CVE-2014-5349

This is an entry in the Common Vulnerability Index under number CVE-2014-5349. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2014-5349

Description: Stack-based buffer overflow in Baidu Spark Browser 26.5.9999.3511 allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print JavaScript function.

Continue Reading …

CVE-2014-1518

This is an entry in the Common Vulnerability Index under number CVE-2014-1518. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2014-1518

Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Continue Reading …

CVE-2014-7970

This is an entry in the Common Vulnerability Index under number CVE-2014-7970. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2014-7970

Description: The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via .

Continue Reading …

CVE-2014-2042

This is an entry in the Common Vulnerability Index under number CVE-2014-2042. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2014-2042

Description: Unrestricted file upload vulnerability in the Manage Project functionality in Livetecs Timelive before 6.5.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension,

Continue Reading …

CVE-2014-7836

This is an entry in the Common Vulnerability Index under number CVE-2014-7836. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2014-7836

Description: Multiple cross-site request forgery (CSRF) vulnerabilities in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for a (1) mod/lti/request_tool.php or (2) mod/lti/instructor_edit_tool_type.php request.

Continue Reading …

CVE-2014-3043

This is an entry in the Common Vulnerability Index under number CVE-2014-3043. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2014-3043

Description: IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.3 allows remote authenticated users to gain privileges by leveraging access to the service account.

Status: Candidate

Note for CVEs with status “Candidate”: Candidates must be reviewed and accepted by the CVE Editorial Board before they can be added to the official CVE list.Continue Reading …

CVE-2014-2639

This is an entry in the Common Vulnerability Index under number CVE-2014-2639. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2014-2639

Description: Unspecified vulnerability in HP MPIO Device Specific Module Manager before 4.02.00 allows local users to gain privileges via unknown vectors.

Status: Candidate

Note for CVEs with status “Candidate”: Candidates must be reviewed and accepted by the CVE Editorial Board before they can be added to the official CVE list.Continue Reading …

CVE-2014-6563

This is an entry in the Common Vulnerability Index under number CVE-2014-6563. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2014-6563

Description: Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors,

Continue Reading …

CVE-2014-7688

This is an entry in the Common Vulnerability Index under number CVE-2014-7688. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2014-7688

Description: The Home Improvement (aka com.whomeimprovementapp) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Continue Reading …