CVEs from 2014
Total
7,871
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-8525 | medium | — | 5.0 | 12y ago | McAfee Network Data Loss Prevention (NDLP) before 9.3 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentiall… | |||
| CVE-2014-8524 | medium | — | 5.0 | 12y ago | McAfee Network Data Loss Prevention (NDLP) before 9.3 does not disable the autocomplete setting for the password and other fields, which allows remote attackers to obtain sensitive information via un… | |||
| CVE-2014-8520 | medium | — | 5.0 | 12y ago | McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to obtain sensitive information via vectors related to open network ports. | |||
| CVE-2014-6149 | medium | — | 5.0 | 12y ago | Directory traversal vulnerability in BIRT-viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 allows r… | |||
| CVE-2014-3698 | medium | — | 5.0 | 12y ago | The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a craft… | |||
| CVE-2014-3696 | medium | — | 5.0 | 12y ago | nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that trigge… | |||
| CVE-2014-3695 | medium | — | 5.0 | 12y ago | markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a large length value in an emoticon response. | |||
| CVE-2014-3668 | medium | — | 5.0 | 12y ago | Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows… | |||
| CVE-2014-4821 | medium | — | 5.0 | 12y ago | IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 provides different web-server error codes depend… | |||
| CVE-2014-3293 | medium | — | 5.0 | 12y ago | Cisco IOS 15.4(3)S0b on ASR901 devices makes incorrect decisions to use the CPU for IPv4 packet processing, which allows remote attackers to cause a denial of service (BGP neighbor flapping) by sendi… | |||
| CVE-2014-3955 | medium | — | 5.0 | 12y ago | routed in FreeBSD 8.4 through 10.1-RC2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RIP request from a source not on a directly connected network. | |||
| CVE-2014-3711 | medium | — | 5.0 | 12y ago | namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory exhaustion) via vectors that trigger a sandboxed process to look up a large number of nonexistent pa… | |||
| CVE-2014-0136 | medium | — | 5.0 | 12y ago | The (1) get and (2) log methods in the AgentController in Red Hat CloudForms 3.0 Management Engine (CFME) 5.x allow remote attackers to insert arbitrary text into log files via unspecified vectors. | |||
| CVE-2014-6099 | medium | — | 5.0 | 12y ago | The Change Password feature in IBM Sterling B2B Integrator 5.2.x through 5.2.4 does not have a lockout protection mechanism for invalid login requests, which makes it easier for remote attackers to o… | |||
| CVE-2014-4624 | medium | — | 5.0 | 12y ago | EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and… | |||
| CVE-2014-8760 | medium | — | 5.0 | 12y ago | ejabberd before 2.1.13 does not enforce the starttls_required setting when compression is used, which causes clients to establish connections without encryption. | |||
| CVE-2014-4766 | medium | — | 5.0 | 12y ago | IBM Sametime Classic Meeting Server 8.0.x and 8.5.x allows remote attackers to obtain sensitive information by reading an exported Record and Playback (RAP) file. | |||
| CVE-2014-8764 | medium | — | 5.0 | 12y ago | DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0) characte… | |||
| CVE-2014-8763 | medium | — | 5.0 | 12y ago | DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user … | |||
| CVE-2014-8762 | medium | — | 5.0 | 12y ago | The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter. | |||
| CVE-2014-8761 | medium | — | 5.0 | 12y ago | inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call. | |||
| CVE-2014-8088 | medium | — | 5.0 | 12y ago | Zend Access Restriction Bypass | |||
| CVE-2014-7968 | medium | — | 5.0 | 12y ago | VDSM allows remote attackers to cause a denial of service (connection blocking) by keeping an SSL connection open. | |||
| CVE-2014-6387 | medium | — | 5.0 | 12y ago | gpc_api.php in MantisBT 1.2.17 and earlier allows remote attackers to bypass authenticated via a password starting will a null byte, which triggers an unauthenticated bind. | |||
| CVE-2014-3675 | medium | — | 5.0 | 12y ago | Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet. | |||
| CVE-2014-4577 | medium | — | 5.0 | 12y ago | Absolute path traversal vulnerability in reviews.php in the WP AmASIN - The Amazon Affiliate Shop plugin 0.9.6 and earlier for WordPress allows remote attackers to read arbitrary files via a full pat… | |||
| CVE-2014-7191 | medium | — | 5.0 | 12y ago | The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (memory consumption) by using a large index value t… | |||
| CVE-2014-5425 | medium | — | 5.0 | 12y ago | IOServer before Beta2112.exe allows remote attackers to cause a denial of service (out-of-bounds read and master entry consumption) via a null DNP3 header. | |||
| CVE-2014-3381 | medium | — | 5.0 | 12y ago | The ZIP inspection engine in Cisco AsyncOS 8.5 and earlier on the Cisco Email Security Appliance (ESA) does not properly analyze ZIP archives, which allows remote attackers to bypass malware filterin… | |||
| CVE-2014-3021 | medium | — | 5.0 | 12y ago | IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 does not properly handle HTTP headers, which allows remote attackers to obtain sensitive cookie… | |||
| CVE-2014-4417 | medium | — | 5.0 | 12y ago | Safari in Apple OS X before 10.10 allows remote attackers to cause a denial of service (universal Push Notification outage) via a web site that triggers an uncaught SafariNotificationAgent exception … | |||
| CVE-2014-2064 | medium | — | 5.0 | 12y ago | Jenkins allows attackers to determine whether a user exists | |||
| CVE-2014-2061 | medium | — | 5.0 | 12y ago | Jenkin allows attackers to obtain passwords by reading the HTML source code | |||
| CVE-2014-2060 | medium | — | 5.0 | 12y ago | Jenkins allows Remote Attackers to Hijack Sessions | |||
| CVE-2014-8316 | medium | — | 5.0 | 12y ago | XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 allows remote attackers to read arbitrary files via the xmlParameter parameter in an explo… | |||
| CVE-2014-8315 | medium | — | 5.0 | 12y ago | polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 replies with different timing depending on if a connection can be made, which allows remote attackers to conduct port scanning attack… | |||
| CVE-2014-8309 | medium | — | 5.0 | 12y ago | SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which all… | |||
| CVE-2014-3679 | medium | — | 5.0 | 12y ago | Jenkins Monitoring Plugin Reveals Sensitive Information via Unspecified Pages | |||
| CVE-2014-3662 | medium | — | 5.0 | 12y ago | Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability | |||
| CVE-2014-3661 | medium | — | 5.0 | 12y ago | Jenkins Denial of Service vulnerability | |||
| CVE-2014-6519 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in Oracle Java SE 7u67 and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Hotspot. | |||
| CVE-2014-6517 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and Jrockit R27.8.3 and R28.3.3 allows remote attackers to affect confidentiality via vectors related to JAXP. | |||
| CVE-2014-6515 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment. | |||
| CVE-2014-6511 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D. | |||
| CVE-2014-6504 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, and 7u67, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Hotspot. | |||
| CVE-2014-6498 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3, 6.3.1, 6.3.2, 6.3.3, 6.3.4, and 6.3.5 allows remote attackers to affec… | |||
| CVE-2014-6490 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via vectors related to SMB server user component. | |||
| CVE-2014-6476 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527. | |||
| CVE-2014-6472 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity v… | |||
| CVE-2014-6459 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (tt… | |||
| CVE-2014-4277 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality via unknown vectors related to Automated Install Engine, a different vulnerability than CVE-2014-4… | |||
| CVE-2014-2476 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (tt… | |||
| CVE-2014-2475 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 4.63, 4.71, 5.0, and 5.1 allows remote attackers to affect availability via vectors related to SGD Pro… | |||
| CVE-2014-2474 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (tt… | |||
| CVE-2014-2473 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (tt… | |||
| CVE-2014-2472 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (tt… | |||
| CVE-2014-1829 | medium | — | 5.0 | 12y ago | Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request. | |||
| CVE-2014-1586 | medium | — | 5.0 | 12y ago | content/base/src/nsDocument.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not consider whether WebRTC video sharing is occurring, which allow… | |||
| CVE-2014-1585 | medium | — | 5.0 | 12y ago | The WebRTC video-sharing feature in dom/media/MediaManager.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not properly recognize Stop Sharing … | |||
| CVE-2014-1583 | medium | — | 5.0 | 12y ago | The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls, which allows remote attackers to bypass the Same Origin Policy via crafted API c… | |||
| CVE-2014-1580 | medium | — | 5.0 | 12y ago | Mozilla Firefox before 33.0 does not properly initialize memory for GIF images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers … | |||
| CVE-2014-3091 | medium | — | 5.0 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.1.x and 7.2.x allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2014-1572 | medium | — | 5.0 | 12y ago | The confirm_create_account function in the account-creation feature in token.cgi in Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x be… | |||
| CVE-2014-4874 | medium | — | 5.0 | 12y ago | BMC Track-It! 11.3.0.355 allows remote authenticated users to read arbitrary files by visiting the TrackItWeb/Attachment page. | |||
| CVE-2014-3581 | medium | — | 5.0 | 12y ago | The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer d… | |||
| CVE-2014-3402 | medium | — | 5.0 | 12y ago | The authentication-manager process in the web framework in Cisco Intrusion Prevention System (IPS) 7.0(8)E4 and earlier in Cisco Intrusion Detection System (IDS) does not properly manage user tokens,… | |||
| CVE-2014-3394 | medium | — | 5.0 | 12y ago | The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 before 8.2(5.50), 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) all… | |||
| CVE-2014-5298 | medium | — | 5.0 | 12y ago | FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks… | |||
| CVE-2014-3403 | medium | — | 5.0 | 12y ago | The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to spoof devices via crafted messages, aka Bug ID CSCuq2… | |||
| CVE-2014-3201 | medium | — | 5.0 | 12y ago | core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used in Google Chrome before 38.0.2125.102 on Android, does not properly handle a certain IFRAME overflow condition, which allows rem… | |||
| CVE-2014-8068 | medium | — | 5.0 | 12y ago | Adobe Digital Editions (DE) 4 does not use encryption for transmission of data to adelogs.adobe.com, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstr… | |||
| CVE-2014-7229 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x before 3.2.6, and 3.3.x before 3.3.5 allows attackers to cause a denial of service via unspecified vectors. | |||
| CVE-2014-3199 | medium | — | 5.0 | 12y ago | The wrap function in bindings/core/v8/custom/V8EventCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 38.0.2125.101, has an erroneous fallback outcome for wrapper-selection fail… | |||
| CVE-2014-3198 | medium | — | 5.0 | 12y ago | The Instance::HandleInputEvent function in pdf/instance.cc in the PDFium component in Google Chrome before 38.0.2125.101 interprets a certain -1 value as an index instead of a no-visible-page error c… | |||
| CVE-2014-3197 | medium | — | 5.0 | 12y ago | The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages… | |||
| CVE-2014-3195 | medium | — | 5.0 | 12y ago | Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of uninitialized memory and does not properly concatenate arrays of… | |||
| CVE-2014-7204 | medium | — | 5.0 | 12y ago | jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file. | |||
| CVE-2014-6603 | medium | — | 5.0 | 12y ago | The SSHParseBanner function in SSH parser (app-layer-ssh.c) in Suricata before 2.0.4 allows remote attackers to bypass SSH rules, cause a denial of service (crash), or possibly have unspecified other… | |||
| CVE-2014-3565 | medium | — | 5.0 | 12y ago | snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conv… | |||
| CVE-2014-4869 | medium | — | 5.0 | 12y ago | The Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows attackers to obtain sensitive encrypted-password information by leveraging membership in the operator group. | |||
| CVE-2014-1868 | medium | — | 5.0 | 12y ago | Moderate severity vulnerability that affects org.restlet.jse:org.restlet | |||
| CVE-2014-3657 | medium | — | 5.0 | 12y ago | The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadloc… | |||
| CVE-2014-3398 | medium | — | 5.0 | 12y ago | The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain potentially sensitive software-version information by reading the verbose response dat… | |||
| CVE-2014-7278 | medium | — | 5.0 | 12y ago | The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to cause a denial of service (persistent web-interface outage) via JavaScript co… | |||
| CVE-2014-4765 | medium | — | 5.0 | 12y ago | IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Managem… | |||
| CVE-2014-3395 | medium | — | 5.0 | 12y ago | Cisco WebEx Meetings Server (WMS) 2.5 allows remote attackers to trigger the download of arbitrary files via a crafted URL, aka Bug ID CSCup10343. | |||
| CVE-2014-4728 | medium | — | 5.0 | 12y ago | The web server in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to cause a denial of service (crash) via a long header in a GET r… | |||
| CVE-2014-6269 | medium | — | 5.0 | 12y ago | Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service (crash) via a large stream o… | |||
| CVE-2014-3558 | medium | — | 5.0 | 12y ago | Improper Authentication in Hibernate Validator | |||
| CVE-2014-3380 | medium | — | 5.0 | 12y ago | Cisco Unified Communications Domain Manager Platform Software 4.4(.3) and earlier allows remote attackers to cause a denial of service (CPU consumption) by sending crafted TCP packets quickly, aka Bu… | |||
| CVE-2014-3106 | medium | — | 5.0 | 12y ago | IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to b… | |||
| CVE-2014-3105 | medium | — | 5.0 | 12y ago | The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login at… | |||
| CVE-2014-3104 | medium | — | 5.0 | 12y ago | IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document conta… | |||
| CVE-2014-3103 | medium | — | 5.0 | 12y ago | The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes … | |||
| CVE-2014-3101 | medium | — | 5.0 | 12y ago | The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not insert a delay after a failed authentication attempt, whic… | |||
| CVE-2014-3090 | medium | — | 5.0 | 12y ago | IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document contai… | |||
| CVE-2014-5320 | medium | — | 5.0 | 12y ago | The Bump application for Android does not properly handle implicit intents, which allows attackers to obtain sensitive owner-name information via a crafted application. | |||
| CVE-2014-6432 | medium | — | 5.0 | 12y ago | The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operation… | |||
| CVE-2014-6431 | medium | — | 5.0 | 12y ago | Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a … | |||
| CVE-2014-6430 | medium | — | 5.0 | 12y ago | The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote at… |