CVEs from 2014
Total
7,871
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-3054 | medium | — | 5.8 | 12y ago | Multiple open redirect vulnerabilities in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allow remote attackers to redirect users to arbitrary web sites… | |||
| CVE-2014-1561 | medium | — | 5.8 | 12y ago | Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted JavaScri… | |||
| CVE-2014-1552 | medium | — | 5.8 | 12y ago | Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on same-or… | |||
| CVE-2014-2519 | medium | — | 5.8 | 12y ago | The default configuration of EMC RecoverPoint Appliance (RPA) 4.1 before 4.1.0.1 does not enable a firewall, which allows remote attackers to obtain potentially sensitive information about open ports… | |||
| CVE-2014-3320 | medium | — | 5.8 | 12y ago | Multiple open redirect vulnerabilities in the admin web interface in the web framework in Cisco Unified Communications Domain Manager (CDM) 8.1(.4) and earlier allow remote attackers to redirect user… | |||
| CVE-2014-4256 | medium | — | 5.8 | 12y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality and integrit… | |||
| CVE-2014-4851 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in msg.php in FoeCMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the r parameter. | |||
| CVE-2014-4696 | medium | — | 5.8 | 12y ago | Multiple open redirect vulnerabilities in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via … | |||
| CVE-2014-4695 | medium | — | 5.8 | 12y ago | Multiple open redirect vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1… | |||
| CVE-2014-4336 | medium | — | 5.8 | 12y ago | The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host n… | |||
| CVE-2014-2001 | medium | — | 5.8 | 12y ago | The East Japan Railway Company JR East Japan application before 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive inf… | |||
| CVE-2014-1651 | medium | — | 5.8 | 12y ago | SQL injection vulnerability in clientreport.php in the management console in Symantec Web Gateway (SWG) before 5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-4159 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a … | |||
| CVE-2014-3781 | medium | — | 5.8 | 12y ago | The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote attackers to bypass authentication via an empty password in an XML-RPC request. | |||
| CVE-2014-3944 | medium | — | 5.8 | 12y ago | TYPO3 Improper Session Invalidation | |||
| CVE-2014-3793 | medium | — | 5.8 | 12y ago | VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows gue… | |||
| CVE-2014-3283 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in Self-Care Client Portal applications in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier allows remote attackers to re… | |||
| CVE-2014-0878 | medium | — | 5.8 | 12y ago | The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before… | |||
| CVE-2014-0958 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to redirect u… | |||
| CVE-2014-3739 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in zport/acl_users/cookieAuthHelper/login_form in Zenoss 4.2.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in t… | |||
| CVE-2014-3750 | medium | — | 5.8 | 12y ago | The Bilyoner application before 2.3.1 for Android and before 4.6.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain se… | |||
| CVE-2014-1991 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in WebPlatform / AppFramework 6.0 through 7.2 in NTT DATA INTRAMART intra-mart allows remote attackers to redirect users to arbitrary web sites and conduct phishing attack… | |||
| CVE-2014-0116 | medium | — | 5.8 | 12y ago | ClassLoader manipulation in Apache Struts | |||
| CVE-2014-3001 | medium | — | 5.8 | 12y ago | The device file system (aka devfs) in FreeBSD 10.0 before p2 does not load default rulesets when booting, which allows context-dependent attackers to bypass intended restrictions by leveraging a jail… | |||
| CVE-2014-0363 | medium | — | 5.8 | 12y ago | The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows… | |||
| CVE-2014-2909 | medium | — | 5.8 | 12y ago | CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors. | |||
| CVE-2014-2734 | medium | — | 5.8 | 12y ago | The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby scrip… | |||
| CVE-2014-2900 | medium | — | 5.8 | 12y ago | wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate. | |||
| CVE-2014-2735 | medium | — | 5.8 | 12y ago | WinSCP before 5.5.3, when FTP with TLS is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, whic… | |||
| CVE-2014-0173 | medium | — | 5.8 | 12y ago | The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.… | |||
| CVE-2014-0460 | medium | — | 5.8 | 12y ago | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vecto… | |||
| CVE-2014-1986 | medium | — | 5.8 | 12y ago | The Content Provider in the KOKUYO CamiApp application 1.21.1 and earlier for Android allows attackers to bypass intended access restrictions and read database information via a crafted application. | |||
| CVE-2014-0139 | medium | — | 5.8 | 12y ago | cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, … | |||
| CVE-2014-1210 | medium | — | 5.8 | 12y ago | VMware vSphere Client 5.0 before Update 3 and 5.1 before Update 2 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificat… | |||
| CVE-2014-0636 | medium | — | 5.8 | 12y ago | EMC RSA BSAFE Micro Edition Suite (MES) 3.2.x before 3.2.6 and 4.0.x before 4.0.5 does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof SSL servers vi… | |||
| CVE-2014-1969 | medium | — | 5.8 | 12y ago | Directory traversal vulnerability in the apps4u@android SD Card Manager application before 20140224 for Android allows attackers to overwrite or create arbitrary files via a crafted filename. | |||
| CVE-2014-1985 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x before 2.5.1 allows remote attackers to redirect us… | |||
| CVE-2014-2583 | medium | — | 5.8 | 12y ago | Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication… | |||
| CVE-2014-0093 | medium | — | 5.8 | 12y ago | Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2, when using a Java Security Manager (JSM), does not properly apply permissions defined by a policy file, which causes applications to be gr… | |||
| CVE-2014-1895 | medium | — | 5.8 | 12y ago | Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denia… | |||
| CVE-2014-0125 | medium | — | 5.8 | 12y ago | Moodle places a session key in a URL | |||
| CVE-2014-1970 | medium | — | 5.8 | 12y ago | Directory traversal vulnerability in the ES File Explorer File Manager application before 3.0.4 for Android allows remote attackers to overwrite or create arbitrary files via unspecified vectors. | |||
| CVE-2014-1501 | medium | — | 5.8 | 12y ago | Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open Link in New Tab" menu selection. | |||
| CVE-2014-1976 | medium | — | 5.8 | 12y ago | The Demaecan application 2.1.0 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information … | |||
| CVE-2014-1975 | medium | — | 5.8 | 12y ago | Directory traversal vulnerability in the R-Company Unzipper application 1.0.1 and earlier for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename. | |||
| CVE-2014-2249 | medium | — | 5.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 and SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allows remote attack… | |||
| CVE-2014-2247 | medium | — | 5.8 | 12y ago | The integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to inject headers via unspecified vectors. | |||
| CVE-2014-1285 | medium | — | 5.8 | 12y ago | Springboard in Apple iOS before 7.1 allows physically proximate attackers to bypass intended access restrictions and read the home screen by leveraging an application crash during activation of an un… | |||
| CVE-2014-1282 | medium | — | 5.8 | 12y ago | The Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass intended configuration-profile visibility requirements via a long name. | |||
| CVE-2014-1273 | medium | — | 5.8 | 12y ago | dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library. | |||
| CVE-2014-1267 | medium | — | 5.8 | 12y ago | The Configuration Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 does not properly evaluate the expiration date of a mobile configuration profile, which allows attackers to bypass… | |||
| CVE-2014-1959 | medium | — | 5.8 | 12y ago | lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging … | |||
| CVE-2014-0092 | medium | — | 5.8 | 12y ago | lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attack… | |||
| CVE-2014-2243 | medium | — | 5.8 | 12y ago | includes/User.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 terminates validation of a user token upon encountering the first incorrect character, which m… | |||
| CVE-2014-1967 | medium | — | 5.8 | 12y ago | The Denny's application before 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a … | |||
| CVE-2014-1910 | medium | — | 5.8 | 12y ago | Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2.4.4 for Android do not verify X.509 certificates from SSL servers, which allow man-in-the-middle attackers to spoof servers and obtai… | |||
| CVE-2014-1242 | medium | — | 5.8 | 13y ago | Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, which allows man-in-the-middle attackers to spoof content by gaining control over the client-server data stream. | |||
| CVE-2014-0671 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in Cisco MediaSense allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, aka Bug ID CSCum16749. | |||
| CVE-2014-1452 | medium | — | 5.8 | 13y ago | Stack-based buffer overflow in lib/snmpagent.c in bsnmpd, as used in FreeBSD 8.3 through 10.0, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code … | |||
| CVE-2014-0403 | medium | — | 5.8 | 13y ago | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE… | |||
| CVE-2014-0375 | medium | — | 5.8 | 13y ago | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE… | |||
| CVE-2014-0805 | medium | — | 5.8 | 13y ago | Directory traversal vulnerability in the NeoFiler application 5.4.3 and earlier, NeoFiler Free application 5.4.3 and earlier, and NeoFiler Lite application 2.4.2 and earlier for Android allows attack… | |||
| CVE-2014-0804 | medium | — | 5.8 | 13y ago | Directory traversal vulnerability in the CGENE Security File Manager Pro application 1.0.6 and earlier, and Security File Manager Trial application 1.0.6 and earlier, for Android allows attackers to … | |||
| CVE-2014-0803 | medium | — | 5.8 | 13y ago | Directory traversal vulnerability in the tetra filer application 2.3.1 and earlier for Android 4.0.3, tetra filer free application 2.3.1 and earlier for Android 4.0.3, tetra filer application 1.5.1 a… | |||
| CVE-2014-0802 | medium | — | 5.8 | 13y ago | Directory traversal vulnerability in the aokitaka ZIP with Pass application 4.5.7 and earlier, and ZIP with Pass Pro application 6.3.8 and earlier, for Android allows attackers to overwrite or create… | |||
| CVE-2014-1405 | medium | — | 5.8 | 13y ago | Multiple open redirect vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via … | |||
| CVE-2014-3321 | medium | — | 5.7 | 12y ago | Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group virtual interface (BVI) routing is enabled, allows remote attackers to cause a denial of service (chip and card hangs) via a seri… | |||
| CVE-2014-3291 | medium | — | 5.7 | 12y ago | Cisco Wireless LAN Controller (WLC) devices allow remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a zero value in Cisco Discovery Protocol packet data … | |||
| CVE-2014-8612 | medium | — | 5.6 | 12y ago | Multiple array index errors in the Stream Control Transmission Protocol (SCTP) module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allow local users to (1) gain privi… | |||
| CVE-2014-4364 | medium | 5.6 | 5.6 | 12y ago | The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication… | |||
| CVE-2014-1213 | medium | — | 5.6 | 13y ago | Sophos Anti-Virus engine (SAVi) before 3.50.1, as used in VDL 4.97G 9.7.x before 9.7.9, 10.0.x before 10.0.11, and 10.3.x before 10.3.1 does not set an ACL for certain global and session objects, whi… | |||
| CVE-2014-4978 | medium | 5.5 | 5.5 | 9y ago | The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-gr… | |||
| CVE-2014-0219 | medium | 5.5 | 5.5 | 9y ago | Improper Input Validation in Apache Karaf | |||
| CVE-2014-9637 | medium | 5.5 | 5.5 | 9y ago | GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file. | |||
| CVE-2014-0146 | medium | 5.5 | 5.5 | 9y ago | The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an… | |||
| CVE-2014-0142 | medium | 5.5 | 5.5 | 9y ago | QEMU, possibly before 2.0.0, allows local users to cause a denial of service (divide-by-zero error and crash) via a zero value in the (1) tracks field to the seek_to_sector function in block/parallel… | |||
| CVE-2014-8180 | medium | 5.5 | 5.5 | 9y ago | MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service. | |||
| CVE-2014-9951 | medium | 5.5 | 5.5 | 9y ago | In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure Through Timing Discrepancy vulnerability could potentially exist. | |||
| CVE-2014-9947 | medium | 5.5 | 5.5 | 9y ago | In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure vulnerability could potentially exist. | |||
| CVE-2014-9983 | medium | 5.5 | 5.5 | 9y ago | Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained in the archive. This allows remote attackers to write to arbitrary files v… | |||
| CVE-2014-8562 | medium | 5.5 | 5.5 | 9y ago | DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read). | |||
| CVE-2014-8355 | medium | 5.5 | 5.5 | 9y ago | PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read). | |||
| CVE-2014-9818 | medium | 5.5 | 5.5 | 9y ago | ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a malformed sun file. | |||
| CVE-2014-9816 | medium | 5.5 | 5.5 | 9y ago | ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted viff file. | |||
| CVE-2014-9815 | medium | 5.5 | 5.5 | 9y ago | ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file. | |||
| CVE-2014-9814 | medium | 5.5 | 5.5 | 9y ago | ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted wpg file. | |||
| CVE-2014-9813 | medium | 5.5 | 5.5 | 9y ago | ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted viff file. | |||
| CVE-2014-9812 | medium | 5.5 | 5.5 | 9y ago | ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted ps file. | |||
| CVE-2014-9811 | medium | 5.5 | 5.5 | 9y ago | The xwd file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed xwd file. | |||
| CVE-2014-9810 | medium | 5.5 | 5.5 | 9y ago | The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed dpx file. | |||
| CVE-2014-9809 | medium | 5.5 | 5.5 | 9y ago | ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image. | |||
| CVE-2014-9808 | medium | 5.5 | 5.5 | 9y ago | ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted dpc image. | |||
| CVE-2014-9807 | medium | 5.5 | 5.5 | 9y ago | The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors. | |||
| CVE-2014-9806 | medium | 5.5 | 5.5 | 9y ago | ImageMagick allows remote attackers to cause a denial of service (file descriptor consumption) via a crafted file. | |||
| CVE-2014-9805 | medium | 5.5 | 5.5 | 9y ago | ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file. | |||
| CVE-2014-9915 | medium | 5.5 | 5.5 | 9y ago | Off-by-one error in ImageMagick before 6.6.0-4 allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM profile. | |||
| CVE-2014-9840 | medium | 5.5 | 5.5 | 9y ago | ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted palm file. | |||
| CVE-2014-9838 | medium | 5.5 | 5.5 | 9y ago | magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (crash). | |||
| CVE-2014-9836 | medium | 5.5 | 5.5 | 9y ago | ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service via a crafted xpm file. | |||
| CVE-2014-9845 | medium | 5.5 | 5.5 | 9y ago | The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file. |