CVEs from 2014
Total
7,871
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-4413 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web… | |||
| CVE-2014-4412 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web… | |||
| CVE-2014-4411 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web… | |||
| CVE-2014-4410 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web… | |||
| CVE-2014-4377 | medium | — | 6.8 | 12y ago | Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF docum… | |||
| CVE-2014-2886 | medium | — | 6.8 | 12y ago | GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untr… | |||
| CVE-2014-0993 | medium | — | 6.8 | 12y ago | Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows remote at… | |||
| CVE-2014-6270 | medium | — | 6.8 | 12y ago | Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute … | |||
| CVE-2014-4789 | medium | — | 6.8 | 12y ago | Session fixation vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote attackers to hijack… | |||
| CVE-2014-4783 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote at… | |||
| CVE-2014-0152 | medium | — | 6.8 | 12y ago | Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors. | |||
| CVE-2014-3909 | medium | — | 6.8 | 12y ago | Session fixation vulnerability in Falcon WisePoint 4.1.19.7 and earlier allows remote attackers to hijack web sessions via unspecified vectors. | |||
| CVE-2014-5506 | medium | — | 6.8 | 12y ago | Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file. | |||
| CVE-2014-5505 | medium | — | 6.8 | 12y ago | Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file. | |||
| CVE-2014-2957 | medium | — | 6.8 | 12y ago | The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to … | |||
| CVE-2014-6041 | medium | — | 6.8 | 12y ago | The Android WebView in Android before 4.4 allows remote attackers to bypass the Same Origin Policy via a crafted attribute containing a \u0000 character, as demonstrated by an onclick="window.open('\… | |||
| CVE-2014-2390 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the User Management module in McAfee Network Security Manager (NSM) before 6.1.15.39 7.1.5.x before 7.1.5.15, 7.1.15.x before 7.1.15.7, 7.5.x before… | |||
| CVE-2014-5263 | medium | — | 6.8 | 12y ago | vmstate_xhci_event in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not terminate the list with the VMSTATE_END_OF_LIST macro, which allows attackers to cause a denial of service (out-of-bounds access, infini… | |||
| CVE-2014-5035 | medium | — | 6.8 | 12y ago | The Netconf (TCP) service in OpenDaylight 1.0 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference in an XML-RPC message, rel… | |||
| CVE-2014-3907 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.11 for WordPress allows remote attackers to hijack the authentication of arbitrary u… | |||
| CVE-2014-3061 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote attackers to hijack the authe… | |||
| CVE-2014-2528 | medium | — | 6.8 | 12y ago | kcleanup.cpp in KDirStat 2.7.3 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a ' (single quote) character in the directory… | |||
| CVE-2014-2527 | medium | — | 6.8 | 12y ago | kcleanup.cpp in KDirStat 2.7.0 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a " (double quote) character in the directory… | |||
| CVE-2014-2633 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to hijack the authentication of unspecified victims via unkno… | |||
| CVE-2014-3597 | medium | — | 6.8 | 12y ago | Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or p… | |||
| CVE-2014-5241 | medium | — | 6.8 | 12y ago | The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 accepts certain long callback values and does not restr… | |||
| CVE-2014-4929 | medium | — | 6.8 | 12y ago | Directory traversal vulnerability in the routing component in ownCloud Server before 5.0.17 and 6.0.x before 6.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot d… | |||
| CVE-2014-2518 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Documentum WDK before 6.7SP1 P28 and 6.7SP2 before P15 allow remote attackers to hijack the authentication of arbitrary users. | |||
| CVE-2014-0641 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users. | |||
| CVE-2014-5205 | medium | — | 6.8 | 12y ago | wp-includes/pluggable.php in WordPress before 3.9.2 does not use delimiters during concatenation of action values and uid values in CSRF tokens, which makes it easier for remote attackers to bypass a… | |||
| CVE-2014-5204 | medium | — | 6.8 | 12y ago | wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote atta… | |||
| CVE-2014-0969 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0-FP5 and InfoSphere Master Data Manageme… | |||
| CVE-2014-1390 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1389 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1388 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1387 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1386 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1385 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1384 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-3509 | medium | — | 6.8 | 12y ago | Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL … | |||
| CVE-2014-3337 | medium | — | 6.8 | 12y ago | The SIP implementation in Cisco Unified Communications Manager (CM) 8.6(.2) and earlier allows remote authenticated users to cause a denial of service (process crash) via a crafted SIP message that i… | |||
| CVE-2014-4061 | medium | — | 6.8 | 12y ago | Microsoft SQL Server 2008 SP3, 2008 R2 SP2, and 2012 SP1 does not properly control use of stack memory for processing of T-SQL batch commands, which allows remote authenticated users to cause a denia… | |||
| CVE-2014-4060 | medium | — | 6.8 | 12y ago | Use-after-free vulnerability in MCPlayer.dll in Microsoft Windows Media Center TV Pack for Windows Vista, Windows 7 SP1, and Windows Media Center for Windows 8 and 8.1 allows remote attackers to exec… | |||
| CVE-2014-2819 | medium | — | 6.8 | 12y ago | Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." | |||
| CVE-2014-5199 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the WordPress File Upload plugin (wp-file-upload) before 2.4.2 for WordPress allows remote attackers to hijack the authentication of administrators … | |||
| CVE-2014-4647 | medium | — | 6.8 | 12y ago | Stack-based buffer overflow in the loadExtensionFactory method in the TSVisualization ActiveX control in Embarcadero ER/Studio Data Architect allows remote attackers to execute arbitrary code via uns… | |||
| CVE-2014-3459 | medium | — | 6.8 | 12y ago | Heap-based buffer overflow in SolarWinds Network Configuration Manager (NCM) before 7.3 allows remote attackers to execute arbitrary code via the PEstrarg1 property. | |||
| CVE-2014-0479 | medium | — | 6.8 | 12y ago | reportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 allows remote attackers to execute arbitrary commands via vectors related to compare_versions and reportbug/checkversions.py. | |||
| CVE-2014-3554 | medium | — | 6.8 | 12y ago | Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp allows remote routers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS Search List (DNSSL)… | |||
| CVE-2014-3896 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in CGI programs in Seeds acmailer before 3.8.17 and 3.9.x before 3.9.10 Beta allow remote attackers to hijack the authentication of arbitrar… | |||
| CVE-2014-4909 | medium | — | 6.8 | 12y ago | Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via … | |||
| CVE-2014-0475 | medium | — | 6.8 | 12y ago | Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecifie… | |||
| CVE-2014-2974 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in php/user_account.php in Silver Peak VX through 6.2.4 allows remote attackers to hijack the authentication of administrators for requests that create… | |||
| CVE-2014-3305 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of unspecified victims… | |||
| CVE-2014-4686 | medium | — | 6.8 | 12y ago | The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive infor… | |||
| CVE-2014-3518 | medium | — | 6.8 | 12y ago | jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platfor… | |||
| CVE-2014-3160 | medium | — | 6.8 | 12y ago | The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG… | |||
| CVE-2014-4267 | medium | — | 6.8 | 12y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, … | |||
| CVE-2014-4255 | medium | — | 6.8 | 12y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availa… | |||
| CVE-2014-4254 | medium | — | 6.8 | 12y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availa… | |||
| CVE-2014-2481 | medium | — | 6.8 | 12y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, … | |||
| CVE-2014-2480 | medium | — | 6.8 | 12y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, … | |||
| CVE-2014-2479 | medium | — | 6.8 | 12y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, … | |||
| CVE-2014-3319 | medium | — | 6.8 | 12y ago | Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted … | |||
| CVE-2014-3891 | medium | — | 6.8 | 12y ago | Buffer overflow in RimArts Becky! Internet Mail before 2.68 allows remote POP3 servers to execute arbitrary code via a crafted response. | |||
| CVE-2014-2510 | medium | — | 6.8 | 12y ago | The JAXB XML parser in EMC Documentum Foundation Services (DFS) 6.6 before P39, 6.7 SP1 before P28, and 6.7 SP2 before P15, as used in My Documentum for Desktop, My Documentum for Microsoft Outlook, … | |||
| CVE-2014-4646 | medium | — | 6.8 | 12y ago | Buffer overflow in the FPDFBookmark_GetTitle method in Foxit PDF SDK DLL before 3.1.1.5005 allows context-dependent attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2014-0248 | medium | — | 6.8 | 12y ago | org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote at… | |||
| CVE-2014-0867 | medium | — | 6.8 | 12y ago | rcore6/main/addcookie.jsp in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to create or modify cookies via the query s… | |||
| CVE-2014-3920 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in Kanboard before 1.0.6 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a save… | |||
| CVE-2014-4614 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Piwigo before 2.6.2 allow remote attackers to hijack the authentication of administrators for requests that use the (1) pwg.groups.addUse… | |||
| CVE-2014-4691 | medium | — | 6.8 | 12y ago | Session fixation vulnerability in pfSense before 2.1.4 allows remote attackers to hijack web sessions via a firewall login cookie. | |||
| CVE-2014-3307 | medium | — | 6.8 | 12y ago | The DHCP client implementation in Universal Small Cell firmware on Cisco Small Cell products allows remote attackers to execute arbitrary commands via crafted DHCP messages, aka Bug ID CSCup47513. | |||
| CVE-2014-4668 | medium | — | 6.8 | 12y ago | The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attac… | |||
| CVE-2014-1382 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (m… | |||
| CVE-2014-1370 | medium | — | 6.8 | 12y ago | The byte-swapping implementation in copyfile in Apple OS X before 10.9.4 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application cr… | |||
| CVE-2014-1368 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (m… | |||
| CVE-2014-1367 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (m… | |||
| CVE-2014-1366 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (m… | |||
| CVE-2014-1365 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (m… | |||
| CVE-2014-1364 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (m… | |||
| CVE-2014-1363 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (m… | |||
| CVE-2014-1362 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (m… | |||
| CVE-2014-1354 | medium | — | 6.8 | 12y ago | CoreGraphics in Apple iOS before 7.1.2 does not properly restrict allocation of stack memory for processing of XBM images, which allows remote attackers to execute arbitrary code or cause a denial of… | |||
| CVE-2014-1349 | medium | — | 6.8 | 12y ago | Use-after-free vulnerability in Safari in Apple iOS before 7.1.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an invalid URL. | |||
| CVE-2014-1340 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.5 and 7.x before 7.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1325 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (m… | |||
| CVE-2014-3881 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in Intercom Web Kyukincho 3.x before 3.0.030 allows remote attackers to hijack the authentication of arbitrary users. | |||
| CVE-2014-3882 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Login rebuilder plugin before 1.2.0 for WordPress allows remote attackers to hijack the authentication of arbitrary users. | |||
| CVE-2014-3299 | medium | — | 6.8 | 12y ago | Cisco IOS allows remote authenticated users to cause a denial of service (device reload) via malformed IPsec packets, aka Bug ID CSCui79745. | |||
| CVE-2014-2005 | medium | 6.8 | 6.8 | 12y ago | Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically… | |||
| CVE-2014-3883 | medium | — | 6.8 | 12y ago | Usermin before 1.600 allows remote attackers to execute arbitrary operating-system commands via unspecified vectors related to a user action. | |||
| CVE-2014-4333 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that co… | |||
| CVE-2014-4188 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote… | |||
| CVE-2014-3850 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Member Approval plugin 131109 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plug… | |||
| CVE-2014-1542 | medium | — | 6.8 | 12y ago | Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel… | |||
| CVE-2014-3836 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud Server before 6.0.3 allow remote attackers to hijack the authentication of users for requests that (1) conduct cross-site script… | |||
| CVE-2014-3466 | medium | — | 6.8 | 12y ago | Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (me… | |||
| CVE-2014-2720 | medium | — | 6.8 | 12y ago | IZArc 4.1.8 displays a file's name on the basis of a ZIP archive's Central Directory entry, but launches this file on the basis of a ZIP archive's local file header, which allows user-assisted remote… | |||
| CVE-2014-0214 | medium | — | 6.8 | 12y ago | Moodle creates a MoodleMobile web-service token with an infinite lifetime |