CVEs from 2014
Total
7,871
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-9276 | medium | — | 5.1 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Special:ExpandedTemplates page in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgRawHTML is s… | |||
| CVE-2014-8890 | medium | — | 5.1 | 12y ago | IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 allows remote attackers to gain privileges by leveraging the combination of a servlet's deployment descriptor security constraint… | |||
| CVE-2014-4078 | medium | — | 5.1 | 12y ago | The IP Security feature in Microsoft Internet Information Services (IIS) 8.0 and 8.5 does not properly process wildcard allow and deny rules for domains within the "IP Address and Domain Restrictions… | |||
| CVE-2014-2278 | medium | — | 5.1 | 12y ago | Unrestricted file upload vulnerability in op/op.AddFile2.php in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allows remote attackers to execute arbitrary code by uploading a file with an executa… | |||
| CVE-2014-4226 | medium | — | 5.1 | 12y ago | Unspecified vulnerability in the PeopleSoft Enterprise FIN Install component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote attackers to affect confidentiality, integrity, and availability v… | |||
| CVE-2014-3311 | medium | — | 5.1 | 12y ago | Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted d… | |||
| CVE-2014-3100 | medium | — | 5.1 | 12y ago | Stack-based buffer overflow in the encode_key function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key… | |||
| CVE-2014-4049 | medium | — | 5.1 | 12y ago | Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary co… | |||
| CVE-2014-0296 | medium | — | 5.1 | 12y ago | The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly encrypt sessions, which makes it easier for … | |||
| CVE-2014-0472 | medium | — | 5.1 | 12y ago | The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Pyth… | |||
| CVE-2014-2440 | medium | — | 5.1 | 12y ago | Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via un… | |||
| CVE-2014-0419 | medium | — | 5.1 | 13y ago | Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) component in Oracle Virtualization SGD before 4.63 with December 2013 PSU, 4.71, 5.0 with December 2013 PSU, and 5.10 allows remote… | |||
| CVE-2014-0418 | medium | — | 5.1 | 13y ago | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnera… | |||
| CVE-2014-3243 | medium | — | 5.0 | 4y ago | SOAPpy 0.12.5 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted SOAP request containing… | |||
| CVE-2014-3242 | medium | — | 5.0 | 4y ago | SOAPpy 0.12.5 allows remote attackers to read arbitrary files via a SOAP request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (… | |||
| CVE-2014-2237 | medium | — | 5.0 | 4y ago | The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, d… | |||
| CVE-2014-1830 | medium | — | 5.0 | 4y ago | Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request. | |||
| CVE-2014-9756 | medium | — | 5.0 | 11y ago | The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable. | |||
| CVE-2014-8912 | medium | — | 5.0 | 11y ago | IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF18, and 8.5.0 before CF08 improperly restricts resource access, which … | |||
| CVE-2014-6449 | medium | — | 5.0 | 11y ago | Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R8, 13.3 before 13.3R7, 14.1 before 14.1R… | |||
| CVE-2014-9745 | medium | — | 5.0 | 11y ago | The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a "broken number-with-base" in a Postscript stream, as … | |||
| CVE-2014-8450 | medium | — | 5.0 | 11y ago | Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 o… | |||
| CVE-2014-0578 | medium | — | 5.0 | 11y ago | Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Ad… | |||
| CVE-2014-4875 | medium | — | 5.0 | 11y ago | CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 databas… | |||
| CVE-2014-8606 | medium | — | 5.0 | 11y ago | Directory traversal vulnerability in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to read arbitrary files via a .. (dot dot) in the file parameter in a js… | |||
| CVE-2014-7810 | medium | — | 5.0 | 11y ago | Improper Access Control in Apache Tomcat | |||
| CVE-2014-8391 | medium | — | 5.0 | 11y ago | The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users' sessions via a large number of re… | |||
| CVE-2014-8927 | medium | — | 5.0 | 11y ago | Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5… | |||
| CVE-2014-8926 | medium | — | 5.0 | 11y ago | Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5… | |||
| CVE-2014-6190 | medium | — | 5.0 | 11y ago | The log viewer in IBM Workload Deployer 3.1 before 3.1.0.7 allows remote attackers to obtain sensitive information via a direct request for the URL of a log document. | |||
| CVE-2014-1900 | medium | — | 5.0 | 11y ago | Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and Y… | |||
| CVE-2014-3598 | medium | — | 5.0 | 11y ago | The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image. | |||
| CVE-2014-6092 | medium | — | 5.0 | 11y ago | IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the s… | |||
| CVE-2014-8111 | medium | — | 5.0 | 11y ago | Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified … | |||
| CVE-2014-5032 | medium | — | 5.0 | 11y ago | GLPI before 0.84.7 does not properly restrict access to cost information, which allows remote attackers to obtain sensitive information via the cost criteria in the search bar. | |||
| CVE-2014-9708 | medium | — | 5.0 | 11y ago | Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x… | |||
| CVE-2014-9709 | medium | — | 5.0 | 11y ago | The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and applicati… | |||
| CVE-2014-9652 | medium | — | 5.0 | 11y ago | The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain strin… | |||
| CVE-2014-5427 | medium | — | 5.0 | 11y ago | Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (… | |||
| CVE-2014-8121 | medium | — | 5.0 | 11y ago | DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to … | |||
| CVE-2014-3619 | medium | — | 5.0 | 11y ago | The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a "00000000" fragment header. | |||
| CVE-2014-9687 | medium | — | 5.0 | 11y ago | eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack. | |||
| CVE-2014-8105 | medium | — | 5.0 | 11y ago | 389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information fr… | |||
| CVE-2014-9689 | medium | — | 5.0 | 11y ago | content/renderer/device_sensors/device_orientation_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate gyroscope data, which makes it easier for remote a… | |||
| CVE-2014-9283 | medium | — | 5.0 | 11y ago | The BestWebSoft Captcha plugin before 4.0.7 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors. | |||
| CVE-2014-8160 | medium | — | 5.0 | 11y ago | net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite pr… | |||
| CVE-2014-9282 | medium | — | 5.0 | 11y ago | Directory traversal vulnerability in the Speed Root Explorer application before 3.2 for Android and the Speed Explorer application before 2.2 for Android allows remote attackers to write to arbitrary… | |||
| CVE-2014-6115 | medium | — | 5.0 | 11y ago | IBM Rational Insight 1.1.1.5 allows remote attackers to bypass authentication and obtain sensitive information via a crafted request to a Jazz Reporting Service (JRS) report URL. | |||
| CVE-2014-5355 | medium | — | 5.0 | 11y ago | MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a … | |||
| CVE-2014-3578 | medium | — | 5.0 | 11y ago | Improper Limitation of a Pathname to a Restricted Directory in Spring Framework | |||
| CVE-2014-9465 | medium | — | 5.0 | 11y ago | senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a deni… | |||
| CVE-2014-9423 | medium | — | 5.0 | 11y ago | The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized inter… | |||
| CVE-2014-6304 | medium | — | 5.0 | 11y ago | The Form Controls CSS file in PNMsoft Sequence Kinetics before 7.7 allows remote attackers to obtain sensitive source-code information via unspecified vectors. | |||
| CVE-2014-6303 | medium | — | 5.0 | 11y ago | The Monitoring Administration pages in PNMsoft Sequence Kinetics before 7.7 do not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (resou… | |||
| CVE-2014-6302 | medium | — | 5.0 | 11y ago | The Monitoring Administration pages in PNMsoft Sequence Kinetics before 7.7 allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity referen… | |||
| CVE-2014-0154 | medium | — | 5.0 | 12y ago | oVirt Engine before 3.5.0 does not include the HTTPOnly flag in a Set-Cookie header for the session IDs, which makes it easier for remote attackers to obtain potentially sensitive information via scr… | |||
| CVE-2014-4781 | medium | — | 5.0 | 12y ago | The alert module in IBM InfoSphere BigInsights 2.1.2 and 3.x before 3.0.0.2 allows remote attackers to obtain sensitive Alert management-services API information via a network-tracing attack. | |||
| CVE-2014-9675 | medium | — | 5.0 | 12y ago | bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the AS… | |||
| CVE-2014-9203 | medium | — | 5.0 | 12y ago | Buffer overflow in the Field Device Tool (FDT) Frame application in the HART Device Type Manager (DTM) library, as used in MACTek Bullet DTM 1.00.0, GE Vector DTM 1.00.0, GE SVi1000 Positioner DTM 1.… | |||
| CVE-2014-9636 | medium | — | 5.0 | 12y ago | unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip arc… | |||
| CVE-2014-9048 | medium | — | 5.0 | 12y ago | The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote attackers to bypass the password-protection for shared files via the API. | |||
| CVE-2014-9046 | medium | — | 5.0 | 12y ago | The OC_Util::getUrlContent function in ownCloud Server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to read arbitrary files via a file:// protocol. | |||
| CVE-2014-9045 | medium | — | 5.0 | 12y ago | The FTP backend in user_external in ownCloud Server before 5.0.18 and 6.x before 6.0.6 allows remote attackers to bypass intended authentication requirements via a crafted password. | |||
| CVE-2014-9044 | medium | — | 5.0 | 12y ago | Asset Pipeline in ownCloud 7.x before 7.0.3 uses an MD5 hash of the absolute file paths of the original CSS and JS files as the name of the concatenated file, which allows remote attackers to obtain … | |||
| CVE-2014-9043 | medium | — | 5.0 | 12y ago | The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the p… | |||
| CVE-2014-9556 | medium | — | 5.0 | 12y ago | Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop. | |||
| CVE-2014-6170 | medium | — | 5.0 | 12y ago | The HTTPInput node in IBM WebSphere Message Broker 7.0 before 7.0.0.8 and 8.0 before 8.0.0.6 and IBM Integration Bus 9.0 before 9.0.0.4 allows remote attackers to obtain sensitive information by trig… | |||
| CVE-2014-6136 | medium | — | 5.0 | 12y ago | IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 supports unencrypted sessions, which allows remote attackers to obtain sensitive information by sniffing the network. | |||
| CVE-2014-7287 | medium | — | 5.0 | 12y ago | The key-management component in Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allows remote attackers to trigger unintended content in outbound e-mail messages via a… | |||
| CVE-2014-8839 | medium | — | 5.0 | 12y ago | Spotlight in Apple OS X before 10.10.2 does not enforce the Mail "Load remote content in messages" configuration, which allows remote attackers to discover recipient IP addresses by including an inli… | |||
| CVE-2014-8831 | medium | — | 5.0 | 12y ago | security_taskgate in Apple OS X before 10.10.2 allows attackers to read group-ACL-restricted keychain items of arbitrary apps via a crafted app with a signature from a (1) self-signed certificate or … | |||
| CVE-2014-4496 | medium | — | 5.0 | 12y ago | The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for… | |||
| CVE-2014-4491 | medium | — | 5.0 | 12y ago | The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a respo… | |||
| CVE-2014-9650 | medium | — | 5.0 | 12y ago | CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks… | |||
| CVE-2014-9640 | medium | — | 5.0 | 12y ago | oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file. | |||
| CVE-2014-9639 | medium | — | 5.0 | 12y ago | Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory ac… | |||
| CVE-2014-9638 | medium | — | 5.0 | 12y ago | oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero. | |||
| CVE-2014-7947 | medium | — | 5.0 | 12y ago | OpenJPEG before r2944, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, … | |||
| CVE-2014-7946 | medium | — | 5.0 | 12y ago | The RenderTable::simplifiedNormalFlowLayout function in core/rendering/RenderTable.cpp in Blink, as used in Google Chrome before 40.0.2214.91, skips captions during table layout in certain situations… | |||
| CVE-2014-7945 | medium | — | 5.0 | 12y ago | OpenJPEG before r2908, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, … | |||
| CVE-2014-7944 | medium | — | 5.0 | 12y ago | The sycc422_to_rgb function in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 40.0.2214.91, does not properly handle odd values of image width, which allows remote atta… | |||
| CVE-2014-7943 | medium | — | 5.0 | 12y ago | Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||
| CVE-2014-7941 | medium | — | 5.0 | 12y ago | The SelectionOwner::ProcessTarget function in ui/base/x/selection_owner.cc in the UI implementation in Google Chrome before 40.0.2214.91 uses an incorrect data type for a certain length value, which … | |||
| CVE-2014-7924 | medium | — | 5.0 | 12y ago | Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact by tri… | |||
| CVE-2014-9621 | medium | — | 5.0 | 12y ago | The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string. | |||
| CVE-2014-9620 | medium | — | 5.0 | 12y ago | The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes. | |||
| CVE-2014-8152 | medium | — | 5.0 | 12y ago | Improper Input Validation in Apache Santuario XML Security | |||
| CVE-2014-6593 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity … | |||
| CVE-2014-6582 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in the Oracle HCM Configuration Workbench component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows r… | |||
| CVE-2014-6575 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via unknown vectors related to Network, a different vulnerability than CVE-2004-0230. | |||
| CVE-2014-6569 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality via vectors … | |||
| CVE-2014-9225 | medium | — | 5.0 | 12y ago | The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows … | |||
| CVE-2014-6172 | medium | — | 5.0 | 12y ago | IBM API Management 3.0 before 3.0.4.0 IF1 allows remote attackers to obtain sensitive analytics information in an encrypted form via unspecified vectors. | |||
| CVE-2014-9494 | medium | — | 5.0 | 12y ago | RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header. | |||
| CVE-2014-9491 | medium | — | 5.0 | 12y ago | The devzvol_readdir function in illumos does not check the return value of a strchr call, which allows remote attackers to cause a denial of service (NULL pointer dereference and panic) via unspecifi… | |||
| CVE-2014-9330 | medium | — | 5.0 | 12y ago | Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) via crafted BMP image, related to dimensions, which triggers an out-of-boun… | |||
| CVE-2014-8790 | medium | — | 5.0 | 12y ago | XML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 through 3.3.x before 3.3.5 Beta 1, when in certain configurations, allows remote attackers to read arbitrary files via … | |||
| CVE-2014-3019 | medium | — | 5.0 | 12y ago | IBM BladeCenter SAS Connectivity Module (aka NSSM) and SAS RAID Module (aka RSSM) before 1.3.3.006 allow remote attackers to obtain blade and storage-pool access via a TELNET session. | |||
| CVE-2014-5418 | medium | — | 5.0 | 12y ago | GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier allow remote attackers to caus… | |||
| CVE-2014-9601 | medium | — | 5.0 | 12y ago | Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed. |