CVEs from 2014
Total
7,871
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-9476 | medium | — | 5.0 | 12y ago | MediaWiki 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote attackers to bypass CORS restrictions in $wgCrossSiteAJAXdomains via a domain that has a partial match to a… | |||
| CVE-2014-6383 | medium | — | 5.0 | 12y ago | The stateless firewall in Juniper Junos 13.3R3, 14.1R1, and 14.1R2, when using Trio-based PFE modules, does not properly match ports, which might allow remote attackers to bypass firewall rule. | |||
| CVE-2014-8034 | medium | — | 5.0 | 12y ago | Cisco WebEx Meetings Server 1.5 presents the same CAPTCHA challenge for each login attempt, which makes it easier for remote attackers to obtain access via a brute-force approach of guessing username… | |||
| CVE-2014-9593 | medium | — | 5.0 | 12y ago | Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call. | |||
| CVE-2014-8738 | medium | — | 5.0 | 12y ago | The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a… | |||
| CVE-2014-0171 | medium | — | 5.0 | 12y ago | XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in Odata4j, as used in Red Hat JBoss Data Virtualization before 6.0.0 patch 4, allows remote attackers to read arbitrary files via a… | |||
| CVE-2014-3314 | medium | — | 5.0 | 12y ago | Cisco AnyConnect on Android and OS X does not properly verify the host type, which allows remote attackers to spoof authentication forms and possibly capture credentials via unspecified vectors, aka … | |||
| CVE-2014-8640 | medium | — | 5.0 | 12y ago | The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline ope… | |||
| CVE-2014-8637 | medium | — | 5.0 | 12y ago | Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly initialize memory for BMP images, which allows remote attackers to obtain sensitive information from process memory via a crafted… | |||
| CVE-2014-100033 | medium | — | 5.0 | 12y ago | Directory traversal vulnerability in LicensePal ArcticDesk before 1.2.5 allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2014-10026 | medium | — | 5.0 | 12y ago | index.cgi in D-Link DAP-1360 with firmware 2.5.4 and earlier allows remote attackers to bypass authentication and obtain sensitive information by setting the client_login cookie to admin. | |||
| CVE-2014-10022 | medium | — | 5.0 | 12y ago | Apache Traffic Server before 5.1.2 allows remote attackers to cause a denial of service via unspecified vectors, related to internal buffer sizing. | |||
| CVE-2014-10005 | medium | — | 5.0 | 12y ago | Maian Uploader 4.0 allows remote attackers to obtain sensitive information via a request without the height parameter to load_flv.js.php, which reveals the installation path in an error message. | |||
| CVE-2014-10002 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensitive information via unknown vectors. | |||
| CVE-2014-100009 | medium | — | 5.0 | 12y ago | The Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 and earlier for WordPress allows remote attackers to obtain the installation path via a request to (1) functions.php,… | |||
| CVE-2014-8036 | medium | — | 5.0 | 12y ago | The outlookpa component in Cisco WebEx Meetings Server does not properly validate API input, which allows remote attackers to modify a meeting's invite list via a crafted URL, aka Bug ID CSCuj40254. | |||
| CVE-2014-8035 | medium | — | 5.0 | 12y ago | The web framework in Cisco WebEx Meetings Server produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts… | |||
| CVE-2014-8020 | medium | — | 5.0 | 12y ago | Cisco Unified Communication Domain Manager Platform Software allows remote attackers to cause a denial of service (CPU consumption, and performance degradation or service outage) via a flood of malfo… | |||
| CVE-2014-6199 | medium | — | 5.0 | 12y ago | The HTTP Server Adapter in IBM Sterling B2B Integrator 5.1 and 5.2.x and Sterling File Gateway 2.1 and 2.2 allows remote attackers to cause a denial of service (connection-slot exhaustion) via a craf… | |||
| CVE-2014-8275 | medium | — | 5.0 | 12y ago | OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-… | |||
| CVE-2014-8033 | medium | — | 5.0 | 12y ago | The play/modules component in Cisco WebEx Meetings Server allows remote attackers to obtain administrator access via crafted API requests, aka Bug ID CSCuj40421. | |||
| CVE-2014-3572 | medium | — | 5.0 | 12y ago | The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigge… | |||
| CVE-2014-3571 | medium | — | 5.0 | 12y ago | OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message t… | |||
| CVE-2014-3570 | medium | — | 5.0 | 12y ago | The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attac… | |||
| CVE-2014-9579 | medium | — | 5.0 | 12y ago | VDG Security SENSE (formerly DIVA) 2.3.13 stores administrator credentials in cleartext, which allows attackers to obtain sensitive information by reading the plugin configuration files. | |||
| CVE-2014-9578 | medium | — | 5.0 | 12y ago | VDG Security SENSE (formerly DIVA) 2.3.13 performs authentication with a password hash instead of a password, which allows remote attackers to gain login access by leveraging knowledge of a password … | |||
| CVE-2014-9576 | medium | — | 5.0 | 12y ago | VDG Security SENSE (formerly DIVA) 2.3.13 has a hardcoded password of (1) ArpaRomaWi for the root Postgres account and !DVService for the (2) postgres and (3) NTP Windows user accounts, which allows … | |||
| CVE-2014-9221 | medium | — | 5.0 | 12y ago | strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) g… | |||
| CVE-2014-4639 | medium | — | 5.0 | 12y ago | EMC Documentum Web Development Kit (WDK) before 6.8 does not properly generate random numbers for a certain parameter related to Webtop components, which makes it easier for remote attackers to condu… | |||
| CVE-2014-4638 | medium | — | 5.0 | 12y ago | EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to conduct frame-injection attacks and obtain sensitive information via unspecified vectors. | |||
| CVE-2014-9527 | medium | — | 5.0 | 12y ago | Loop with Unreachable Exit Condition in Apache POI | |||
| CVE-2014-9452 | medium | — | 5.0 | 12y ago | Directory traversal vulnerability in VDG Security SENSE (formerly DIVA) 2.3.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI to images/. | |||
| CVE-2014-9449 | medium | — | 5.0 | 12y ago | Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file. | |||
| CVE-2014-2224 | medium | — | 5.0 | 12y ago | Plogger 1.0 RC1 and earlier, when the Lucid theme is used, does not assign new values for certain codes, which makes it easier for remote attackers to bypass the CAPTCHA protection mechanism via a se… | |||
| CVE-2014-8132 | medium | — | 5.0 | 12y ago | Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet. | |||
| CVE-2014-6229 | medium | — | 5.0 | 12y ago | The HashContext class in hphp/runtime/ext/ext_hash.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 incorrectly expects that a certain key string uses '\0' for termination, which allows rem… | |||
| CVE-2014-5386 | medium | — | 5.0 | 12y ago | The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 does not seed the random number generator, which makes it easier for rem… | |||
| CVE-2014-2209 | medium | — | 5.0 | 12y ago | Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypa… | |||
| CVE-2014-1449 | medium | — | 5.0 | 12y ago | The Maxthon Cloud Browser application before 4.1.6.2000 for Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses the history API. | |||
| CVE-2014-3971 | medium | — | 5.0 | 12y ago | The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash) … | |||
| CVE-2014-3569 | medium | — | 5.0 | 12y ago | The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denia… | |||
| CVE-2014-8017 | medium | — | 5.0 | 12y ago | The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption passwords via a crafted request that triggers inclusion of a password in a re… | |||
| CVE-2014-9296 | medium | — | 5.0 | 12y ago | The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended associ… | |||
| CVE-2014-8019 | medium | — | 5.0 | 12y ago | Directory traversal vulnerability in Cisco Enterprise Content Delivery System (ECDS) allows remote attackers to read arbitrary files via a crafted URL, aka Bug ID CSCuo90148. | |||
| CVE-2014-9408 | medium | — | 5.0 | 12y ago | Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 uses part of the MAC address as part of the RC4 setup key, which makes it … | |||
| CVE-2014-9381 | medium | — | 5.0 | 12y ago | Integer signedness error in the dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service (crash) via a crafted password, which triggers a l… | |||
| CVE-2014-9380 | medium | — | 5.0 | 12y ago | The dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a packet containing only a CVS_LOGIN signature. | |||
| CVE-2014-8875 | medium | — | 5.0 | 12y ago | The XML_RPC_cd function in lib/pear/XML/RPC.php in Revive Adserver before 3.0.6 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted XML-RPC request, aka an… | |||
| CVE-2014-8016 | medium | — | 5.0 | 12y ago | The Cisco IronPort Email Security Appliance (ESA) allows remote attackers to cause a denial of service (CPU consumption) via long Subject headers in e-mail messages, aka Bug ID CSCzv93864. | |||
| CVE-2014-8014 | medium | — | 5.0 | 12y ago | Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCub63710. | |||
| CVE-2014-6164 | medium | — | 5.0 | 12y ago | IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4 allows remote attackers to spoof OpenID and OpenID Connect cookies, and consequently obtain sensitive information, via … | |||
| CVE-2014-6088 | medium | — | 5.0 | 12y ago | IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to obtain sensitive information by sniffi… | |||
| CVE-2014-6087 | medium | — | 5.0 | 12y ago | IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 make it easier for remote attackers to obtain sensitive informat… | |||
| CVE-2014-6086 | medium | — | 5.0 | 12y ago | IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not ensure that HTTPS is used, which allows remote attackers … | |||
| CVE-2014-6084 | medium | — | 5.0 | 12y ago | IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 make it easier for remote attackers to obtain sensitive informat… | |||
| CVE-2014-6083 | medium | — | 5.0 | 12y ago | IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to obtain sensitive cookie information by… | |||
| CVE-2014-6078 | medium | — | 5.0 | 12y ago | IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not have a lockout period after invalid login attempts, which… | |||
| CVE-2014-8108 | medium | — | 5.0 | 12y ago | The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) v… | |||
| CVE-2014-3580 | medium | — | 5.0 | 12y ago | The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server cra… | |||
| CVE-2014-9388 | medium | — | 5.0 | 12y ago | bug_report.php in MantisBT before 1.2.18 allows remote attackers to assign arbitrary issues via the handler_id parameter. | |||
| CVE-2014-8553 | medium | — | 5.0 | 12y ago | The mci_account_get_array_by_id function in api/soap/mc_account_api.php in MantisBT before 1.2.18 allows remote attackers to obtain sensitive information via a (1) mc_project_get_users, (2) mc_issue_… | |||
| CVE-2014-8117 | medium | — | 5.0 | 12y ago | softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. | |||
| CVE-2014-8116 | medium | — | 5.0 | 12y ago | The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid … | |||
| CVE-2014-7880 | medium | — | 5.0 | 12y ago | Multiple unspecified vulnerabilities in the POP implementation in HP OpenVMS TCP/IP 5.7 before ECO5 allow remote attackers to cause a denial of service via unspecified vectors. | |||
| CVE-2014-9323 | medium | — | 5.0 | 12y ago | The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via a… | |||
| CVE-2014-8964 | medium | — | 5.0 | 12y ago | Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an asser… | |||
| CVE-2014-9251 | medium | — | 5.0 | 12y ago | Zenoss Core through 5 Beta 3 uses a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack on hash values in the d… | |||
| CVE-2014-9250 | medium | — | 5.0 | 12y ago | Zenoss Core through 5 Beta 3 does not include the HTTPOnly flag in a Set-Cookie header for the authentication cookie, which makes it easier for remote attackers to obtain credential information via s… | |||
| CVE-2014-9248 | medium | — | 5.0 | 12y ago | Zenoss Core through 5 Beta 3 does not require complex passwords, which makes it easier for remote attackers to obtain access via a brute-force attack, aka ZEN-15406. | |||
| CVE-2014-9245 | medium | — | 5.0 | 12y ago | Zenoss Core through 5 Beta 3 allows remote attackers to obtain sensitive information by attempting a product-rename action with an invalid new name and then reading a stack trace, as demonstrated by … | |||
| CVE-2014-6259 | medium | — | 5.0 | 12y ago | Zenoss Core through 5 Beta 3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML docu… | |||
| CVE-2014-6258 | medium | — | 5.0 | 12y ago | An unspecified endpoint in Zenoss Core through 5 Beta 3 allows remote attackers to cause a denial of service (CPU consumption) by triggering an arbitrary regular-expression match attempt, aka ZEN-154… | |||
| CVE-2014-6257 | medium | — | 5.0 | 12y ago | Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions by using a web-endpoint URL to invoke an object helper method, aka ZEN-15407. | |||
| CVE-2014-6053 | medium | — | 5.0 | 12y ago | The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows r… | |||
| CVE-2014-3583 | medium | — | 5.0 | 12y ago | The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon c… | |||
| CVE-2014-9374 | medium | — | 5.0 | 12y ago | Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 befor… | |||
| CVE-2014-8124 | medium | — | 5.0 | 12y ago | OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause… | |||
| CVE-2014-6408 | medium | — | 5.0 | 12y ago | Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image. | |||
| CVE-2014-7250 | medium | — | 5.0 | 12y ago | The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of… | |||
| CVE-2014-6114 | medium | — | 5.0 | 12y ago | The Hosted Transparent Decision Service in the Rule Execution Server in IBM WebSphere ILOG JRules 7.1 before MP1 FP5 IF43; WebSphere Operational Decision Management 7.5 before FP3 IF41; and Operation… | |||
| CVE-2014-6355 | medium | — | 5.0 | 12y ago | The Graphics Component in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows… | |||
| CVE-2014-6328 | medium | — | 5.0 | 12y ago | Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka "Internet Explorer XSS Filter Bypass Vulnerabi… | |||
| CVE-2014-6319 | medium | — | 5.0 | 12y ago | Outlook Web App (OWA) in Microsoft Exchange Server 2007 SP3, 2010 SP3, and 2013 SP1 and Cumulative Update 6 does not properly validate tokens in requests, which allows remote attackers to spoof the o… | |||
| CVE-2014-9166 | medium | — | 5.0 | 12y ago | Adobe ColdFusion 10 before Update 15 and 11 before Update 3 allows attackers to cause a denial of service (resource consumption) via unspecified vectors. | |||
| CVE-2014-8453 | medium | — | 5.0 | 12y ago | Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors. | |||
| CVE-2014-8452 | medium | — | 5.0 | 12y ago | Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an e… | |||
| CVE-2014-8451 | medium | — | 5.0 | 12y ago | An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a diffe… | |||
| CVE-2014-8448 | medium | — | 5.0 | 12y ago | An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a diffe… | |||
| CVE-2014-8009 | medium | — | 5.0 | 12y ago | The Management subsystem in Cisco Unified Computing System 2.1(3f) and earlier allows remote attackers to obtain sensitive information by reading log files, aka Bug ID CSCur99239. | |||
| CVE-2014-4465 | medium | — | 5.0 | 12y ago | WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an… | |||
| CVE-2014-8601 | medium | — | 5.0 | 12y ago | PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service ("performance degradations") via a large or infinite number of referrals,… | |||
| CVE-2014-7807 | medium | — | 5.0 | 12y ago | Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind. | |||
| CVE-2014-9319 | medium | — | 5.0 | 12y ago | The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds acc… | |||
| CVE-2014-8484 | medium | — | 5.0 | 12y ago | The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record. | |||
| CVE-2014-9279 | medium | — | 5.0 | 12y ago | The print_test_result function in admin/upgrade_unattended.php in MantisBT 1.1.0a3 through 1.2.x before 1.2.18 allows remote attackers to obtain database credentials via a URL in the hostname paramet… | |||
| CVE-2014-9130 | medium | — | 5.0 | 12y ago | scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vect… | |||
| CVE-2014-9217 | medium | — | 5.0 | 12y ago | Graylog2 before 0.92 allows remote attackers to bypass LDAP authentication via crafted wildcards. | |||
| CVE-2014-4631 | medium | — | 5.0 | 12y ago | RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phon… | |||
| CVE-2014-9490 | medium | — | 5.0 | 12y ago | sentry-raven allows remote attackers to cause a denial of service via a large exponent value in a scientific number | |||
| CVE-2014-9117 | medium | — | 5.0 | 12y ago | MantisBT before 1.2.18 uses the public_key parameter value as the key to the CAPTCHA answer, which allows remote attackers to bypass the CAPTCHA protection mechanism by leveraging knowledge of a CAPT… |