Vulnerabilities (CVE)

Filtered by CWE-20
Total 11597 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-0654 1 Cisco 1 Context Directory Agent 2026-06-17 4.3 MEDIUM N/A
Cisco Context Directory Agent (CDA) allows remote attackers to modify the cache via a replay attack involving crafted RADIUS accounting messages, aka Bug ID CSCuj45383.
CVE-2014-0653 1 Cisco 1 Adaptive Security Appliance 2026-06-17 4.3 MEDIUM N/A
The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to trigger authentication-state modifications via a crafted NetBIOS logout probe response, aka Bug ID CSCuj45340.
CVE-2014-0650 1 Cisco 1 Secure Access Control System 2026-06-17 10.0 HIGH N/A
The web interface in Cisco Secure Access Control System (ACS) 5.x before 5.4 Patch 3 allows remote attackers to execute arbitrary operating-system commands via a request to this interface, aka Bug ID CSCue65962.
CVE-2014-0634 1 Emc 1 Vplex Geosynchrony 2026-06-17 6.0 MEDIUM N/A
EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
CVE-2014-0633 1 Emc 1 Vplex Geosynchrony 2026-06-17 7.7 HIGH N/A
The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation.
CVE-2014-0628 1 Dell 1 Bsafe Micro-edition-suite 2026-06-17 5.0 MEDIUM N/A
The server in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.5 does not properly process certificate chains, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.
CVE-2014-0593 1 Opensuse 1 Open Build Service 2026-06-17 10.0 HIGH 7.8 HIGH
The set_version script as shipped with obs-service-set_version is a source validator for the Open Build Service (OBS). In versions prior to 0.5.3-1.1 this script did not properly sanitize the input provided by the user, allowing for code execution on the executing server.
CVE-2014-0490 2 Debian, Linux 2 Advanced Package Tool, Linux Kernel 2026-06-17 7.5 HIGH N/A
The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package.
CVE-2014-0489 1 Debian 1 Advanced Package Tool 2026-06-17 7.5 HIGH N/A
APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package.
CVE-2014-0488 1 Debian 1 Advanced Package Tool 2026-06-17 6.8 MEDIUM N/A
APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data.
CVE-2014-0486 1 Nic 1 Knot Cms 2026-06-17 5.0 MEDIUM 7.5 HIGH
Knot DNS before 1.5.2 allows remote attackers to cause a denial of service (application crash) via a crafted DNS message.
CVE-2014-0480 2 Djangoproject, Opensuse 2 Django, Opensuse 2026-06-17 5.8 MEDIUM N/A
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL to be generated.
CVE-2014-0478 1 Debian 1 Advanced Package Tool 2026-06-17 4.0 MEDIUM N/A
APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature.
CVE-2014-0476 2 Canonical, Chkrootkit 2 Ubuntu Linux, Chkrootkit 2026-06-17 3.7 LOW N/A
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.
CVE-2014-0317 1 Microsoft 5 Windows Server 2003, Windows Server 2008, Windows Server 2012 and 2 more 2026-06-17 5.4 MEDIUM N/A
The Security Account Manager Remote (SAMR) protocol implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly determine the user-lockout state, which makes it easier for remote attackers to bypass the account lockout policy and obtain access via a brute-force attack, aka "SAMR Security Feature Bypass Vulnerability."
CVE-2014-0261 1 Microsoft 1 Dynamics Ax 2026-06-17 4.0 MEDIUM N/A
Microsoft Dynamics AX 4.0 SP2, 2009 SP1, 2012, and 2012 R2 allows remote authenticated users to cause a denial of service (instance outage) via crafted data to an Application Object Server (AOS) instance, aka "Query Filter DoS Vulnerability."
CVE-2014-0257 1 Microsoft 1 .net Framework 2026-06-17 9.3 HIGH N/A
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via (1) a crafted web site or (2) a crafted .NET Framework application that exposes a COM server endpoint, aka "Type Traversal Vulnerability."
CVE-2014-0256 1 Microsoft 2 Windows Server 2008, Windows Server 2012 2026-06-17 5.0 MEDIUM N/A
Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold allow remote attackers to cause a denial of service (iSCSI service outage) by sending many crafted packets, aka "iSCSI Target Remote Denial of Service Vulnerability."
CVE-2014-0255 1 Microsoft 2 Windows Server 2008, Windows Server 2012 2026-06-17 5.0 MEDIUM N/A
Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allow remote attackers to cause a denial of service (iSCSI service outage) by sending many crafted packets, aka "iSCSI Target Remote Denial of Service Vulnerability."
CVE-2014-0254 1 Microsoft 3 Windows 8, Windows Rt, Windows Server 2012 2026-06-17 7.8 HIGH N/A
The IPv6 implementation in Microsoft Windows 8, Windows Server 2012, and Windows RT does not properly validate packets, which allows remote attackers to cause a denial of service (system hang) via crafted ICMPv6 Router Advertisement packets, aka "TCP/IP Version 6 (IPv6) Denial of Service Vulnerability."