| ID: CVE-2014-8014 |
Title: Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCub63710. |
Type: Hardware |
Bulletins:
CVE-2014-8014 |
Severity: Medium |
| Description: Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCub63710. | ||||
| Applies to: |
Created: 2014-12-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9322 |
Title: arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9322 |
Severity: High |
| Description: arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space. | ||||
| Applies to: |
Created: 2014-12-17 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-8609 |
Title: The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers to use the SYSTEM uid for... |
Type: Mobile Devices |
Bulletins:
CVE-2014-8609 |
Severity: High |
| Description: The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers to use the SYSTEM uid for broadcasting an intent with arbitrary component, action, or category information via a third-party authenticator in a crafted application, aka Bug 17356824. | ||||
| Applies to: |
Created: 2014-12-15 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-8507 |
Title: Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary... |
Type: Mobile Devices |
Bulletins:
CVE-2014-8507 SFBID71310 |
Severity: High |
| Description: Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary SQL commands, and consequently launch an activity or service, via the (1) wapAppId or (2) contentType field of a PDU for a malformed WAPPush message, aka Bug 17969135. | ||||
| Applies to: |
Created: 2014-12-15 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-7911 |
Title: luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization,... |
Type: Mobile Devices |
Bulletins:
CVE-2014-7911 |
Severity: High |
| Description: luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to execute arbitrary code via a crafted finalize method for a serialized object in an ArrayMap Parcel within an intent sent to system_service, as demonstrated by the finalize method of android.os.BinderProxy, aka Bug 15874291. | ||||
| Applies to: |
Created: 2014-12-15 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-8610 |
Title: AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or... |
Type: Mobile Devices |
Bulletins:
CVE-2014-8610 |
Severity: Low |
| Description: AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or trigger additional per-message charges from a network operator for old messages, via a crafted application that broadcasts an intent with the com.android.mms.transaction.MESSAGE_SENT action, aka Bug 17671795. | ||||
| Applies to: |
Created: 2014-12-15 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-8005 |
Title: Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (process reload) by establishing many TCP sessions, aka Bug ID CSCuq45239. |
Type: Hardware |
Bulletins:
CVE-2014-8005 SFBID71287 |
Severity: Medium |
| Description: Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (process reload) by establishing many TCP sessions, aka Bug ID CSCuq45239. | ||||
| Applies to: |
Created: 2014-11-25 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-8004 |
Title: Cisco IOS XR allows remote attackers to cause a denial of service (LISP process reload) by establishing many LISP TCP sessions, aka Bug ID CSCuq90378. |
Type: Hardware |
Bulletins:
CVE-2014-8004 |
Severity: Medium |
| Description: Cisco IOS XR allows remote attackers to cause a denial of service (LISP process reload) by establishing many LISP TCP sessions, aka Bug ID CSCuq90378. | ||||
| Applies to: |
Created: 2014-11-25 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-4457 |
Title: The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time... |
Type: Mobile Devices |
Bulletins:
CVE-2014-4457 SFBID71143 |
Severity: High |
| Description: The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time period when debugging is not enabled. | ||||
| Applies to: |
Created: 2014-11-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-4460 |
Title: CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive... |
Type: Mobile Devices |
Bulletins:
CVE-2014-4460 SFBID71135 |
Severity: Low |
| Description: CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files. | ||||
| Applies to: |
Created: 2014-11-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-4451 |
Title: Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses. |
Type: Mobile Devices |
Bulletins:
CVE-2014-4451 SFBID71138 |
Severity: High |
| Description: Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses. | ||||
| Applies to: |
Created: 2014-11-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-4453 |
Title: Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via... |
Type: Mobile Devices |
Bulletins:
CVE-2014-4453 SFBID71135 |
Severity: Medium |
| Description: Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors. | ||||
| Applies to: |
Created: 2014-11-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-4463 |
Title: Apple iOS before 8.1.1 allows physically proximate attackers to bypass the lock-screen protection mechanism, and view or transmit a Photo Library photo, via the FaceTime "Leave a Message" feature. |
Type: Mobile Devices |
Bulletins:
CVE-2014-4463 SFBID71141 |
Severity: Low |
| Description: Apple iOS before 8.1.1 allows physically proximate attackers to bypass the lock-screen protection mechanism, and view or transmit a Photo Library photo, via the FaceTime "Leave a Message" feature. | ||||
| Applies to: |
Created: 2014-11-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-7992 |
Title: The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014. |
Type: Hardware |
Bulletins:
CVE-2014-7992 SFBID71145 |
Severity: Medium |
| Description: The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014. | ||||
| Applies to: |
Created: 2014-11-17 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-7997 |
Title: The DHCP implementation in Cisco IOS on Aironet access points does not properly handle error conditions with short leases and unsuccessful lease-renewal attempts, which allows remote attackers to cause a denial of service (device restart) by... |
Type: Hardware |
Bulletins:
CVE-2014-7997 |
Severity: Medium |
| Description: The DHCP implementation in Cisco IOS on Aironet access points does not properly handle error conditions with short leases and unsuccessful lease-renewal attempts, which allows remote attackers to cause a denial of service (device restart) by triggering a transition into a recovery state that was intended to involve a network-interface restart but actually involves a full device restart, aka Bug ID CSCtn16281. | ||||
| Applies to: |
Created: 2014-11-14 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-7998 |
Title: Cisco IOS on Aironet access points, when "dot11 aaa authenticator" debugging is enabled, allows remote attackers to cause a denial of service via a malformed EAP packet, aka Bug ID CSCul15509. |
Type: Hardware |
Bulletins:
CVE-2014-7998 |
Severity: High |
| Description: Cisco IOS on Aironet access points, when "dot11 aaa authenticator" debugging is enabled, allows remote attackers to cause a denial of service via a malformed EAP packet, aka Bug ID CSCul15509. | ||||
| Applies to: |
Created: 2014-11-14 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-7991 |
Title: The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS... |
Type: Hardware |
Bulletins:
CVE-2014-7991 SFBID71013 |
Severity: Medium |
| Description: The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-11-13 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3366 |
Title: SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089. |
Type: Hardware |
Bulletins:
CVE-2014-3366 SFBID70855 |
Severity: Medium |
| Description: SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-10-31 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3375 |
Title: Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90597. |
Type: Hardware |
Bulletins:
CVE-2014-3375 SFBID70850 |
Severity: Medium |
| Description: Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90597. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-10-31 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3372 |
Title: Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90589. |
Type: Hardware |
Bulletins:
CVE-2014-3372 SFBID70846 |
Severity: Medium |
| Description: Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90589. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-10-31 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3373 |
Title: Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug... |
Type: Hardware |
Bulletins:
CVE-2014-3373 SFBID70848 |
Severity: Medium |
| Description: Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCup92550. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-10-31 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3374 |
Title: Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582. |
Type: Hardware |
Bulletins:
CVE-2014-3374 SFBID70849 |
Severity: Medium |
| Description: Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-10-31 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3409 |
Title: The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406. |
Type: Hardware |
Bulletins:
CVE-2014-3409 SFBID70715 |
Severity: Medium |
| Description: The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406. | ||||
| Applies to: |
Created: 2014-10-25 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-4450 |
Title: The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading... |
Type: Mobile Devices |
Bulletins:
CVE-2014-4450 SFBID70660 |
Severity: Low |
| Description: The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements. | ||||
| Applies to: |
Created: 2014-10-22 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-4449 |
Title: iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
Type: Mobile Devices |
Bulletins:
CVE-2014-4449 SFBID70659 |
Severity: Medium |
| Description: iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| Applies to: |
Created: 2014-10-22 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-4448 |
Title: House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID. |
Type: Mobile Devices |
Bulletins:
CVE-2014-4448 SFBID70661 |
Severity: Low |
| Description: House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID. | ||||
| Applies to: |
Created: 2014-10-22 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3566 |
Title: POODLE: SSLv3 vulnerability |
Type: Web |
Bulletins:
CVE-2014-3566 |
Severity: Medium |
| Description: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. | ||||
| Applies to: |
Created: 2014-10-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3825 |
Title: The Juniper SRX Series devices with Junos 11.4 before 11.4R12-S4, 12.1X44 before 12.1X44-D40, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D25, and 12.1X47 before 12.1X47-D10, when an Application Layer Gateway (ALG) is enabled, allows remote... |
Type: Hardware |
Bulletins:
CVE-2014-3825 |
Severity: Medium |
| Description: The Juniper SRX Series devices with Junos 11.4 before 11.4R12-S4, 12.1X44 before 12.1X44-D40, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D25, and 12.1X47 before 12.1X47-D10, when an Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (flowd crash) via a crafted packet. | ||||
| Applies to: Juniper SRX100 Juniper SRX110 Juniper SRX1400 Juniper SRX210 Juniper SRX220 Juniper SRX240 Juniper SRX3400 Juniper SRX3600 Juniper SRX550 Juniper SRX5600 Juniper SRX5800 Juniper SRX650 |
Created: 2014-10-14 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3818 |
Title: Juniper Junos OS 9.1 through 11.4 before 11.4R11, 12.1 before R10, 12.1X44 before D40, 12.1X46 before D30, 12.1X47 before D11 and 12.147-D15, 12.1X48 before D41 and D62, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S2, 13.1X49... |
Type: Hardware |
Bulletins:
CVE-2014-3818 |
Severity: High |
| Description: Juniper Junos OS 9.1 through 11.4 before 11.4R11, 12.1 before R10, 12.1X44 before D40, 12.1X46 before D30, 12.1X47 before D11 and 12.147-D15, 12.1X48 before D41 and D62, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S2, 13.1X49 before D49, 13.1X50 before 30, 13.2 before R4, 13.2X50 before D20, 13.2X51 before D25, 13.2X52 before D15, 13.3 before R2, and 14.1 before R1, when supporting 4-byte AS numbers and a BGP peer does not, allows remote attackers to cause a denial of service (memory corruption and RDP routing process crash and restart) via crafted transitive attributes in a BGP UPDATE. | ||||
| Applies to: |
Created: 2014-10-14 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-6378 |
Title: Juniper Junos 11.4 before R12-S4, 12.1X44 before D35, 12.1X45 before D30, 12.1X46 before D25, 12.1X47 before D10, 12.2 before R9, 12.2X50 before D70, 12.3 before R7, 13.1 before R4 before S3, 13.1X49 before D55, 13.1X50 before D30, 13.2 before R5,... |
Type: Hardware |
Bulletins:
CVE-2014-6378 SFBID70363 |
Severity: High |
| Description: Juniper Junos 11.4 before R12-S4, 12.1X44 before D35, 12.1X45 before D30, 12.1X46 before D25, 12.1X47 before D10, 12.2 before R9, 12.2X50 before D70, 12.3 before R7, 13.1 before R4 before S3, 13.1X49 before D55, 13.1X50 before D30, 13.2 before R5, 13.2X50 before D20, 13.2X51 before D26 and D30, 13.2X52 before D15, 13.3 before R3, and 14.1 before R1 allows remote attackers to cause a denial of service (router protocol daemon crash) via a crafted RSVP PATH message. | ||||
| Applies to: |
Created: 2014-10-14 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-6379 |
Title: Juniper Junos 11.4 before R12, 12.1 before R10, 12.1X44 before D35, 12.1X45 before D25, 12.1X46 before D20, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S3, 13.1X49 before D55, 13.1X50 before D30, 13.2... |
Type: Hardware |
Bulletins:
CVE-2014-6379 SFBID70365 |
Severity: High |
| Description: Juniper Junos 11.4 before R12, 12.1 before R10, 12.1X44 before D35, 12.1X45 before D25, 12.1X46 before D20, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S3, 13.1X49 before D55, 13.1X50 before D30, 13.2 before R4, 13.2X50 before D20, 13.2X51 before D26 and D30, 13.2X52 before D15, 13.3 before R2, and 14.1 before R1, when a RADIUS accounting server is configured as [system accounting destination radius], creates an entry in /var/etc/pam_radius.conf, which might allow remote attackers to bypass authentication via unspecified vectors. | ||||
| Applies to: |
Created: 2014-10-14 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-6380 |
Title: Juniper Junos 11.4 before R11, 12.1 before R9, 12.1X44 before D30, 12.1X45 before D20, 12.1X46 before D15, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4, 13.1X49 before D55, 13.1X50 before D30, 13.2 before... |
Type: Hardware |
Bulletins:
CVE-2014-6380 SFBID70369 |
Severity: High |
| Description: Juniper Junos 11.4 before R11, 12.1 before R9, 12.1X44 before D30, 12.1X45 before D20, 12.1X46 before D15, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4, 13.1X49 before D55, 13.1X50 before D30, 13.2 before R4, 13.2X50 before D20, 13.2X51 before D15, 13.2X52 before D15, 13.3 before R1, when using an em interface to connect to a certain internal network, allows remote attackers to cause a denial of service (em driver bock and FPC reset or "go offline") via a series of crafted (1) CLNP fragmented packets, when clns-routing or ESIS is configured, or (2) IPv4 or (3) IPv6 fragmented packets. | ||||
| Applies to: |
Created: 2014-10-14 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3404 |
Title: The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to trigger acceptance of an invalid message via crafted messages, aka Bug ID CSCuq22677. |
Type: Hardware |
Bulletins:
CVE-2014-3404 |
Severity: Medium |
| Description: The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to trigger acceptance of an invalid message via crafted messages, aka Bug ID CSCuq22677. | ||||
| Applies to: |
Created: 2014-10-09 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3403 |
Title: The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to spoof devices via crafted messages, aka Bug ID CSCuq22647. |
Type: Hardware |
Bulletins:
CVE-2014-3403 |
Severity: Medium |
| Description: The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to spoof devices via crafted messages, aka Bug ID CSCuq22647. | ||||
| Applies to: |
Created: 2014-10-09 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3405 |
Title: Cisco IOS XE enables the IPv6 Routing Protocol for Low-Power and Lossy Networks (aka RPL) on both the Autonomic Control Plane (ACP) and external Autonomic Networking Infrastructure (ANI) interfaces, which allows remote attackers to conduct... |
Type: Hardware |
Bulletins:
CVE-2014-3405 |
Severity: Medium |
| Description: Cisco IOS XE enables the IPv6 Routing Protocol for Low-Power and Lossy Networks (aka RPL) on both the Autonomic Control Plane (ACP) and external Autonomic Networking Infrastructure (ANI) interfaces, which allows remote attackers to conduct route-injection attacks via crafted RPL advertisements on an ANI interface, aka Bug ID CSCuq22673. | ||||
| Applies to: |
Created: 2014-10-09 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3187 |
Title: Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain video and audio data from a device... |
Type: Mobile Devices |
Bulletins:
CVE-2014-3187 |
Severity: Medium |
| Description: Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain video and audio data from a device via a crafted web site. | ||||
| Applies to: |
Created: 2014-10-08 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3355 |
Title: The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via... |
Type: Hardware |
Bulletins:
CVE-2014-3355 SFBID70130 |
Severity: High |
| Description: The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via malformed RSVP packets, aka Bug ID CSCug75942. | ||||
| Applies to: |
Created: 2014-09-25 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3356 |
Title: The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via... |
Type: Hardware |
Bulletins:
CVE-2014-3356 SFBID70135 |
Severity: High |
| Description: The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via malformed RSVP packets, aka Bug ID CSCue22753. | ||||
| Applies to: |
Created: 2014-09-25 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3361 |
Title: The ALG module in Cisco IOS 15.0 through 15.4 does not properly implement SIP over NAT, which allows remote attackers to cause a denial of service (device reload) via multipart SDP IPv4 traffic, aka Bug ID CSCun54071. |
Type: Hardware |
Bulletins:
CVE-2014-3361 SFBID70129 |
Severity: High |
| Description: The ALG module in Cisco IOS 15.0 through 15.4 does not properly implement SIP over NAT, which allows remote attackers to cause a denial of service (device reload) via multipart SDP IPv4 traffic, aka Bug ID CSCun54071. | ||||
| Applies to: |
Created: 2014-09-25 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3359 |
Title: Memory leak in Cisco IOS 15.1 through 15.4 and IOS XE 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allows remote attackers to cause a denial of service (memory consumption or... |
Type: Hardware |
Bulletins:
CVE-2014-3359 SFBID70140 |
Severity: High |
| Description: Memory leak in Cisco IOS 15.1 through 15.4 and IOS XE 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed DHCPv6 packets, aka Bug ID CSCum90081. | ||||
| Applies to: |
Created: 2014-09-25 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3358 |
Title: Memory leak in Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allows remote attackers to cause a denial of service (memory consumption, and interface... |
Type: Hardware |
Bulletins:
CVE-2014-3358 SFBID70139 |
Severity: High |
| Description: Memory leak in Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allows remote attackers to cause a denial of service (memory consumption, and interface queue wedge or device reload) via malformed mDNS packets, aka Bug ID CSCuj58950. | ||||
| Applies to: |
Created: 2014-09-25 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3357 |
Title: Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allow remote attackers to cause a denial of service (device reload) via malformed mDNS packets, aka Bug... |
Type: Hardware |
Bulletins:
CVE-2014-3357 SFBID70132 |
Severity: High |
| Description: Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allow remote attackers to cause a denial of service (device reload) via malformed mDNS packets, aka Bug ID CSCul90866. | ||||
| Applies to: |
Created: 2014-09-25 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3360 |
Title: Cisco IOS 12.4 and 15.0 through 15.4 and IOS XE 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allow remote attackers to cause a denial of service... |
Type: Hardware |
Bulletins:
CVE-2014-3360 SFBID70141 |
Severity: High |
| Description: Cisco IOS 12.4 and 15.0 through 15.4 and IOS XE 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allow remote attackers to cause a denial of service (device reload) via a crafted SIP message, aka Bug ID CSCul46586. | ||||
| Applies to: |
Created: 2014-09-25 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3354 |
Title: Cisco IOS 12.0, 12.2, 12.4, 15.0, 15.1, 15.2, and 15.3 and IOS XE 2.x and 3.x before 3.7.4S; 3.2.xSE and 3.3.xSE before 3.3.2SE; 3.3.xSG and 3.4.xSG before 3.4.4SG; and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allow remote attackers to cause a... |
Type: Hardware |
Bulletins:
CVE-2014-3354 SFBID70131 |
Severity: High |
| Description: Cisco IOS 12.0, 12.2, 12.4, 15.0, 15.1, 15.2, and 15.3 and IOS XE 2.x and 3.x before 3.7.4S; 3.2.xSE and 3.3.xSE before 3.3.2SE; 3.3.xSG and 3.4.xSG before 3.4.4SG; and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allow remote attackers to cause a denial of service (device reload) via malformed RSVP packets, aka Bug ID CSCui11547. | ||||
| Applies to: |
Created: 2014-09-25 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-6271 |
Title: Bash environment variables code injection |
Type: Miscellaneous |
Bulletins:
CVE-2014-6271 |
Severity: High |
| Description: GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. | ||||
| Applies to: GNU Bash |
Created: 2014-09-25 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-7169 |
Title: Bash environment variables code injection |
Type: Miscellaneous |
Bulletins:
CVE-2014-7169 |
Severity: High |
| Description: GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271. | ||||
| Applies to: GNU Bash |
Created: 2014-09-25 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3378 |
Title: tacacsd in Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed TACACS+ packet, aka Bug ID CSCum00468. |
Type: Hardware |
Bulletins:
CVE-2014-3378 SFBID69957 |
Severity: Medium |
| Description: tacacsd in Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed TACACS+ packet, aka Bug ID CSCum00468. | ||||
| Applies to: |
Created: 2014-09-20 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3377 |
Title: snmpd in Cisco IOS XR 5.1 and earlier allows remote authenticated users to cause a denial of service (process reload) via a malformed SNMPv2 packet, aka Bug ID CSCun67791. |
Type: Hardware |
Bulletins:
CVE-2014-3377 SFBID69959 |
Severity: Medium |
| Description: snmpd in Cisco IOS XR 5.1 and earlier allows remote authenticated users to cause a denial of service (process reload) via a malformed SNMPv2 packet, aka Bug ID CSCun67791. | ||||
| Applies to: |
Created: 2014-09-20 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3376 |
Title: Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed RSVP packet, aka Bug ID CSCuq12031. |
Type: Hardware |
Bulletins:
CVE-2014-3376 SFBID69956 |
Severity: Medium |
| Description: Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed RSVP packet, aka Bug ID CSCuq12031. | ||||
| Applies to: |
Created: 2014-09-20 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-4409 |
Title: WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had been stored during normal browsing. |
Type: Mobile Devices |
Bulletins:
CVE-2014-4409 SFBID69882 |
Severity: Medium |
| Description: WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had been stored during normal browsing. | ||||
| Applies to: |
Created: 2014-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-4362 |
Title: The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted app. |
Type: Mobile Devices |
Bulletins:
CVE-2014-4362 SFBID69882 |
Severity: Medium |
| Description: The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted app. | ||||
| Applies to: |
Created: 2014-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-4361 |
Title: The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a crafted background app. |
Type: Mobile Devices |
Bulletins:
CVE-2014-4361 SFBID69882 |
Severity: Medium |
| Description: The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a crafted background app. | ||||
| Applies to: |
Created: 2014-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-4423 |
Title: The Accounts subsystem in Apple iOS before 8 allows attackers to bypass a sandbox protection mechanism and obtain an active iCloud account's Apple ID and metadata via a crafted application. |
Type: Mobile Devices |
Bulletins:
CVE-2014-4423 SFBID69882 |
Severity: Medium |
| Description: The Accounts subsystem in Apple iOS before 8 allows attackers to bypass a sandbox protection mechanism and obtain an active iCloud account's Apple ID and metadata via a crafted application. | ||||
| Applies to: |
Created: 2014-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-4368 |
Title: The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via vectors related to AssistiveTouch events. |
Type: Mobile Devices |
Bulletins:
CVE-2014-4368 SFBID69882 |
Severity: Medium |
| Description: The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via vectors related to AssistiveTouch events. | ||||
| Applies to: |
Created: 2014-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-4363 |
Title: Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509... |
Type: Mobile Devices |
Bulletins:
CVE-2014-4363 SFBID69882 |
Severity: Medium |
| Description: Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509 certificate, or (3) an IFRAME element. | ||||
| Applies to: |
Created: 2014-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-4386 |
Title: Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access. |
Type: Mobile Devices |
Bulletins:
CVE-2014-4386 SFBID69882 |
Severity: Low |
| Description: Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access. | ||||
| Applies to: |
Created: 2014-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-4353 |
Title: Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent (1) iMessage or (2) MMS. |
Type: Mobile Devices |
Bulletins:
CVE-2014-4353 SFBID69882 |
Severity: Medium |
| Description: Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent (1) iMessage or (2) MMS. | ||||
| Applies to: |
Created: 2014-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-4374 |
Title: NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. |
Type: Mobile Devices |
Bulletins:
CVE-2014-4374 SFBID69882 |
Severity: Medium |
| Description: NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||
| Applies to: |
Created: 2014-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-4366 |
Title: Mail in Apple iOS before 8 does not prevent sending a LOGIN command to a LOGINDISABLED IMAP server, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. |
Type: Mobile Devices |
Bulletins:
CVE-2014-4366 SFBID69882 |
Severity: Medium |
| Description: Mail in Apple iOS before 8 does not prevent sending a LOGIN command to a LOGINDISABLED IMAP server, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. | ||||
| Applies to: |
Created: 2014-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-4384 |
Title: Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle. |
Type: Mobile Devices |
Bulletins:
CVE-2014-4384 SFBID69882 |
Severity: Low |
| Description: Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle. | ||||
| Applies to: |
Created: 2014-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-4367 |
Title: Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number. |
Type: Mobile Devices |
Bulletins:
CVE-2014-4367 SFBID69882 |
Severity: Low |
| Description: Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number. | ||||
| Applies to: |
Created: 2014-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-4354 |
Title: Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session. |
Type: Mobile Devices |
Bulletins:
CVE-2014-4354 SFBID69882 |
Severity: Medium |
| Description: Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session. | ||||
| Applies to: |
Created: 2014-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-4356 |
Title: Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by reading this screen. |
Type: Mobile Devices |
Bulletins:
CVE-2014-4356 SFBID69882 |
Severity: Low |
| Description: Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by reading this screen. | ||||
| Applies to: |
Created: 2014-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-4352 |
Title: Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID. |
Type: Mobile Devices |
Bulletins:
CVE-2014-4352 SFBID69882 |
Severity: Low |
| Description: Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID. | ||||
| Applies to: |
Created: 2014-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3342 |
Title: The CLI in Cisco IOS XR allows remote authenticated users to obtain sensitive information via unspecified commands, aka Bug IDs CSCuq42336, CSCuq76853, CSCuq76873, and CSCuq45383. |
Type: Hardware |
Bulletins:
CVE-2014-3342 SFBID69735 |
Severity: Medium |
| Description: The CLI in Cisco IOS XR allows remote authenticated users to obtain sensitive information via unspecified commands, aka Bug IDs CSCuq42336, CSCuq76853, CSCuq76873, and CSCuq45383. | ||||
| Applies to: |
Created: 2014-09-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3363 |
Title: Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443. |
Type: Hardware |
Bulletins:
CVE-2014-3363 SFBID69739 |
Severity: Low |
| Description: Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-09-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3343 |
Title: Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (DHCPv6 daemon crash) via a malformed DHCPv6 packet, aka Bug ID CSCuo59052. |
Type: Hardware |
Bulletins:
CVE-2014-3343 SFBID69667 |
Severity: Medium |
| Description: Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (DHCPv6 daemon crash) via a malformed DHCPv6 packet, aka Bug ID CSCuo59052. | ||||
| Applies to: |
Created: 2014-09-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3353 |
Title: Cisco IOS XR 4.3(.2) and earlier, as used in Cisco Carrier Routing System (CRS), allows remote attackers to cause a denial of service (CPU consumption and IPv6 packet drops) via a malformed IPv6 packet, aka Bug ID CSCuo95165. |
Type: Hardware |
Bulletins:
CVE-2014-3353 SFBID69506 |
Severity: High |
| Description: Cisco IOS XR 4.3(.2) and earlier, as used in Cisco Carrier Routing System (CRS), allows remote attackers to cause a denial of service (CPU consumption and IPv6 packet drops) via a malformed IPv6 packet, aka Bug ID CSCuo95165. | ||||
| Applies to: |
Created: 2014-09-04 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3338 |
Title: The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to gain privileges and execute arbitrary commands via... |
Type: Hardware |
Bulletins:
CVE-2014-3338 SFBID69176 |
Severity: High |
| Description: The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to gain privileges and execute arbitrary commands via crafted token data, aka Bug ID CSCum95491. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-08-12 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3327 |
Title: The EnergyWise module in Cisco IOS 12.2, 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.2.xXO, 3.3.xSG, 3.4.xSG, and 3.5.xE before 3.5.3E allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 packet, aka Bug ID CSCup52101. |
Type: Hardware |
Bulletins:
CVE-2014-3327 SFBID69066 |
Severity: High |
| Description: The EnergyWise module in Cisco IOS 12.2, 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.2.xXO, 3.3.xSG, 3.4.xSG, and 3.5.xE before 3.5.3E allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 packet, aka Bug ID CSCup52101. | ||||
| Applies to: |
Created: 2014-08-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3332 |
Title: Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug ID CSCup98029. |
Type: Hardware |
Bulletins:
CVE-2014-3332 SFBID69068 |
Severity: Medium |
| Description: Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug ID CSCup98029. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-08-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3319 |
Title: Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676. |
Type: Hardware |
Bulletins:
CVE-2014-3319 |
Severity: Medium |
| Description: Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-07-14 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3317 |
Title: Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete arbitrary files via a crafted URL, aka Bug ID CSCup76314. |
Type: Hardware |
Bulletins:
CVE-2014-3317 SFBID68481 |
Severity: Medium |
| Description: Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete arbitrary files via a crafted URL, aka Bug ID CSCup76314. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-07-14 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3815 |
Title: Juniper Junos 12.1X46 before 12.1X46-D20 and 12.1X47 before 12.1X47-D10 on SRX Series devices allows remote attackers to cause a denial of service (flowd crash) via a crafted SIP packet. |
Type: Hardware |
Bulletins:
CVE-2014-3815 SFBID68551 |
Severity: High |
| Description: Juniper Junos 12.1X46 before 12.1X46-D20 and 12.1X47 before 12.1X47-D10 on SRX Series devices allows remote attackers to cause a denial of service (flowd crash) via a crafted SIP packet. | ||||
| Applies to: Juniper SRX100 Juniper SRX110 Juniper SRX1400 Juniper SRX210 Juniper SRX220 Juniper SRX240 Juniper SRX3400 Juniper SRX3600 Juniper SRX550 Juniper SRX5600 Juniper SRX5800 Juniper SRX650 |
Created: 2014-07-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3822 |
Title: Juniper Junos 11.4 before 11.4R8, 12.1 before 12.1R5, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.1X46 before 12.1X46-D10, and 12.1X47 before 12.1X47-D10 on SRX Series devices, allows remote attackers to cause a denial of service... |
Type: Hardware |
Bulletins:
CVE-2014-3822 |
Severity: Medium |
| Description: Juniper Junos 11.4 before 11.4R8, 12.1 before 12.1R5, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.1X46 before 12.1X46-D10, and 12.1X47 before 12.1X47-D10 on SRX Series devices, allows remote attackers to cause a denial of service (flowd crash) via a malformed packet, related to translating IPv6 to IPv4. | ||||
| Applies to: Juniper SRX100 Juniper SRX110 Juniper SRX1400 Juniper SRX210 Juniper SRX220 Juniper SRX240 Juniper SRX3400 Juniper SRX3600 Juniper SRX550 Juniper SRX5600 Juniper SRX5800 Juniper SRX650 |
Created: 2014-07-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3817 |
Title: Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D32, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 on SRX Series devices, when NAT protocol translation from IPv4 to IPv6 is enabled, allows remote... |
Type: Hardware |
Bulletins:
CVE-2014-3817 SFBID68545 |
Severity: High |
| Description: Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D32, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 on SRX Series devices, when NAT protocol translation from IPv4 to IPv6 is enabled, allows remote attackers to cause a denial of service (flowd hang or crash) via a crafted packet. | ||||
| Applies to: Juniper SRX100 Juniper SRX110 Juniper SRX1400 Juniper SRX210 Juniper SRX220 Juniper SRX240 Juniper SRX3400 Juniper SRX3600 Juniper SRX550 Juniper SRX5600 Juniper SRX5800 Juniper SRX650 |
Created: 2014-07-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3816 |
Title: Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R11, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8-S2, 12.3 before 12.3R7, 13.1 before 13.1R4-S2, 13.2 before... |
Type: Hardware |
Bulletins:
CVE-2014-3816 |
Severity: High |
| Description: Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R11, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8-S2, 12.3 before 12.3R7, 13.1 before 13.1R4-S2, 13.2 before 13.2R5, 13.3 before 13.3R2-S2, and 14.1 before 14.1R1 allows remote authenticated users to gain privileges via unspecified combinations of CLI commands and arguments. | ||||
| Applies to: |
Created: 2014-07-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3819 |
Title: Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R10, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8, 12.3 before 12.3R7, 13.1 before 13.1R4, 13.2 before 13.2R4,... |
Type: Hardware |
Bulletins:
CVE-2014-3819 SFBID68539 |
Severity: High |
| Description: Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R10, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8, 12.3 before 12.3R7, 13.1 before 13.1R4, 13.2 before 13.2R4, 13.3 before 13.3R2, and 14.1 before 14.1R1, when Auto-RP is enabled, allows remote attackers to cause a denial of service (RDP routing process crash and restart) via a malformed PIM packet. | ||||
| Applies to: |
Created: 2014-07-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3821 |
Title: Cross-site scripting (XSS) vulnerability in SRX Web Authentication (webauth) in Juniper Junos 11.4 before 11.4R11, 12.1X44 before 12.1X44-D34, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 allows remote... |
Type: Hardware |
Bulletins:
CVE-2014-3821 SFBID68548 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in SRX Web Authentication (webauth) in Juniper Junos 11.4 before 11.4R11, 12.1X44 before 12.1X44-D34, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| Applies to: |
Created: 2014-07-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3316 |
Title: The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297. |
Type: Hardware |
Bulletins:
CVE-2014-3316 SFBID68479 |
Severity: Medium |
| Description: The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-07-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3318 |
Title: Directory traversal vulnerability in dna/viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup76318. |
Type: Hardware |
Bulletins:
CVE-2014-3318 SFBID68482 |
Severity: Medium |
| Description: Directory traversal vulnerability in dna/viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup76318. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-07-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3315 |
Title: Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka... |
Type: Hardware |
Bulletins:
CVE-2014-3315 SFBID68477 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-07-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3309 |
Title: The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka... |
Type: Hardware |
Bulletins:
CVE-2014-3309 SFBID68463 |
Severity: Medium |
| Description: The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka Bug ID CSCuj66318. | ||||
| Applies to: |
Created: 2014-07-09 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3100 |
Title: Stack-based buffer overflow in the encode_key function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended... |
Type: Mobile Devices |
Bulletins:
CVE-2014-3100 SFBID68152 |
Severity: Medium |
| Description: Stack-based buffer overflow in the encode_key function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended restrictions on cryptographic operations, via a long key name. | ||||
| Applies to: |
Created: 2014-07-02 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-1345 |
Title: WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x before 7.0.5 does not properly encode domain names in URLs, which allows remote attackers to spoof the address bar via a crafted web site. |
Type: Mobile Devices |
Bulletins:
CVE-2014-1345 SFBID68276 |
Severity: Medium |
| Description: WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x before 7.0.5 does not properly encode domain names in URLs, which allows remote attackers to spoof the address bar via a crafted web site. | ||||
| Applies to: |
Created: 2014-07-01 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-1349 |
Title: Use-after-free vulnerability in Safari in Apple iOS before 7.1.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an invalid URL. |
Type: Mobile Devices |
Bulletins:
CVE-2014-1349 SFBID68276 |
Severity: Medium |
| Description: Use-after-free vulnerability in Safari in Apple iOS before 7.1.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an invalid URL. | ||||
| Applies to: |
Created: 2014-07-01 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-1351 |
Title: Siri in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended lock-screen passcode requirement, and read a contact list, via a Siri request that refers to a contact ambiguously. |
Type: Mobile Devices |
Bulletins:
CVE-2014-1351 SFBID68276 |
Severity: Low |
| Description: Siri in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended lock-screen passcode requirement, and read a contact list, via a Siri request that refers to a contact ambiguously. | ||||
| Applies to: |
Created: 2014-07-01 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-1350 |
Title: Settings in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended iCloud password requirement, and turn off the Find My iPhone service, by leveraging incorrect state management. |
Type: Mobile Devices |
Bulletins:
CVE-2014-1350 SFBID68276 |
Severity: Medium |
| Description: Settings in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended iCloud password requirement, and turn off the Find My iPhone service, by leveraging incorrect state management. | ||||
| Applies to: |
Created: 2014-07-01 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-1348 |
Title: Mail in Apple iOS before 7.1.2 advertises the availability of data protection for attachments but stores cleartext attachments under mobile/Library/Mail/, which makes it easier for physically proximate attackers to obtain sensitive... |
Type: Mobile Devices |
Bulletins:
CVE-2014-1348 SFBID67263 |
Severity: Low |
| Description: Mail in Apple iOS before 7.1.2 advertises the availability of data protection for attachments but stores cleartext attachments under mobile/Library/Mail/, which makes it easier for physically proximate attackers to obtain sensitive information by mounting the data partition. | ||||
| Applies to: |
Created: 2014-07-01 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-1360 |
Title: Lockdown in Apple iOS before 7.1.2 does not properly verify data from activation servers, which makes it easier for physically proximate attackers to bypass the Activation Lock protection mechanism via unspecified vectors. |
Type: Mobile Devices |
Bulletins:
CVE-2014-1360 SFBID68276 |
Severity: Low |
| Description: Lockdown in Apple iOS before 7.1.2 does not properly verify data from activation servers, which makes it easier for physically proximate attackers to bypass the Activation Lock protection mechanism via unspecified vectors. | ||||
| Applies to: |
Created: 2014-07-01 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-1353 |
Title: Lock Screen in Apple iOS before 7.1.2 does not properly manage the telephony state in Airplane Mode, which allows physically proximate attackers to bypass the lock protection mechanism, and access a certain foreground application,... |
Type: Mobile Devices |
Bulletins:
CVE-2014-1353 SFBID68276 |
Severity: Low |
| Description: Lock Screen in Apple iOS before 7.1.2 does not properly manage the telephony state in Airplane Mode, which allows physically proximate attackers to bypass the lock protection mechanism, and access a certain foreground application, via unspecified vectors. | ||||
| Applies to: |
Created: 2014-07-01 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-1352 |
Title: Lock Screen in Apple iOS before 7.1.2 does not properly enforce the limit on failed passcode attempts, which makes it easier for physically proximate attackers to conduct brute-force passcode-guessing attacks via unspecified vectors. |
Type: Mobile Devices |
Bulletins:
CVE-2014-1352 SFBID68276 |
Severity: Low |
| Description: Lock Screen in Apple iOS before 7.1.2 does not properly enforce the limit on failed passcode attempts, which makes it easier for physically proximate attackers to conduct brute-force passcode-guessing attacks via unspecified vectors. | ||||
| Applies to: |
Created: 2014-07-01 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-1354 |
Title: CoreGraphics in Apple iOS before 7.1.2 does not properly restrict allocation of stack memory for processing of XBM images, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via... |
Type: Mobile Devices |
Bulletins:
CVE-2014-1354 SFBID68276 |
Severity: Medium |
| Description: CoreGraphics in Apple iOS before 7.1.2 does not properly restrict allocation of stack memory for processing of XBM images, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted image data. | ||||
| Applies to: |
Created: 2014-07-01 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3299 |
Title: Cisco IOS allows remote authenticated users to cause a denial of service (device reload) via malformed IPsec packets, aka Bug ID CSCui79745. |
Type: Hardware |
Bulletins:
CVE-2014-3299 SFBID68177 |
Severity: Medium |
| Description: Cisco IOS allows remote authenticated users to cause a denial of service (device reload) via malformed IPsec packets, aka Bug ID CSCui79745. | ||||
| Applies to: |
Created: 2014-06-25 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3290 |
Title: The mDNS implementation in Cisco IOS XE 3.12S does not properly interact with autonomic networking, which allows remote attackers to obtain sensitive networking-services information by sniffing the network or overwrite networking-services data via a... |
Type: Hardware |
Bulletins:
CVE-2014-3290 SFBID68021 |
Severity: Medium |
| Description: The mDNS implementation in Cisco IOS XE 3.12S does not properly interact with autonomic networking, which allows remote attackers to obtain sensitive networking-services information by sniffing the network or overwrite networking-services data via a crafted mDNS response, aka Bug ID CSCun64867. | ||||
| Applies to: |
Created: 2014-06-14 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3295 |
Title: The HSRP implementation in Cisco NX-OS 6.2(2a) and earlier allows remote attackers to bypass authentication and cause a denial of service (group-member state modification and traffic blackholing) via malformed HSRP packets, aka Bug ID CSCup11309. |
Type: Hardware |
Bulletins:
CVE-2014-3295 SFBID67983 |
Severity: Medium |
| Description: The HSRP implementation in Cisco NX-OS 6.2(2a) and earlier allows remote attackers to bypass authentication and cause a denial of service (group-member state modification and traffic blackholing) via malformed HSRP packets, aka Bug ID CSCup11309. | ||||
| Applies to: |
Created: 2014-06-14 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3813 |
Title: Unspecified vulnerability in the Juniper Networks NetScreen Firewall products with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via vectors... |
Type: Hardware |
Bulletins:
CVE-2014-3813 |
Severity: High |
| Description: Unspecified vulnerability in the Juniper Networks NetScreen Firewall products with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via vectors related to a DNS lookup. | ||||
| Applies to: |
Created: 2014-06-13 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3814 |
Title: The Juniper Networks NetScreen Firewall devices with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via a sequence of malformed packets to the... |
Type: Hardware |
Bulletins:
CVE-2014-3814 |
Severity: High |
| Description: The Juniper Networks NetScreen Firewall devices with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via a sequence of malformed packets to the device IP. | ||||
| Applies to: |
Created: 2014-06-13 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3292 |
Title: The Real Time Monitoring Tool (RTMT) implementation in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to (1) read or (2) delete arbitrary files via a crafted URL, aka Bug IDs CSCuo17302 and CSCuo17199. |
Type: Hardware |
Bulletins:
CVE-2014-3292 |
Severity: Medium |
| Description: The Real Time Monitoring Tool (RTMT) implementation in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to (1) read or (2) delete arbitrary files via a crafted URL, aka Bug IDs CSCuo17302 and CSCuo17199. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-06-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3287 |
Title: SQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to execute arbitrary SQL commands via crafted filename parameters in a URL,... |
Type: Hardware |
Bulletins:
CVE-2014-3287 SFBID68000 |
Severity: Medium |
| Description: SQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to execute arbitrary SQL commands via crafted filename parameters in a URL, aka Bug ID CSCuo17337. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-06-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3291 |
Title: Cisco Wireless LAN Controller (WLC) devices allow remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a zero value in Cisco Discovery Protocol packet data that is not properly handled during SNMP polling,... |
Type: Hardware |
Bulletins:
CVE-2014-3291 SFBID67926 |
Severity: Medium |
| Description: Cisco Wireless LAN Controller (WLC) devices allow remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a zero value in Cisco Discovery Protocol packet data that is not properly handled during SNMP polling, aka Bug ID CSCuo12321. | ||||
| Applies to: |
Created: 2014-06-08 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1191 |
Title: Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via crafted SSH key data in an SSH session to a management... |
Type: Hardware |
Bulletins:
CVE-2013-1191 |
Severity: High |
| Description: Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via crafted SSH key data in an SSH session to a management interface, aka Bug ID CSCud88400. | ||||
| Applies to: Cisco Nexus 7000 Cisco Nexus 7000-9slot Cisco Nexus 7010 Cisco Nexus 7018 |
Created: 2014-05-25 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-2200 |
Title: Cisco NX-OS 5.0 before 5.0(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via an SSH session to a management interface, aka Bug ID... |
Type: Hardware |
Bulletins:
CVE-2014-2200 |
Severity: High |
| Description: Cisco NX-OS 5.0 before 5.0(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via an SSH session to a management interface, aka Bug ID CSCti11629. | ||||
| Applies to: |
Created: 2014-05-25 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3284 |
Title: Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed PPPoE packet, aka Bug ID CSCuo55180. |
Type: Hardware |
Bulletins:
CVE-2014-3284 SFBID67603 |
Severity: Medium |
| Description: Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed PPPoE packet, aka Bug ID CSCuo55180. | ||||
| Applies to: |
Created: 2014-05-25 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3269 |
Title: The SNMP module in Cisco IOS XE 3.5E allows remote authenticated users to cause a denial of service (device reload) by polling frequently, aka Bug ID CSCug65204. |
Type: Hardware |
Bulletins:
CVE-2014-3269 |
Severity: Medium |
| Description: The SNMP module in Cisco IOS XE 3.5E allows remote authenticated users to cause a denial of service (device reload) by polling frequently, aka Bug ID CSCug65204. | ||||
| Applies to: |
Created: 2014-05-20 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3273 |
Title: The LLDP implementation in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a malformed packet, aka Bug ID CSCum96282. |
Type: Hardware |
Bulletins:
CVE-2014-3273 |
Severity: Medium |
| Description: The LLDP implementation in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a malformed packet, aka Bug ID CSCum96282. | ||||
| Applies to: |
Created: 2014-05-20 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3270 |
Title: The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (process hang) via a malformed packet, aka Bug ID CSCul80924. |
Type: Hardware |
Bulletins:
CVE-2014-3270 |
Severity: Medium |
| Description: The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (process hang) via a malformed packet, aka Bug ID CSCul80924. | ||||
| Applies to: |
Created: 2014-05-20 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3271 |
Title: The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug IDs CSCum85558, CSCum20949, CSCul61849, and CSCul71149. |
Type: Hardware |
Bulletins:
CVE-2014-3271 |
Severity: Medium |
| Description: The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug IDs CSCum85558, CSCum20949, CSCul61849, and CSCul71149. | ||||
| Applies to: |
Created: 2014-05-20 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-6975 |
Title: Directory traversal vulnerability in the command-line interface in Cisco NX-OS 6.2(2a) and earlier allows local users to read arbitrary files via unspecified input, aka Bug ID CSCul05217. |
Type: Hardware |
Bulletins:
CVE-2013-6975 SFBID67426 |
Severity: Medium |
| Description: Directory traversal vulnerability in the command-line interface in Cisco NX-OS 6.2(2a) and earlier allows local users to read arbitrary files via unspecified input, aka Bug ID CSCul05217. | ||||
| Applies to: |
Created: 2014-05-20 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3263 |
Title: The ScanSafe module in Cisco IOS 15.3(3)M allows remote attackers to cause a denial of service (device reload) via HTTPS packets that require tower processing, aka Bug ID CSCum97038. |
Type: Hardware |
Bulletins:
CVE-2014-3263 |
Severity: Medium |
| Description: The ScanSafe module in Cisco IOS 15.3(3)M allows remote attackers to cause a denial of service (device reload) via HTTPS packets that require tower processing, aka Bug ID CSCum97038. | ||||
| Applies to: |
Created: 2014-05-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-3262 |
Title: The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.3(3)S and earlier and IOS XE does not properly validate parameters in ITR control messages, which allows remote attackers to cause a denial of service (CEF outage and packet... |
Type: Hardware |
Bulletins:
CVE-2014-3262 |
Severity: Medium |
| Description: The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.3(3)S and earlier and IOS XE does not properly validate parameters in ITR control messages, which allows remote attackers to cause a denial of service (CEF outage and packet drops) via malformed messages, aka Bug ID CSCun73782. | ||||
| Applies to: |
Created: 2014-05-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2010-4832 |
Title: Android OS before 2.2 does not display the correct SSL certificate in certain cases, which might allow remote attackers to spoof trusted web sites via a web page containing references to external sources in which (1) the certificate... |
Type: Mobile Devices |
Bulletins:
CVE-2010-4832 |
Severity: Medium |
| Description: Android OS before 2.2 does not display the correct SSL certificate in certain cases, which might allow remote attackers to spoof trusted web sites via a web page containing references to external sources in which (1) the certificate of the last loaded resource is checked, instead of for the main page, or (2) later certificates are not checked when the HTTPS connection is reused. | ||||
| Applies to: |
Created: 2014-05-13 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-0684 |
Title: Cisco NX-OS 6.2(2) on Nexus 7000 switches allows local users to cause a denial of service via crafted sed input, aka Bug ID CSCui56136. |
Type: Hardware |
Bulletins:
CVE-2014-0684 |
Severity: Medium |
| Description: Cisco NX-OS 6.2(2) on Nexus 7000 switches allows local users to cause a denial of service via crafted sed input, aka Bug ID CSCui56136. | ||||
| Applies to: Cisco Nexus 7000 Cisco Nexus 7000-9slot Cisco Nexus 7010 Cisco Nexus 7018 |
Created: 2014-05-07 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-2183 |
Title: The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 routers allows remote authenticated users to cause a denial of service (ESP card reload) via a malformed L2TP packet, aka Bug ID CSCun09973. |
Type: Hardware |
Bulletins:
CVE-2014-2183 |
Severity: Medium |
| Description: The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 routers allows remote authenticated users to cause a denial of service (ESP card reload) via a malformed L2TP packet, aka Bug ID CSCun09973. | ||||
| Applies to: |
Created: 2014-04-29 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-2184 |
Title: The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCun74352. |
Type: Hardware |
Bulletins:
CVE-2014-2184 |
Severity: Medium |
| Description: The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCun74352. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-04-29 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-2185 |
Title: The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374. |
Type: Hardware |
Bulletins:
CVE-2014-2185 |
Severity: Medium |
| Description: The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-04-29 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-7373 |
Title: Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications. |
Type: Mobile Devices |
Bulletins:
CVE-2013-7373 |
Severity: High |
| Description: Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications. | ||||
| Applies to: |
Created: 2014-04-29 |
Updated: 2025-10-08 |
||
| ID: CVE-2012-3946 |
Title: Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the... |
Type: Hardware |
Bulletins:
CVE-2012-3946 |
Severity: Medium |
| Description: Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682. | ||||
| Applies to: |
Created: 2014-04-24 |
Updated: 2025-10-08 |
||
| ID: CVE-2012-5723 |
Title: Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948. |
Type: Hardware |
Bulletins:
CVE-2012-5723 |
Severity: Medium |
| Description: Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948. | ||||
| Applies to: |
Created: 2014-04-24 |
Updated: 2025-10-08 |
||
| ID: CVE-2012-1317 |
Title: The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717. |
Type: Hardware |
Bulletins:
CVE-2012-1317 |
Severity: Medium |
| Description: The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717. | ||||
| Applies to: |
Created: 2014-04-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2012-4658 |
Title: The ios-authproxy implementation in Cisco IOS before 15.1(1)SY3 allows remote attackers to cause a denial of service (webauth and HTTP service outage) via vectors that trigger incorrectly terminated HTTP sessions, aka Bug ID CSCtz99447. |
Type: Hardware |
Bulletins:
CVE-2012-4658 |
Severity: Medium |
| Description: The ios-authproxy implementation in Cisco IOS before 15.1(1)SY3 allows remote attackers to cause a denial of service (webauth and HTTP service outage) via vectors that trigger incorrectly terminated HTTP sessions, aka Bug ID CSCtz99447. | ||||
| Applies to: |
Created: 2014-04-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2012-5032 |
Title: The Flex-VPN load-balancing feature in the ipsec-ikev2 implementation in Cisco IOS before 15.1(1)SY3 does not require authentication, which allows remote attackers to trigger the forwarding of VPN traffic to an attacker-controlled destination, or... |
Type: Hardware |
Bulletins:
CVE-2012-5032 |
Severity: Medium |
| Description: The Flex-VPN load-balancing feature in the ipsec-ikev2 implementation in Cisco IOS before 15.1(1)SY3 does not require authentication, which allows remote attackers to trigger the forwarding of VPN traffic to an attacker-controlled destination, or the discarding of this traffic, by arranging for an arbitrary device to become a cluster member, aka Bug ID CSCub93641. | ||||
| Applies to: |
Created: 2014-04-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2012-5039 |
Title: The BGP Router process in Cisco IOS before 12.2(50)SY1 allows remote attackers to cause a denial of service (memory consumption) via vectors involving BGP path attributes, aka Bug ID CSCsw63003. |
Type: Hardware |
Bulletins:
CVE-2012-5039 |
Severity: Medium |
| Description: The BGP Router process in Cisco IOS before 12.2(50)SY1 allows remote attackers to cause a denial of service (memory consumption) via vectors involving BGP path attributes, aka Bug ID CSCsw63003. | ||||
| Applies to: |
Created: 2014-04-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2012-5037 |
Title: The ACL implementation in Cisco IOS before 15.1(1)SY on Catalyst 6500 and 7600 devices allows local users to cause a denial of service (device reload) via a "no object-group" command followed by an object-group command, aka Bug ID CSCts16133. |
Type: Hardware |
Bulletins:
CVE-2012-5037 |
Severity: Medium |
| Description: The ACL implementation in Cisco IOS before 15.1(1)SY on Catalyst 6500 and 7600 devices allows local users to cause a denial of service (device reload) via a "no object-group" command followed by an object-group command, aka Bug ID CSCts16133. | ||||
| Applies to: Cisco Catalyst 6500 Series Switches Cisco Catalyst 7600 |
Created: 2014-04-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2012-0360 |
Title: Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376. |
Type: Hardware |
Bulletins:
CVE-2012-0360 |
Severity: Medium |
| Description: Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376. | ||||
| Applies to: |
Created: 2014-04-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2012-5427 |
Title: Cisco IOS Unified Border Element (CUBE) in Cisco IOS before 15.3(2)T allows remote authenticated users to cause a denial of service (input queue wedge) via a crafted series of RTCP packets, aka Bug ID CSCuc42518. |
Type: Hardware |
Bulletins:
CVE-2012-5427 |
Severity: Medium |
| Description: Cisco IOS Unified Border Element (CUBE) in Cisco IOS before 15.3(2)T allows remote authenticated users to cause a denial of service (input queue wedge) via a crafted series of RTCP packets, aka Bug ID CSCuc42518. | ||||
| Applies to: |
Created: 2014-04-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2012-4651 |
Title: Cisco IOS before 15.3(2)T, when scansafe is enabled, allows remote attackers to cause a denial of service (latency) via SYN packets that are not accompanied by SYN-ACK packets from the Scan Safe Tower, aka Bug ID CSCub85451. |
Type: Hardware |
Bulletins:
CVE-2012-4651 |
Severity: Medium |
| Description: Cisco IOS before 15.3(2)T, when scansafe is enabled, allows remote attackers to cause a denial of service (latency) via SYN packets that are not accompanied by SYN-ACK packets from the Scan Safe Tower, aka Bug ID CSCub85451. | ||||
| Applies to: |
Created: 2014-04-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2012-5044 |
Title: Cisco IOS before 15.3(1)T, when media flow-around is not used, allows remote attackers to cause a denial of service (media loops and stack memory corruption) via VoIP traffic, aka Bug ID CSCub45809. |
Type: Hardware |
Bulletins:
CVE-2012-5044 |
Severity: Medium |
| Description: Cisco IOS before 15.3(1)T, when media flow-around is not used, allows remote attackers to cause a denial of service (media loops and stack memory corruption) via VoIP traffic, aka Bug ID CSCub45809. | ||||
| Applies to: |
Created: 2014-04-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2012-5014 |
Title: Cisco IOS before 15.1(2)SY allows remote authenticated users to cause a denial of service (device crash) by establishing an SSH session from a client and then placing this client into a (1) slow or (2) idle state, aka Bug ID CSCto87436. |
Type: Hardware |
Bulletins:
CVE-2012-5014 |
Severity: Medium |
| Description: Cisco IOS before 15.1(2)SY allows remote authenticated users to cause a denial of service (device crash) by establishing an SSH session from a client and then placing this client into a (1) slow or (2) idle state, aka Bug ID CSCto87436. | ||||
| Applies to: |
Created: 2014-04-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2012-5017 |
Title: Cisco IOS before 15.1(1)SY1 allows remote authenticated users to cause a denial of service (device reload) by establishing a VPN session and then sending malformed IKEv2 packets, aka Bug ID CSCub39268. |
Type: Hardware |
Bulletins:
CVE-2012-5017 |
Severity: Medium |
| Description: Cisco IOS before 15.1(1)SY1 allows remote authenticated users to cause a denial of service (device reload) by establishing a VPN session and then sending malformed IKEv2 packets, aka Bug ID CSCub39268. | ||||
| Applies to: |
Created: 2014-04-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2012-3062 |
Title: Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID... |
Type: Hardware |
Bulletins:
CVE-2012-3062 |
Severity: Medium |
| Description: Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193. | ||||
| Applies to: |
Created: 2014-04-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2012-1366 |
Title: Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544. |
Type: Hardware |
Bulletins:
CVE-2012-1366 |
Severity: Medium |
| Description: Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544. | ||||
| Applies to: |
Created: 2014-04-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2012-4638 |
Title: Cisco IOS before 15.1(1)SY allows local users to cause a denial of service (device reload) by establishing an outbound SSH session, aka Bug ID CSCto00318. |
Type: Hardware |
Bulletins:
CVE-2012-4638 |
Severity: Medium |
| Description: Cisco IOS before 15.1(1)SY allows local users to cause a denial of service (device reload) by establishing an outbound SSH session, aka Bug ID CSCto00318. | ||||
| Applies to: |
Created: 2014-04-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2012-5036 |
Title: Cisco IOS before 12.2(50)SY1 allows remote authenticated users to cause a denial of service (memory consumption) via a sequence of VTY management sessions (aka exec sessions), aka Bug ID CSCtn43662. |
Type: Hardware |
Bulletins:
CVE-2012-5036 |
Severity: Medium |
| Description: Cisco IOS before 12.2(50)SY1 allows remote authenticated users to cause a denial of service (memory consumption) via a sequence of VTY management sessions (aka exec sessions), aka Bug ID CSCtn43662. | ||||
| Applies to: |
Created: 2014-04-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-2842 |
Title: Juniper ScreenOS 6.3 and earlier allows remote attackers to cause a denial of service (crash and restart or failover) via a malformed SSL/TLS packet. |
Type: Hardware |
Bulletins:
CVE-2014-2842 SFBID66802 |
Severity: High |
| Description: Juniper ScreenOS 6.3 and earlier allows remote attackers to cause a denial of service (crash and restart or failover) via a malformed SSL/TLS packet. | ||||
| Applies to: |
Created: 2014-04-15 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-0612 |
Title: Unspecified vulnerability in Juniper Junos before 11.4R10-S1, before 11.4R11, 12.1X44 before 12.1X44-D26, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, and 12.1X46 before 12.1X46-D10, when Dynamic IPsec VPN is configured, allows remote... |
Type: Hardware |
Bulletins:
CVE-2014-0612 SFBID66759 |
Severity: Medium |
| Description: Unspecified vulnerability in Juniper Junos before 11.4R10-S1, before 11.4R11, 12.1X44 before 12.1X44-D26, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, and 12.1X46 before 12.1X46-D10, when Dynamic IPsec VPN is configured, allows remote attackers to cause a denial of service (new Dynamic VPN connection failures and CPU and disk consumption) via unknown vectors. | ||||
| Applies to: Juniper SRX100 Juniper SRX110 Juniper SRX210 Juniper SRX220 Juniper SRX240 Juniper SRX550 Juniper SRX650 |
Created: 2014-04-14 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-2714 |
Title: The Enhanced Web Filtering (EWF) in Juniper Junos before 10.4R15, 11.4 before 11.4R9, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D10, and 12.1X46 before 12.1X46-D10, as used in the SRX Series services gateways, allows... |
Type: Hardware |
Bulletins:
CVE-2014-2714 SFBID66760 |
Severity: High |
| Description: The Enhanced Web Filtering (EWF) in Juniper Junos before 10.4R15, 11.4 before 11.4R9, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D10, and 12.1X46 before 12.1X46-D10, as used in the SRX Series services gateways, allows remote attackers to cause a denial of service (flow daemon crash and restart) via a crafted URL. | ||||
| Applies to: |
Created: 2014-04-14 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-2713 |
Title: Juniper Junos before 11.4R11, 12.1 before 12.1R9, 12.2 before 12.2R7, 12.3R4 before 12.3R4-S3, 13.1 before 13.1R4, 13.2 before 13.2R2, and 13.3 before 13.3R1, as used in MX Series and T4000 routers, allows remote attackers to cause a denial of... |
Type: Hardware |
Bulletins:
CVE-2014-2713 SFBID66764 |
Severity: Medium |
| Description: Juniper Junos before 11.4R11, 12.1 before 12.1R9, 12.2 before 12.2R7, 12.3R4 before 12.3R4-S3, 13.1 before 13.1R4, 13.2 before 13.2R2, and 13.3 before 13.3R1, as used in MX Series and T4000 routers, allows remote attackers to cause a denial of service (PFE restart) via a crafted IP packet to certain (1) Trio or (2) Cassis-based Packet Forwarding Engine (PFE) modules. | ||||
| Applies to: |
Created: 2014-04-14 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-0614 |
Title: Juniper Junos 13.2 before 13.2R3 and 13.3 before 13.3R1, when PIM is enabled, allows remote attackers to cause a denial of service (kernel panic and crash) via a large number of crafted IGMP packets. |
Type: Hardware |
Bulletins:
CVE-2014-0614 SFBID66762 |
Severity: High |
| Description: Juniper Junos 13.2 before 13.2R3 and 13.3 before 13.3R1, when PIM is enabled, allows remote attackers to cause a denial of service (kernel panic and crash) via a large number of crafted IGMP packets. | ||||
| Applies to: |
Created: 2014-04-14 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-2711 |
Title: Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 11.4R11, 11.4X27 before 11.4X27.62 (BBE), 12.1 before 12.1R9, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.2 before 12.2R7, 12.3... |
Type: Hardware |
Bulletins:
CVE-2014-2711 SFBID66770 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 11.4R11, 11.4X27 before 11.4X27.62 (BBE), 12.1 before 12.1R9, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.2 before 12.2R7, 12.3 before 12.3R6, 13.1 before 13.1R4, 13.2 before 13.2R3, and 13.3 before 13.3R1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| Applies to: |
Created: 2014-04-14 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-2712 |
Title: Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 10.0S25, 10.4 before 10.4R10, 11.4 before 11.4R11, 12.1 before 12.1R9, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, and 12.2 before... |
Type: Hardware |
Bulletins:
CVE-2014-2712 SFBID66767 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 10.0S25, 10.4 before 10.4R10, 11.4 before 11.4R11, 12.1 before 12.1R9, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, and 12.2 before 12.2R1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to index.php. | ||||
| Applies to: |
Created: 2014-04-14 |
Updated: 2025-10-08 |
||
| ID: REF000672 |
Title: openSSL Vulnerability: Heartbleed - unix |
Type: Services |
Bulletins: | Severity: High |
| Description: The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. | ||||
| Applies to: |
Created: 2014-04-10 |
Updated: 2014-04-10 |
||
| ID: CVE-2014-0160 |
Title: openSSL Vulnerability: Heartbleed |
Type: Services |
Bulletins:
CVE-2014-0160 |
Severity: Medium |
| Description: The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. | ||||
| Applies to: OpenSSL |
Created: 2014-04-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-2144 |
Title: Cisco IOS XR does not properly throttle ICMPv6 redirect packets, which allows remote attackers to cause a denial of service (IPv4 and IPv6 transit outage) via crafted redirect messages, aka Bug ID CSCum14266. |
Type: Hardware |
Bulletins:
CVE-2014-2144 |
Severity: Medium |
| Description: Cisco IOS XR does not properly throttle ICMPv6 redirect packets, which allows remote attackers to cause a denial of service (IPv4 and IPv6 transit outage) via crafted redirect messages, aka Bug ID CSCum14266. | ||||
| Applies to: |
Created: 2014-04-05 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-2143 |
Title: The IKE implementation in Cisco IOS 15.4(1)T and earlier and IOS XE allows remote attackers to cause a denial of service (security-association drop) via crafted Main Mode packets, aka Bug ID CSCun31021. |
Type: Hardware |
Bulletins:
CVE-2014-2143 |
Severity: Medium |
| Description: The IKE implementation in Cisco IOS 15.4(1)T and earlier and IOS XE allows remote attackers to cause a denial of service (security-association drop) via crafted Main Mode packets, aka Bug ID CSCun31021. | ||||
| Applies to: |
Created: 2014-04-04 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-6770 |
Title: The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by... |
Type: Mobile Devices |
Bulletins:
CVE-2013-6770 |
Severity: High |
| Description: The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by leveraging ADB shell access and a certain Linux UID, and then creating a Trojan horse script. | ||||
| Applies to: |
Created: 2014-03-31 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-2131 |
Title: The packet driver in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a series of (1) Virtual Switching Systems (VSS) or (2) Bidirectional Forwarding Detection (BFD) packets, aka Bug IDs CSCug41049 and CSCue61890. |
Type: Hardware |
Bulletins:
CVE-2014-2131 |
Severity: Medium |
| Description: The packet driver in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a series of (1) Virtual Switching Systems (VSS) or (2) Bidirectional Forwarding Detection (BFD) packets, aka Bug IDs CSCug41049 and CSCue61890. | ||||
| Applies to: |
Created: 2014-03-28 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-2109 |
Title: The TCP Input module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted TCP packets, aka Bug IDs CSCuh33843 and CSCuj41494. |
Type: Hardware |
Bulletins:
CVE-2014-2109 SFBID66470 |
Severity: High |
| Description: The TCP Input module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted TCP packets, aka Bug IDs CSCuh33843 and CSCuj41494. | ||||
| Applies to: |
Created: 2014-03-27 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-2112 |
Title: The SSL VPN (aka WebVPN) feature in Cisco IOS 15.1 through 15.4 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP requests, aka Bug ID CSCuf51357. |
Type: Hardware |
Bulletins:
CVE-2014-2112 SFBID66462 |
Severity: High |
| Description: The SSL VPN (aka WebVPN) feature in Cisco IOS 15.1 through 15.4 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP requests, aka Bug ID CSCuf51357. | ||||
| Applies to: |
Created: 2014-03-27 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-2111 |
Title: The Application Layer Gateway (ALG) module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCue00996. |
Type: Hardware |
Bulletins:
CVE-2014-2111 SFBID66470 |
Severity: High |
| Description: The Application Layer Gateway (ALG) module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCue00996. | ||||
| Applies to: |
Created: 2014-03-27 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-2106 |
Title: Cisco IOS 15.3M before 15.3(3)M2 and IOS XE 3.10.xS before 3.10.2S allow remote attackers to cause a denial of service (device reload) via crafted SIP messages, aka Bug ID CSCug45898. |
Type: Hardware |
Bulletins:
CVE-2014-2106 |
Severity: High |
| Description: Cisco IOS 15.3M before 15.3(3)M2 and IOS XE 3.10.xS before 3.10.2S allow remote attackers to cause a denial of service (device reload) via crafted SIP messages, aka Bug ID CSCug45898. | ||||
| Applies to: |
Created: 2014-03-27 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-2113 |
Title: Cisco IOS 15.1 through 15.3 and IOS XE 3.3 and 3.5 before 3.5.2E; 3.7 before 3.7.5S; and 3.8, 3.9, and 3.10 before 3.10.2S allow remote attackers to cause a denial of service (I/O memory consumption and device reload) via a malformed IPv6 packet,... |
Type: Hardware |
Bulletins:
CVE-2014-2113 SFBID66467 |
Severity: High |
| Description: Cisco IOS 15.1 through 15.3 and IOS XE 3.3 and 3.5 before 3.5.2E; 3.7 before 3.7.5S; and 3.8, 3.9, and 3.10 before 3.10.2S allow remote attackers to cause a denial of service (I/O memory consumption and device reload) via a malformed IPv6 packet, aka Bug ID CSCui59540. | ||||
| Applies to: |
Created: 2014-03-27 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-2107 |
Title: Cisco IOS 12.2 and 15.0 through 15.3, when used with the Kailash FPGA before 2.6 on RSP720-3C-10GE and RSP720-3CXL-10GE devices, allows remote attackers to cause a denial of service (route switch processor outage) via crafted IP packets, aka Bug ID... |
Type: Hardware |
Bulletins:
CVE-2014-2107 |
Severity: High |
| Description: Cisco IOS 12.2 and 15.0 through 15.3, when used with the Kailash FPGA before 2.6 on RSP720-3C-10GE and RSP720-3CXL-10GE devices, allows remote attackers to cause a denial of service (route switch processor outage) via crafted IP packets, aka Bug ID CSCug84789. | ||||
| Applies to: |
Created: 2014-03-27 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-2108 |
Title: Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.2 through 3.7 before 3.7.5S and 3.8 through 3.10 before 3.10.1S allow remote attackers to cause a denial of service (device reload) via a malformed IKEv2 packet, aka Bug ID CSCui88426. |
Type: Hardware |
Bulletins:
CVE-2014-2108 |
Severity: High |
| Description: Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.2 through 3.7 before 3.7.5S and 3.8 through 3.10 before 3.10.1S allow remote attackers to cause a denial of service (device reload) via a malformed IKEv2 packet, aka Bug ID CSCui88426. | ||||
| Applies to: |
Created: 2014-03-27 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-2124 |
Title: Cisco IOS 15.1(2)SY3 and earlier, when used with Supervisor Engine 2T (aka Sup2T) on Catalyst 6500 devices, allows remote attackers to cause a denial of service (device crash) via crafted multicast packets, aka Bug ID CSCuf60783. |
Type: Hardware |
Bulletins:
CVE-2014-2124 SFBID66301 |
Severity: High |
| Description: Cisco IOS 15.1(2)SY3 and earlier, when used with Supervisor Engine 2T (aka Sup2T) on Catalyst 6500 devices, allows remote attackers to cause a denial of service (device crash) via crafted multicast packets, aka Bug ID CSCuf60783. | ||||
| Applies to: Cisco Catalyst 6500 Series Switches |
Created: 2014-03-20 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-2292 |
Title: Unspecified vulnerability in the Linux Network Connect client in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows local users to gain privileges via... |
Type: Hardware |
Bulletins:
CVE-2014-2292 |
Severity: High |
| Description: Unspecified vulnerability in the Linux Network Connect client in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows local users to gain privileges via unspecified vectors. | ||||
| Applies to: |
Created: 2014-03-14 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-6835 |
Title: TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail address information via a... |
Type: Mobile Devices |
Bulletins:
CVE-2013-6835 SFBID66108 |
Severity: Medium |
| Description: TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail address information via a facetime-audio: URL. | ||||
| Applies to: |
Created: 2014-03-14 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-1286 |
Title: SpringBoard Lock Screen in Apple iOS before 7.1 allows remote attackers to cause a denial of service (lock-screen hang) by leveraging a state-management error. |
Type: Mobile Devices |
Bulletins:
CVE-2014-1286 |
Severity: Medium |
| Description: SpringBoard Lock Screen in Apple iOS before 7.1 allows remote attackers to cause a denial of service (lock-screen hang) by leveraging a state-management error. | ||||
| Applies to: |
Created: 2014-03-14 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-1285 |
Title: Springboard in Apple iOS before 7.1 allows physically proximate attackers to bypass intended access restrictions and read the home screen by leveraging an application crash during activation of an unactivated device. |
Type: Mobile Devices |
Bulletins:
CVE-2014-1285 |
Severity: Medium |
| Description: Springboard in Apple iOS before 7.1 allows physically proximate attackers to bypass intended access restrictions and read the home screen by leveraging an application crash during activation of an unactivated device. | ||||
| Applies to: |
Created: 2014-03-14 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-1281 |
Title: Photos Backend in Apple iOS before 7.1 does not properly manage the asset-library cache during deletions, which allows physically proximate attackers to obtain sensitive photo data by launching the Photos app and looking under a... |
Type: Mobile Devices |
Bulletins:
CVE-2014-1281 |
Severity: Low |
| Description: Photos Backend in Apple iOS before 7.1 does not properly manage the asset-library cache during deletions, which allows physically proximate attackers to obtain sensitive photo data by launching the Photos app and looking under a transparent image. | ||||
| Applies to: |
Created: 2014-03-14 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-1276 |
Title: IOKit HID Event in Apple iOS before 7.1 allows attackers to conduct user-action monitoring attacks against arbitrary apps via a crafted app that accesses an IOKit framework interface. |
Type: Mobile Devices |
Bulletins:
CVE-2014-1276 |
Severity: Medium |
| Description: IOKit HID Event in Apple iOS before 7.1 allows attackers to conduct user-action monitoring attacks against arbitrary apps via a crafted app that accesses an IOKit framework interface. | ||||
| Applies to: |
Created: 2014-03-14 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-1274 |
Title: FaceTime in Apple iOS before 7.1 allows physically proximate attackers to obtain sensitive FaceTime contact information by using the lock screen for an invalid FaceTime call. |
Type: Mobile Devices |
Bulletins:
CVE-2014-1274 |
Severity: Low |
| Description: FaceTime in Apple iOS before 7.1 allows physically proximate attackers to obtain sensitive FaceTime contact information by using the lock screen for an invalid FaceTime call. | ||||
| Applies to: |
Created: 2014-03-14 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-2291 |
Title: Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows... |
Type: Hardware |
Bulletins:
CVE-2014-2291 |
Severity: Low |
| Description: Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| Applies to: |
Created: 2014-03-14 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5133 |
Title: Backup in Apple iOS before 7.1 does not properly restrict symlinks, which allows remote attackers to overwrite files during a restore operation via crafted backup data. |
Type: Mobile Devices |
Bulletins:
CVE-2013-5133 |
Severity: High |
| Description: Backup in Apple iOS before 7.1 does not properly restrict symlinks, which allows remote attackers to overwrite files during a restore operation via crafted backup data. | ||||
| Applies to: |
Created: 2014-03-14 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-0705 |
Title: The multicast listener discovery (MLD) service on Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, 7.4 before 7.4.121.0, and 7.5, when MLDv2 Snooping is enabled, allows remote attackers to cause a denial of service (device restart) via a... |
Type: Hardware |
Bulletins:
CVE-2014-0705 |
Severity: High |
| Description: The multicast listener discovery (MLD) service on Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, 7.4 before 7.4.121.0, and 7.5, when MLDv2 Snooping is enabled, allows remote attackers to cause a denial of service (device restart) via a malformed IPv6 MLDv2 packet, aka Bug ID CSCuh74233. | ||||
| Applies to: |
Created: 2014-03-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-0704 |
Title: The IGMP implementation on Cisco Wireless LAN Controller (WLC) devices 4.x, 5.x, 6.x, 7.0 before 7.0.250.0, 7.1, 7.2, and 7.3, when IGMPv3 Snooping is enabled, allows remote attackers to cause a denial of service (memory over-read and device... |
Type: Hardware |
Bulletins:
CVE-2014-0704 |
Severity: High |
| Description: The IGMP implementation on Cisco Wireless LAN Controller (WLC) devices 4.x, 5.x, 6.x, 7.0 before 7.0.250.0, 7.1, 7.2, and 7.3, when IGMPv3 Snooping is enabled, allows remote attackers to cause a denial of service (memory over-read and device restart) via a crafted field in an IGMPv3 message, aka Bug ID CSCuh33240. | ||||
| Applies to: |
Created: 2014-03-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-0703 |
Title: Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distribute Aironet IOS software with a race condition in the status of the administrative HTTP server, which allows remote attackers to bypass intended access restrictions by... |
Type: Hardware |
Bulletins:
CVE-2014-0703 |
Severity: High |
| Description: Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distribute Aironet IOS software with a race condition in the status of the administrative HTTP server, which allows remote attackers to bypass intended access restrictions by connecting to an Aironet access point on which this server had been disabled ineffectively, aka Bug ID CSCuf66202. | ||||
| Applies to: |
Created: 2014-03-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-0707 |
Title: Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCuf80681. |
Type: Hardware |
Bulletins:
CVE-2014-0707 |
Severity: High |
| Description: Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCuf80681. | ||||
| Applies to: |
Created: 2014-03-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-0706 |
Title: Cisco Wireless LAN Controller (WLC) devices 7.2 before 7.2.115.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCue87929. |
Type: Hardware |
Bulletins:
CVE-2014-0706 |
Severity: High |
| Description: Cisco Wireless LAN Controller (WLC) devices 7.2 before 7.2.115.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCue87929. | ||||
| Applies to: |
Created: 2014-03-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-0701 |
Title: Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, 7.3, and 7.4 before 7.4.110.0 do not properly deallocate memory, which allows remote attackers to cause a denial of service (reboot) by sending WebAuth login requests at a high... |
Type: Hardware |
Bulletins:
CVE-2014-0701 |
Severity: High |
| Description: Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, 7.3, and 7.4 before 7.4.110.0 do not properly deallocate memory, which allows remote attackers to cause a denial of service (reboot) by sending WebAuth login requests at a high rate, aka Bug ID CSCuf52361. | ||||
| Applies to: |
Created: 2014-03-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-4710 |
Title: Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a... |
Type: Mobile Devices |
Bulletins:
CVE-2013-4710 |
Severity: High |
| Description: Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636. | ||||
| Applies to: |
Created: 2014-03-02 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-0741 |
Title: The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command,... |
Type: Hardware |
Bulletins:
CVE-2014-0741 |
Severity: Medium |
| Description: The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command, aka Bug ID CSCum95461. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-26 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-0743 |
Title: The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID... |
Type: Hardware |
Bulletins:
CVE-2014-0743 |
Severity: Medium |
| Description: The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID CSCum95468. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-26 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-0742 |
Title: The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors,... |
Type: Hardware |
Bulletins:
CVE-2014-0742 |
Severity: Medium |
| Description: The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors, aka Bug ID CSCum95464. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-26 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-0747 |
Title: The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493. |
Type: Hardware |
Bulletins:
CVE-2014-0747 |
Severity: Medium |
| Description: The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-26 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-0740 |
Title: Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to... |
Type: Hardware |
Bulletins:
CVE-2014-0740 |
Severity: Medium |
| Description: Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of administrators for requests that make administrative changes, aka Bug ID CSCun00701. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-26 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-0731 |
Title: The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, aka Bug ID CSCum46497. |
Type: Hardware |
Bulletins:
CVE-2014-0731 |
Severity: Medium |
| Description: The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, aka Bug ID CSCum46497. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-22 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-0732 |
Title: The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct... |
Type: Hardware |
Bulletins:
CVE-2014-0732 |
Severity: Medium |
| Description: The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct request to a URL, aka Bug ID CSCum46495. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-20 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-0733 |
Title: The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a... |
Type: Hardware |
Bulletins:
CVE-2014-0733 |
Severity: Medium |
| Description: The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a URL, aka Bug ID CSCum46494. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-20 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-0734 |
Title: SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka... |
Type: Hardware |
Bulletins:
CVE-2014-0734 SFBID65645 |
Severity: High |
| Description: SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum46483. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-20 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-0735 |
Title: Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug... |
Type: Hardware |
Bulletins:
CVE-2014-0735 SFBID65641 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum46470. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-20 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-0736 |
Title: Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary... |
Type: Hardware |
Bulletins:
CVE-2014-0736 |
Severity: Medium |
| Description: Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make CAR modifications, aka Bug ID CSCum46468. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-20 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-2019 |
Title: The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this... |
Type: Mobile Devices |
Bulletins:
CVE-2014-2019 |
Severity: Medium |
| Description: The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by entering an arbitrary iCloud Account Password value and a blank iCloud Account Description value. | ||||
| Applies to: |
Created: 2014-02-18 |
Updated: 2025-10-08 |
||
| ID: REF000670 |
Title: End of Windows XP support from Microsoft |
Type: Software |
Bulletins: | Severity: High |
| Description: Windows XP support from Microsoft is due on 8 April 2014. No new security patches, regular updates and bug fixes for Windows XP will provided after this date, thus making these systems vulnerable and very dangerous from a security point of view. It is recommended to inventory all Windows XP systems from the network and plan their phase out or upgrade to a newer operating system. More details are available here: http://windows.microsoft.com/en-US/windows/end-support-help | ||||
| Applies to: |
Created: 2014-02-15 |
Updated: 2014-02-15 |
||
| ID: CVE-2014-0722 |
Title: The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote attackers to cause a denial of service (performance degradation) via unspecified use of this application, aka... |
Type: Hardware |
Bulletins:
CVE-2014-0722 |
Severity: Medium |
| Description: The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote attackers to cause a denial of service (performance degradation) via unspecified use of this application, aka Bug ID CSCum05347. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-13 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-0724 |
Title: The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified prompt, aka Bug ID CSCum05340. |
Type: Hardware |
Bulletins:
CVE-2014-0724 |
Severity: Medium |
| Description: The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified prompt, aka Bug ID CSCum05340. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-13 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-0728 |
Title: SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313. |
Type: Hardware |
Bulletins:
CVE-2014-0728 SFBID65499 |
Severity: High |
| Description: SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-13 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-0726 |
Title: SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05326. |
Type: Hardware |
Bulletins:
CVE-2014-0726 SFBID65514 |
Severity: High |
| Description: SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05326. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-13 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-0729 |
Title: SQL injection vulnerability in the Enterprise Mobility Application (EMApp) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05302. |
Type: Hardware |
Bulletins:
CVE-2014-0729 SFBID65501 |
Severity: High |
| Description: SQL injection vulnerability in the Enterprise Mobility Application (EMApp) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05302. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-13 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-0727 |
Title: SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318. |
Type: Hardware |
Bulletins:
CVE-2014-0727 SFBID65516 |
Severity: High |
| Description: SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-13 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-0723 |
Title: Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum05343. |
Type: Hardware |
Bulletins:
CVE-2014-0723 SFBID65495 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum05343. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-13 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-0725 |
Title: Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file storage location," aka Bug ID CSCum05337. |
Type: Hardware |
Bulletins:
CVE-2014-0725 |
Severity: Medium |
| Description: Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file storage location," aka Bug ID CSCum05337. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-13 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-0686 |
Title: Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908. |
Type: Hardware |
Bulletins:
CVE-2014-0686 SFBID65281 |
Severity: Medium |
| Description: Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-02-04 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-7313 |
Title: The OSPF implementation in Juniper Junos through 13.x, JunosE, and ScreenOS through 6.3.x does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database,... |
Type: Hardware |
Bulletins:
CVE-2013-7313 |
Severity: Medium |
| Description: The OSPF implementation in Juniper Junos through 13.x, JunosE, and ScreenOS through 6.3.x does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. | ||||
| Applies to: |
Created: 2014-01-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-0661 |
Title: The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote attackers to execute arbitrary commands or cause a... |
Type: Hardware |
Bulletins:
CVE-2014-0661 SFBID65071 |
Severity: High |
| Description: The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote attackers to execute arbitrary commands or cause a denial of service (stack memory corruption) via a crafted XML-RPC message, aka Bug ID CSCui32796. | ||||
| Applies to: Cisco TX 9000 Cisco TX 9200 Cisco TelePresence System 1000 Cisco TelePresence System 1100 Cisco TelePresence System 3000 Cisco TelePresence System 3010 Cisco TelePresence System 3200 Cisco TelePresence System 3210 |
Created: 2014-01-22 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-0677 |
Title: The Label Distribution Protocol (LDP) functionality in Cisco NX-OS allows remote attackers to cause a denial of service (temporary LDP session outage) via LDP discovery traffic containing malformed Hello messages, aka Bug ID CSCul88851. |
Type: Hardware |
Bulletins:
CVE-2014-0677 SFBID65074 |
Severity: Medium |
| Description: The Label Distribution Protocol (LDP) functionality in Cisco NX-OS allows remote attackers to cause a denial of service (temporary LDP session outage) via LDP discovery traffic containing malformed Hello messages, aka Bug ID CSCul88851. | ||||
| Applies to: |
Created: 2014-01-22 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-0676 |
Title: Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367. |
Type: Hardware |
Bulletins:
CVE-2014-0676 SFBID65083 |
Severity: Medium |
| Description: Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367. | ||||
| Applies to: |
Created: 2014-01-22 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-3594 |
Title: The SSH service on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device reset) or possibly execute arbitrary code by sending many packets to TCP port 22. |
Type: Hardware |
Bulletins:
CVE-2013-3594 |
Severity: High |
| Description: The SSH service on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device reset) or possibly execute arbitrary code by sending many packets to TCP port 22. | ||||
| Applies to: PowerConnect 3048 PowerConnect 3524P PowerConnect 5324 |
Created: 2014-01-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-3595 |
Title: The OpenManage web application 2.5 build 1.19 on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote authenticated users to cause a denial of service (device reset) via a direct request to an unspecified OSPF URL. |
Type: Hardware |
Bulletins:
CVE-2013-3595 |
Severity: Medium |
| Description: The OpenManage web application 2.5 build 1.19 on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote authenticated users to cause a denial of service (device reset) via a direct request to an unspecified OSPF URL. | ||||
| Applies to: PowerConnect 3048 PowerConnect 3524P PowerConnect 5324 |
Created: 2014-01-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-3606 |
Title: The login page in the GoAhead web server on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device outage) via a long username. |
Type: Hardware |
Bulletins:
CVE-2013-3606 |
Severity: High |
| Description: The login page in the GoAhead web server on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device outage) via a long username. | ||||
| Applies to: PowerConnect 3048 PowerConnect 3524P PowerConnect 5324 |
Created: 2014-01-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-0613 |
Title: The XNM command processor in Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before... |
Type: Hardware |
Bulletins:
CVE-2014-0613 |
Severity: High |
| Description: The XNM command processor in Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before 13.1R3-S1, 13.2 before 13.2R2-S2, and 13.3 before 13.3R1, when xnm-ssl or xnm-clear-text is enabled, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | ||||
| Applies to: |
Created: 2014-01-15 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-0617 |
Title: Juniper Junos 10.4S before 10.4S15, 10.4R before 10.4R16, 11.4 before 11.4R9, and 12.1R before 12.1R7 on SRX Series service gateways allows remote attackers to cause a denial of service (flowd crash) via a crafted IP packet. |
Type: Hardware |
Bulletins:
CVE-2014-0617 SFBID64764 |
Severity: High |
| Description: Juniper Junos 10.4S before 10.4S15, 10.4R before 10.4R16, 11.4 before 11.4R9, and 12.1R before 12.1R7 on SRX Series service gateways allows remote attackers to cause a denial of service (flowd crash) via a crafted IP packet. | ||||
| Applies to: Juniper SRX100 Juniper SRX110 Juniper SRX1400 Juniper SRX210 Juniper SRX220 Juniper SRX240 Juniper SRX3400 Juniper SRX3600 Juniper SRX550 Juniper SRX5600 Juniper SRX5800 Juniper SRX650 |
Created: 2014-01-15 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-0615 |
Title: Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before 13.1R3-S1, 13.2 before 13.2R2,... |
Type: Hardware |
Bulletins:
CVE-2014-0615 SFBID64762 |
Severity: High |
| Description: Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before 13.1R3-S1, 13.2 before 13.2R2, and 13.3 before 13.3R1 allows local users to gain privileges via vectors related to "certain combinations of Junos OS CLI commands and arguments." | ||||
| Applies to: |
Created: 2014-01-15 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-0616 |
Title: Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R4-S2, 13.1 before 13.1R3-S1, 13.2 before 13.2R2,... |
Type: Hardware |
Bulletins:
CVE-2014-0616 SFBID64766 |
Severity: High |
| Description: Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R4-S2, 13.1 before 13.1R3-S1, 13.2 before 13.2R2, and 13.3 before 13.3R1 allows remote attackers to cause a denial of service (rdp crash) via a large BGP UPDATE message which immediately triggers a withdraw message to be sent, as demonstrated by a long AS_PATH and a large number of BGP Communities. | ||||
| Applies to: |
Created: 2014-01-15 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-0618 |
Title: Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R before 12.1R7, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on SRX Series service gateways, when used as a UAC enforcer and captive portal is enabled, allows remote... |
Type: Hardware |
Bulletins:
CVE-2014-0618 SFBID64769 |
Severity: High |
| Description: Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R before 12.1R7, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on SRX Series service gateways, when used as a UAC enforcer and captive portal is enabled, allows remote attackers to cause a denial of service (flowd crash) via a crafted HTTP message. | ||||
| Applies to: Juniper SRX100 Juniper SRX110 Juniper SRX1400 Juniper SRX210 Juniper SRX220 Juniper SRX240 Juniper SRX3400 Juniper SRX3600 Juniper SRX550 Juniper SRX5600 Juniper SRX5800 Juniper SRX650 |
Created: 2014-01-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-0653 |
Title: The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to trigger authentication-state modifications via a crafted NetBIOS logout probe response, aka Bug ID CSCuj45340. |
Type: Hardware |
Bulletins:
CVE-2014-0653 SFBID64708 |
Severity: Medium |
| Description: The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to trigger authentication-state modifications via a crafted NetBIOS logout probe response, aka Bug ID CSCuj45340. | ||||
| Applies to: |
Created: 2014-01-08 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-0655 |
Title: The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to change the user-cache contents via a replay attack involving crafted RADIUS Change of Authorization (CoA) messages, aka Bug ID... |
Type: Hardware |
Bulletins:
CVE-2014-0655 SFBID64700 |
Severity: Medium |
| Description: The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to change the user-cache contents via a replay attack involving crafted RADIUS Change of Authorization (CoA) messages, aka Bug ID CSCuj45332. | ||||
| Applies to: |
Created: 2014-01-08 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-6982 |
Title: The BGP implementation in Cisco NX-OS 6.2(2a) and earlier does not properly handle the interaction of UPDATE messages with IPv6, VPNv4, and VPNv6 labeled unicast-address families, which allows remote attackers to cause a denial of service (peer... |
Type: Hardware |
Bulletins:
CVE-2013-6982 SFBID64670 |
Severity: Medium |
| Description: The BGP implementation in Cisco NX-OS 6.2(2a) and earlier does not properly handle the interaction of UPDATE messages with IPv6, VPNv4, and VPNv6 labeled unicast-address families, which allows remote attackers to cause a denial of service (peer reset) via a crafted message, aka Bug ID CSCuj03174. | ||||
| Applies to: |
Created: 2014-01-08 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-0657 |
Title: The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a... |
Type: Hardware |
Bulletins:
CVE-2014-0657 SFBID64690 |
Severity: Medium |
| Description: The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a forbidden portal URL, aka Bug ID CSCuj83540. | ||||
| Applies to: Unified Communications Manager |
Created: 2014-01-08 |
Updated: 2025-10-08 |
||
