CVEs from 2014
Total
7,867
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-5115 | medium | — | 6.0 | 12y ago | Absolute path traversal vulnerability in DirPHP 1.0 allows remote attackers to read arbitrary files via a full pathname in the phpfile parameter to index.php. | |||
| CVE-2014-3552 | medium | — | 6.0 | 12y ago | The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check whether a session ID is empty, which allows remo… | |||
| CVE-2014-3545 | medium | — | 6.0 | 12y ago | Moodle remote code execution via quiz questions | |||
| CVE-2014-5111 | medium | — | 6.0 | 12y ago | Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/aster… | |||
| CVE-2014-4684 | medium | — | 6.0 | 12y ago | The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433. | |||
| CVE-2014-4154 | medium | — | 6.0 | 12y ago | ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA passwo… | |||
| CVE-2014-3427 | medium | — | 6.0 | 12y ago | CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model paramete… | |||
| CVE-2014-4940 | medium | — | 6.0 | 12y ago | Multiple directory traversal vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/… | |||
| CVE-2014-4937 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in includes/bookx_export.php BookX plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||
| CVE-2014-4643 | medium | — | 6.0 | 12y ago | Multiple heap-based buffer overflows in the client in Core FTP LE 2.2 build 1798 allow remote FTP servers to cause a denial of service (application crash) and possibly execute arbitrary code via a lo… | |||
| CVE-2014-4306 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in logs-x.php in WebTitan before 4.04 allows remote attackers to read arbitrary files via a .. (dot dot) in the logfile parameter in a download action. | |||
| CVE-2014-3782 | medium | — | 6.0 | 12y ago | Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear before 2.6.3 allow remote authenticated users to execute arbitrary PHP code by … | |||
| CVE-2014-3048 | medium | — | 6.0 | 12y ago | Unspecified vulnerability on the IBM System Storage Virtualization Engine TS7700 allows local users to gain privileges by leveraging the TSSC service-user role to enter a crafted SSH command. | |||
| CVE-2014-0929 | medium | — | 6.0 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Profiles component in IBM Connections through 3.0.1.1 CR3 allows remote authenticated users to hijack the authentication of arbitrary users for … | |||
| CVE-2014-0961 | medium | — | 6.0 | 12y ago | Cross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity Manager (ITIM) 5.0 before 5.0.0.15 and 5.1 before 5.1.0.15 and IBM Security Identity Manager (ISIM) 6.0 before 6.0.0.2 allows re… | |||
| CVE-2014-3976 | medium | — | 6.0 | 12y ago | Buffer overflow in A10 Networks Advanced Core Operating System (ACOS) before 2.7.0-p6 and 2.7.1 before 2.7.1-P1_55 allows remote attackers to cause a denial of service (crash) and possibly execute ar… | |||
| CVE-2014-3975 | medium | — | 6.0 | 12y ago | Absolute path traversal vulnerability in filemanager.php in AuraCMS 3.0 allows remote attackers to list a directory via a full pathname in the viewdir parameter. | |||
| CVE-2014-3942 | medium | — | 6.0 | 12y ago | TYPO3 Color Picker Wizard component allows remote authenticated editors to execute arbitrary PHP code | |||
| CVE-2014-2354 | medium | — | 6.0 | 12y ago | Cogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack. | |||
| CVE-2014-0849 | medium | — | 6.0 | 12y ago | IBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to gain privileges by leveraging memb… | |||
| CVE-2014-3272 | medium | — | 6.0 | 12y ago | The Agent in Cisco Tidal Enterprise Scheduler (TES) 6.1 and earlier allows local users to gain privileges via crafted Tidal Job Buffers (TJB) parameters, aka Bug ID CSCuo33074. | |||
| CVE-2014-3848 | medium | — | 6.0 | 12y ago | The iMember360 plugin before 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to obtain database credentials via the i4w_dbinfo parameter. | |||
| CVE-2014-3783 | medium | — | 6.0 | 12y ago | SQL injection vulnerability in admin/categories.php in Dotclear before 2.6.3 allows remote authenticated users with the manage categories permission to execute arbitrary SQL commands via the categori… | |||
| CVE-2014-3806 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo Operations Manager before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the xml_path parameter. | |||
| CVE-2014-0944 | medium | — | 6.0 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows… | |||
| CVE-2014-1989 | medium | — | 6.0 | 12y ago | Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to bypass intended access restrictions and delete schedule information via unspecified API calls. | |||
| CVE-2014-1843 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Propert… | |||
| CVE-2014-1842 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar … | |||
| CVE-2014-1841 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. (dot dot… | |||
| CVE-2014-0162 | medium | — | 6.0 | 12y ago | OpenStack Image Registry and Delivery Service (Glance) Improper Input Validation vulnerability | |||
| CVE-2014-2976 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 18081. | |||
| CVE-2014-2455 | medium | — | 6.0 | 12y ago | Unspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated users to affect confidentiality, integrity, and availability via … | |||
| CVE-2014-0167 | medium | — | 6.0 | 12y ago | The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, … | |||
| CVE-2014-0105 | medium | — | 6.0 | 12y ago | The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authen… | |||
| CVE-2014-0908 | medium | — | 6.0 | 12y ago | The User Attribute implementation in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access … | |||
| CVE-2014-0634 | medium | — | 6.0 | 12y ago | EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sen… | |||
| CVE-2014-2668 | medium | — | 6.0 | 12y ago | Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids. | |||
| CVE-2014-0094 | medium | — | 6.0 | 12y ago | ClassLoader manipulation in Apache Struts | |||
| CVE-2014-2245 | medium | — | 6.0 | 12y ago | SQL injection vulnerability in the News module in CMS Made Simple (CMSMS) before 1.11.10 allows remote authenticated users with the "Modify News" permission to execute arbitrary SQL commands via the … | |||
| CVE-2014-0686 | medium | — | 6.0 | 13y ago | Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul2490… | |||
| CVE-2014-1664 | medium | — | 6.0 | 13y ago | The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens … | |||
| CVE-2014-1637 | medium | — | 6.0 | 13y ago | Command School Student Management System 1.06.01 does not properly restrict access to sw/backup/backup_ray2.php, which allows remote attackers to download a database backup via a direct request. | |||
| CVE-2014-2845 | medium | 5.9 | 5.9 | 9y ago | Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root … | |||
| CVE-2014-7242 | medium | 5.9 | 5.9 | 9y ago | The SumaHo application 3.0.0 and earlier for Android and the SumaHo "driving capability" diagnosis result transmission application 1.2.2 and earlier for Android allow man-in-the-middle attackers to s… | |||
| CVE-2014-3706 | medium | 5.9 | 5.9 | 9y ago | ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates. | |||
| CVE-2014-2903 | medium | 5.9 | 5.9 | 9y ago | CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake. | |||
| CVE-2014-9686 | medium | 5.9 | 5.9 | 9y ago | The Googlemaps plugin 3.2 and earlier for Joomla! allows remote attackers with control of a sub-domain belonging to a victim domain to cause a denial of service via the 'url' parameter to plugin_goog… | |||
| CVE-2014-8878 | medium | 5.9 | 5.9 | 9y ago | KDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote attackers to obtain sensitive information by sniffing the network. | |||
| CVE-2014-4616 | medium | 5.9 | 5.9 | 9y ago | simplejson before 2.6.1 vulnerable to array index error | |||
| CVE-2014-9920 | medium | 5.9 | 5.9 | 9y ago | Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 befor… | |||
| CVE-2014-9754 | medium | 5.9 | 5.9 | 10y ago | The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before… | |||
| CVE-2014-0868 | medium | — | 5.9 | 12y ago | RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intend… | |||
| CVE-2014-0865 | medium | — | 5.9 | 12y ago | RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intend… | |||
| CVE-2014-1322 | medium | — | 5.9 | 12y ago | The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection mecha… | |||
| CVE-2014-2534 | medium | — | 5.9 | 12y ago | /sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading "bad parameter" lines in error messages, as demonstrated by reading the ro… | |||
| CVE-2014-0759 | medium | 5.9 | 5.9 | 12y ago | Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed… | |||
| CVE-2014-8242 | medium | — | 5.8 | 11y ago | librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack. | |||
| CVE-2014-9750 | medium | — | 5.8 | 11y ago | ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemo… | |||
| CVE-2014-9737 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in the Language Switcher Dropdown module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks vi… | |||
| CVE-2014-1750 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in nokia-mapsplaces.php in the Nokia Maps & Places plugin 1.6.6 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks… | |||
| CVE-2014-9672 | medium | — | 5.8 | 12y ago | Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from pr… | |||
| CVE-2014-8918 | medium | — | 5.8 | 12y ago | IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensiti… | |||
| CVE-2014-8870 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in mobiquo/smartbanner/welcome.php in the Tapatalk (com.tapatalk.wbb4) plugin before 1.1.2 for Woltlab Burning Board 4.0 allows remote attackers to redirect users to arbit… | |||
| CVE-2014-8151 | medium | — | 5.8 | 12y ago | The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka SecureTransport) back-end for TLS, does not check if a cached TLS ses… | |||
| CVE-2014-10030 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in forums/login.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL … | |||
| CVE-2014-8029 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspe… | |||
| CVE-2014-7294 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in the logon page in NYU OpenSSO Integration 2.1 and earlier for Ex Libris Patron Directory Services (PDS) allows remote attackers to redirect users to arbitrary web sites… | |||
| CVE-2014-7193 | medium | — | 5.8 | 12y ago | CORS Token Disclosure in crumb | |||
| CVE-2014-2516 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in EMC RSA Authentication Manager 8.x before 8.1 Patch 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vect… | |||
| CVE-2014-9365 | medium | — | 5.8 | 12y ago | The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check … | |||
| CVE-2014-6316 | medium | — | 5.8 | 12y ago | core/string_api.php in MantisBT before 1.2.18 does not properly categorize URLs when running under the web root, which allows remote attackers to conduct open redirect and phishing attacks via a craf… | |||
| CVE-2014-9343 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in modules/system/controller/selectlanguage.class.php in Snowfox CMS 1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via … | |||
| CVE-2014-9292 | medium | — | 5.8 | 12y ago | Server-side request forgery (SSRF) vulnerability in proxy.php in the jRSS Widget plugin 1.2 and earlier for WordPress allows remote attackers to trigger outbound requests and enumerate open ports via… | |||
| CVE-2014-8754 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in track-click.php in the Ad-Manager plugin 1.1.2 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in … | |||
| CVE-2014-5268 | medium | — | 5.8 | 12y ago | The Fasttoggle module 7.x-1.3 and 7.x-1.4 for Drupal allows remote attackers to block or unblock an account via a crafted user status link. | |||
| CVE-2014-4831 | medium | — | 5.8 | 12y ago | IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to hijack sessi… | |||
| CVE-2014-4462 | medium | — | 5.8 | 12y ago | WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a cra… | |||
| CVE-2014-8670 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in go.php in vBulletin 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. | |||
| CVE-2014-7292 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in the Click-Through feature in Newtelligence dasBlog 2.1 (2.1.8102.813), 2.2 (2.2.8279.16125), and 2.3 (2.3.9074.18820) allows remote attackers to redirect users to arbit… | |||
| CVE-2014-2230 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL i… | |||
| CVE-2014-6535 | medium | — | 5.8 | 12y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52, 8.53, and 8.54 allows remote attackers to affect confidentiality and integrity via vec… | |||
| CVE-2014-7275 | medium | — | 5.8 | 12y ago | The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensiti… | |||
| CVE-2014-7274 | medium | — | 5.8 | 12y ago | The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in… | |||
| CVE-2014-3633 | medium | — | 5.8 | 12y ago | The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of serv… | |||
| CVE-2014-7155 | medium | — | 5.8 | 12y ago | The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service … | |||
| CVE-2014-5318 | medium | — | 5.8 | 12y ago | The jigbrowser+ application 1.8.1 and earlier for iOS allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. | |||
| CVE-2014-5392 | medium | — | 5.8 | 12y ago | XML External Entity (XXE) vulnerability in JobScheduler before 1.6.4246 and 7.x before 1.7.4241 allows remote attackers to cause a denial of service and read arbitrary files or directories via a requ… | |||
| CVE-2014-5321 | medium | — | 5.8 | 12y ago | FileMaker Pro before 13 and Pro Advanced before 13 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via … | |||
| CVE-2014-4378 | medium | — | 5.8 | 12y ago | CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted … | |||
| CVE-2014-4354 | medium | — | 5.8 | 12y ago | Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session. | |||
| CVE-2014-3908 | medium | — | 5.8 | 12y ago | The Amazon.com Kindle application before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive informat… | |||
| CVE-2014-5127 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in Innovative Interfaces Encore Discovery Solution 4.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspec… | |||
| CVE-2014-3596 | medium | — | 5.8 | 12y ago | Improper Validation of Certificates in apache axis | |||
| CVE-2014-0480 | medium | — | 5.8 | 12y ago | The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attacke… | |||
| CVE-2014-5122 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in ESRI ArcGIS for Server 10.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, related to log… | |||
| CVE-2014-3577 | medium | — | 5.8 | 12y ago | Improper Verification of Cryptographic Signature in org.apache.httpcomponents:httpclient | |||
| CVE-2014-3902 | medium | — | 5.8 | 12y ago | The CyberAgent Ameba application 3.x and 4.x before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensiti… | |||
| CVE-2014-4760 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 before 8.0.0.1 CF13, and 8.5.0 before CF01 allows rem… | |||
| CVE-2014-3302 | medium | — | 5.8 | 12y ago | user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information… | |||
| CVE-2014-5117 | medium | — | 5.8 | 12y ago | Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirm… |