CVEs from 2014
Total
7,871
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-5429 | medium | — | 5.0 | 12y ago | DNP Master Driver 3.02 and earlier in Elipse SCADA 2.29 build 141 and earlier, E3 1.0 through 4.6, and Elipse Power 1.0 through 4.6 allows remote attackers to cause a denial of service (CPU consumpti… | |||
| CVE-2014-7259 | medium | — | 5.0 | 12y ago | SQUARE ENIX Co., Ltd. Kaku-San-Sei Million Arthur before 2.25 for Android stores "product credentials" on the SD card, which allows attackers to gain privileges via a crafted application. | |||
| CVE-2014-7243 | medium | — | 5.0 | 12y ago | LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does not restrict access to the web administration interface, which allows remote attackers to obtain sensitive information via unspecified v… | |||
| CVE-2014-9140 | medium | — | 5.0 | 12y ago | Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and earlier allows remote attackers to cause a denial of service (crash) cia a crafted PPP packet. | |||
| CVE-2014-8123 | medium | — | 5.0 | 12y ago | Buffer overflow in the bGetPPS function in wordole.c in Antiword 0.37 allows remote attackers to cause a denial of service (crash) via a crafted document. | |||
| CVE-2014-6040 | medium | — | 5.0 | 12y ago | GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function … | |||
| CVE-2014-3627 | medium | — | 5.0 | 12y ago | Improper Link Resolution Before File Access in Apache Hadoop | |||
| CVE-2014-9238 | medium | — | 5.0 | 12y ago | D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to obtain the installation path via the file parameter to cgi-bin/sddownload.cgi, as demonstrated by a / (forward slash) characte… | |||
| CVE-2014-9234 | medium | — | 5.0 | 12y ago | Directory traversal vulnerability in cgi-bin/sddownload.cgi in D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||
| CVE-2014-9018 | medium | — | 5.0 | 12y ago | Icecast before 2.4.1 transmits the output of the on-connect script, which might allow remote attackers to obtain sensitive information, related to shared file descriptors. | |||
| CVE-2014-9184 | medium | — | 5.0 | 12y ago | ZTE ZXDSL 831CII allows remote attackers to bypass authentication via a direct request to (1) main.cgi, (2) adminpasswd.cgi, (3) userpasswd.cgi, (4) upload.cgi, (5) conprocess.cgi, or (6) connect.cgi. | |||
| CVE-2014-9180 | medium | — | 5.0 | 12y ago | Open redirect vulnerability in go.php in Eleanor CMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the QUERY_STRING. | |||
| CVE-2014-9179 | medium | — | 5.0 | 12y ago | Cross-site scripting (XSS) vulnerability in the SupportEzzy Ticket System plugin 1.2.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the "URL (optional)" … | |||
| CVE-2014-9177 | medium | — | 5.0 | 12y ago | The HTML5 MP3 Player with Playlist Free plugin before 2.7 for WordPress allows remote attackers to obtain the installation path via a request to html5plus/playlist.php. | |||
| CVE-2014-9116 | medium | — | 5.0 | 12y ago | The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header … | |||
| CVE-2014-9112 | medium | — | 5.0 | 12y ago | Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive. | |||
| CVE-2014-8874 | medium | — | 5.0 | 12y ago | The ke_questionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a … | |||
| CVE-2014-3703 | medium | — | 5.0 | 12y ago | OpenStack PackStack 2012.2.1, when the Open vSwitch (OVS) monolithic plug-in is not used, does not properly set the libvirt_vif_driver configuration option when generating the nova.conf configuration… | |||
| CVE-2014-9050 | medium | — | 5.0 | 12y ago | Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.98.5 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file. | |||
| CVE-2014-8749 | medium | — | 5.0 | 12y ago | Server-side request forgery (SSRF) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests tha… | |||
| CVE-2014-2233 | medium | — | 5.0 | 12y ago | Server-side request forgery (SSRF) vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to trigger requests to intranet servers via unspecifi… | |||
| CVE-2014-2232 | medium | — | 5.0 | 12y ago | Absolute path traversal vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2014-7841 | medium | — | 5.0 | 12y ago | The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NU… | |||
| CVE-2014-3688 | medium | — | 5.0 | 12y ago | The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output q… | |||
| CVE-2014-6075 | medium | — | 5.0 | 12y ago | IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, place credentials in URLs, which allow… | |||
| CVE-2014-3407 | medium | — | 5.0 | 12y ago | The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers … | |||
| CVE-2014-5426 | medium | — | 5.0 | 12y ago | MatrikonOPC OPC Server for DNP3 1.2.3 and earlier allows remote attackers to cause a denial of service (unhandled exception and DNP3 process crash) via a crafted message. | |||
| CVE-2014-2037 | medium | — | 5.0 | 12y ago | Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists … | |||
| CVE-2014-8552 | medium | — | 5.0 | 12y ago | The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 all… | |||
| CVE-2014-8005 | medium | — | 5.0 | 12y ago | Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (process reload) by establishing … | |||
| CVE-2014-8004 | medium | — | 5.0 | 12y ago | Cisco IOS XR allows remote attackers to cause a denial of service (LISP process reload) by establishing many LISP TCP sessions, aka Bug ID CSCuq90378. | |||
| CVE-2014-8627 | medium | — | 5.0 | 12y ago | PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, which allows remote attackers to conduct downgrade attacks via unspecified vectors. | |||
| CVE-2014-8416 | medium | — | 5.0 | 12y ago | Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the res_pjsip_refer module, allows remote attackers to cause a d… | |||
| CVE-2014-8415 | medium | — | 5.0 | 12y ago | Race condition in the chan_pjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service (assertion failure and crash) vi… | |||
| CVE-2014-8414 | medium | — | 5.0 | 12y ago | ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel ha… | |||
| CVE-2014-8412 | medium | — | 5.0 | 12y ago | The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Ce… | |||
| CVE-2014-9060 | medium | — | 5.0 | 12y ago | Moodle allows attackers to trigger the generation of arbitrary messages | |||
| CVE-2014-7848 | medium | — | 5.0 | 12y ago | Moodle allows attacks to obtain sensitive information | |||
| CVE-2014-7847 | medium | — | 5.0 | 12y ago | Moodle allows attackers to cause a denial of service | |||
| CVE-2014-5325 | medium | — | 5.0 | 12y ago | Exposure of Sensitive Information to an Unauthorized Actor in Direct Web Remoting | |||
| CVE-2014-8714 | medium | — | 5.0 | 12y ago | The dissect_write_structured_field function in epan/dissectors/packet-tn5250.c in the TN5250 dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a d… | |||
| CVE-2014-8713 | medium | — | 5.0 | 12y ago | Stack-based buffer overflow in the build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote atta… | |||
| CVE-2014-8712 | medium | — | 5.0 | 12y ago | The build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 does not properly initialize a data structure, wh… | |||
| CVE-2014-8711 | medium | — | 5.0 | 12y ago | Multiple integer overflows in epan/dissectors/packet-amqp.c in the AMQP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allow remote attackers to cause a denial of service (appl… | |||
| CVE-2014-8710 | medium | — | 5.0 | 12y ago | The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service (buffer over-read … | |||
| CVE-2014-8090 | medium | — | 5.0 | 12y ago | The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption)… | |||
| CVE-2014-8000 | medium | — | 5.0 | 12y ago | Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enum… | |||
| CVE-2014-9025 | medium | — | 5.0 | 12y ago | The default checkout completion rule in the commerce_order module in the Drupal Commerce module 7.x-1.x before 7.x-1.10 for Drupal uses the email address as the username for new accounts created at c… | |||
| CVE-2014-8767 | medium | — | 5.0 | 12y ago | Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR f… | |||
| CVE-2014-3625 | medium | — | 5.0 | 12y ago | Improper Limitation of a Pathname to a Restricted Directory in Spring Framework | |||
| CVE-2014-9006 | medium | — | 5.0 | 12y ago | Monstra 3.0.1 and earlier uses a cookie to track how many login attempts have been attempted, which allows remote attackers to conduct brute force login attacks by deleting the login_attempts cookie … | |||
| CVE-2014-6622 | medium | — | 5.0 | 12y ago | Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to determine the validity of filenames via unspecified vectors. | |||
| CVE-2014-6621 | medium | — | 5.0 | 12y ago | Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not disable the troubleshooting and diagnostics page in production systems, which allows remote attackers to obtain version numbers, … | |||
| CVE-2014-7909 | medium | — | 5.0 | 12y ago | effects/SkDashPathEffect.cpp in Skia, as used in Google Chrome before 39.0.2171.65, computes a hash key using uninitialized integer values, which might allow remote attackers to cause a denial of ser… | |||
| CVE-2014-7905 | medium | — | 5.0 | 12y ago | Google Chrome before 39.0.2171.65 on Android does not prevent navigation to a URL in cases where an intent for the URL lacks CATEGORY_BROWSABLE, which allows remote attackers to bypass intended acces… | |||
| CVE-2014-7899 | medium | — | 5.0 | 12y ago | Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username s… | |||
| CVE-2014-3620 | medium | — | 5.0 | 12y ago | cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain. | |||
| CVE-2014-3613 | medium | — | 5.0 | 12y ago | cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrat… | |||
| CVE-2014-4458 | medium | — | 5.0 | 12y ago | The "System Profiler About This Mac" component in Apple OS X before 10.10.1 includes extraneous cookie data in system-model requests, which might allow remote attackers to obtain sensitive informatio… | |||
| CVE-2014-4453 | medium | — | 5.0 | 12y ago | Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to ob… | |||
| CVE-2014-6098 | medium | — | 5.0 | 12y ago | IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to discover cleartext passwords via a crafted request. | |||
| CVE-2014-6095 | medium | — | 5.0 | 12y ago | Directory traversal vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2014-5277 | medium | — | 5.0 | 12y ago | Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain auth… | |||
| CVE-2014-7829 | medium | — | 5.0 | 12y ago | Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4… | |||
| CVE-2014-3916 | medium | — | 5.0 | 12y ago | The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string. | |||
| CVE-2014-3756 | medium | — | 5.0 | 12y ago | The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is tre… | |||
| CVE-2014-3755 | medium | — | 5.0 | 12y ago | The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image… | |||
| CVE-2014-2683 | medium | — | 5.0 | 12y ago | Several Zend Products Vulnerable to XXE and XEE attacks | |||
| CVE-2014-4975 | medium | — | 5.0 | 12y ago | Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial … | |||
| CVE-2014-7815 | medium | — | 5.0 | 12y ago | The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value. | |||
| CVE-2014-8564 | medium | — | 5.0 | 12y ago | The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds… | |||
| CVE-2014-7823 | medium | — | 5.0 | 12y ago | The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML… | |||
| CVE-2014-8736 | medium | — | 5.0 | 12y ago | The Open Atrium Core module for Drupal before 7.x-2.22 allows remote attackers to bypass access restrictions and read file attachments that have been removed from a node by leveraging a previous revi… | |||
| CVE-2014-8437 | medium | — | 5.0 | 12y ago | Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe … | |||
| CVE-2014-6339 | medium | — | 5.0 | 12y ago | Microsoft Internet Explorer 8 and 9 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability." | |||
| CVE-2014-6331 | medium | — | 5.0 | 12y ago | Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, and 3.0, when a configured SAML Relying Party lacks a sign-out endpoint, does not properly process logoff actions, which makes it easi… | |||
| CVE-2014-8709 | medium | — | 5.0 | 12y ago | The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 does not properly maintain a certain tail pointer, which allows remote attackers to obtain sensitive cleartext i… | |||
| CVE-2014-2179 | medium | — | 5.0 | 12y ago | The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a … | |||
| CVE-2014-5258 | medium | — | 5.0 | 12y ago | Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter. | |||
| CVE-2014-8666 | medium | — | 5.0 | 12y ago | The User & Server configuration, InfoView refresh, user rights (BI-BIP-ADM) component in SAP Business Intellignece allows remote attackers to obtain audit event details via unspecified vectors. | |||
| CVE-2014-8665 | medium | — | 5.0 | 12y ago | The SAP Business Intelligence Development Workbench allows remote attackers to obtain sensitive information by reading unspecified files. | |||
| CVE-2014-8659 | medium | — | 5.0 | 12y ago | Directory traversal vulnerability in SAP Environment, Health, and Safety allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2014-8483 | medium | — | 5.0 | 12y ago | The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string. | |||
| CVE-2014-3710 | medium | — | 5.0 | 12y ago | The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to caus… | |||
| CVE-2014-6130 | medium | — | 5.0 | 12y ago | The IBM Notes Traveler application before 9.0.1.3 for Android lacks a warning message during selection of an HTTP session, which makes it easier for remote attackers to obtain sensitive information b… | |||
| CVE-2014-3660 | medium | — | 5.0 | 12y ago | parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU… | |||
| CVE-2014-8592 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via a crafted request. | |||
| CVE-2014-8591 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown ve… | |||
| CVE-2014-8589 | medium | — | 5.0 | 12y ago | Integer overflow in SAP Network Interface Router (SAProuter) 40.4 allows remote attackers to cause a denial of service (resource consumption) via crafted requests. | |||
| CVE-2014-8585 | medium | — | 5.0 | 12y ago | Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_do… | |||
| CVE-2014-8080 | medium | — | 5.0 | 12y ago | The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document,… | |||
| CVE-2014-3712 | medium | — | 5.0 | 12y ago | Katello allows remote attackers to cause a denial of service (memory consumption) via the (1) mode parameter in the setup_utils function in content_search_controller.rb or (2) action parameter in the… | |||
| CVE-2014-3683 | medium | — | 5.0 | 12y ago | Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this v… | |||
| CVE-2014-8495 | medium | — | 5.0 | 12y ago | Citrix XenMobile MDX Toolkit before 9.0.4, when used to wrap iOS 8 applications, does not properly encrypt cached application data, which allows context-dependent attackers to obtain sensitive inform… | |||
| CVE-2014-8082 | medium | — | 5.0 | 12y ago | lib/functions/database.class.php in TestLink before 1.9.13 allows remote attackers to obtain sensitive information via unspecified vectors, which reveals the installation path in an error message. | |||
| CVE-2014-7986 | medium | — | 5.0 | 12y ago | install/index.php in EspoCRM before 2.6.0 allows remote attackers to re-install the application via a 1 value in the installProcess parameter. | |||
| CVE-2014-7177 | medium | — | 5.0 | 12y ago | XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier allows remote authenticated users to read arbitrary files via a crafted xml document in a create action to plugins/tracker/. | |||
| CVE-2014-3623 | medium | — | 5.0 | 12y ago | Improper Authentication in Apache WSS4J | |||
| CVE-2014-3584 | medium | — | 5.0 | 12y ago | Loop with Unreachable Exit Condition in Apache CXF | |||
| CVE-2014-7819 | medium | — | 5.0 | 12y ago | Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.… |