CVE-2014-0031CVE-2014-0031

Affected configuration(s):

cpe:/a:apache:cloudstack:2.0:-:community
cpe:/a:apache:cloudstack:2.0.1
cpe:/a:apache:cloudstack:2.1.0
cpe:/a:apache:cloudstack:2.1.1
cpe:/a:apache:cloudstack:2.1.2
cpe:/a:apache:cloudstack:2.1.3
cpe:/a:apache:cloudstack:2.1.4
cpe:/a:apache:cloudstack:2.1.5
cpe:/a:apache:cloudstack:2.1.6
cpe:/a:apache:cloudstack:2.1.7
cpe:/a:apache:cloudstack:2.1.8
cpe:/a:apache:cloudstack:2.1.9
cpe:/a:apache:cloudstack:2.1.10
cpe:/a:apache:cloudstack:2.2.0
cpe:/a:apache:cloudstack:2.2.1
cpe:/a:apache:cloudstack:2.2.2
cpe:/a:apache:cloudstack:2.2.3
cpe:/a:apache:cloudstack:2.2.5
cpe:/a:apache:cloudstack:2.2.6
cpe:/a:apache:cloudstack:2.2.7
cpe:/a:apache:cloudstack:2.2.8
cpe:/a:apache:cloudstack:2.2.9
cpe:/a:apache:cloudstack:2.2.11
cpe:/a:apache:cloudstack:2.2.12
cpe:/a:apache:cloudstack:2.2.13
cpe:/a:apache:cloudstack:2.2.14
cpe:/a:apache:cloudstack:3.0.0
cpe:/a:apache:cloudstack:3.0.1
cpe:/a:apache:cloudstack:3.0.2
cpe:/a:apache:cloudstack:4.0.0:incubating
cpe:/a:apache:cloudstack:4.0.1
cpe:/a:apache:cloudstack:4.0.2
cpe:/a:apache:cloudstack:4.1.0
cpe:/a:apache:cloudstack:4.1.1
cpe:/a:apache:cloudstack:4.2.0

Date published: 2014-01-15T11:08:04.093-05:00

Date last modified: 2014-02-25T07:38:36.640-05:00

CVSS Score: 4.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: https://blogs.apache.org/cloudstack/entry/cve_2014_0031_cloudstack_listnetworkacl

Summary: The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request.

CVE-2014-0615CVE-2014-0615

Affected configuration(s):

cpe:/o:juniper:junos:10.4
cpe:/o:juniper:junos:11.4
cpe:/o:juniper:junos:12.1r
cpe:/o:juniper:junos:12.1×44
cpe:/o:juniper:junos:12.1×45
cpe:/o:juniper:junos:12.1×46
cpe:/o:juniper:junos:12.2
cpe:/o:juniper:junos:12.3
cpe:/o:juniper:junos:13.1
cpe:/o:juniper:junos:13.2
cpe:/o:juniper:junos:13.3

Date published: 2014-01-15T11:08:04.313-05:00

Date last modified: 2014-01-24T14:22:37.923-05:00

CVSS Score: 7.2

Principal attack vector: LOCAL

Complexity:  LOW

Reference URL: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10608

Summary: Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before 13.1R3-S1, 13.2 before 13.2R2, and 13.3 before 13.3R1 allows local users to gain privileges via vectors related to “certain combinations of Junos OS CLI commands and arguments.”

CVE-2014-0591CVE-2014-0591

Affected configuration(s):

cpe:/a:isc:bind:9.6-esv
cpe:/a:isc:bind:9.6-esv-r1
cpe:/a:isc:bind:9.6-esv-r2
cpe:/a:isc:bind:9.6-esv-r3
cpe:/a:isc:bind:9.6-esv-r4
cpe:/a:isc:bind:9.6-esv-r4-p1
cpe:/a:isc:bind:9.6-esv-r5
cpe:/a:isc:bind:9.6-esv-r5:p1
cpe:/a:isc:bind:9.6-esv-r5b1
cpe:/a:isc:bind:9.6-esv-r6
cpe:/a:isc:bind:9.6-esv-r6:b1
cpe:/a:isc:bind:9.6-esv-r6:rc1
cpe:/a:isc:bind:9.6-esv-r6:rc2
cpe:/a:isc:bind:9.6-esv-r7
cpe:/a:isc:bind:9.6-esv-r7:p1
cpe:/a:isc:bind:9.6-esv-r7:p2
cpe:/a:isc:bind:9.6-esv-r9
cpe:/a:isc:bind:9.6-esv-r9:p1
cpe:/a:isc:bind:9.6.0
cpe:/a:isc:bind:9.6.0:p1
cpe:/a:isc:bind:9.6.0:rc1
cpe:/a:isc:bind:9.6.0:rc2
cpe:/a:isc:bind:9.6.0a1
cpe:/a:isc:bind:9.6.0b1
cpe:/a:isc:bind:9.6.1
cpe:/a:isc:bind:9.6.1:p1
cpe:/a:isc:bind:9.6.1:p2
cpe:/a:isc:bind:9.6.1:p3
cpe:/a:isc:bind:9.6.1:rc1
cpe:/a:isc:bind:9.6.1b1
cpe:/a:isc:bind:9.6.2
cpe:/a:isc:bind:9.6.2:rc1
cpe:/a:isc:bind:9.6.2-p1
cpe:/a:isc:bind:9.6.2-p2
cpe:/a:isc:bind:9.6.2-p3
cpe:/a:isc:bind:9.6.2b1
cpe:/a:isc:bind:9.6.3
cpe:/a:isc:bind:9.6.3:rc1
cpe:/a:isc:bind:9.6.3b1
cpe:/a:isc:bind:9.7.0
cpe:/a:isc:bind:9.7.0:beta
cpe:/a:isc:bind:9.7.0:p1
cpe:/a:isc:bind:9.7.0:p2
cpe:/a:isc:bind:9.7.0:rc1
cpe:/a:isc:bind:9.7.0:rc2
cpe:/a:isc:bind:9.7.0a1
cpe:/a:isc:bind:9.7.0a2
cpe:/a:isc:bind:9.7.0a3
cpe:/a:isc:bind:9.7.0b1
cpe:/a:isc:bind:9.7.0b2
cpe:/a:isc:bind:9.7.0b3
cpe:/a:isc:bind:9.7.1
cpe:/a:isc:bind:9.7.1:p1
cpe:/a:isc:bind:9.7.1:p2
cpe:/a:isc:bind:9.7.1:rc1
cpe:/a:isc:bind:9.7.1b1
cpe:/a:isc:bind:9.7.2
cpe:/a:isc:bind:9.7.2:p1
cpe:/a:isc:bind:9.7.2:p2
cpe:/a:isc:bind:9.7.2:p3
cpe:/a:isc:bind:9.7.2:rc1
cpe:/a:isc:bind:9.7.3
cpe:/a:isc:bind:9.7.3:b1
cpe:/a:isc:bind:9.7.3:p1
cpe:/a:isc:bind:9.7.3:rc1
cpe:/a:isc:bind:9.7.4
cpe:/a:isc:bind:9.7.4:b1
cpe:/a:isc:bind:9.7.4:p1
cpe:/a:isc:bind:9.7.4:rc1
cpe:/a:isc:bind:9.7.4b1
cpe:/a:isc:bind:9.7.5
cpe:/a:isc:bind:9.7.5:b1
cpe:/a:isc:bind:9.7.5:rc1
cpe:/a:isc:bind:9.7.5:rc2
cpe:/a:isc:bind:9.7.6
cpe:/a:isc:bind:9.7.6:p1
cpe:/a:isc:bind:9.7.6:p2
cpe:/a:isc:bind:9.7.7
cpe:/a:isc:bind:9.8.0
cpe:/a:isc:bind:9.8.0:a1
cpe:/a:isc:bind:9.8.0:b1
cpe:/a:isc:bind:9.8.0:p1
cpe:/a:isc:bind:9.8.0:p2
cpe:/a:isc:bind:9.8.0:p4
cpe:/a:isc:bind:9.8.0:rc1
cpe:/a:isc:bind:9.8.1
cpe:/a:isc:bind:9.8.1:b1
cpe:/a:isc:bind:9.8.1:b2
cpe:/a:isc:bind:9.8.1:b3
cpe:/a:isc:bind:9.8.1:p1
cpe:/a:isc:bind:9.8.1:rc1
cpe:/a:isc:bind:9.8.2:b1
cpe:/a:isc:bind:9.8.2:rc1
cpe:/a:isc:bind:9.8.2:rc2
cpe:/a:isc:bind:9.8.3
cpe:/a:isc:bind:9.8.3:p1
cpe:/a:isc:bind:9.8.3:p2
cpe:/a:isc:bind:9.8.4
cpe:/a:isc:bind:9.8.5
cpe:/a:isc:bind:9.8.5:b1
cpe:/a:isc:bind:9.8.5:b2
cpe:/a:isc:bind:9.8.5:p1
cpe:/a:isc:bind:9.8.5:p2
cpe:/a:isc:bind:9.8.5:rc1
cpe:/a:isc:bind:9.8.5:rc2
cpe:/a:isc:bind:9.8.6
cpe:/a:isc:bind:9.8.6:b1
cpe:/a:isc:bind:9.8.6:p1
cpe:/a:isc:bind:9.8.6:rc1
cpe:/a:isc:bind:9.8.6:rc2
cpe:/a:isc:bind:9.9.4
cpe:/a:isc:bind:9.9.4:p1
cpe:/a:isc:bind:9.9.4:rc1
cpe:/a:isc:bind:9.9.4:rc2

Date published: 2014-01-13T23:29:56.953-05:00

Date last modified: 2017-01-06T21:59:33.140-05:00

CVSS Score: 2.6

Principal attack vector: NETWORK

Complexity:  HIGH

Reference URL: http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html

Summary: The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a crafted DNS query to an authoritative nameserver that uses the NSEC3 signing feature.

CVE-2014-0805CVE-2014-0805

Affected configuration(s):

cpe:/a:skyarts:neofiler:2.4.2:-:~-~lite~android~~
cpe:/a:skyarts:neofiler:5.4.3:-:~-~-~android~~
cpe:/a:skyarts:neofiler:5.4.3:-:~-~free~android~~

Date published: 2014-01-12T13:34:56.547-05:00

Date last modified: 2014-01-13T23:49:19.543-05:00

CVSS Score: 5.8

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://jvn.jp/en/jp/JVN85716574/index.html

Summary: Directory traversal vulnerability in the NeoFiler application 5.4.3 and earlier, NeoFiler Free application 5.4.3 and earlier, and NeoFiler Lite application 2.4.2 and earlier for Android allows attackers to overwrite or create arbitrary files via unspecified vectors.

CVE-2014-0804CVE-2014-0804

Affected configuration(s):

cpe:/a:cgene:security_file_manager:1.0.6:-:~-~pro~android~~
cpe:/a:cgene:security_file_manager:1.0.6:-:~-~trial~android~~

Date published: 2014-01-12T13:34:56.063-05:00

Date last modified: 2014-01-13T15:05:50.797-05:00

CVSS Score: 5.8

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://jvn.jp/en/jp/JVN44392991/index.html

Summary: Directory traversal vulnerability in the CGENE Security File Manager Pro application 1.0.6 and earlier, and Security File Manager Trial application 1.0.6 and earlier, for Android allows attackers to overwrite or create arbitrary files via unspecified vectors.

CVE-2014-0803CVE-2014-0803

Affected configuration(s):

cpe:/a:yuichiro_okuyama:tetra_filer:1.5.1:-:~-~-~android~~
cpe:/a:yuichiro_okuyama:tetra_filer:2.3.1:-:~-~-~android~~
cpe:/a:yuichiro_okuyama:tetra_filer_free:1.5.1:-:~-~-~android~~
cpe:/a:yuichiro_okuyama:tetra_filer_free:2.3.1:-:~-~-~android~~

Date published: 2014-01-12T13:34:56.033-05:00

Date last modified: 2014-01-13T14:47:08.617-05:00

CVSS Score: 5.8

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://jvn.jp/en/jp/JVN51285738/index.html

Summary: Directory traversal vulnerability in the tetra filer application 2.3.1 and earlier for Android 4.0.3, tetra filer free application 2.3.1 and earlier for Android 4.0.3, tetra filer application 1.5.1 and earlier for Android before 4.0.3, and tetra filer free application 1.5.1 and earlier for Android before 4.0.3 allows attackers to overwrite or create arbitrary files via unspecified vectors.

CVE-2014-0802CVE-2014-0802

Affected configuration(s):

cpe:/a:aokitaka:zip_with_pass:4.5.7:-:~-~-~android~~
cpe:/a:aokitaka:zip_with_pass_pro:6.2.1:-:~-~-~android~~
cpe:/a:aokitaka:zip_with_pass_pro:6.2.2:-:~-~-~android~~
cpe:/a:aokitaka:zip_with_pass_pro:6.3.0:-:~-~-~android~~
cpe:/a:aokitaka:zip_with_pass_pro:6.3.4:-:~-~-~android~~
cpe:/a:aokitaka:zip_with_pass_pro:6.3.5:-:~-~-~android~~
cpe:/a:aokitaka:zip_with_pass_pro:6.3.7:-:~-~-~android~~
cpe:/a:aokitaka:zip_with_pass_pro:6.3.8:-:~-~-~android~~

Date published: 2014-01-12T13:34:56.000-05:00

Date last modified: 2014-01-13T14:07:31.053-05:00

CVSS Score: 5.8

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://jvn.jp/en/jp/JVN88313872/index.html

Summary: Directory traversal vulnerability in the aokitaka ZIP with Pass application 4.5.7 and earlier, and ZIP with Pass Pro application 6.3.8 and earlier, for Android allows attackers to overwrite or create arbitrary files via unspecified vectors.

CVE-2014-0618CVE-2014-0618

Affected configuration(s):

cpe:/h:juniper:srx100:-
cpe:/h:juniper:srx110:-
cpe:/h:juniper:srx1400:-
cpe:/h:juniper:srx210:-
cpe:/h:juniper:srx220:-
cpe:/h:juniper:srx240:-
cpe:/h:juniper:srx3400:-
cpe:/h:juniper:srx3600:-
cpe:/h:juniper:srx550:-
cpe:/h:juniper:srx5600:-
cpe:/h:juniper:srx5800:-
cpe:/h:juniper:srx650:-
cpe:/o:juniper:junos:10.4
cpe:/o:juniper:junos:11.4
cpe:/o:juniper:junos:12.1r
cpe:/o:juniper:junos:12.1×44
cpe:/o:juniper:junos:12.1×45

Date published: 2014-01-10T23:44:42.617-05:00

Date last modified: 2017-08-28T21:34:13.090-04:00

CVSS Score: 7.8

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://www.securityfocus.com/bid/64769

Summary: Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R before 12.1R7, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on SRX Series service gateways, when used as a UAC enforcer and captive portal is enabled, allows remote attackers to cause a denial of service (flowd crash) via a crafted HTTP message.

CVE-2014-0977CVE-2014-0977

Affected configuration(s):

cpe:/a:sixapart:movabletype:5.0:rc2
cpe:/a:sixapart:movabletype:5.01
cpe:/a:sixapart:movabletype:5.2
cpe:/a:sixapart:movabletype:5.2.2
cpe:/a:sixapart:movabletype:5.2.3
cpe:/a:sixapart:movabletype:5.2.6
cpe:/a:sixapart:movabletype:5.2.7
cpe:/a:sixapart:movabletype:5.03
cpe:/a:sixapart:movabletype:5.04
cpe:/a:sixapart:movabletype:5.11
cpe:/a:sixapart:movabletype:5.12
cpe:/a:sixapart:movabletype:5.13
cpe:/a:sixapart:movabletype:5.14
cpe:/a:sixapart:movabletype:5.15
cpe:/a:sixapart:movabletype:5.031
cpe:/a:sixapart:movabletype:6.0

Date published: 2014-01-10T12:55:03.113-05:00

Date last modified: 2017-08-28T21:34:23.153-04:00

CVSS Score: 4.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734304

Summary: Cross-site scripting (XSS) vulnerability in the Rich Text Editor in Movable Type 5.0x, 5.1x before 5.161, 5.2.x before 5.2.9, and 6.0.x before 6.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2014-0978CVE-2014-0978

Affected configuration(s):

cpe:/a:graphviz:graphviz:2.34.0

Date published: 2014-01-10T12:55:03.237-05:00

Date last modified: 2017-08-28T21:34:23.217-04:00

CVSS Score: 9.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://seclists.org/oss-sec/2014/q1/28

Summary: Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file.