LiveActive security incident?Get immediate response
CVE archive

March 2014

Browse CVE records published in March 2014, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 531 matching CVEs · Page 2 of 11.

Unknown · CVSS Not scored

CVE-2014-9768: IBM Tivoli NetView Access Services (NVAS) allows remote authenticated users to gain privileges by entering...

IBM Tivoli NetView Access Services (NVAS) allows remote authenticated users to gain privileges by entering the ADM command and modifying a "page ID" field to the EMSPG2 transaction code. NOTE: the vendor's perspective is that configuration and use of available security controls in the NVAS product mitigates the reported vulnerability

Published Mar 18, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-9711: Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB...

Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page.

Published Mar 25, 2015 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-9689: content/renderer/device_sensors/device_orientation_event_pump.cc in Google Chrome before 41.0.2272.76 does...

content/renderer/device_sensors/device_orientation_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate gyroscope data, which makes it easier for remote attackers to obtain speech signals from a device's physical environment via a crafted web site that listens for ondeviceorientation events, a different vulnerability than CVE-2015-1231.

Published Mar 9, 2015 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-9653: readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21,...

readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.

Published Mar 30, 2015 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-9566: Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in...

Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 11.5, NetFlow Traffic Analyzer (NTA) before 4.1, Network Configuration Manager (NCM) before 7.3.2, IP Address Manager (IPAM) before 4.3, User Device Tracker (UDT) before 3.2, VoIP & Network Quality Manager (VNQM) before 4.2, Server & Application Manager (SAM) before 6.2, Web Performance Monitor (WPM) before 2.2, and possibly other Solarwinds products, allow remote authenticated users to execute arbitrary SQL commands via the (1) dir or (2) sort parameter to the (a) GetAccounts or (b) GetAccountGroups endpoint.

Published Mar 10, 2015 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-9652: The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5...

The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file.

Published Mar 30, 2015 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-9644: The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a...

The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-2013-7421.

Published Mar 2, 2015 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2014-9187: Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R...

Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.

Published Mar 25, 2019 · Updated Aug 6, 2024