Vulnerabilities (CVE)

Filtered by CWE-20
Total 11597 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-2554 2 Opensuse, Otrs 2 Opensuse, Otrs 2026-06-17 4.3 MEDIUM N/A
OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element.
CVE-2014-2532 2 Openbsd, Oracle 2 Openssh, Communications User Data Repository 2026-06-17 5.8 MEDIUM 4.2 MEDIUM
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.
CVE-2014-2523 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2026-06-17 10.0 HIGH N/A
net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.
CVE-2014-2522 2 Haxx, Microsoft 3 Curl, Libcurl, Windows 2026-06-17 4.0 MEDIUM N/A
curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.
CVE-2014-2514 1 Emc 1 Documentum Content Server 2026-06-17 8.2 HIGH N/A
EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run save RPC commands with super-user privileges, and consequently execute arbitrary code, via unspecified vectors.
CVE-2014-2513 1 Emc 1 Documentum Content Server 2026-06-17 8.2 HIGH N/A
EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script.
CVE-2014-2508 1 Emc 1 Documentum Content Server 2026-06-17 7.5 HIGH N/A
EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on database actions via vectors involving DQL hints.
CVE-2014-2503 1 Emc 1 Documentum Digital Asset Manager 2026-06-17 7.5 HIGH N/A
The thumbnail proxy server in EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5, and 6.5 SP6 before P13 allows remote attackers to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on querying objects via a crafted parameter in a query string.
CVE-2014-2360 1 Oleumtech 2 Sensor Wireless I\/o Module, Wio Dh2 Wireless Gateway 2026-06-17 5.0 MEDIUM N/A
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage.
CVE-2014-2357 1 Subnet 1 Substation Server 2026-06-17 8.3 HIGH N/A
The GPT library in the Telegyr 8979 Master Protocol application in SUBNET SubSTATION Server 2 before SSNET 2.12 HF18808 allows remote attackers to cause a denial of service (persistent service crash) via a long RTU-to-Master message.
CVE-2014-2346 1 Copadata 2 Zenon Dnp3 Ng Driver, Zenon Dnp3 Process Gateway 2026-06-17 4.0 MEDIUM N/A
COPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11 through 7.11 SP0 build 10238 and zenon DNP3 Process Gateway (DNP3 outstation) 7.11 SP0 build 10238 and earlier allow physically proximate attackers to cause a denial of service (infinite loop and process crash) via crafted input over a serial line.
CVE-2014-2345 1 Copadata 2 Zenon Dnp3 Ng Driver, Zenon Dnp3 Process Gateway 2026-06-17 7.1 HIGH N/A
COPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11 through 7.11 SP0 build 10238 and zenon DNP3 Process Gateway (DNP3 outstation) 7.11 SP0 build 10238 and earlier allow remote attackers to cause a denial of service (infinite loop and process crash) by sending a crafted DNP3 packet over TCP.
CVE-2014-2343 1 Trianglemicroworks 1 Scada Data Gateway 2026-06-17 1.2 LOW N/A
Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows physically proximate attackers to cause a denial of service (excessive data processing) via a crafted DNP request over a serial line.
CVE-2014-2342 1 Trianglemicroworks 1 Scada Data Gateway 2026-06-17 4.3 MEDIUM N/A
Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote attackers to cause a denial of service (excessive data processing) via a crafted DNP3 packet.
CVE-2014-2332 1 Check Mk Project 1 Check Mk 2026-06-17 5.5 MEDIUM N/A
Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allows remote authenticated users to delete arbitrary files via a request to an unspecified link, related to "Insecure Direct Object References." NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330.
CVE-2014-2310 1 Net-snmp 1 Net-snmp 2026-06-17 5.0 MEDIUM N/A
The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-6151.
CVE-2014-2304 1 Projectfloodlight 1 Open Sdn Controller 2026-06-17 5.0 MEDIUM 7.5 HIGH
A vulnerability in version 0.90 of the Open Floodlight SDN controller software could result in a denial of service attack and crashing of the controller service. This effect is the result of a flaw in OpenFlow protocol processing, where specific malformed and mistimed FEATURES_REPLY messages cause the controller service to not delete switch and port data from its internal tracking structures.
CVE-2014-2289 1 Digium 1 Asterisk 2026-06-17 3.5 LOW N/A
res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference.
CVE-2014-2288 1 Digium 1 Asterisk 2026-06-17 4.3 MEDIUM N/A
The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency "is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request," allows remote attackers to cause a denial of service (crash) via a PJSIP endpoint that does not have an associated outgoing request.
CVE-2014-2287 2 Digium, Fedoraproject 3 Asterisk, Certified Asterisk, Fedora 2026-06-17 3.5 LOW N/A
channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value.