Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 150584 entries
IDDescriptionPriorityModified date
CVE-2014-3901 Raritan Japan Dominion KX2-101 switches before 2 allow remote attackers to cause a denial of service (device hang) via a crafted packet. High Aug 14, 2014
CVE-2014-3904 SQL injection vulnerability in lib/admin.php in tenfourzero Shutter 0.1.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. High Aug 18, 2014
CVE-2014-3906 SQL injection vulnerability in OSK Advance-Flow 4.41 and earlier and Advance-Flow Forms 4.41 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. High Aug 19, 2014
CVE-2014-3911 Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unspecified values to the (1) Start, (2) ChangeControlLocalName, (3) DeleteDeviceProfile, (4) FrameAdvanceReader, or other unknown method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control. High Jun 12, 2014
CVE-2014-3912 Stack-based buffer overflow in the FindConfigChildeKeyList method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control in Samsung iPOLiS Device Manager before 1.8.7 allows remote attackers to execute arbitrary code via a long value. High Jun 6, 2014
CVE-2014-3913 Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers to execute arbitrary code via a request for a non-existent file. High Jun 5, 2014
CVE-2014-3914 Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows remote attackers to (1) create arbitrary files via a .. (dot dot) in the query parameter in a writeDataFile action to the fileRequestor servlet, execute arbitrary files via a .. (dot dot) in the query parameter in a (2) run or (3) runClear action to the fileRequestor servlet, (4) read arbitrary files via a readDataFile action to the fileRequestor servlet, (5) execute arbitrary code via a save_server_groups action to the userRequest servlet, or (6) delete arbitrary files via a del action in the fileRequestServlet servlet. High Aug 7, 2014
CVE-2014-3915 The userRequest servlet in the Admin Center for Tivoli Storage Manager in Rocket Servergraph allows remote attackers to execute arbitrary commands via a (1) auth, (2) auth_session, (3) auth_simple, (4) add, (5) add_flat, (6) remove, (7) set_pwd, (8) add_permissions, (9) revoke_permissions, (10) runAsync, or (11) tsmRequest command. High Jun 12, 2014
CVE-2014-3932 SQL injection vulnerability in the device registration component in wsf/webservice.php in CoSoSys Endpoint Protector 4 4.3.0.4 and 4.4.0.2 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. High Jun 3, 2014
CVE-2014-3934 SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php. High Jun 3, 2014
CVE-2014-3935 SQL injection vulnerability in glossaire-aff.php in the Glossaire module 1.0 for XOOPS allows remote attackers to execute arbitrary SQL commands via the lettre parameter. High Jun 3, 2014
CVE-2014-3936 Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware 1.01 and earlier allows remote attackers to execute arbitrary code via a long Content-Length header in a GetDeviceSettings action in an HNAP request. High Jun 3, 2014
CVE-2014-3937 SQL injection vulnerability in the Contextual Related Posts plugin before 1.8.10.2 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. High Jun 3, 2014
CVE-2014-3938 Integer overflow in Autodesk SketchBook Pro before 6.2.6 allows remote attackers to execute arbitrary code via crafted layer mask data in a PSD file, which triggers a heap-based buffer overflow. High Jul 23, 2014
CVE-2014-3939 Heap-based buffer overflow in Autodesk SketchBook Pro before 6.2.6 allows remote attackers to execute arbitrary code via crafted layer bitmap data in a PXD file. High Jul 23, 2014
CVE-2014-3947 Unrestricted file upload vulnerability in the powermail extension before 1.6.11 and 2.x before 2.0.14 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with a crafted extension, then accessing it via unspecified vectors.Vendor advisory - http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-007/ High Oct 10, 2014
CVE-2014-3954 Stack-based buffer overflow in rtsold in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted DNS parameters in a router advertisement message. High Oct 28, 2014
CVE-2014-3961 SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an output CSV action to pdb-signup/. High Jun 5, 2014
CVE-2014-3962 Multiple SQL injection vulnerabilities in Videos Tube 1.0 allow remote attackers to execute arbitrary SQL commands via the url parameter to (1) videocat.php or (2) single.php. High Jun 5, 2014
CVE-2014-3969 Xen 4.4.x, when running on an ARM system, does not properly check write permissions on virtual addresses, which allows local guest administrators to gain privileges via unspecified vectors. High Jun 13, 2014
CVE-2014-3973 Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.3.21 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. High Jun 6, 2014
CVE-2014-3984 Multiple unspecified vulnerabilities in Libav before 0.8.12 allow remote attackers to have unknown impact and vectors. High Jun 9, 2014
CVE-2014-3996 SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90043, Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to LinkViewFetchServlet.dat. High Dec 5, 2014
CVE-2014-3997 SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition 5 through 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to MetadataServlet.dat. High Dec 5, 2014
CVE-2014-4003 The System Landscape Directory (SLD) in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system. High Jun 10, 2014
CVE-2014-4014 The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root. High Jun 23, 2014
CVE-2014-4018 The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors. High Jul 16, 2014
CVE-2014-4034 SQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter. High Jun 12, 2014
CVE-2014-4043 The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities. High Oct 7, 2014
CVE-2014-4050 Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability, a different vulnerability than CVE-2014-2796, CVE-2014-2808, CVE-2014-2825, CVE-2014-4055, and CVE-2014-4067. High Aug 13, 2014
CVE-2014-4051 Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability, a different vulnerability than CVE-2014-2784. High Aug 13, 2014
CVE-2014-4052 Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability. High Aug 13, 2014
CVE-2014-4055 Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability, a different vulnerability than CVE-2014-2796, CVE-2014-2808, CVE-2014-2825, CVE-2014-4050, and CVE-2014-4067. High Aug 13, 2014
CVE-2014-4056 Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability. High Aug 13, 2014
CVE-2014-4057 Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability, a different vulnerability than CVE-2014-2810, CVE-2014-2811, CVE-2014-2822, and CVE-2014-2823. High Aug 13, 2014
CVE-2014-4058 Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability. High Aug 13, 2014
CVE-2014-4059 Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability, a different vulnerability than CVE-2014-2799, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. High Sep 10, 2014
CVE-2014-4063 Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability, a different vulnerability than CVE-2014-2774, CVE-2014-2820, CVE-2014-2826, and CVE-2014-2827. High Aug 13, 2014
CVE-2014-4065 Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability, a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. High Sep 10, 2014
CVE-2014-4067 Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability, a different vulnerability than CVE-2014-2796, CVE-2014-2808, CVE-2014-2825, CVE-2014-4050, and CVE-2014-4055. High Aug 13, 2014
CVE-2014-4073 Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the ClickOnce installer, which allows remote attackers to gain privileges via vectors involving Internet Explorer, aka .NET ClickOnce Elevation of Privilege Vulnerability. High Oct 16, 2014
CVE-2014-4076 Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to (1) tcpip.sys or (2) tcpip6.sys, aka TCP/IP Elevation of Privilege Vulnerability. High Nov 12, 2014
CVE-2014-4077 Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT.EXE (aka IME for Japanese) is installed, allow remote attackers to bypass a sandbox protection mechanism via a crafted PDF document, aka Microsoft IME (Japanese) Elevation of Privilege Vulnerability, as exploited in the wild in 2014. High Nov 12, 2014
CVE-2014-4079 Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability, a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. High Sep 10, 2014
CVE-2014-4080 Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability, a different vulnerability than CVE-2014-4089, CVE-2014-4091, and CVE-2014-4102. High Sep 10, 2014
CVE-2014-4081 Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability, a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. High Sep 10, 2014
CVE-2014-4082 Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability. High Sep 10, 2014
CVE-2014-4083 Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability, a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. High Sep 10, 2014
CVE-2014-4084 Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability, a different vulnerability than CVE-2014-4093. High Sep 10, 2014
CVE-2014-4085 Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability, a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. High Sep 10, 2014
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online