Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 251985 entries
IDDescriptionPriorityModified date
CVE-2014-2112 The SSL VPN (aka WebVPN) feature in Cisco IOS 15.1 through 15.4 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP requests, aka Bug ID CSCuf51357. High Mar 28, 2014
CVE-2014-2111 The Application Layer Gateway (ALG) module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCue00996. High Mar 28, 2014
CVE-2014-2109 The TCP Input module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted TCP packets, aka Bug IDs CSCuh33843 and CSCuj41494. High Mar 28, 2014
CVE-2014-2108 Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.2 through 3.7 before 3.7.5S and 3.8 through 3.10 before 3.10.1S allow remote attackers to cause a denial of service (device reload) via a malformed IKEv2 packet, aka Bug ID CSCui88426. High Mar 28, 2014
CVE-2014-2107 Cisco IOS 12.2 and 15.0 through 15.3, when used with the Kailash FPGA before 2.6 on RSP720-3C-10GE and RSP720-3CXL-10GE devices, allows remote attackers to cause a denial of service (route switch processor outage) via crafted IP packets, aka Bug ID CSCug84789. High Mar 28, 2014
CVE-2014-2106 Cisco IOS 15.3M before 15.3(3)M2 and IOS XE 3.10.xS before 3.10.2S allow remote attackers to cause a denial of service (device reload) via crafted SIP messages, aka Bug ID CSCug45898. High Mar 28, 2014
CVE-2014-2104 Multiple cross-site scripting (XSS) vulnerabilities in the Business Voice Services Manager (BVSM) page in Cisco Unified Communications Domain Manager 9.0(.1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCum78536, CSCum78526, CSCum69809, and CSCum63113. Medium Mar 3, 2014
CVE-2014-2103 Cisco Intrusion Prevention System (IPS) Software allows remote attackers to cause a denial of service (MainApp process outage) via malformed SNMP packets, aka Bug IDs CSCum52355 and CSCul49309. Medium Feb 28, 2014
CVE-2014-2102 Cisco Unified Contact Center Express (Unified CCX) does not properly restrict the content of the CCMConfig page, which allows remote authenticated users to obtain sensitive information by examining this content, aka Bug ID CSCum95575. Medium Feb 27, 2014
CVE-2014-2099 The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before 2.1.4 does not properly calculate line sizes, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Microsoft RLE video data. Medium Mar 3, 2014
CVE-2014-2098 libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect data-structure size for certain coefficients, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted WMA data. Medium Mar 3, 2014
CVE-2014-2097 The tak_decode_frame function in libavcodec/takdec.c in FFmpeg before 2.1.4 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted TAK (aka Tom\'s lossless Audio Kompressor) data. Medium Mar 3, 2014
CVE-2014-2096 Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0 allows local users to gain privileges via a Trojan horse bin/catfish.py under the current working directory. Low Feb 26, 2014
CVE-2014-2095 Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0, when a Fedora package such as 0.8.2-1 is not used, allows local users to gain privileges via a Trojan horse bin/catfish.pyc under the current working directory. Low Feb 26, 2014
CVE-2014-2094 Untrusted search path vulnerability in Catfish through 0.4.0.3, when a Fedora package such as 0.4.0.2-2 is not used, allows local users to gain privileges via a Trojan horse catfish.pyc in the current working directory. Low Feb 26, 2014
CVE-2014-2093 Untrusted search path vulnerability in Catfish through 0.4.0.3 allows local users to gain privileges via a Trojan horse catfish.py in the current working directory. Low Feb 26, 2014
CVE-2014-2092 Cross-site scripting (XSS) vulnerability in lib/filemanager/ImageManager/editorFrame.php in CMS Made Simple 1.11.10 allows remote attackers to inject arbitrary web script or HTML via the action parameter, a different issue than CVE-2014-0334. NOTE: the original disclosure also reported issues that may not cross privilege boundaries. Medium Mar 3, 2014
CVE-2014-2091 Cross-site scripting (XSS) vulnerability in mods/_standard/forums/admin/forum_add.php in ATutor 2.1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the title parameter in an add_forum action. NOTE: the original disclosure also reported issues that may not cross privilege boundaries. Low Mar 3, 2014
CVE-2014-2090 Multiple cross-site scripting (XSS) vulnerabilities in ilias.php in ILIAS 4.4.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tar, (2) tar_val, or (3) title parameter. Low Mar 3, 2014
CVE-2014-2089 ILIAS 4.4.1 allows remote attackers to execute arbitrary PHP code via an e-mail attachment that leads to creation of a .php file with a certain client_id pathname. Medium Mar 3, 2014
CVE-2014-2088 Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.1 allows remote authenticated users to execute arbitrary PHP code by using a .php filename in an upload_files action to the uploadFiles command, and then accessing the .php file via a direct request to a certain client_id pathname.Per: http://cwe.mitre.org/data/definitions/434.html CWE-434: Unrestricted Upload of File with Dangerous Type Medium Mar 3, 2014
CVE-2014-2087 Stack-based buffer overflow in the CDownloads_Deleted::UpdateDownload function in Downloads_Deleted.cpp in Free Download Manager 3.9.3 build 1360, 3.8 build 1173, 3.0 build 852, and earlier allows user-assisted remote attackers to execute arbitrary code via a long file name, which is then deleted from the download queue by the user. High Mar 19, 2014
CVE-2014-2085 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2084. Reason: This issue was MERGED into CVE-2014-2084 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions. Notes: All CVE users should reference CVE-2014-2084 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage -- Nov 7, 2023
CVE-2014-2084 Skybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 does not properly restrict access to the Admin interface, which allows remote attackers to obtain sensitive information via a request to (1) scripts/commands/getSystemInformation or (2) scripts/commands/getNetworkConfigurationInfo, cause a denial of service (reboot) via a request to scripts/commands/reboot, or cause a denial of service (shutdown) via a request to scripts/commands/shutdown. High May 19, 2014
CVE-2014-2081 Multiple SQL injection vulnerabilities in the login in web_reports/cgi-bin/InfoStation.cgi in Innovative vtls-Virtua before 2013.2.4 and 2014.x before 2014.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. High Oct 24, 2014
CVE-2014-2080 Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in ModX Evolution before 2.2.11 allows remote attackers to inject arbitrary web script or HTML via the a parameter. Medium Mar 3, 2014
CVE-2014-2079 X File Explorer (aka xfe) might allow local users to bypass intended access restrictions and gain access to arbitrary files by leveraging failure to use directory masks when creating files on Samba and NFS shares. LOW Jul 16, 2018
CVE-2014-2078 The backend in Open-Xchange (OX) AppSuite 7.4.2 before 7.4.2-rev9 allows remote attackers to obtain sensitive information about user email addresses in opportunistic circumstances by leveraging a failure in e-mail auto configuration for external accounts. MEDIUM Apr 10, 2018
CVE-2014-2077 Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 before 7.4.1-rev10 and 7.4.2 before 7.4.2-rev8 allows remote attackers to inject arbitrary web script or HTML via the subject of an email, involving 'the aria tags for screenreaders at the top bar'. Medium Mar 24, 2014
CVE-2014-2075 TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator SDK 1.0.0 do not properly enforce administrative authentication requirements, which allows remote attackers to execute arbitrary commands via unspecified vectors. High Feb 27, 2014
CVE-2014-2073 Stack-based buffer overflow in Dassault Systemes CATIA V5-6R2013 allows remote attackers to execute arbitrary code via a crafted packet, related to CATV5_Backbone_Bus. HIGH Apr 10, 2018
CVE-2014-2072 Dassault Systemes Catia V5-6R2013: Stack Buffer Overflow due to inadequate boundary checks HIGH Jan 17, 2020
CVE-2014-2071 Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner and outer identities within a tunneled EAP method. MEDIUM Jan 8, 2018
CVE-2014-2069 Absolute path traversal vulnerability in Eshtery CMS allows remote attackers to read arbitrary files via a full pathname in the file parameter to FileManager.aspx. MEDIUM Apr 16, 2018
CVE-2014-2068 The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump. Low Oct 23, 2014
CVE-2014-2067 Cross-site scripting (XSS) vulnerability in java/hudson/model/Cause.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to inject arbitrary web script or HTML via a remote cause note. Low Mar 3, 2014
CVE-2014-2066 Session fixation vulnerability in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the override of Jenkins cookies. Medium Oct 23, 2014
CVE-2014-2065 Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to inject arbitrary web script or HTML via the iconSize cookie. Medium Oct 23, 2014
CVE-2014-2064 The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts. Medium Oct 23, 2014
CVE-2014-2063 CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors. High Oct 23, 2014
CVE-2014-2062 CloudBees Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token. Medium Oct 23, 2014
CVE-2014-2061 The input control in PasswordParameterDefinition in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value. Medium Oct 23, 2014
CVE-2014-2060 The Winstone servlet container in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors. Medium Oct 23, 2014
CVE-2014-2059 Directory traversal vulnerability in the CLI job creation (hudson/cli/CreateJobCommand.java) in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name. Medium Mar 4, 2014
CVE-2014-2058 BuildTrigger in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to bypass access restrictions and execute arbitrary jobs by configuring a job to trigger another job. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7330. Medium Oct 23, 2014
CVE-2014-2057 Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 6.0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Medium Mar 24, 2014
CVE-2014-2056 PHPDocX, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.Per: http://cwe.mitre.org/data/definitions/611.html CWE-611: Improper Restriction of XML External Entity Reference ('XXE') High Jun 4, 2014
CVE-2014-2055 SabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.Per: http://cwe.mitre.org/data/definitions/611.html CWE-611: Improper Restriction of XML External Entity Reference ('XXE') High Jun 4, 2014
CVE-2014-2054 PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.Per: http://cwe.mitre.org/data/definitions/611.html CWE-611: Improper Restriction of XML External Entity Reference ('XXE') High Jun 4, 2014
CVE-2014-2053 getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.Per: http://cwe.mitre.org/data/definitions/611.html CWE-611: Improper Restriction of XML External Entity Reference ('XXE') High Jun 4, 2014
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online