CVE-2014-8594CVE-2014-8594

Affected configuration(s):

cpe:/o:debian:debian_linux:7.0
cpe:/o:novell:opensuse:13.1
cpe:/o:novell:opensuse:13.2
cpe:/o:xen:xen:4.0.0
cpe:/o:xen:xen:4.0.1
cpe:/o:xen:xen:4.0.2
cpe:/o:xen:xen:4.0.3
cpe:/o:xen:xen:4.0.4
cpe:/o:xen:xen:4.1.0
cpe:/o:xen:xen:4.1.1
cpe:/o:xen:xen:4.1.2
cpe:/o:xen:xen:4.1.3
cpe:/o:xen:xen:4.1.4
cpe:/o:xen:xen:4.1.5
cpe:/o:xen:xen:4.1.6.1
cpe:/o:xen:xen:4.2.0
cpe:/o:xen:xen:4.2.1
cpe:/o:xen:xen:4.2.2
cpe:/o:xen:xen:4.2.3
cpe:/o:xen:xen:4.3.0
cpe:/o:xen:xen:4.3.1

Date published: 2014-11-19T13:59:10.533-05:00

Date last modified: 2017-09-07T21:29:25.543-04:00

CVSS Score: 5.4

Principal attack vector: NETWORK

Complexity:  HIGH

Reference URL: http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html

Summary: The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer dereference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging (HAP).

CVE-2014-2146CVE-2014-2146

Affected configuration(s):

cpe:/o:cisco:ios:15.4%281%29t1
cpe:/o:cisco:ios_xe:15.4%283%29s

Date published: 2016-09-22T13:59:00.133-04:00

Date last modified: 2017-02-19T01:03:22.400-05:00

CVSS Score: 4.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://www.securityfocus.com/bid/93126

Summary: The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847.

CVE-2014-4987CVE-2014-4987

Affected configuration(s):

cpe:/a:phpmyadmin:phpmyadmin:4.1.0
cpe:/a:phpmyadmin:phpmyadmin:4.1.1
cpe:/a:phpmyadmin:phpmyadmin:4.1.2
cpe:/a:phpmyadmin:phpmyadmin:4.1.3
cpe:/a:phpmyadmin:phpmyadmin:4.1.4
cpe:/a:phpmyadmin:phpmyadmin:4.1.5
cpe:/a:phpmyadmin:phpmyadmin:4.1.6
cpe:/a:phpmyadmin:phpmyadmin:4.1.7
cpe:/a:phpmyadmin:phpmyadmin:4.1.8
cpe:/a:phpmyadmin:phpmyadmin:4.1.9
cpe:/a:phpmyadmin:phpmyadmin:4.1.10
cpe:/a:phpmyadmin:phpmyadmin:4.1.11
cpe:/a:phpmyadmin:phpmyadmin:4.1.12
cpe:/a:phpmyadmin:phpmyadmin:4.1.13
cpe:/a:phpmyadmin:phpmyadmin:4.1.14
cpe:/a:phpmyadmin:phpmyadmin:4.1.14.1
cpe:/a:phpmyadmin:phpmyadmin:4.2.0
cpe:/a:phpmyadmin:phpmyadmin:4.2.1
cpe:/a:phpmyadmin:phpmyadmin:4.2.2
cpe:/a:phpmyadmin:phpmyadmin:4.2.3
cpe:/a:phpmyadmin:phpmyadmin:4.2.4
cpe:/a:phpmyadmin:phpmyadmin:4.2.5
cpe:/o:novell:opensuse:12.3
cpe:/o:novell:opensuse:13.1

Date published: 2014-07-20T07:12:51.290-04:00

Date last modified: 2016-12-30T21:59:12.640-05:00

CVSS Score: 4.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html

Summary: server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request.

CVE-2014-0653CVE-2014-0653

Affected configuration(s):

cpe:/h:cisco:adaptive_security_appliance

Date published: 2014-01-08T16:55:06.270-05:00

Date last modified: 2017-08-28T21:34:13.747-04:00

CVSS Score: 4.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0653

Summary: The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to trigger authentication-state modifications via a crafted NetBIOS logout probe response, aka Bug ID CSCuj45340.

CVE-2014-0652CVE-2014-0652

Affected configuration(s):

cpe:/a:cisco:context_directory_agent:-

Date published: 2014-01-08T16:55:06.240-05:00

Date last modified: 2017-08-28T21:34:13.687-04:00

CVSS Score: 4.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0652

Summary: Cross-site scripting (XSS) vulnerability in the Mappings page in Cisco Context Directory Agent (CDA) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuj45358.

CVE-2014-0261CVE-2014-0261

Affected configuration(s):

cpe:/a:microsoft:dynamics_ax:4.0:sp2
cpe:/a:microsoft:dynamics_ax:2009:sp1
cpe:/a:microsoft:dynamics_ax:2012
cpe:/a:microsoft:dynamics_ax:2012:r2

Date published: 2014-01-15T11:13:03.913-05:00

Date last modified: 2016-09-20T14:14:24.307-04:00

CVSS Score: 4.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://technet.microsoft.com/security/bulletin/MS14-004

Summary: Microsoft Dynamics AX 4.0 SP2, 2009 SP1, 2012, and 2012 R2 allows remote authenticated users to cause a denial of service (instance outage) via crafted data to an Application Object Server (AOS) instance, aka “Query Filter DoS Vulnerability.”

CVE-2014-0260CVE-2014-0260

Affected configuration(s):

cpe:/a:microsoft:office_compatibility_pack::sp3
cpe:/a:microsoft:office_web_apps:2010:sp1
cpe:/a:microsoft:office_web_apps:2010:sp2
cpe:/a:microsoft:office_web_apps_server:2013
cpe:/a:microsoft:sharepoint_server:2010:sp1
cpe:/a:microsoft:sharepoint_server:2010:sp2
cpe:/a:microsoft:sharepoint_server:2013
cpe:/a:microsoft:word:2003:sp3
cpe:/a:microsoft:word:2007:sp3
cpe:/a:microsoft:word:2010:sp1
cpe:/a:microsoft:word:2010:sp2
cpe:/a:microsoft:word:2013
cpe:/a:microsoft:word:2013::~~~rt~~
cpe:/a:microsoft:word_viewer

Date published: 2014-01-15T11:13:03.883-05:00

Date last modified: 2016-09-20T14:14:39.497-04:00

CVSS Score: 9.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://technet.microsoft.com/security/bulletin/MS14-001

Summary: Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office Compatibility Pack SP3; Word Viewer; SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka “Word Memory Corruption Vulnerability.”

CVE-2014-0259CVE-2014-0259

Affected configuration(s):

cpe:/a:microsoft:office_compatibility_pack::sp3
cpe:/a:microsoft:word:2007:sp3

Date published: 2014-01-15T11:13:03.850-05:00

Date last modified: 2016-09-20T14:14:03.557-04:00

CVSS Score: 9.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://technet.microsoft.com/security/bulletin/MS14-001

Summary: Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka “Word Memory Corruption Vulnerability.”