Total
4131 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2075 | 1 Tibco | 2 Enterprise Administrator, Enterprise Administrator Sdk | 2026-06-17 | 10.0 HIGH | N/A |
| TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator SDK 1.0.0 do not properly enforce administrative authentication requirements, which allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2014-2066 | 1 Jenkins | 1 Jenkins | 2026-06-17 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies. | |||||
| CVE-2014-2062 | 1 Jenkins | 1 Jenkins | 2026-06-17 | 6.5 MEDIUM | N/A |
| Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token. | |||||
| CVE-2014-2047 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2026-06-17 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in ownCloud before 6.0.2, when PHP is configured to accept session parameters through a GET request, allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2014-2005 | 1 Sophos | 1 Enterprise Console | 2026-06-17 | 6.9 MEDIUM | 6.8 MEDIUM |
| Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically proximate attackers to obtain desktop access by leveraging the absence of a login screen. | |||||
| CVE-2014-1984 | 1 Cybozu | 1 Remote Service Manager | 2026-06-17 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in the management screen in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2014-1982 | 1 Alliedtelesis | 8 At-rg634a, At-rg634a Firmware, Img616lh and 5 more | 2026-06-17 | 10.0 HIGH | N/A |
| The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html. | |||||
| CVE-2014-1911 | 1 Foscam | 2 Fi8919w, Fi8919w Firmware | 2026-06-17 | 7.8 HIGH | N/A |
| The Foscam FI8910W camera with firmware before 11.37.2.55 allows remote attackers to obtain sensitive video and image data via a blank username and password. | |||||
| CVE-2014-1867 | 1 Suphp | 1 Suphp | 2026-06-17 | 4.4 MEDIUM | 7.8 HIGH |
| suPHP before 0.7.2 source-highlighting feature allows security bypass which could lead to arbitrary code execution | |||||
| CVE-2014-1682 | 2 Fedoraproject, Zabbix | 2 Fedora, Zabbix | 2026-06-17 | 4.0 MEDIUM | N/A |
| The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request. | |||||
| CVE-2014-1517 | 2 Fedoraproject, Mozilla | 2 Fedora, Bugzilla | 2026-06-17 | 4.0 MEDIUM | N/A |
| The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x before 4.5.3 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then submit a vulnerability report, related to a "login CSRF" issue. | |||||
| CVE-2014-1295 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2026-06-17 | 6.8 MEDIUM | N/A |
| Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack." | |||||
| CVE-2014-125060 | 1 Collabcal Project | 1 Collabcal | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, was found in holdennb CollabCal. Affected is the function handleGet of the file calenderServer.cpp. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The patch is identified as b80f6d1893607c99e5113967592417d0fe310ce6. It is recommended to apply a patch to fix this issue. VDB-217614 is the identifier assigned to this vulnerability. | |||||
| CVE-2014-10389 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has incorrect authentication. | |||||
| CVE-2014-10067 | 1 Paypal-ipn Project | 1 Paypal-ipn | 2026-06-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by the PayPal IPN simulator) to determine if it should use the production PayPal site or the sandbox. With a bit of time, an attacker could craft a request using the simulator that would fool any application which does not explicitly check for test_ipn in production. | |||||
| CVE-2014-0973 | 1 Little Kernel Project | 1 Little Kernel Bootloader | 2026-06-17 | 7.2 HIGH | N/A |
| The image_verify function in platform/msm_shared/image_verify.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not check whether a certain digest size is consistent with the RSA_public_decrypt API specification, which makes it easier for attackers to bypass boot-image authentication requirements via trailing data. | |||||
| CVE-2014-0927 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2026-06-17 | 4.3 MEDIUM | 8.1 HIGH |
| The ActiveMQ admin user interface in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote attackers to bypass authentication by leveraging knowledge of the port number and webapp path. IBM X-Force ID: 92259. | |||||
| CVE-2014-0769 | 3 3s-software, Festo, Softmotion3d | 4 Codesys Runtime System, Cecx-x-c1 Modular Master Controller, Cecx-x-m1 Modular Controller and 1 more | 2026-06-17 | 9.3 HIGH | N/A |
| The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001. | |||||
| CVE-2014-0760 | 3 3s-software, Festo, Softmotion3d | 4 Codesys Runtime System, Cecx-x-c1 Modular Master Controller, Cecx-x-m1 Modular Controller and 1 more | 2026-06-17 | 9.3 HIGH | N/A |
| The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | |||||
| CVE-2014-0743 | 1 Cisco | 1 Unified Communications Manager | 2026-06-17 | 5.0 MEDIUM | N/A |
| The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID CSCum95468. | |||||