CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2014

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
901 CVE-2014-6491 2014-10-15 2018-12-18
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500.
902 CVE-2014-6490 2014-10-15 2015-11-06
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via vectors related to SMB server user component.
903 CVE-2014-6489 2014-10-15 2017-01-03
5.5
None Remote Low ??? None Partial Partial
Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and availability via vectors related to SERVER:SP.
904 CVE-2014-6488 2014-10-15 2015-11-06
2.1
None Remote High ??? None Partial None
Unspecified vulnerability in the Enterprise Manager for Oracle Database component in Oracle Enterprise Manager Grid Control EM Base Platform: 10.2.0.5, 11.1.0.1 EM DB Control: 11.1.0.7, 11.2.0.3, 11.2.0.4 EM Plugin for DB: 12.1.0.4, 12.1.0.5, and 12.1.0.6 allows remote authenticated users to affect integrity via unknown vectors related to Content Management.
905 CVE-2014-6487 2014-10-15 2015-11-09
3.5
None Remote Medium ??? None Partial None
Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote authenticated users to affect integrity via unknown vectors related to End User Self Service.
906 CVE-2014-6486 2014-10-15 2015-11-06
4.0
None Remote Low ??? None Partial None
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect integrity via unknown vectors related to Talent Acquisition Manager - Security.
907 CVE-2014-6485 2014-10-15 2020-09-08
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 8u20 and JavaFX 2.2.65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
908 CVE-2014-6484 2014-10-15 2018-12-18
4.0
None Remote Low ??? None None Partial
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:DML.
909 CVE-2014-6483 2014-10-15 2015-11-06
6.0
None Remote Medium ??? Partial Partial Partial
Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.6 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
910 CVE-2014-6482 2014-10-15 2015-11-06
4.0
None Remote Low ??? None Partial None
Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect integrity via unknown vectors related to Updates Change Assistant.
911 CVE-2014-6479 2014-10-15 2015-11-04
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the Oracle Applications Technology component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect confidentiality via vectors related to OC4J Configuration.
912 CVE-2014-6478 2014-10-15 2018-12-18
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.
913 CVE-2014-6476 2014-10-15 2020-09-08
5.0
None Remote Low Not required None Partial None
Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527.
914 CVE-2014-6475 2014-10-15 2015-11-06
3.5
None Remote Medium ??? Partial None None
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52, 8.53, and 8.54 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.
915 CVE-2014-6474 2014-10-15 2017-01-03
3.5
None Remote Medium ??? None None Partial
Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED.
916 CVE-2014-6473 2014-10-15 2015-11-06
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Zone Framework.
917 CVE-2014-6472 2014-10-15 2015-11-04
5.0
None Remote Low Not required None Partial None
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via vectors related to LOV, a different vulnerability than CVE-2014-6539.
918 CVE-2014-6471 2014-10-15 2015-11-04
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via vectors related to OAM Diagnostics.
919 CVE-2014-6470 2014-10-15 2015-11-06
6.8
None Local Low ??? Complete Complete Complete
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Archive Utility.
920 CVE-2014-6469 2014-10-15 2018-12-18
6.8
None Remote Low ??? None None Complete
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.
921 CVE-2014-6468 2014-10-15 2020-09-08
6.8
None Remote Low ??? None None Complete
Unspecified vulnerability in Oracle Java SE 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
922 CVE-2014-6467 2014-10-15 2015-11-06
9.0
None Remote Low ??? Complete Complete Complete
Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-6453, CVE-2014-6545, and CVE-2014-6560.
923 CVE-2014-6466 2014-10-15 2020-09-08
6.9
None Local Medium Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
924 CVE-2014-6465 2014-10-15 2015-11-06
6.3
None Remote Medium ??? None None Complete
Unspecified vulnerability in the Oracle Communications Session Border Controller component in Oracle Communications Applications SCX640m5 allows remote authenticated users to affect availability via unknown vectors related to Lawful Intercept.
925 CVE-2014-6464 2014-10-15 2018-12-18
4.0
None Remote Low ??? None None Partial
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.
926 CVE-2014-6463 2014-10-15 2018-12-18
3.3
None Remote Low ??? None None Partial
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.
927 CVE-2014-6462 2014-10-15 2015-11-06
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.2.1 and 11.1.2.2 allows remote attackers to affect integrity via unknown vectors related to Admin Console.
928 CVE-2014-6461 2014-10-15 2015-11-06
4.9
None Remote Medium ??? Partial Partial None
Unspecified vulnerability in the Agile PLM component in Oracle Supply Chain Products Suite 9.3.1.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Roles & Privileges.
929 CVE-2014-6460 2014-10-15 2015-11-06
4.9
None Remote Medium ??? Partial Partial None
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52, 8.53, and 8.54 allows remote authenticated users to affect confidentiality and integrity via vectors related to QUERY.
930 CVE-2014-6459 2014-10-15 2014-11-19
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv), a different vulnerability than CVE-2014-2472, CVE-2014-2474, and CVE-2014-2476.
931 CVE-2014-6458 2014-10-15 2020-09-08
6.9
None Local Medium Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
932 CVE-2014-6457 2014-10-15 2020-09-08
4.0
None Remote High Not required None Partial Partial
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
933 CVE-2014-6456 2014-10-15 2020-09-08
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
934 CVE-2014-6455 2014-10-15 2015-11-13
9.0
None Remote Low ??? Complete Complete Complete
Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
935 CVE-2014-6454 2014-10-15 2015-11-13
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4298, CVE-2014-4299, CVE-2014-4300, CVE-2014-6452, and CVE-2014-6542.
936 CVE-2014-6453 2014-10-15 2015-11-17
9.0
None Remote Low ??? Complete Complete Complete
Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-6467, CVE-2014-6545, and CVE-2014-6560.
937 CVE-2014-6452 2014-10-15 2014-10-24
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4298, CVE-2014-4299, CVE-2014-4300, CVE-2014-6454, and CVE-2014-6542.
938 CVE-2014-6439 79 XSS 2014-10-10 2018-10-09
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the CORS functionality in Elasticsearch before 1.4.0.Beta1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
939 CVE-2014-6434 78 Exec Code 2014-10-07 2014-10-08
10.0
None Remote Low Not required Complete Complete Complete
gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary commands via a the (1) a1 or (2) a2 parameter in a restart action.
940 CVE-2014-6433 94 2014-10-07 2014-10-08
10.0
None Remote Low Not required Complete Complete Complete
gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary files via a the (1) a1 or (2) a2 parameter in a start action.
941 CVE-2014-6414 264 2014-10-02 2018-10-19
4.0
None Remote Low ??? None Partial None
OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors.
942 CVE-2014-6409 352 1 CSRF 2014-10-06 2017-09-08
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in M/Monit 3.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that change user passwords via the fullname and password parameters to /admin/users/update.
943 CVE-2014-6394 22 Dir. Trav. 2014-10-08 2017-09-08
7.5
None Remote Low Not required Partial Partial Partial
visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory.
944 CVE-2014-6389 94 1 Exec Code 2014-10-06 2017-09-08
7.5
None Remote Low Not required Partial Partial Partial
backup.php in PHPCompta/NOALYSS before 6.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the d parameter.
945 CVE-2014-6387 287 Bypass 2014-10-22 2021-01-12
5.0
None Remote Low Not required None Partial None
gpc_api.php in MantisBT 1.2.17 and earlier allows remote attackers to bypass authenticated via a password starting will a null byte, which triggers an unauthenticated bind.
946 CVE-2014-6380 DoS 2014-10-14 2017-09-08
7.8
None Remote Low Not required None None Complete
Juniper Junos 11.4 before R11, 12.1 before R9, 12.1X44 before D30, 12.1X45 before D20, 12.1X46 before D15, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4, 13.1X49 before D55, 13.1X50 before D30, 13.2 before R4, 13.2X50 before D20, 13.2X51 before D15, 13.2X52 before D15, 13.3 before R1, when using an em interface to connect to a certain internal network, allows remote attackers to cause a denial of service (em driver bock and FPC reset or "go offline") via a series of crafted (1) CLNP fragmented packets, when clns-routing or ESIS is configured, or (2) IPv4 or (3) IPv6 fragmented packets.
947 CVE-2014-6379 287 Bypass 2014-10-14 2017-09-08
7.5
None Remote Low Not required Partial Partial Partial
Juniper Junos 11.4 before R12, 12.1 before R10, 12.1X44 before D35, 12.1X45 before D25, 12.1X46 before D20, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S3, 13.1X49 before D55, 13.1X50 before D30, 13.2 before R4, 13.2X50 before D20, 13.2X51 before D26 and D30, 13.2X52 before D15, 13.3 before R2, and 14.1 before R1, when a RADIUS accounting server is configured as [system accounting destination radius], creates an entry in /var/etc/pam_radius.conf, which might allow remote attackers to bypass authentication via unspecified vectors.
948 CVE-2014-6378 399 DoS 2014-10-14 2017-09-08
7.8
None Remote Low Not required None None Complete
Juniper Junos 11.4 before R12-S4, 12.1X44 before D35, 12.1X45 before D30, 12.1X46 before D25, 12.1X47 before D10, 12.2 before R9, 12.2X50 before D70, 12.3 before R7, 13.1 before R4 before S3, 13.1X49 before D55, 13.1X50 before D30, 13.2 before R5, 13.2X50 before D20, 13.2X51 before D26 and D30, 13.2X52 before D15, 13.3 before R3, and 14.1 before R1 allows remote attackers to cause a denial of service (router protocol daemon crash) via a crafted RSVP PATH message.
949 CVE-2014-6377 399 DoS 2014-10-14 2017-09-08
7.8
None Remote Low Not required None None Complete
Juniper JunosE before 13.3.3p0-1, 14.x before 14.3.2, and 15.x before 15.1.0, when DEBUG severity icmpTraffic logging is enabled, allows remote attackers to cause a denial of service (SRP reset) via a crafted ICMP packet to the (1) interface or (2) loopback IP address, which triggers a processor exception in ip_RxData_8.
950 CVE-2014-6352 94 Exec Code 2014-10-22 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted PowerPoint document.
Total number of vulnerabilities : 1414   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 (This Page)20 21 22 23 24 25 26 27 28 29
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.