CVEs from 2014
Total
7,882
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
2.1%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-8918 | medium | — | 5.8 | 12y ago | IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensiti… | |||
| CVE-2014-8870 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in mobiquo/smartbanner/welcome.php in the Tapatalk (com.tapatalk.wbb4) plugin before 1.1.2 for Woltlab Burning Board 4.0 allows remote attackers to redirect users to arbit… | |||
| CVE-2014-8151 | medium | — | 5.8 | 12y ago | The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka SecureTransport) back-end for TLS, does not check if a cached TLS ses… | |||
| CVE-2014-10030 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in forums/login.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL … | |||
| CVE-2014-8029 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspe… | |||
| CVE-2014-7294 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in the logon page in NYU OpenSSO Integration 2.1 and earlier for Ex Libris Patron Directory Services (PDS) allows remote attackers to redirect users to arbitrary web sites… | |||
| CVE-2014-7193 | medium | — | 5.8 | 12y ago | CORS Token Disclosure in crumb | |||
| CVE-2014-2516 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in EMC RSA Authentication Manager 8.x before 8.1 Patch 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vect… | |||
| CVE-2014-9365 | medium | — | 5.8 | 12y ago | The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check … | |||
| CVE-2014-6316 | medium | — | 5.8 | 12y ago | core/string_api.php in MantisBT before 1.2.18 does not properly categorize URLs when running under the web root, which allows remote attackers to conduct open redirect and phishing attacks via a craf… | |||
| CVE-2014-9343 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in modules/system/controller/selectlanguage.class.php in Snowfox CMS 1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via … | |||
| CVE-2014-9292 | medium | — | 5.8 | 12y ago | Server-side request forgery (SSRF) vulnerability in proxy.php in the jRSS Widget plugin 1.2 and earlier for WordPress allows remote attackers to trigger outbound requests and enumerate open ports via… | |||
| CVE-2014-8754 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in track-click.php in the Ad-Manager plugin 1.1.2 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in … | |||
| CVE-2014-5268 | medium | — | 5.8 | 12y ago | The Fasttoggle module 7.x-1.3 and 7.x-1.4 for Drupal allows remote attackers to block or unblock an account via a crafted user status link. | |||
| CVE-2014-4831 | medium | — | 5.8 | 12y ago | IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to hijack sessi… | |||
| CVE-2014-4462 | medium | — | 5.8 | 12y ago | WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a cra… | |||
| CVE-2014-8670 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in go.php in vBulletin 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. | |||
| CVE-2014-7292 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in the Click-Through feature in Newtelligence dasBlog 2.1 (2.1.8102.813), 2.2 (2.2.8279.16125), and 2.3 (2.3.9074.18820) allows remote attackers to redirect users to arbit… | |||
| CVE-2014-2230 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL i… | |||
| CVE-2014-6535 | medium | — | 5.8 | 12y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52, 8.53, and 8.54 allows remote attackers to affect confidentiality and integrity via vec… | |||
| CVE-2014-7275 | medium | — | 5.8 | 12y ago | The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensiti… | |||
| CVE-2014-7274 | medium | — | 5.8 | 12y ago | The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in… | |||
| CVE-2014-3633 | medium | — | 5.8 | 12y ago | The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of serv… | |||
| CVE-2014-7155 | medium | — | 5.8 | 12y ago | The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service … | |||
| CVE-2014-5318 | medium | — | 5.8 | 12y ago | The jigbrowser+ application 1.8.1 and earlier for iOS allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. | |||
| CVE-2014-5392 | medium | — | 5.8 | 12y ago | XML External Entity (XXE) vulnerability in JobScheduler before 1.6.4246 and 7.x before 1.7.4241 allows remote attackers to cause a denial of service and read arbitrary files or directories via a requ… | |||
| CVE-2014-5321 | medium | — | 5.8 | 12y ago | FileMaker Pro before 13 and Pro Advanced before 13 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via … | |||
| CVE-2014-4378 | medium | — | 5.8 | 12y ago | CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted … | |||
| CVE-2014-4354 | medium | — | 5.8 | 12y ago | Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session. | |||
| CVE-2014-3908 | medium | — | 5.8 | 12y ago | The Amazon.com Kindle application before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive informat… | |||
| CVE-2014-5127 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in Innovative Interfaces Encore Discovery Solution 4.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspec… | |||
| CVE-2014-3596 | medium | — | 5.8 | 12y ago | Improper Validation of Certificates in apache axis | |||
| CVE-2014-0480 | medium | — | 5.8 | 12y ago | The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attacke… | |||
| CVE-2014-5122 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in ESRI ArcGIS for Server 10.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, related to log… | |||
| CVE-2014-3577 | medium | — | 5.8 | 12y ago | Improper Verification of Cryptographic Signature in org.apache.httpcomponents:httpclient | |||
| CVE-2014-3902 | medium | — | 5.8 | 12y ago | The CyberAgent Ameba application 3.x and 4.x before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensiti… | |||
| CVE-2014-4760 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 before 8.0.0.1 CF13, and 8.5.0 before CF01 allows rem… | |||
| CVE-2014-3302 | medium | — | 5.8 | 12y ago | user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information… | |||
| CVE-2014-5117 | medium | — | 5.8 | 12y ago | Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirm… | |||
| CVE-2014-3054 | medium | — | 5.8 | 12y ago | Multiple open redirect vulnerabilities in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allow remote attackers to redirect users to arbitrary web sites… | |||
| CVE-2014-1561 | medium | — | 5.8 | 12y ago | Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted JavaScri… | |||
| CVE-2014-1552 | medium | — | 5.8 | 12y ago | Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on same-or… | |||
| CVE-2014-2519 | medium | — | 5.8 | 12y ago | The default configuration of EMC RecoverPoint Appliance (RPA) 4.1 before 4.1.0.1 does not enable a firewall, which allows remote attackers to obtain potentially sensitive information about open ports… | |||
| CVE-2014-3320 | medium | — | 5.8 | 12y ago | Multiple open redirect vulnerabilities in the admin web interface in the web framework in Cisco Unified Communications Domain Manager (CDM) 8.1(.4) and earlier allow remote attackers to redirect user… | |||
| CVE-2014-4256 | medium | — | 5.8 | 12y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality and integrit… | |||
| CVE-2014-4851 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in msg.php in FoeCMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the r parameter. | |||
| CVE-2014-0867 | medium | — | 5.8 | 12y ago | rcore6/main/addcookie.jsp in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to create or modify cookies via the query s… | |||
| CVE-2014-4696 | medium | — | 5.8 | 12y ago | Multiple open redirect vulnerabilities in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via … | |||
| CVE-2014-4695 | medium | — | 5.8 | 12y ago | Multiple open redirect vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1… | |||
| CVE-2014-4336 | medium | — | 5.8 | 12y ago | The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host n… | |||
| CVE-2014-2001 | medium | — | 5.8 | 12y ago | The East Japan Railway Company JR East Japan application before 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive inf… | |||
| CVE-2014-1651 | medium | — | 5.8 | 12y ago | SQL injection vulnerability in clientreport.php in the management console in Symantec Web Gateway (SWG) before 5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-4159 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a … | |||
| CVE-2014-3781 | medium | — | 5.8 | 12y ago | The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote attackers to bypass authentication via an empty password in an XML-RPC request. | |||
| CVE-2014-3944 | medium | — | 5.8 | 12y ago | TYPO3 Improper Session Invalidation | |||
| CVE-2014-3793 | medium | — | 5.8 | 12y ago | VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows gue… | |||
| CVE-2014-3283 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in Self-Care Client Portal applications in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier allows remote attackers to re… | |||
| CVE-2014-0878 | medium | — | 5.8 | 12y ago | The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before… | |||
| CVE-2014-0958 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to redirect u… | |||
| CVE-2014-3739 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in zport/acl_users/cookieAuthHelper/login_form in Zenoss 4.2.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in t… | |||
| CVE-2014-3750 | medium | — | 5.8 | 12y ago | The Bilyoner application before 2.3.1 for Android and before 4.6.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain se… | |||
| CVE-2014-1991 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in WebPlatform / AppFramework 6.0 through 7.2 in NTT DATA INTRAMART intra-mart allows remote attackers to redirect users to arbitrary web sites and conduct phishing attack… | |||
| CVE-2014-0116 | medium | — | 5.8 | 12y ago | ClassLoader manipulation in Apache Struts | |||
| CVE-2014-3001 | medium | — | 5.8 | 12y ago | The device file system (aka devfs) in FreeBSD 10.0 before p2 does not load default rulesets when booting, which allows context-dependent attackers to bypass intended restrictions by leveraging a jail… | |||
| CVE-2014-0363 | medium | — | 5.8 | 12y ago | The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows… | |||
| CVE-2014-2909 | medium | — | 5.8 | 12y ago | CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors. | |||
| CVE-2014-2734 | medium | — | 5.8 | 12y ago | The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby scrip… | |||
| CVE-2014-2900 | medium | — | 5.8 | 12y ago | wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate. | |||
| CVE-2014-2735 | medium | — | 5.8 | 12y ago | WinSCP before 5.5.3, when FTP with TLS is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, whic… | |||
| CVE-2014-0173 | medium | — | 5.8 | 12y ago | The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.… | |||
| CVE-2014-2880 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web … | |||
| CVE-2014-0460 | medium | — | 5.8 | 12y ago | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vecto… | |||
| CVE-2014-1986 | medium | — | 5.8 | 12y ago | The Content Provider in the KOKUYO CamiApp application 1.21.1 and earlier for Android allows attackers to bypass intended access restrictions and read database information via a crafted application. | |||
| CVE-2014-0139 | medium | — | 5.8 | 12y ago | cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, … | |||
| CVE-2014-1210 | medium | — | 5.8 | 12y ago | VMware vSphere Client 5.0 before Update 3 and 5.1 before Update 2 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificat… | |||
| CVE-2014-0636 | medium | — | 5.8 | 12y ago | EMC RSA BSAFE Micro Edition Suite (MES) 3.2.x before 3.2.6 and 4.0.x before 4.0.5 does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof SSL servers vi… | |||
| CVE-2014-1969 | medium | — | 5.8 | 12y ago | Directory traversal vulnerability in the apps4u@android SD Card Manager application before 20140224 for Android allows attackers to overwrite or create arbitrary files via a crafted filename. | |||
| CVE-2014-1985 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x before 2.5.1 allows remote attackers to redirect us… | |||
| CVE-2014-2583 | medium | — | 5.8 | 12y ago | Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication… | |||
| CVE-2014-0093 | medium | — | 5.8 | 12y ago | Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2, when using a Java Security Manager (JSM), does not properly apply permissions defined by a policy file, which causes applications to be gr… | |||
| CVE-2014-1895 | medium | — | 5.8 | 12y ago | Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denia… | |||
| CVE-2014-0125 | medium | — | 5.8 | 12y ago | Moodle places a session key in a URL | |||
| CVE-2014-1970 | medium | — | 5.8 | 12y ago | Directory traversal vulnerability in the ES File Explorer File Manager application before 3.0.4 for Android allows remote attackers to overwrite or create arbitrary files via unspecified vectors. | |||
| CVE-2014-1501 | medium | — | 5.8 | 12y ago | Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open Link in New Tab" menu selection. | |||
| CVE-2014-1976 | medium | — | 5.8 | 12y ago | The Demaecan application 2.1.0 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information … | |||
| CVE-2014-1975 | medium | — | 5.8 | 12y ago | Directory traversal vulnerability in the R-Company Unzipper application 1.0.1 and earlier for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename. | |||
| CVE-2014-2249 | medium | — | 5.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 and SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allows remote attack… | |||
| CVE-2014-2247 | medium | — | 5.8 | 12y ago | The integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to inject headers via unspecified vectors. | |||
| CVE-2014-1285 | medium | — | 5.8 | 12y ago | Springboard in Apple iOS before 7.1 allows physically proximate attackers to bypass intended access restrictions and read the home screen by leveraging an application crash during activation of an un… | |||
| CVE-2014-1282 | medium | — | 5.8 | 12y ago | The Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass intended configuration-profile visibility requirements via a long name. | |||
| CVE-2014-1273 | medium | — | 5.8 | 12y ago | dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library. | |||
| CVE-2014-1267 | medium | — | 5.8 | 12y ago | The Configuration Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 does not properly evaluate the expiration date of a mobile configuration profile, which allows attackers to bypass… | |||
| CVE-2014-1959 | medium | — | 5.8 | 12y ago | lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging … | |||
| CVE-2014-0092 | medium | — | 5.8 | 12y ago | lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attack… | |||
| CVE-2014-2243 | medium | — | 5.8 | 12y ago | includes/User.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 terminates validation of a user token upon encountering the first incorrect character, which m… | |||
| CVE-2014-1967 | medium | — | 5.8 | 12y ago | The Denny's application before 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a … | |||
| CVE-2014-1910 | medium | — | 5.8 | 12y ago | Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2.4.4 for Android do not verify X.509 certificates from SSL servers, which allow man-in-the-middle attackers to spoof servers and obtai… | |||
| CVE-2014-1242 | medium | — | 5.8 | 13y ago | Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, which allows man-in-the-middle attackers to spoof content by gaining control over the client-server data stream. | |||
| CVE-2014-0671 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in Cisco MediaSense allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, aka Bug ID CSCum16749. | |||
| CVE-2014-1452 | medium | — | 5.8 | 13y ago | Stack-based buffer overflow in lib/snmpagent.c in bsnmpd, as used in FreeBSD 8.3 through 10.0, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code … |