhancement Package, Erp 2025-04-12 N/A
The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for SAP ERP 6.0 allows remote attackers to modify or delete arbitrary log classes via unspecified vectors. NOTE: some of these details are obtained from third party information.
CVE-2014-2829 1 Erlang-solutions 1 Mongooseim 2025-04-12 N/A
Erlang Solutions MongooseIM through 1.3.1 rev. 2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack.
CVE-2014-3476 3 Openstack, Redhat, Suse 3 Keystone, Openstack, Cloud 2025-04-12 N/A
OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a (1) trust or (2) OAuth token with impersonation enabled to create a new token with additional roles.
CVE-2014-3559 1 Redhat 2 Enterprise Virtualization, Rhev Manager 2025-04-12 N/A
The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 does not wipe memory snapshots when deleting a VM, even when wipe-after-delete (WAD) is configured for the VM's disk, which allows remote authenticated users with certain credentials to read portions of the deleted VM's memory and obtain sensitive information via an uninitialized storage volume.
CVE-2014-3602 1 Redhat 1 Openshift 2025-04-12 N/A
Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp.
CVE-2014-3617 1 Moodle 1 Moodle 2025-04-12 N/A
The forum_print_latest_discussions function in mod/forum/lib.php in Moodle through 2.4.11, 2.5.x before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2 allows remote authenticated users to bypass the individual answer-posting requirement without the mod/forum:viewqandawithoutposting capability, and discover an author's username, by leveraging the student role and visiting a Q&A forum.
CVE-2013-1973 1 Autocomplete Widgets Project 1 Autocomplete Widgets 2025-04-12 N/A
The autocomplete callback in Autocomplete Widgets for Text and Number Fields (autocomplete_widgets) module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-rc1 does not properly handle node permissions, which allows remote authenticated users to obtain sensitive field values via unspecified vectors.
CVE-2014-4427 1 Apple 1 Mac Os X 2025-04-12 N/A
App Sandbox in Apple OS X before 10.10 allows attackers to bypass a sandbox protection mechanism via the accessibility API.
CVE-2014-4451 1 Apple 1 Iphone Os 2025-04-12 N/A
Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses.