CVEs from 2014
Total
7,867
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-6429 | medium | — | 5.0 | 12y ago | The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allow… | |||
| CVE-2014-6428 | medium | — | 5.0 | 12y ago | The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote … | |||
| CVE-2014-6427 | medium | — | 5.0 | 12y ago | Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to… | |||
| CVE-2014-6426 | medium | — | 5.0 | 12y ago | The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissector in Wireshark 1.12.x before 1.12.1 does not properly handle a NULL tree, which allows remote attackers to cause a deni… | |||
| CVE-2014-6425 | medium | — | 5.0 | 12y ago | The (1) get_quoted_string and (2) get_unquoted_string functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of se… | |||
| CVE-2014-6424 | medium | — | 5.0 | 12y ago | The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start vari… | |||
| CVE-2014-6423 | medium | — | 5.0 | 12y ago | The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of servi… | |||
| CVE-2014-6422 | medium | — | 5.0 | 12y ago | The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted pac… | |||
| CVE-2014-6421 | medium | — | 5.0 | 12y ago | Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split… | |||
| CVE-2014-3378 | medium | — | 5.0 | 12y ago | tacacsd in Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed TACACS+ packet, aka Bug ID CSCum00468. | |||
| CVE-2014-3376 | medium | — | 5.0 | 12y ago | Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed RSVP packet, aka Bug ID CSCuq12031. | |||
| CVE-2014-3614 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in PowerDNS Recursor (aka pdns_recursor) 3.6.x before 3.6.1 allows remote attackers to cause a denial of service (crash) via an unknown sequence of malformed packets. | |||
| CVE-2014-4374 | medium | — | 5.0 | 12y ago | NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an … | |||
| CVE-2014-4366 | medium | — | 5.0 | 12y ago | Mail in Apple iOS before 8 does not prevent sending a LOGIN command to a LOGINDISABLED IMAP server, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. | |||
| CVE-2014-4363 | medium | — | 5.0 | 12y ago | Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web… | |||
| CVE-2014-4362 | medium | — | 5.0 | 12y ago | The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted… | |||
| CVE-2014-4361 | medium | — | 5.0 | 12y ago | The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a c… | |||
| CVE-2014-3796 | medium | — | 5.0 | 12y ago | VMware NSX 6.0 before 6.0.6, and vCloud Networking and Security (vCNS) 5.1 before 5.1.4.2 and 5.5 before 5.5.3, does not properly validate input, which allows attackers to obtain sensitive informatio… | |||
| CVE-2014-2377 | medium | — | 5.0 | 12y ago | Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag. | |||
| CVE-2014-3092 | medium | — | 5.0 | 12y ago | IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, … | |||
| CVE-2014-3985 | medium | — | 5.0 | 12y ago | The getHTTPResponse function in miniwget.c in MiniUPnP 1.9 allows remote attackers to cause a denial of service (crash) via crafted headers that trigger an out-of-bounds read. | |||
| CVE-2014-3609 | medium | — | 5.0 | 12y ago | HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted "Range headers with unidentifiable byte-range… | |||
| CVE-2014-4788 | medium | — | 5.0 | 12y ago | IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not have an off autocomplete attribute for authentication fiel… | |||
| CVE-2014-3348 | medium | — | 5.0 | 12y ago | The SSH module in the Integrated Management Controller (IMC) before 2.3.1 in Cisco Unified Computing System on E-Series blade servers allows remote attackers to cause a denial of service (IMC hang) v… | |||
| CVE-2014-0909 | medium | — | 5.0 | 12y ago | The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4.4 does not set the secure flag for the session cookie in an https session, which makes it easier f… | |||
| CVE-2014-4072 | medium | — | 5.0 | 12y ago | Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly use a hash table for request data, which allows remote attackers to cause a denial of servic… | |||
| CVE-2014-4071 | medium | — | 5.0 | 12y ago | The Server in Microsoft Lync Server 2013 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon hang) via a crafted request, aka "Lync Denial of Service Vulnerabili… | |||
| CVE-2014-4068 | medium | — | 5.0 | 12y ago | The Response Group Service in Microsoft Lync Server 2010 and 2013 and the Core Components in Lync Server 2013 do not properly handle exceptions, which allows remote attackers to cause a denial of ser… | |||
| CVE-2014-5256 | medium | — | 5.0 | 12y ago | Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote… | |||
| CVE-2014-4862 | medium | — | 5.0 | 12y ago | The Netmaster CBW700N cable modem with software 81.447.392110.729.024 has an SNMP community of public, which allows remote attackers to obtain sensitive credential, key, and SSID information via an S… | |||
| CVE-2014-0877 | medium | — | 5.0 | 12y ago | IBM Cognos TM1 10.2.0.2 before IF1 and 10.2.2.0 before IF1 allows remote attackers to bypass intended access restrictions by visiting the Rights page and then following a generated link. | |||
| CVE-2014-5461 | medium | — | 5.0 | 12y ago | Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a fun… | |||
| CVE-2014-5269 | medium | — | 5.0 | 12y ago | Plack::App::File in Plack before 1.0031 removes trailing slash characters from paths, which allows remote attackers to bypass the whitelist of generated files and obtain sensitive information via a c… | |||
| CVE-2014-1565 | medium | — | 5.0 | 12y ago | The mozilla::dom::AudioEventTimeline function in the Web Audio API implementation in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 does not properly crea… | |||
| CVE-2014-5137 | medium | — | 5.0 | 12y ago | Innovative Interfaces Sierra Library Services Platform 1.2_3 provides different responses for login request depending on whether the user account exists, which allows remote attackers to enumerate ac… | |||
| CVE-2014-5128 | medium | — | 5.0 | 12y ago | Innovative Interfaces Encore Discovery Solution 4.3 places a session token in the URI, which might allow remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2014-3351 | medium | — | 5.0 | 12y ago | Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive informati… | |||
| CVE-2014-3345 | medium | — | 5.0 | 12y ago | The web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 does not properly check authorization for administrative web pages, which … | |||
| CVE-2014-3174 | medium | — | 5.0 | 12y ago | modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 37.0.2062.94, does not properly consider concurrent threads during attempts to updat… | |||
| CVE-2014-3173 | medium | — | 5.0 | 12y ago | The WebGL implementation in Google Chrome before 37.0.2062.94 does not ensure that clear calls interact properly with the state of a draw buffer, which allows remote attackers to cause a denial of se… | |||
| CVE-2014-3589 | medium | — | 5.0 | 12y ago | PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size. | |||
| CVE-2014-3436 | medium | — | 5.0 | 12y ago | Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP Desktop 10.0.x through 10.2.x, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted e… | |||
| CVE-2014-3083 | medium | — | 5.0 | 12y ago | IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.35, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.3 does not properly restrict resource access, which allows remote attackers to obtain sensi… | |||
| CVE-2014-3070 | medium | — | 5.0 | 12y ago | The addFileRegistryAccount Virtual Member Manager (VMM) SPI Admin Task in IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.3 does not properly create accounts, whic… | |||
| CVE-2014-5385 | medium | — | 5.0 | 12y ago | com/salesmanager/central/profile/ProfileAction.java in Shopizer 1.1.5 and earlier does not restrict the number of authentication attempts, which makes it easier for remote attackers to guess password… | |||
| CVE-2014-5384 | medium | — | 5.0 | 12y ago | The VIQR module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (out-of-bounds array access) via a crafted argument to… | |||
| CVE-2014-3951 | medium | — | 5.0 | 12y ago | The HZ module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted argument to the… | |||
| CVE-2014-3562 | medium | — | 5.0 | 12y ago | Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory. | |||
| CVE-2014-4615 | medium | — | 5.0 | 12y ago | The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Osl… | |||
| CVE-2014-3341 | medium | — | 5.0 | 12y ago | The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows remo… | |||
| CVE-2014-5265 | medium | — | 5.0 | 12y ago | The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations without considering recursion during entity expansion,… | |||
| CVE-2014-4775 | medium | — | 5.0 | 12y ago | IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1-FP11 and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x before… | |||
| CVE-2014-3507 | medium | — | 5.0 | 12y ago | Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumpt… | |||
| CVE-2014-3506 | medium | — | 5.0 | 12y ago | d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafte… | |||
| CVE-2014-3505 | medium | — | 5.0 | 12y ago | Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (a… | |||
| CVE-2014-1222 | medium | — | 5.0 | 12y ago | Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM before 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter… | |||
| CVE-2014-4746 | medium | — | 5.0 | 12y ago | IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF13 and 8.5.0 through CF01 provides different error codes for firewall-traversal requests depending on whether the intranet host exists, which allows remote… | |||
| CVE-2014-3330 | medium | — | 5.0 | 12y ago | Cisco NX-OS 6.1(2)I2(1) on Nexus 9000 switches does not properly process packet-drop policy checks for logged packets, which allows remote attackers to bypass intended access restrictions via a flood… | |||
| CVE-2014-3076 | medium | — | 5.0 | 12y ago | IBM Business Process Manager (BPM) 8.5 through 8.5.5 allows remote attackers to obtain potentially sensitive information by visiting an unspecified JSP diagnostic page. | |||
| CVE-2014-3855 | medium | — | 5.0 | 12y ago | Directory traversal vulnerability in download.py in Pyplate 0.08 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | |||
| CVE-2014-3853 | medium | — | 5.0 | 12y ago | Pyplate 0.08 does not set the secure flag for the id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http sess… | |||
| CVE-2014-3852 | medium | — | 5.0 | 12y ago | Pyplate 0.08 does not include the HTTPOnly flag in a Set-Cookie header for the id cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to t… | |||
| CVE-2014-5187 | medium | — | 5.0 | 12y ago | Directory traversal vulnerability in the Tom M8te (tom-m8te) plugin 1.5.3 for WordPress allows remote attackers to read arbitrary files via the file parameter to tom-download-file.php. | |||
| CVE-2014-5181 | medium | — | 5.0 | 12y ago | Directory traversal vulnerability in lastfm-proxy.php in the Last.fm Rotation (lastfm-rotation) plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the snod… | |||
| CVE-2014-5165 | medium | — | 5.0 | 12y ago | The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.10.x before 1.10.9 does not properly validate padding values, which allows rem… | |||
| CVE-2014-5164 | medium | — | 5.0 | 12y ago | The rlc_decode_li function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.10.x before 1.10.9 initializes a certain structure member only after this member is used, which allows r… | |||
| CVE-2014-5163 | medium | — | 5.0 | 12y ago | The APN decode functionality in (1) epan/dissectors/packet-gtp.c and (2) epan/dissectors/packet-gsm_a_gm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not complete… | |||
| CVE-2014-5162 | medium | — | 5.0 | 12y ago | The read_new_line function in wiretap/catapult_dct2000.c in the Catapult DCT2000 dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' and '\r' characters, which allows remote atta… | |||
| CVE-2014-5161 | medium | — | 5.0 | 12y ago | The dissect_log function in plugins/irda/packet-irda.c in the IrDA dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' characters, which allows remote attackers to cause a denial… | |||
| CVE-2014-5173 | medium | — | 5.0 | 12y ago | SAP HANA Extend Application Services (XS) allows remote attackers to bypass access restrictions via a request to a private IU5 SDK application that was once public. | |||
| CVE-2014-3488 | medium | — | 5.0 | 12y ago | Denial of service in Netty | |||
| CVE-2014-3056 | medium | — | 5.0 | 12y ago | The Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to obtain potentially sensitive information about environment variables and JAR v… | |||
| CVE-2014-5031 | medium | — | 5.0 | 12y ago | The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors. | |||
| CVE-2014-3546 | medium | — | 5.0 | 12y ago | Moodle allows attackers to obtain username and course information | |||
| CVE-2014-3304 | medium | — | 5.0 | 12y ago | The OutlookAction Class in Cisco WebEx Meetings Server allows remote attackers to enumerate user accounts by entering crafted URLs and examining the returned messages, aka Bug ID CSCuj81722. | |||
| CVE-2014-5107 | medium | — | 5.0 | 12y ago | concrete5 before 5.6.3 allows remote attackers to obtain the installation path via a direct request to (1) system/basics/editor.php, (2) system/view.php, (3) system/environment/file_storage_locations… | |||
| CVE-2014-2966 | medium | — | 5.0 | 12y ago | The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demo… | |||
| CVE-2014-3328 | medium | — | 5.0 | 12y ago | The Intercluster Sync Agent Service in Cisco Unified Presence Server allows remote attackers to cause a denial of service via a TCP SYN flood, aka Bug ID CSCun34125. | |||
| CVE-2014-3301 | medium | — | 5.0 | 12y ago | The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned messages, aka Bu… | |||
| CVE-2014-5015 | medium | — | 5.0 | 12y ago | bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme an… | |||
| CVE-2014-4682 | medium | — | 5.0 | 12y ago | The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request. | |||
| CVE-2014-2360 | medium | — | 5.0 | 12y ago | OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage. | |||
| CVE-2014-4980 | medium | — | 5.0 | 12y ago | The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter. | |||
| CVE-2014-5019 | medium | — | 5.0 | 12y ago | The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 allows remote attackers to cause a denial of service via a crafted HTTP Host header, related to determining which configuration fil… | |||
| CVE-2014-4911 | medium | — | 5.0 | 12y ago | The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersu… | |||
| CVE-2014-4342 | medium | — | 5.0 | 12y ago | MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting in… | |||
| CVE-2014-4341 | medium | — | 5.0 | 12y ago | MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session. | |||
| CVE-2014-3523 | medium | — | 5.0 | 12y ago | Memory leak in the winnt_accept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote… | |||
| CVE-2014-3162 | medium | — | 5.0 | 12y ago | Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.125 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2014-1973 | medium | — | 5.0 | 12y ago | Directory traversal vulnerability in the NextApp File Explorer application before 2.1.0.3 for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename. | |||
| CVE-2014-0231 | medium | — | 5.0 | 12y ago | The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script … | |||
| CVE-2014-4271 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in the Hyperion Essbase component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to affect availability via unknown vectors related to Agent. | |||
| CVE-2014-4268 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Swing. | |||
| CVE-2014-4266 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Serviceability. | |||
| CVE-2014-4265 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment. | |||
| CVE-2014-4264 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect availability via unknown vectors related to Security. | |||
| CVE-2014-4253 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect availability via vectors rel… | |||
| CVE-2014-4252 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security. | |||
| CVE-2014-4249 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in the BI Publisher component in Oracle Fusion Middleware 11.1.1.7 allows remote attackers to affect confidentiality via unknown vectors related to Mobile Service. | |||
| CVE-2014-4234 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3, 6.3.1, 6.3.2, 6.3.3, and 6.3.4 allows remote attackers to affect confi… |