CVEs from 2014
Total
7,867
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-0747 | medium | — | 6.8 | 12y ago | The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF … | |||
| CVE-2014-0745 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability subsystem in Cisco Unified Contact Center Express (Unified CCX) allows remote attackers to hijack the authentication of a… | |||
| CVE-2014-0740 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified C… | |||
| CVE-2014-0730 | medium | — | 6.8 | 12y ago | Cisco Unified Computing System (UCS) Central Software 1.1 and earlier allows local users to gain privileges via a CLI copy command in a local-mgmt context, aka Bug ID CSCul53128. | |||
| CVE-2014-0736 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote att… | |||
| CVE-2014-0080 | medium | — | 6.8 | 13y ago | SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, al… | |||
| CVE-2014-0813 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to hijack the authentication of arbitrary users for requests that modify settings. | |||
| CVE-2014-1694 | medium | — | 6.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in (1) CustomerPreferences.pm, (2) CustomerTicketMessage.pm, (3) CustomerTicketProcess.pm, and (4) CustomerTicketZoom.pm in Kernel/Modules/ … | |||
| CVE-2014-0831 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allows remote attackers to hijack the authentication of arbitrary us… | |||
| CVE-2014-0835 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify console… | |||
| CVE-2014-0751 | medium | — | 6.8 | 13y ago | The CIMPLICITY Web-based access component, CimWebServer, does not check the location of shell files being loaded into the system. By modifying the source location, an attacker could send shell code… | |||
| CVE-2014-1670 | medium | — | 6.8 | 13y ago | The Microsoft Bing application before 4.2.1 for Android allows remote attackers to install arbitrary APK files via vectors involving a crafted DNS response. | |||
| CVE-2014-0674 | medium | — | 6.8 | 13y ago | Cisco Video Surveillance Operations Manager (VSOM) does not require authentication for MySQL database connections, which allows remote attackers to obtain sensitive information, modify data, or cause… | |||
| CVE-2014-0676 | medium | — | 6.8 | 13y ago | Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367. | |||
| CVE-2014-0010 | medium | — | 6.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allo… | |||
| CVE-2014-1211 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in VMware vCloud Director 5.1.x before 5.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout. | |||
| CVE-2014-1473 | medium | — | 6.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to hijack the authentication of use… | |||
| CVE-2014-0664 | medium | — | 6.8 | 13y ago | The server in Cisco Unity Connection allows remote authenticated users to cause a denial of service (CPU consumption) via unspecified IMAP commands, aka Bug ID CSCul49976. | |||
| CVE-2014-0791 | medium | — | 6.8 | 13y ago | Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP through 1.0.2 allows remote RDP servers to cause a denial of service (application crash) or possibly h… | |||
| CVE-2014-3124 | medium | — | 6.7 | 12y ago | The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a separa… | |||
| CVE-2014-6518 | medium | — | 6.6 | 12y ago | Unspecified vulnerability in Oracle Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to Unix File System (UFS). | |||
| CVE-2014-2355 | medium | — | 6.6 | 12y ago | The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file. | |||
| CVE-2014-6602 | medium | — | 6.6 | 12y ago | Microsoft Asha OS on the Microsoft Mobile Nokia Asha 501 phone 14.0.4 allows physically proximate attackers to bypass the lock-screen protection mechanism, and read or modify contact information or d… | |||
| CVE-2014-0960 | medium | — | 6.6 | 12y ago | IBM PureApplication System 1.0 before 1.0.0.4 cfix8 and 1.1 before 1.1.0.4 IF1 allows remote authenticated users to bypass intended access restrictions by establishing an SSH session from a deployed … | |||
| CVE-2014-2172 | medium | — | 6.6 | 12y ago | Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows local users to gain privileges by leveraging improper handling of the u-boot compiler flag for interna… | |||
| CVE-2014-2408 | medium | — | 6.6 | 12y ago | Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality and integrity vi… | |||
| CVE-2014-0323 | medium | — | 6.6 | 12y ago | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windo… | |||
| CVE-2014-0106 | medium | — | 6.6 | 12y ago | Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended co… | |||
| CVE-2014-3250 | medium | 6.5 | 6.5 | 9y ago | The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certi… | |||
| CVE-2014-7813 | medium | 6.5 | 6.5 | 9y ago | Red Hat CloudForms 3 Management Engine (CFME) allows remote authenticated users to cause a denial of service (resource consumption) via vectors involving calls to the .to_sym rails function and lack … | |||
| CVE-2014-9092 | medium | 6.5 | 6.5 | 9y ago | libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker. | |||
| CVE-2014-8163 | medium | 6.5 | 6.5 | 9y ago | Directory traversal vulnerability in the XMLRPC interface in Red Hat Satellite 5. | |||
| CVE-2014-9701 | medium | 6.5 | 6.5 | 9y ago | Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter to permalink_page… | |||
| CVE-2014-8127 | medium | 6.5 | 6.5 | 9y ago | LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, … | |||
| CVE-2014-9907 | medium | 6.5 | 6.5 | 9y ago | coders/dds.c in ImageMagick allows remote attackers to cause a denial of service via a crafted DDS file. | |||
| CVE-2014-9837 | medium | 6.5 | 6.5 | 9y ago | coders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file. | |||
| CVE-2014-8354 | medium | 6.5 | 6.5 | 9y ago | The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file. | |||
| CVE-2014-9829 | medium | 6.5 | 6.5 | 9y ago | coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted sun file. | |||
| CVE-2014-9691 | medium | 6.5 | 6.5 | 9y ago | Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R… | |||
| CVE-2014-0229 | medium | 6.5 | 6.5 | 9y ago | Improper Authentication in Apache Hadoop | |||
| CVE-2014-2146 | medium | 6.5 | 6.5 | 10y ago | The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attack… | |||
| CVE-2014-8177 | medium | 6.5 | 6.5 | 10y ago | The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass the max_meta_count constraint via multiple crafted… | |||
| CVE-2014-3672 | medium | 6.5 | 6.5 | 10y ago | The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr. | |||
| CVE-2014-9655 | medium | 6.5 | 6.5 | 10y ago | The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via … | |||
| CVE-2014-9752 | medium | — | 6.5 | 11y ago | Unrestricted file upload vulnerability in mods/_core/properties/lib/course.inc.php in ATutor before 2.2 patch 6 allows remote authenticated users to execute arbitrary PHP code by uploading a file wit… | |||
| CVE-2014-9229 | medium | — | 6.5 | 11y ago | Multiple SQL injection vulnerabilities in interface PHP scripts in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow remote authenticated users to execute arbitrary SQL … | |||
| CVE-2014-2130 | medium | — | 6.5 | 11y ago | Cisco Secure Access Control Server (ACS) provides an unintentional administration web interface based on Apache Tomcat, which allows remote authenticated users to modify application files and configu… | |||
| CVE-2014-8115 | medium | — | 6.5 | 11y ago | The default authorization constrains in KIE Workbench 6.0.x allows remote authenticated users to read or write to arbitrary files, bypass intended access restrictions, and possibly have other unspeci… | |||
| CVE-2014-8630 | medium | — | 6.5 | 12y ago | Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcompon… | |||
| CVE-2014-7269 | medium | — | 6.5 | 12y ago | ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N6… | |||
| CVE-2014-6578 | medium | — | 6.5 | 12y ago | Unspecified vulnerability in the Workspace Manager component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrit… | |||
| CVE-2014-6480 | medium | — | 6.5 | 12y ago | Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.1 allows local users to affect confidentiality, integrity, and availability via unknown vecto… | |||
| CVE-2014-7814 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 allows remote authenticated users to execute arbitrary SQL commands via a crafted REST API request to an SQL filter. | |||
| CVE-2014-9595 | medium | — | 6.5 | 12y ago | Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspeci… | |||
| CVE-2014-9594 | medium | — | 6.5 | 12y ago | Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspeci… | |||
| CVE-2014-8027 | medium | — | 6.5 | 12y ago | The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via … | |||
| CVE-2014-9442 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the q parameter in a … | |||
| CVE-2014-9185 | medium | — | 6.5 | 12y ago | Static code injection vulnerability in install.php in Morfy CMS 1.05 allows remote authenticated users to inject arbitrary PHP code into config.php via the site_url parameter. | |||
| CVE-2014-6080 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote authenticated users… | |||
| CVE-2014-4844 | medium | — | 6.5 | 12y ago | The import/export functionality in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 allows remote authenticated users to bypass intended access… | |||
| CVE-2014-8248 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote authenticated users to execute arbitrary SQL commands via a crafted query. | |||
| CVE-2014-8010 | medium | — | 6.5 | 12y ago | The web framework in Cisco Unified Communications Domain Manager 8 allows remote authenticated administrators to execute arbitrary OS commands via crafted values, aka Bug ID CSCuq50205. | |||
| CVE-2014-8103 | medium | — | 6.5 | 12y ago | X.Org Server (aka xserver and xorg-server) 1.15.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitra… | |||
| CVE-2014-8102 | medium | — | 6.5 | 12y ago | The SProcXFixesSelectSelectionInput function in the XFixes extension in X.Org X Window System (aka X11 or X) X11R6.8.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authe… | |||
| CVE-2014-8101 | medium | — | 6.5 | 12y ago | The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of… | |||
| CVE-2014-8100 | medium | — | 6.5 | 12y ago | The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial o… | |||
| CVE-2014-8099 | medium | — | 6.5 | 12y ago | The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial o… | |||
| CVE-2014-8098 | medium | — | 6.5 | 12y ago | The GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of ser… | |||
| CVE-2014-8097 | medium | — | 6.5 | 12y ago | The DBE extension in X.Org X Window System (aka X11 or X) X11R6.1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-b… | |||
| CVE-2014-8096 | medium | — | 6.5 | 12y ago | The SProcXCMiscGetXIDList function in the XC-MISC extension in X.Org X Window System (aka X11 or X) X11R6.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated us… | |||
| CVE-2014-8095 | medium | — | 6.5 | 12y ago | The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-… | |||
| CVE-2014-8094 | medium | — | 6.5 | 12y ago | Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserver and xorg-server) 1.7.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a… | |||
| CVE-2014-8093 | medium | — | 6.5 | 12y ago | Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated u… | |||
| CVE-2014-8092 | medium | — | 6.5 | 12y ago | Multiple integer overflows in X.Org X Window System (aka X11 or X) X11R1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (cr… | |||
| CVE-2014-8789 | medium | — | 6.5 | 12y ago | GleamTech FileVista before 6.1 allows remote authenticated users to create arbitrary files and possibly execute arbitrary code via a crafted path in a zip archive, which is not properly handled durin… | |||
| CVE-2014-8959 | medium | — | 6.5 | 12y ago | Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authentica… | |||
| CVE-2014-9102 | medium | — | 6.5 | 12y ago | Multiple SQL injection vulnerabilities in the Kunena component before 3.0.6 for Joomla! allow remote authenticated users to execute arbitrary SQL commands via the index value in an array parameter, a… | |||
| CVE-2014-8558 | medium | — | 6.5 | 12y ago | JExperts Channel Platform 5.0.33_CCB allows remote authenticated users to bypass access restrictions via crafted action and key parameters. | |||
| CVE-2014-8417 | medium | — | 6.5 | 12y ago | ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vecto… | |||
| CVE-2014-7871 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API c… | |||
| CVE-2014-7137 | medium | — | 6.5 | 12y ago | Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM before 3.6.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) contactid parameter in an addcontact action, (2)… | |||
| CVE-2014-8999 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in htdocs/modules/system/admin.php in XOOPS before 2.5.7 Final allows remote authenticated users to execute arbitrary SQL commands via the selgroups parameter. | |||
| CVE-2014-0233 | medium | — | 6.5 | 12y ago | Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartr… | |||
| CVE-2014-7959 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the t… | |||
| CVE-2014-5387 | medium | — | 6.5 | 12y ago | Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] paramet… | |||
| CVE-2014-0204 | medium | — | 6.5 | 12y ago | OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges th… | |||
| CVE-2014-8334 | medium | — | 6.5 | 12y ago | The WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) $backup['filepath'] (aka … | |||
| CVE-2014-3366 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka… | |||
| CVE-2014-8531 | medium | — | 6.5 | 12y ago | The TLS/SSL Server in McAfee Network Data Loss Prevention (NDLP) before 9.3 uses weak cipher algorithms, which makes it easier for remote authenticated users to execute arbitrary code via unspecified… | |||
| CVE-2014-4808 | medium | — | 6.5 | 12y ago | Unspecified vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 allows remote authe… | |||
| CVE-2014-3520 | medium | — | 6.5 | 12y ago | OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has … | |||
| CVE-2014-4833 | medium | — | 6.5 | 12y ago | IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote authenticated users to gain privileges via invalid input. | |||
| CVE-2014-3573 | medium | — | 6.5 | 12y ago | The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, uses an "insecure DocumentBuilderFactory," which allows remote attackers to read arbitrary files or… | |||
| CVE-2014-6283 | medium | — | 6.5 | 12y ago | SAP Adaptive Server Enterprise (ASE) 15.7 before SP122 or SP63, 15.5 before ESD#5.4, and 15.0.3 before ESD#4.4 does not properly restrict access, which allows remote authenticated database users to (… | |||
| CVE-2014-2062 | medium | — | 6.5 | 12y ago | Jenkins does not invalidate the API token when a user is deleted | |||
| CVE-2014-2058 | medium | — | 6.5 | 12y ago | Jenkins allows attackers to execute arbitrary jobs | |||
| CVE-2014-6555 | medium | — | 6.5 | 12y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related… | |||
| CVE-2014-6537 | medium | — | 6.5 | 12y ago | Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrit… | |||
| CVE-2014-6530 | medium | — | 6.5 | 12y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors relat… | |||
| CVE-2014-8750 | medium | — | 6.5 | 12y ago | Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance tha… |