The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2014-1400 | The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors. | MEDIUM | Apr 10, 2018 | n/a |
CVE-2014-1399 | The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors. | MEDIUM | Apr 10, 2018 | n/a |
CVE-2014-1398 | The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors. | MEDIUM | Apr 10, 2018 | n/a |
CVE-2014-1374 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2014-1332 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2014-1328 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2014-1306 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2014-1288 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2014-1284 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2019. Reason: This candidate is a duplicate of CVE-2014-2019. Notes: All CVE users should reference CVE-2014-2019 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 | n/a |
CVE-2014-1283 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2014-1277 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-3948. Reason: This candidate is a duplicate of CVE-2013-3948. Notes: All CVE users should reference CVE-2013-3948 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 | n/a |
CVE-2014-1263 | curl in Apple OS X 10.9.x before 10.9.2 does not verify X.509 certificates from HTTPS servers that are accessed using a numerical IP address, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. | Medium | Feb 27, 2014 | n/a |
CVE-2014-1238 | Cross-site scripting (XSS) vulnerability in ui/common/managedlistdialog.aspx in Gael Q-Pulse 0.6 and earlier. | MEDIUM | Nov 25, 2019 | n/a |
CVE-2014-1235 | Stack-based buffer overflow in the yyerror function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-0978. | Medium | Aug 9, 2017 | n/a |
CVE-2014-1226 | The pipe_init_terminal function in main.c in s3dvt allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-6876. | HIGH | Apr 6, 2018 | n/a |
CVE-2014-1215 | Multiple buffer overflows in Core FTP Server before 1.2 build 508 allow local users to gain privileges via vectors related to reading data from config.dat and Windows Registry. | MEDIUM | Mar 20, 2018 | n/a |
CVE-2014-1214 | views/upload.php in the ProJoom Smart Flash Header (NovaSFH) component 3.0.2 and earlier for Joomla! allows remote attackers to upload and execute arbitrary files via a crafted (1) dest parameter and (2) arbitrary extension in the Filename parameter. | MEDIUM | Nov 13, 2019 | n/a |
CVE-2014-1203 | The get_login_ip_config_file function in Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/ip_login_set/d_ip_login_get.php. | -- | Oct 24, 2017 | n/a |
CVE-2014-1155 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9580. Reason: This candidate is not authorized for use because it is part of the 2014 CVE-ID ID-Syntax protection block, which protects against accidental truncation of CVE IDs with sequence numbers containing more than 4 digits. See references. Notes: All CVE users should reference CVE-2014-9580 instead of this candidate | -- | Nov 7, 2023 | n/a |
CVE-2014-1137 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9445, CVE-2014-9581, CVE-2014-9582. Reason: This candidate is not authorized for use because it is part of the 2014 CVE-ID ID-Syntax protection block, which protects against accidental truncation of CVE IDs with sequence numbers containing more than 4 digits. See references. Notes: All CVE users should reference CVE-2014-9445, CVE-2014-9581, or CVE-2014-9582 instead of this candidate | -- | Nov 7, 2023 | n/a |
CVE-2014-1004 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9456. Reason: This candidate is not authorized for use because it is part of the 2014 CVE-ID ID-Syntax protection block, which protects against accidental truncation of CVE IDs with sequence numbers containing more than 4 digits. See references. Notes: All CVE users should reference CVE-2014-9456 instead of this candidate | -- | Nov 7, 2023 | n/a |
CVE-2014-0997 | WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android releases before 5.0.1 and 5.0.2 does not properly handle exceptions, which allows remote attackers to cause a denial of service (reboot) via a crafted 802.11 probe response frame. | -- | Sep 25, 2017 | n/a |
CVE-2014-0982 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0981. Reason: This issue was MERGED into CVE-2014-0981 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions. Notes: All CVE users should reference CVE-2014-0981 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 | n/a |
CVE-2014-0950 | Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92623. | MEDIUM | Apr 20, 2018 | n/a |
CVE-2014-0931 | Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) CMI and OSLC-based ClearQuest integrations components in IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 through 7.1.2.13, 8.0 through 8.0.0.10, and 8.0.1 through 8.0.1.3 allow remote attackers to cause a denial of service or access other servers via crafted XML data. IBM X-Force ID: 92263. | MEDIUM | Apr 20, 2018 | n/a |
CVE-2014-0927 | The ActiveMQ admin user interface in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote attackers to bypass authentication by leveraging knowledge of the port number and webapp path. IBM X-Force ID: 92259. | MEDIUM | Apr 20, 2018 | n/a |
CVE-2014-0912 | IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to obtain sensitive product information via vectors related to an error page. IBM X-Force ID: 92072. | MEDIUM | Apr 20, 2018 | n/a |
CVE-2014-0900 | The Device Administrator code in Android before 4.4.1_r1 might allow attackers to spoof device administrators and consequently bypass MDM restrictions by leveraging failure to update the mAdminMap data structure. | MEDIUM | Apr 20, 2018 | n/a |
CVE-2014-0883 | Cross-site scripting (XSS) vulnerability in IBM Power Hardware Management Console (HMC) 7R7.1.0, 7R7.2.0, 7R7.3.0 through 7R7.3.5, 7R7.7.0 through SP3, and 7R7.8.0 before SP1 allows remote attackers to inject arbitrary web script or HTML via the user name on the logon screen. IBM X-Force ID: 91163. | MEDIUM | Apr 20, 2018 | n/a |
CVE-2014-0882 | Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via vectors related to generated Service Advisor data (FFDC). IBM X-Force ID: 91149. | MEDIUM | Apr 25, 2018 | n/a |
CVE-2014-0881 | The TPM on Integrated Management Module II (IMM2) on IBM Flex System x222 servers with firmware 1.00 through 3.56 allows remote attackers to obtain sensitive key information or cause a denial of service by leveraging an incorrect configuration. IBM X-Force ID: 91146. | MEDIUM | Apr 25, 2018 | n/a |
CVE-2014-0872 | The installation process in IBM Security Key Lifecycle Manager 2.5 stores unencrypted credentials, which might allow local users to obtain sensitive information by leveraging root access. IBM X-Force ID: 90988. | LOW | Apr 25, 2018 | n/a |
CVE-2014-0841 | IBM Rational Focal Point 6.4.0, 6.4.1, 6.5.1, 6.5.2, and 6.6.0 use a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack. IBM X-Force ID: 90704. | LOW | Apr 27, 2018 | n/a |
CVE-2014-0788 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2014-0785 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2014-0775 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2014-0756 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2014-0744 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2014-0691 | Cisco WebEx Meetings Server before 1.1 uses meeting IDs with insufficient entropy, which makes it easier for remote attackers to bypass authentication and join arbitrary meetings without a password, aka Bug ID CSCuc79643. | -- | Oct 24, 2017 | n/a |
CVE-2014-0631 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2014. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2014-0606 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0603. Reason: This issue was MERGED into CVE-2014-0603 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions. Notes: All CVE users should reference CVE-2014-0603 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 | n/a |
CVE-2014-0594 | In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user\'s consent. | MEDIUM | Jun 8, 2018 | n/a |
CVE-2014-0593 | The set_version script as shipped with obs-service-set_version is a source validator for the Open Build Service (OBS). In versions prior to 0.5.3-1.1 this script did not properly sanitize the input provided by the user, allowing for code execution on the executing server. | HIGH | Jun 8, 2018 | n/a |
CVE-2014-0579 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2014-0575 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2014-0530 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2014-0486 | Knot DNS before 1.5.2 allows remote attackers to cause a denial of service (application crash) via a crafted DNS message. | MEDIUM | Mar 27, 2018 | n/a |
CVE-2014-0409 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2014-0360 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2741. Reason: This candidate is a duplicate of CVE-2014-2741. Notes: All CVE users should reference CVE-2014-2741 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 | n/a |
CVE-2014-0352 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2216. Reason: This candidate is a reservation duplicate of CVE-2014-2216. Notes: All CVE users should reference CVE-2014-2216 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 | n/a |