CVEs from 2014
Total
7,872
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-8388 | high | — | 7.2 | 12y ago | Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ip_address parameter in an HTML document. | |||
| CVE-2014-2382 | high | — | 7.2 | 12y ago | The DfDiskLo.sys driver in Faronics Deep Freeze Standard and Enterprise 8.10 and earlier allows local administrators to cause a denial of service (crash) and execute arbitrary code via a crafted IOCT… | |||
| CVE-2014-4451 | high | — | 7.2 | 12y ago | Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of gue… | |||
| CVE-2014-8727 | medium | — | 7.2 | 12y ago | Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the "Resource Administrator" or "Administrator" role to enumerate and delete arbitrary files via a .. (d… | |||
| CVE-2014-3689 | high | — | 7.2 | 12y ago | The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling. | |||
| CVE-2014-8660 | high | — | 7.2 | 12y ago | SAP Document Management Services allows local users to execute arbitrary commands via unspecified vectors. | |||
| CVE-2014-4433 | high | — | 7.2 | 12y ago | Heap-based buffer overflow in the kernel in Apple OS X before 10.10 allows physically proximate attackers to execute arbitrary code via crafted resource forks in an HFS filesystem. | |||
| CVE-2014-6473 | high | — | 7.2 | 12y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Zone Framework. | |||
| CVE-2014-4282 | high | — | 7.2 | 12y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel/X86. | |||
| CVE-2014-4115 | high | — | 7.2 | 12y ago | fastfat.sys (aka the FASTFAT driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly allocate memory, which allows physically proxima… | |||
| CVE-2014-2646 | high | — | 7.2 | 12y ago | Unspecified vulnerability in HP Network Automation 9.10 and 9.20 allows local users to bypass intended access restrictions via unknown vectors. | |||
| CVE-2014-4870 | high | — | 7.2 | 12y ago | /opt/vyatta/bin/sudo-users/vyatta-clear-dhcp-lease.pl on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 does not properly validate parameters, which allows local users to gain privileges… | |||
| CVE-2014-3811 | high | — | 7.2 | 12y ago | Juniper Installer Service (JIS) Client 7.x before 7.4R6 for Windows and Junos Pulse Client before 4.0R6 allows local users to gain privileges via unspecified vectors. | |||
| CVE-2014-0484 | high | — | 7.2 | 12y ago | The Debian acpi-support package before 0.140-5+deb7u3 allows local users to gain privileges via vectors related to the "user's environment." | |||
| CVE-2014-2942 | high | — | 7.2 | 12y ago | Cobham Aviator 700D and 700E satellite terminals use an improper algorithm for PIN codes, which makes it easier for attackers to obtain a privileged terminal session by calculating the superuser code… | |||
| CVE-2014-4074 | high | — | 7.2 | 12y ago | The Task Scheduler in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via an application that schedules a crafted … | |||
| CVE-2014-5307 | high | — | 7.2 | 12y ago | Heap-based buffer overflow in the PavTPK.sys kernel mode driver of Panda Security 2014 products before hft131306s24_r1 allows local users to gain privileges via a crafted argument to a 0x222008 IOCTL… | |||
| CVE-2014-4325 | high | — | 7.2 | 12y ago | The cmd_boot function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows… | |||
| CVE-2014-0973 | high | — | 7.2 | 12y ago | The image_verify function in platform/msm_shared/image_verify.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and o… | |||
| CVE-2014-3563 | high | — | 7.2 | 12y ago | Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-s… | |||
| CVE-2014-5207 | medium | — | 7.2 | 12y ago | fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows … | |||
| CVE-2014-5206 | high | — | 7.2 | 12y ago | The do_remount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of a bind mount, which allows local users to bypass an intend… | |||
| CVE-2014-1819 | high | — | 7.2 | 12y ago | win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and … | |||
| CVE-2014-1814 | high | — | 7.2 | 12y ago | The Windows Installer in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows … | |||
| CVE-2014-0318 | high | — | 7.2 | 12y ago | win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and … | |||
| CVE-2014-3072 | high | — | 7.2 | 12y ago | Unspecified vulnerability in the Automation Server in IBM Security AppScan Source 8 through 8.0.0.2, 8.5 through 8.5.0.1, 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, and 9.0 through 9.0.0.1 allows… | |||
| CVE-2014-5195 | high | — | 7.2 | 12y ago | Unity before 7.2.3 and 7.3.x before 7.3.1, as used in Ubuntu, does not properly take focus of the keyboard when switching to the lock screen, which allows physically proximate attackers to bypass the… | |||
| CVE-2014-3534 | high | — | 7.2 | 12y ago | arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users … | |||
| CVE-2014-0972 | high | — | 7.2 | 12y ago | The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly prevent write access to IOM… | |||
| CVE-2014-2361 | high | — | 7.2 | 12y ago | OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to… | |||
| CVE-2014-3419 | high | — | 7.2 | 12y ago | Infoblox NetMRI before 6.8.5 has a default password of admin for the "root" MySQL database account, which makes it easier for local users to obtain access via unspecified vectors. | |||
| CVE-2014-3499 | high | — | 7.2 | 12y ago | Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors. | |||
| CVE-2014-3074 | high | — | 7.2 | 12y ago | The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS … | |||
| CVE-2014-4014 | medium | — | 7.2 | 12y ago | The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions… | |||
| CVE-2014-0907 | high | — | 7.2 | 12y ago | Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow l… | |||
| CVE-2014-3450 | high | — | 7.2 | 12y ago | Unspecified vulnerability in Panda Gold Protection and Global Protection 2014 7.01.01 and earlier, Internet Security 2014 19.01.01 and earlier, and AV Pro 2014 13.01.01 and earlier allows local users… | |||
| CVE-2014-1807 | high | — | 7.2 | 12y ago | The ShellExecute API in Windows Shell in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and … | |||
| CVE-2014-1737 | high | — | 7.2 | 12y ago | The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local user… | |||
| CVE-2014-0185 | high | — | 7.2 | 12y ago | sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a … | |||
| CVE-2014-2173 | high | — | 7.2 | 12y ago | Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 do not properly restrict access to the serial port, which allows local users to gain privileges via unspecified commands, aka Bu… | |||
| CVE-2014-0470 | high | — | 7.2 | 12y ago | super.c in Super 3.30.0 does not check the return value of the setuid function when the -F flag is set, which allows local users to gain privileges via unspecified vectors, aka an RLIMIT_NPROC attack. | |||
| CVE-2014-2894 | high | — | 7.2 | 12y ago | Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a… | |||
| CVE-2014-2292 | high | — | 7.2 | 12y ago | Unspecified vulnerability in the Linux Network Connect client in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before… | |||
| CVE-2014-1278 | high | — | 7.2 | 12y ago | The ptmx_get_ioctl function in the ARM kernel in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access and devic… | |||
| CVE-2014-0300 | high | — | 7.2 | 12y ago | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windo… | |||
| CVE-2014-0069 | high | — | 7.2 | 12y ago | The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows … | |||
| CVE-2014-0816 | high | — | 7.2 | 12y ago | Unspecified vulnerability in Norman Security Suite 10.1 and earlier allows local users to gain privileges via unknown vectors. | |||
| CVE-2014-0262 | high | — | 7.2 | 13y ago | win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Server 2008 R2 SP1 does not properly consider thread-owned objects during the processing of window handles, which allows local use… | |||
| CVE-2014-0615 | high | — | 7.2 | 13y ago | Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.… | |||
| CVE-2014-1745 | high | 7.1 | 7.1 | 2y ago | RHSA-2024:2982: webkit2gtk3 security update (Important) | |||
| CVE-2014-3146 | medium | 6.1 | 7.1 | 4y ago | Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme t… | |||
| CVE-2014-2277 | high | 7.1 | 7.1 | 9y ago | The make_temporary_filename function in perltidy 20120701-1 and earlier allows local users to obtain sensitive information or write to arbitrary files via a symlink attack, related to use of the tmpn… | |||
| CVE-2014-2045 | medium | 6.1 | 7.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the usernam… | |||
| CVE-2014-9472 | high | — | 7.1 | 11y ago | The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted ema… | |||
| CVE-2014-8779 | high | — | 7.1 | 12y ago | Pexip Infinity before 8 uses the same SSH host keys across different customers' installations, which allows man-in-the-middle attackers to spoof Management and Conferencing Nodes by leveraging these … | |||
| CVE-2014-6382 | high | — | 7.1 | 12y ago | The Juniper MX Series routers with Junos 13.3R3 through 13.3Rx before 13.3R6, 14.1 before 14.1R4, 14.1X50 before 14.1X50-D70, and 14.2 before 14.2R2, when configured as a broadband edge (BBE) router,… | |||
| CVE-2014-8643 | high | — | 7.1 | 12y ago | Mozilla Firefox before 35.0 on Windows allows remote attackers to bypass the Gecko Media Plugin (GMP) sandbox protection mechanism by leveraging access to the GMP process, as demonstrated by the Open… | |||
| CVE-2014-9030 | high | — | 7.1 | 12y ago | The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an… | |||
| CVE-2014-8952 | high | — | 7.1 | 12y ago | Multiple unspecified vulnerabilities in Check Point Security Gateway R75.40VS, R75.45, R75.46, R75.47, R76, R77, and R77.10, when the (1) IPS blade, (2) IPsec Remote Access, (3) Mobile Access / SSL V… | |||
| CVE-2014-8951 | high | — | 7.1 | 12y ago | Unspecified vulnerability in Check Point Security Gateway R75, R76, R77, and R77.10, when UserCheck is enabled and the (1) Application Control, (2) URL Filtering, (3) DLP, (4) Threat Emulation, (5) A… | |||
| CVE-2014-8950 | high | — | 7.1 | 12y ago | Unspecified vulnerability in Check Point Security Gateway R77 and R77.10, when the (1) URL Filtering or (2) Identity Awareness blade is used, allows remote attackers to cause a denial of service (cra… | |||
| CVE-2014-7998 | high | — | 7.1 | 12y ago | Cisco IOS on Aironet access points, when "dot11 aaa authenticator" debugging is enabled, allows remote attackers to cause a denial of service via a malformed EAP packet, aka Bug ID CSCul15509. | |||
| CVE-2014-6317 | high | — | 7.1 | 12y ago | Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows … | |||
| CVE-2014-3439 | medium | — | 7.1 | 12y ago | ConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to write to arbitrary files via unspecified vectors. | |||
| CVE-2014-2718 | high | — | 7.1 | 12y ago | ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (… | |||
| CVE-2014-3567 | high | — | 7.1 | 12y ago | Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consump… | |||
| CVE-2014-3513 | high | — | 7.1 | 12y ago | Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message. | |||
| CVE-2014-3406 | high | — | 7.1 | 12y ago | Race condition in the IP logging feature in Cisco Intrusion Prevention System (IPS) Software 7.1(7)E4 and earlier allows remote attackers to cause a denial of service (device reload) via crafted IP t… | |||
| CVE-2014-3370 | high | — | 7.1 | 12y ago | Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.1.1 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug IDs CSCu… | |||
| CVE-2014-3369 | high | — | 7.1 | 12y ago | The SIP IX implementation in Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.1.1 allows remote attackers to cause a denial of service (device reload) via crafted… | |||
| CVE-2014-8310 | high | — | 7.1 | 12y ago | The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message. | |||
| CVE-2014-5410 | high | — | 7.1 | 12y ago | The DNP3 feature on Rockwell Automation Allen-Bradley MicroLogix 1400 1766-Lxxxxx A FRN controllers 7 and earlier and 1400 1766-Lxxxxx B FRN controllers before 15.001 allows remote attackers to cause… | |||
| CVE-2014-4809 | high | — | 7.1 | 12y ago | The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, when e-community SSO is enabled, allows remote attackers to cause a d… | |||
| CVE-2014-6418 | high | — | 7.1 | 12y ago | net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly validate auth replies, which allows remote attackers to cause a denial of service (system crash) or possibly ha… | |||
| CVE-2014-3361 | high | — | 7.1 | 12y ago | The ALG module in Cisco IOS 15.0 through 15.4 does not properly implement SIP over NAT, which allows remote attackers to cause a denial of service (device reload) via multipart SDP IPv4 traffic, aka … | |||
| CVE-2014-4379 | high | — | 7.1 | 12y ago | An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking to prevent reading of kernel pointers, which allows attackers to bypass the ASLR protectio… | |||
| CVE-2014-4622 | high | — | 7.1 | 12y ago | EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysad… | |||
| CVE-2014-3353 | high | — | 7.1 | 12y ago | Cisco IOS XR 4.3(.2) and earlier, as used in Cisco Carrier Routing System (CRS), allows remote attackers to cause a denial of service (CPU consumption and IPv6 packet drops) via a malformed IPv6 pack… | |||
| CVE-2014-0761 | high | — | 7.1 | 12y ago | The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet. | |||
| CVE-2014-4764 | high | — | 7.1 | 12y ago | IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.3, when Load Balancer for IPv4 Dispatcher is enabled, allows remote attackers to cause a denial of service (Load Ba… | |||
| CVE-2014-2941 | high | — | 7.1 | 12y ago | Cobham Sailor 6000 satellite terminals have hardcoded Tbus 2 credentials, which allows remote attackers to obtain access via a TBUS2 command. NOTE: the vendor reportedly states "there is no possibil… | |||
| CVE-2014-5077 | high | — | 7.1 | 12y ago | The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dere… | |||
| CVE-2014-4257 | high | — | 7.1 | 12y ago | Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.8.0 allows remote attackers to affect confidentiality via unknown vectors related … | |||
| CVE-2014-2610 | high | — | 7.1 | 12y ago | Directory traversal vulnerability in the Content Acceleration Pack (CAP) web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code by uploadi… | |||
| CVE-2014-2176 | high | — | 7.1 | 12y ago | Cisco IOS XR 4.1.2 through 5.1.1 on ASR 9000 devices, when a Trident-based line card is used, allows remote attackers to cause a denial of service (NP chip and line card reload) via malformed IPv6 pa… | |||
| CVE-2014-2345 | high | — | 7.1 | 12y ago | COPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11 through 7.11 SP0 build 10238 and zenon DNP3 Process Gateway (DNP3 outstation) 7.11 SP0 build 10238 and earlier allow remote attackers to cau… | |||
| CVE-2014-2353 | high | — | 7.1 | 12y ago | Cross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-2200 | high | — | 7.1 | 12y ago | Cisco NX-OS 5.0 before 5.0(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via an SSH … | |||
| CVE-2014-0943 | high | — | 7.1 | 12y ago | IBM WebSphere Commerce 6.0 Feature Pack 2 through Feature Pack 5, 7.0.0.0 through 7.0.0.8, and 7.0 Feature Pack 1 through Feature Pack 7 allows remote attackers to cause a denial of service (resource… | |||
| CVE-2014-0964 | high | — | 7.1 | 12y ago | IBM WebSphere Application Server (WAS) 6.1.0.0 through 6.1.0.47 and 6.0.2.0 through 6.0.2.43 allows remote attackers to cause a denial of service via crafted TLS traffic, as demonstrated by traffic f… | |||
| CVE-2014-0918 | high | — | 7.1 | 12y ago | Directory traversal vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF… | |||
| CVE-2014-3127 | high | — | 7.1 | 12y ago | dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error… | |||
| CVE-2014-0963 | high | — | 7.1 | 12y ago | The Reverse Proxy feature in IBM Global Security Kit (aka GSKit) in IBM Security Access Manager (ISAM) for Web 7.0 before 7.0.0-ISS-SAM-IF0006 and 8.0 before 8.0.0.3-ISS-WGA-IF0002 allows remote atta… | |||
| CVE-2014-2157 | high | — | 7.1 | 12y ago | Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45733. | |||
| CVE-2014-2156 | high | — | 7.1 | 12y ago | Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45739. | |||
| CVE-2014-2706 | high | — | 7.1 | 12y ago | Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the W… | |||
| CVE-2014-2714 | high | — | 7.1 | 12y ago | The Enhanced Web Filtering (EWF) in Juniper Junos before 10.4R15, 11.4 before 11.4R9, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D10, and 12.1X46 before 12.1X46-D10, as us… | |||
| CVE-2014-0614 | high | — | 7.1 | 12y ago | Juniper Junos 13.2 before 13.2R3 and 13.3 before 13.3R1, when PIM is enabled, allows remote attackers to cause a denial of service (kernel panic and crash) via a large number of crafted IGMP packets. | |||
| CVE-2014-2129 | high | — | 7.1 | 12y ago | The SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.48), 8.4 before 8.4(6.5), 9.0 before 9.0(3.1), and 9.1 before 9.1(2.5) allows remote attackers to cause … | |||
| CVE-2014-2672 | high | — | 7.1 | 12y ago | Race condition in the ath_tx_aggr_sleep function in drivers/net/wireless/ath/ath9k/xmit.c in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via a l… |