CVE Database Year: 2014
CVE-2014-0001: Buffer Overflow in MySQL and MariaDB Allows Remote Code Execution
CVE-2014-0002: XML External Entity (XXE) vulnerability in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and potentially cause other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference in the XSLT component.
CVE-2014-0003: Arbitrary Java Method Execution in Apache Camel XSLT Component
CVE-2014-0004: Stack-based Buffer Overflow in udisks: Local Denial of Service and Possible Arbitrary Code Execution
CVE-2014-0005: Remote Code Execution via Crafted Application Deployment in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2
CVE-2014-0006: Timing Side-Channel Attack in OpenStack Object Storage (Swift) Allows Secret URL Retrieval
CVE-2014-0007: Arbitrary Command Execution in Smart-Proxy
CVE-2014-0008: Cleartext Password Logging Vulnerability in Moodle
CVE-2014-0009: Unrestricted Login As Vulnerability in Moodle
CVE-2014-0010: CSRF Vulnerabilities in Moodle User Profile Deletion
CVE-2014-0011: Heap-based Buffer Overflow Vulnerabilities in TigerVNC's ZRLE_DECODE Function
CVE-2014-0012: Incomplete Fix for CVE-2014-1402: Privilege Escalation via FileSystemBytecodeCache in Jinja2 2.7.2
CVE-2014-0013: Cross-Site Scripting (XSS) vulnerability in Ember.js versions 1.0.x to 1.4.x
CVE-2014-0014: Cross-Site Scripting (XSS) vulnerability in Ember.js versions 1.0.x to 1.4.x
CVE-2014-0015: NTLM Connection Reuse Vulnerability
CVE-2014-0016: Insecure PRNG State Update in stunnel before 5.00
CVE-2014-0017: Shared State Vulnerability in libssh's RAND_bytes Function
CVE-2014-0018: Local Privilege Escalation via Crafted Deployment in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.0 and JBoss WildFly Application Server
CVE-2014-0019: Stack-based Buffer Overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 via Long Server Name in PROXY-CONNECT Address
CVE-2014-0020: Denial of Service Vulnerability in Pidgin's IRC Protocol Plugin
CVE-2014-0021: Traffic Amplification Vulnerability in Chrony before 1.29.1
CVE-2014-0022: Bypassing RPM Package Signing Restriction in yum-cron/yum-cron.py
CVE-2014-0023: Temporary File Creation Vulnerability in OpenShift Install Script Allows Arbitrary Code Execution
CVE-2014-0026: CSRF Vulnerability in katello-headpin REST API
CVE-2014-0027: Arbitrary File Modification Vulnerability in Flite 1.4
CVE-2014-0028: Bypassing ACL Restrictions in libvirt's Event Registration API
CVE-2014-0029: Multiple Cross-Site Scripting (XSS) Vulnerabilities in Red Hat Katello-Headpin SAM Web Application
CVE-2014-0030: XML External Entity (XXE) Vulnerability in Apache Roller
CVE-2014-0031: Unauthorized Access to Network ACLs in Apache CloudStack
CVE-2014-0032: Denial of Service Vulnerability in Apache Subversion's mod_dav_svn Module
CVE-2014-0033: Session Fixation Vulnerability in Apache Tomcat 6.0.33 through 6.0.37
CVE-2014-0034: SAML Token Validation Bypass Vulnerability in Apache CXF
CVE-2014-0035: Cleartext Transmission of UsernameToken in Apache CXF
CVE-2014-0036: Insecure SSL Verification in rbovirt Gem Allows Man-in-the-Middle Attacks
CVE-2014-0037: Denial of Service Vulnerability in Zarafa 5.00
CVE-2014-0038: Privilege Escalation via Crafted Timeout Pointer in compat_sys_recvmmsg Function
CVE-2014-0039: Untrusted Search Path Vulnerability in fwsnort before 1.6.4
CVE-2014-0040: Man-in-the-Middle Attack Vulnerability in OpenStack Heat Templates
CVE-2014-0041: SSL Bypass Vulnerability in OpenStack Heat Templates
CVE-2014-0042: Arbitrary Package Installation Vulnerability in OpenStack Heat Templates
CVE-2014-0043: Apache Wicket Classpath Information Disclosure Vulnerability
CVE-2014-0044: Denial of Service Vulnerability in Mumble 1.2.4 and 1.2.3 Pre-release Snapshots
CVE-2014-0045: Heap-based buffer over-read and over-write vulnerability in Mumble client allows for remote code execution
CVE-2014-0046: Arbitrary web script injection vulnerability in Ember.js link-to helper
CVE-2014-0047: Unspecified Impact Vulnerability in Docker before 1.5
CVE-2014-0048: Insecure Execution of Downloaded Programs in Docker
CVE-2014-0049: Buffer Overflow in complete_emulated_mmio Function in Linux Kernel
CVE-2014-0050: Denial of Service via Crafted Content-Type Header in MultipartStream.java
CVE-2014-0053: Unrestricted Access to Files in WEB-INF Directory
CVE-2014-0054: XML External Entity (XXE) Vulnerability in Jaxb2RootElementHttpMessageConverter in Spring MVC
CVE-2014-0055: Denial of Service Vulnerability in vhost-net Subsystem
CVE-2014-0056: Arbitrary Tenant Port Plugging Vulnerability in OpenStack Neutron
CVE-2014-0057: Arbitrary Method Execution Vulnerability in Red Hat CloudForms 3.0 Management Engine 5.2
CVE-2014-0058: Plaintext Logging Vulnerability in Red Hat JBoss EAP 6.x
CVE-2014-0059: World-readable permissions on audit.log in JBoss SX and PicketBox
CVE-2014-0060: Arbitrary User Addition Vulnerability in PostgreSQL
CVE-2014-0061: Privilege Escalation via Validator Functions in PostgreSQL
CVE-2014-0062: Race condition vulnerability in CREATE INDEX and ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3
CVE-2014-0063: Stack-based buffer overflows in PostgreSQL versions before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3
CVE-2014-0064: Multiple integer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 leading to buffer overflow
CVE-2014-0065: Multiple buffer overflow vulnerabilities in PostgreSQL versions before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3
CVE-2014-0066: NULL Pointer Dereference Vulnerability in PostgreSQL chkpass Extension
CVE-2014-0067: Privilege Escalation via Improper Authentication Requirements in PostgreSQL Test Suites
CVE-2014-0068: World-Writable Permissions in Watchman Files in OpenShift Node-Utils
CVE-2014-0069: Memory Corruption and Privilege Escalation Vulnerability in Linux Kernel's cifs_iovec_write Function
CVE-2014-0071: Default Security Group Bypass in PackStack Red Hat OpenStack 4.0
CVE-2014-0072: SSL Server Spoofing in Apache Cordova File-Transfer Plugin for iOS
CVE-2014-0073: Arbitrary JavaScript Execution via In-App-Browser Callback Identifier Validation Vulnerability
CVE-2014-0074: Unauthenticated Bind Bypass Vulnerability in Apache Shiro
CVE-2014-0075: Denial of Service Vulnerability in Apache Tomcat's ChunkedInputFilter
CVE-2014-0076: Montgomery Ladder Implementation Vulnerability in OpenSSL
CVE-2014-0077: Memory Corruption and Privilege Escalation Vulnerability in Linux Kernel
CVE-2014-0078: Arbitrary Catalog Deletion Vulnerability in Red Hat CloudForms Management Engine (CFME)
CVE-2014-0079: Denial of Service Vulnerability in Zarafa's ValidateUserLogon Function
CVE-2014-0080: SQL Injection Vulnerability in Active Record in Ruby on Rails 4.0.x and 4.1.0.beta1
CVE-2014-0081: Cross-Site Scripting (XSS) Vulnerabilities in Ruby on Rails Number Helper
CVE-2014-0082: Denial of Service Vulnerability in Action View in Ruby on Rails 3.x before 3.2.17
CVE-2014-0083: Weak Salt Generation in Ruby net-ldap Gem
CVE-2014-0084: Denial of Service Vulnerability in openshift-origin-node Ruby Gem
CVE-2014-0085: Unencrypted Passwords in JBoss Fuse Logging Vulnerability
CVE-2014-0086: Denial of Service Vulnerability in JBoss RichFaces 4.3.4, 4.3.5, and 5.x
CVE-2014-0087: Improper RBAC Checking in ManageIQ Allows Privilege Bypass
CVE-2014-0088: Arbitrary Code Execution Vulnerability in nginx SPDY Implementation
CVE-2014-0089: Arbitrary Web Script Injection in Foreman 1.4.x
CVE-2014-0090: Session Fixation Vulnerability in Foreman 1.4.2 and earlier versions
CVE-2014-0091: Improper Input Validation in Foreman: Potential for Partial Denial of Service
CVE-2014-0092: Unspecified Error Handling Vulnerability in GnuTLS
CVE-2014-0093: Java Security Manager Bypass in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2
CVE-2014-0094: Remote Code Execution via ClassLoader Manipulation in Apache Struts
CVE-2014-0095: Denial of Service Vulnerability in Apache Tomcat 8.x
CVE-2014-0096: XML External Entity (XXE) vulnerability in Apache Tomcat
CVE-2014-0097: Authentication Bypass Vulnerability in Spring Security
CVE-2014-0098: Denial of Service Vulnerability in Apache HTTP Server 2.4.8 and earlier
CVE-2014-0099: HTTP Request Smuggling Vulnerability in Apache Tomcat
CVE-2014-0100: Race condition in inet_frag_intern function in Linux kernel through 3.13.6 allows remote attackers to cause denial of service or other impact via fragmented ICMP Echo Request packets.
CVE-2014-0101: NULL pointer dereference vulnerability in Linux kernel allows for denial of service
CVE-2014-0102: Denial of Service Vulnerability in Linux Kernel Keyring Detection
CVE-2014-0103: Cleartext Storage of Credentials in Zarafa WebAccess and WebApp
CVE-2014-0104: Unverified SSL Certificates in fence-agents before 4.0.17
CVE-2014-0105: Insecure Token Retrieval in OpenStack Python Client Library for Keystone
CVE-2014-0106: Bypassing Command Restrictions via Crafted Environment Variable in Sudo
CVE-2014-0107: Arbitrary Class Loading and Resource Access Vulnerability in Apache Xalan-Java
CVE-2014-0109: Denial of Service Vulnerability in Apache CXF
CVE-2014-0110: Denial of Service Vulnerability in Apache CXF
CVE-2014-0111: Arbitrary Code Execution in Apache Syncope via Apache Commons JEXL Expressions and Resource Mappings
CVE-2014-0112: Remote Code Execution via Insecure Access to getClass Method in Apache Struts
CVE-2014-0113: Remote Code Execution via CookieInterceptor in Apache Struts
CVE-2014-0114: Remote Code Execution via Class Property in Apache Commons BeanUtils
CVE-2014-0115: Apache Storm Log Viewer Directory Traversal Vulnerability
CVE-2014-0116: Incomplete Fix for CookieInterceptor Wildcard CookiesName Remote Manipulation Vulnerability
CVE-2014-0117: Denial of Service Vulnerability in Apache HTTP Server 2.4.x
CVE-2014-0118: Denial of Service Vulnerability in Apache HTTP Server's mod_deflate Module
CVE-2014-0119: XML External Entity (XXE) and File Disclosure Vulnerability in Apache Tomcat
CVE-2014-0120: CSRF Vulnerability in Hawt.io Admin Terminal Allows Remote Command Execution
CVE-2014-0121: Unauthenticated Remote Command Execution in Hawt.io Admin Terminal
CVE-2014-0122: Insecure Capability Check in Moodle Chat Module
CVE-2014-0123: Insufficient Access Restrictions in Moodle Wiki Subsystem
CVE-2014-0124: Information Disclosure Vulnerability in Moodle's Forum and Quiz Modules
CVE-2014-0125: Session key exposure in Moodle allows remote bypass of Alfresco Repository file restrictions
CVE-2014-0126: CSRF vulnerability in Moodle allows remote hijacking of administrator authentication
CVE-2014-0127: Time-validation bypass vulnerability in Moodle Feedback Activity
CVE-2014-0128: Denial of Service Vulnerability in Squid SSL-Bump with Crafted Range Request
CVE-2014-0129: Arbitrary Badge Visibility Modification in Moodle 2.5.x and 2.6.x
CVE-2014-0130: Directory Traversal Vulnerability in Ruby on Rails Implicit-Render Implementation
CVE-2014-0002: XML External Entity (XXE) vulnerability in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and potentially cause other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference in the XSLT component.
CVE-2014-0003: Arbitrary Java Method Execution in Apache Camel XSLT Component
CVE-2014-0004: Stack-based Buffer Overflow in udisks: Local Denial of Service and Possible Arbitrary Code Execution
CVE-2014-0005: Remote Code Execution via Crafted Application Deployment in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2
CVE-2014-0006: Timing Side-Channel Attack in OpenStack Object Storage (Swift) Allows Secret URL Retrieval
CVE-2014-0007: Arbitrary Command Execution in Smart-Proxy
CVE-2014-0008: Cleartext Password Logging Vulnerability in Moodle
CVE-2014-0009: Unrestricted Login As Vulnerability in Moodle
CVE-2014-0010: CSRF Vulnerabilities in Moodle User Profile Deletion
CVE-2014-0011: Heap-based Buffer Overflow Vulnerabilities in TigerVNC's ZRLE_DECODE Function
CVE-2014-0012: Incomplete Fix for CVE-2014-1402: Privilege Escalation via FileSystemBytecodeCache in Jinja2 2.7.2
CVE-2014-0013: Cross-Site Scripting (XSS) vulnerability in Ember.js versions 1.0.x to 1.4.x
CVE-2014-0014: Cross-Site Scripting (XSS) vulnerability in Ember.js versions 1.0.x to 1.4.x
CVE-2014-0015: NTLM Connection Reuse Vulnerability
CVE-2014-0016: Insecure PRNG State Update in stunnel before 5.00
CVE-2014-0017: Shared State Vulnerability in libssh's RAND_bytes Function
CVE-2014-0018: Local Privilege Escalation via Crafted Deployment in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.0 and JBoss WildFly Application Server
CVE-2014-0019: Stack-based Buffer Overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 via Long Server Name in PROXY-CONNECT Address
CVE-2014-0020: Denial of Service Vulnerability in Pidgin's IRC Protocol Plugin
CVE-2014-0021: Traffic Amplification Vulnerability in Chrony before 1.29.1
CVE-2014-0022: Bypassing RPM Package Signing Restriction in yum-cron/yum-cron.py
CVE-2014-0023: Temporary File Creation Vulnerability in OpenShift Install Script Allows Arbitrary Code Execution
CVE-2014-0026: CSRF Vulnerability in katello-headpin REST API
CVE-2014-0027: Arbitrary File Modification Vulnerability in Flite 1.4
CVE-2014-0028: Bypassing ACL Restrictions in libvirt's Event Registration API
CVE-2014-0029: Multiple Cross-Site Scripting (XSS) Vulnerabilities in Red Hat Katello-Headpin SAM Web Application
CVE-2014-0030: XML External Entity (XXE) Vulnerability in Apache Roller
CVE-2014-0031: Unauthorized Access to Network ACLs in Apache CloudStack
CVE-2014-0032: Denial of Service Vulnerability in Apache Subversion's mod_dav_svn Module
CVE-2014-0033: Session Fixation Vulnerability in Apache Tomcat 6.0.33 through 6.0.37
CVE-2014-0034: SAML Token Validation Bypass Vulnerability in Apache CXF
CVE-2014-0035: Cleartext Transmission of UsernameToken in Apache CXF
CVE-2014-0036: Insecure SSL Verification in rbovirt Gem Allows Man-in-the-Middle Attacks
CVE-2014-0037: Denial of Service Vulnerability in Zarafa 5.00
CVE-2014-0038: Privilege Escalation via Crafted Timeout Pointer in compat_sys_recvmmsg Function
CVE-2014-0039: Untrusted Search Path Vulnerability in fwsnort before 1.6.4
CVE-2014-0040: Man-in-the-Middle Attack Vulnerability in OpenStack Heat Templates
CVE-2014-0041: SSL Bypass Vulnerability in OpenStack Heat Templates
CVE-2014-0042: Arbitrary Package Installation Vulnerability in OpenStack Heat Templates
CVE-2014-0043: Apache Wicket Classpath Information Disclosure Vulnerability
CVE-2014-0044: Denial of Service Vulnerability in Mumble 1.2.4 and 1.2.3 Pre-release Snapshots
CVE-2014-0045: Heap-based buffer over-read and over-write vulnerability in Mumble client allows for remote code execution
CVE-2014-0046: Arbitrary web script injection vulnerability in Ember.js link-to helper
CVE-2014-0047: Unspecified Impact Vulnerability in Docker before 1.5
CVE-2014-0048: Insecure Execution of Downloaded Programs in Docker
CVE-2014-0049: Buffer Overflow in complete_emulated_mmio Function in Linux Kernel
CVE-2014-0050: Denial of Service via Crafted Content-Type Header in MultipartStream.java
CVE-2014-0053: Unrestricted Access to Files in WEB-INF Directory
CVE-2014-0054: XML External Entity (XXE) Vulnerability in Jaxb2RootElementHttpMessageConverter in Spring MVC
CVE-2014-0055: Denial of Service Vulnerability in vhost-net Subsystem
CVE-2014-0056: Arbitrary Tenant Port Plugging Vulnerability in OpenStack Neutron
CVE-2014-0057: Arbitrary Method Execution Vulnerability in Red Hat CloudForms 3.0 Management Engine 5.2
CVE-2014-0058: Plaintext Logging Vulnerability in Red Hat JBoss EAP 6.x
CVE-2014-0059: World-readable permissions on audit.log in JBoss SX and PicketBox
CVE-2014-0060: Arbitrary User Addition Vulnerability in PostgreSQL
CVE-2014-0061: Privilege Escalation via Validator Functions in PostgreSQL
CVE-2014-0062: Race condition vulnerability in CREATE INDEX and ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3
CVE-2014-0063: Stack-based buffer overflows in PostgreSQL versions before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3
CVE-2014-0064: Multiple integer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 leading to buffer overflow
CVE-2014-0065: Multiple buffer overflow vulnerabilities in PostgreSQL versions before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3
CVE-2014-0066: NULL Pointer Dereference Vulnerability in PostgreSQL chkpass Extension
CVE-2014-0067: Privilege Escalation via Improper Authentication Requirements in PostgreSQL Test Suites
CVE-2014-0068: World-Writable Permissions in Watchman Files in OpenShift Node-Utils
CVE-2014-0069: Memory Corruption and Privilege Escalation Vulnerability in Linux Kernel's cifs_iovec_write Function
CVE-2014-0071: Default Security Group Bypass in PackStack Red Hat OpenStack 4.0
CVE-2014-0072: SSL Server Spoofing in Apache Cordova File-Transfer Plugin for iOS
CVE-2014-0073: Arbitrary JavaScript Execution via In-App-Browser Callback Identifier Validation Vulnerability
CVE-2014-0074: Unauthenticated Bind Bypass Vulnerability in Apache Shiro
CVE-2014-0075: Denial of Service Vulnerability in Apache Tomcat's ChunkedInputFilter
CVE-2014-0076: Montgomery Ladder Implementation Vulnerability in OpenSSL
CVE-2014-0077: Memory Corruption and Privilege Escalation Vulnerability in Linux Kernel
CVE-2014-0078: Arbitrary Catalog Deletion Vulnerability in Red Hat CloudForms Management Engine (CFME)
CVE-2014-0079: Denial of Service Vulnerability in Zarafa's ValidateUserLogon Function
CVE-2014-0080: SQL Injection Vulnerability in Active Record in Ruby on Rails 4.0.x and 4.1.0.beta1
CVE-2014-0081: Cross-Site Scripting (XSS) Vulnerabilities in Ruby on Rails Number Helper
CVE-2014-0082: Denial of Service Vulnerability in Action View in Ruby on Rails 3.x before 3.2.17
CVE-2014-0083: Weak Salt Generation in Ruby net-ldap Gem
CVE-2014-0084: Denial of Service Vulnerability in openshift-origin-node Ruby Gem
CVE-2014-0085: Unencrypted Passwords in JBoss Fuse Logging Vulnerability
CVE-2014-0086: Denial of Service Vulnerability in JBoss RichFaces 4.3.4, 4.3.5, and 5.x
CVE-2014-0087: Improper RBAC Checking in ManageIQ Allows Privilege Bypass
CVE-2014-0088: Arbitrary Code Execution Vulnerability in nginx SPDY Implementation
CVE-2014-0089: Arbitrary Web Script Injection in Foreman 1.4.x
CVE-2014-0090: Session Fixation Vulnerability in Foreman 1.4.2 and earlier versions
CVE-2014-0091: Improper Input Validation in Foreman: Potential for Partial Denial of Service
CVE-2014-0092: Unspecified Error Handling Vulnerability in GnuTLS
CVE-2014-0093: Java Security Manager Bypass in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2
CVE-2014-0094: Remote Code Execution via ClassLoader Manipulation in Apache Struts
CVE-2014-0095: Denial of Service Vulnerability in Apache Tomcat 8.x
CVE-2014-0096: XML External Entity (XXE) vulnerability in Apache Tomcat
CVE-2014-0097: Authentication Bypass Vulnerability in Spring Security
CVE-2014-0098: Denial of Service Vulnerability in Apache HTTP Server 2.4.8 and earlier
CVE-2014-0099: HTTP Request Smuggling Vulnerability in Apache Tomcat
CVE-2014-0100: Race condition in inet_frag_intern function in Linux kernel through 3.13.6 allows remote attackers to cause denial of service or other impact via fragmented ICMP Echo Request packets.
CVE-2014-0101: NULL pointer dereference vulnerability in Linux kernel allows for denial of service
CVE-2014-0102: Denial of Service Vulnerability in Linux Kernel Keyring Detection
CVE-2014-0103: Cleartext Storage of Credentials in Zarafa WebAccess and WebApp
CVE-2014-0104: Unverified SSL Certificates in fence-agents before 4.0.17
CVE-2014-0105: Insecure Token Retrieval in OpenStack Python Client Library for Keystone
CVE-2014-0106: Bypassing Command Restrictions via Crafted Environment Variable in Sudo
CVE-2014-0107: Arbitrary Class Loading and Resource Access Vulnerability in Apache Xalan-Java
CVE-2014-0109: Denial of Service Vulnerability in Apache CXF
CVE-2014-0110: Denial of Service Vulnerability in Apache CXF
CVE-2014-0111: Arbitrary Code Execution in Apache Syncope via Apache Commons JEXL Expressions and Resource Mappings
CVE-2014-0112: Remote Code Execution via Insecure Access to getClass Method in Apache Struts
CVE-2014-0113: Remote Code Execution via CookieInterceptor in Apache Struts
CVE-2014-0114: Remote Code Execution via Class Property in Apache Commons BeanUtils
CVE-2014-0115: Apache Storm Log Viewer Directory Traversal Vulnerability
CVE-2014-0116: Incomplete Fix for CookieInterceptor Wildcard CookiesName Remote Manipulation Vulnerability
CVE-2014-0117: Denial of Service Vulnerability in Apache HTTP Server 2.4.x
CVE-2014-0118: Denial of Service Vulnerability in Apache HTTP Server's mod_deflate Module
CVE-2014-0119: XML External Entity (XXE) and File Disclosure Vulnerability in Apache Tomcat
CVE-2014-0120: CSRF Vulnerability in Hawt.io Admin Terminal Allows Remote Command Execution
CVE-2014-0121: Unauthenticated Remote Command Execution in Hawt.io Admin Terminal
CVE-2014-0122: Insecure Capability Check in Moodle Chat Module
CVE-2014-0123: Insufficient Access Restrictions in Moodle Wiki Subsystem
CVE-2014-0124: Information Disclosure Vulnerability in Moodle's Forum and Quiz Modules
CVE-2014-0125: Session key exposure in Moodle allows remote bypass of Alfresco Repository file restrictions
CVE-2014-0126: CSRF vulnerability in Moodle allows remote hijacking of administrator authentication
CVE-2014-0127: Time-validation bypass vulnerability in Moodle Feedback Activity
CVE-2014-0128: Denial of Service Vulnerability in Squid SSL-Bump with Crafted Range Request
CVE-2014-0129: Arbitrary Badge Visibility Modification in Moodle 2.5.x and 2.6.x
CVE-2014-0130: Directory Traversal Vulnerability in Ruby on Rails Implicit-Render Implementation