CVEs from 2014
Total
7,867
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-4220 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4208. | |||
| CVE-2014-4218 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries. | |||
| CVE-2014-4211 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.7 and 11.1.1.8 allows remote attackers to affect integrity via unknown vectors related to Portlet… | |||
| CVE-2014-4210 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web … | |||
| CVE-2014-4202 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect availability via vectors rel… | |||
| CVE-2014-4201 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect availability via vectors related to WL… | |||
| CVE-2014-4347 | medium | — | 5.0 | 12y ago | Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) before 9.3-62.4 and 10.x before 10.1-126.12 allows attackers to obtain sensit… | |||
| CVE-2014-3777 | medium | — | 5.0 | 12y ago | Directory traversal vulnerability in Reportico PHP Report Designer before 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the xmlin parameter. | |||
| CVE-2014-2605 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in HP StoreVirtual 4000 Storage and StoreVirtual VSA 9.5 through 11.0 allows remote attackers to obtain sensitive information via unknown vectors. | |||
| CVE-2014-1474 | medium | — | 5.0 | 12y ago | Algorithmic complexity vulnerability in Email::Address::List before 0.02, as used in RT 4.2.0 through 4.2.2, allows remote attackers to cause a denial of service (CPU consumption) via a string withou… | |||
| CVE-2014-4942 | medium | — | 5.0 | 12y ago | The EasyCart (wp-easycart) plugin before 2.0.6 for WordPress allows remote attackers to obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo functio… | |||
| CVE-2014-4941 | medium | — | 5.0 | 12y ago | Absolute path traversal vulnerability in Cross-RSS (wp-cross-rss) plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php. | |||
| CVE-2014-3503 | medium | — | 5.0 | 12y ago | Apache Syncope uses a weak PNRG | |||
| CVE-2014-3309 | medium | — | 5.0 | 12y ago | The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions … | |||
| CVE-2014-3481 | medium | — | 5.0 | 12y ago | org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary … | |||
| CVE-2014-0180 | medium | — | 5.0 | 12y ago | The wait_for_task function in app/controllers/application_controller.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to cause a denial of service (infinit… | |||
| CVE-2014-0860 | medium | — | 5.0 | 12y ago | The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Manag… | |||
| CVE-2014-4720 | medium | — | 5.0 | 12y ago | Email::Address module before 1.904 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via vectors related to "backtracking i… | |||
| CVE-2014-4168 | medium | — | 5.0 | 12y ago | (1) iodined.c and (2) user.c in iodine before 0.7.0 allows remote attackers to bypass authentication by continuing execution after an error has been triggering. | |||
| CVE-2014-0477 | medium | — | 5.0 | 12y ago | The parse function in Email::Address module before 1.905 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via an empty quo… | |||
| CVE-2014-3538 | medium | — | 5.0 | 12y ago | file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that trigger… | |||
| CVE-2014-4715 | medium | — | 5.0 | 12y ago | Yann Collet LZ4 before r119, when used on certain 32-bit platforms that allocate memory beyond 0x80000000, does not properly detect integer overflows, which allows context-dependent attackers to caus… | |||
| CVE-2014-4667 | medium | — | 5.0 | 12y ago | The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of servi… | |||
| CVE-2014-4611 | medium | — | 5.0 | 12y ago | Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4_uncompress function in lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bi… | |||
| CVE-2014-3890 | medium | — | 5.0 | 12y ago | silex SX-2000WG devices with firmware before 1.5.4 allow remote attackers to cause a denial of service (connectivity outage) via a crafted IP packet, a different vulnerability than CVE-2014-3889. | |||
| CVE-2014-3889 | medium | — | 5.0 | 12y ago | silex SX-2000WG devices with firmware before 1.5.4 allow remote attackers to cause a denial of service (connectivity outage) via crafted data in the Options field of a TCP header, a different vulnera… | |||
| CVE-2014-4690 | medium | — | 5.0 | 12y ago | Multiple directory traversal vulnerabilities in pfSense before 2.1.4 allow (1) remote attackers to read arbitrary .info files via a crafted path in the pkg parameter to pkg_mgr_install.php and allow … | |||
| CVE-2014-4689 | medium | — | 5.0 | 12y ago | Absolute path traversal vulnerability in pkg_edit.php in pfSense before 2.1.4 allows remote attackers to read arbitrary XML files via a full pathname in the xml parameter. | |||
| CVE-2014-3066 | medium | — | 5.0 | 12y ago | IBM Tivoli Endpoint Manager 9.1 before 9.1.1088.0 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, relat… | |||
| CVE-2014-1361 | medium | — | 5.0 | 12y ago | Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote attacke… | |||
| CVE-2014-2612 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and 9.2x before RC 9.21.0003 p1 on Windows and 9.2x before RC 9.21.0002 p1 on Linux allows remote authenticated users to obtain sens… | |||
| CVE-2014-0891 | medium | — | 5.0 | 12y ago | IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information by leveraging incorrect request ha… | |||
| CVE-2014-3011 | medium | — | 5.0 | 12y ago | IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to conduct link injection attacks via unspecified vectors. | |||
| CVE-2014-4617 | medium | — | 5.0 | 12y ago | The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed … | |||
| CVE-2014-4193 | medium | — | 5.0 | 12y ago | The TLS implementation in EMC RSA BSAFE-Java Toolkits (aka Share for Java) supports the Extended Random extension during use of the Dual_EC_DRBG algorithm, which makes it easier for remote attackers … | |||
| CVE-2014-4192 | medium | — | 5.0 | 12y ago | The Dual_EC_DRBG implementation in EMC RSA BSAFE-C Toolkits (aka Share for C and C++) processes certain requests for output bytes by considering only the requested byte count and not the use of cache… | |||
| CVE-2014-4191 | medium | — | 5.0 | 12y ago | The TLS implementation in EMC RSA BSAFE-C Toolkits (aka Share for C and C++) sends a long series of random bytes during use of the Dual_EC_DRBG algorithm, which makes it easier for remote attackers t… | |||
| CVE-2014-4040 | medium | — | 5.0 | 12y ago | snap in powerpc-utils 1.2.20 produces an archive with fstab and yaboot.conf files potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passw… | |||
| CVE-2014-4047 | medium | — | 5.0 | 12y ago | Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a… | |||
| CVE-2014-4044 | medium | — | 5.0 | 12y ago | OpenAFS 1.6.8 does not properly clear the fields in the host structure, which allows remote attackers to cause a denial of service (uninitialized memory access and crash) via unspecified vectors rela… | |||
| CVE-2014-3249 | medium | — | 5.0 | 12y ago | Puppet Enterprise 2.8.x before 2.8.7 allows remote attackers to obtain sensitive information via vectors involving hiding and unhiding nodes. | |||
| CVE-2014-2004 | medium | — | 5.0 | 12y ago | The PPP Access Concentrator (PPPAC) on SEIL SEIL/x86 routers 1.00 through 3.10, SEIL/X1 routers 1.00 through 4.50, SEIL/X2 routers 1.00 through 4.50, SEIL/B1 routers 1.00 through 4.50, SEIL/Turbo rou… | |||
| CVE-2014-0186 | medium | — | 5.0 | 12y ago | A certain tomcat7 package for Apache Tomcat 7 in Red Hat Enterprise Linux (RHEL) 7 allows remote attackers to cause a denial of service (CPU consumption) via a crafted request. NOTE: this vulnerabil… | |||
| CVE-2014-3812 | medium | — | 5.0 | 12y ago | The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS before 7.4r5 and 8.x before 8.0r1 and Junos Pulse Access Control Service (UAC) before 4.4r5 and 5.x before 5.0r1 enable cip… | |||
| CVE-2014-3859 | medium | — | 5.0 | 12y ago | libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS options, which allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted packet,… | |||
| CVE-2014-3155 | medium | — | 5.0 | 12y ago | net/spdy/spdy_write_queue.cc in the SPDY implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging incorrect queue m… | |||
| CVE-2014-1539 | medium | — | 5.0 | 12y ago | Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote attac… | |||
| CVE-2014-1811 | medium | — | 5.0 | 12y ago | The TCP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows r… | |||
| CVE-2014-3465 | medium | — | 5.0 | 12y ago | The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cra… | |||
| CVE-2014-4012 | medium | — | 5.0 | 12y ago | SAP Open Hub Service has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||
| CVE-2014-4011 | medium | — | 5.0 | 12y ago | SAP Capacity Leveling has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||
| CVE-2014-4010 | medium | — | 5.0 | 12y ago | SAP Transaction Data Pool has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||
| CVE-2014-4009 | medium | — | 5.0 | 12y ago | SAP CCMS Monitoring (BC-CCM-MON) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||
| CVE-2014-4008 | medium | — | 5.0 | 12y ago | SAP Web Services Tool (CA-WUI-WST) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||
| CVE-2014-4007 | medium | — | 5.0 | 12y ago | The SAP Upgrade tools for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||
| CVE-2014-4006 | medium | — | 5.0 | 12y ago | The SAP Trader's and Scheduler's Workbench (TSW) for SAP Oil & Gas has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||
| CVE-2014-4005 | medium | — | 5.0 | 12y ago | SAP Brazil add-on has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||
| CVE-2014-4004 | medium | — | 5.0 | 12y ago | The (1) Structures and (2) Project-Oriented Procurement components in SAP Project System has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||
| CVE-2014-3286 | medium | — | 5.0 | 12y ago | The web framework in Cisco WebEx Meeting Server does not properly restrict the content of reply messages, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug IDs … | |||
| CVE-2014-3281 | medium | — | 5.0 | 12y ago | The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to obtain potentially sensitive user informati… | |||
| CVE-2014-3278 | medium | — | 5.0 | 12y ago | The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to enumerate accounts by visiting an unspecifi… | |||
| CVE-2014-3469 | medium | — | 5.0 | 12y ago | The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NU… | |||
| CVE-2014-3467 | medium | — | 5.0 | 12y ago | Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. | |||
| CVE-2014-3941 | medium | — | 5.0 | 12y ago | Typo3 Host Header Spoofing Vulnerability | |||
| CVE-2014-3925 | medium | — | 5.0 | 12y ago | sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 produces an archive with an fstab file potentially containing cleartext passwords, and lacks a warning about reviewing th… | |||
| CVE-2014-0238 | medium | — | 5.0 | 12y ago | The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bound… | |||
| CVE-2014-0237 | medium | — | 5.0 | 12y ago | The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by … | |||
| CVE-2014-0095 | medium | — | 5.0 | 12y ago | Denial of service in Apache Tomcat | |||
| CVE-2014-0075 | medium | — | 5.0 | 12y ago | Integer Overflow or Wraparound in Apache Tomcat | |||
| CVE-2014-3285 | medium | — | 5.0 | 12y ago | Cisco Wide Area Application Services (WAAS) 5.3(.5a) and earlier, when SharePoint acceleration is enabled, does not properly parse SharePoint responses, which allows remote attackers to cause a denia… | |||
| CVE-2014-3279 | medium | — | 5.0 | 12y ago | The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote attackers … | |||
| CVE-2014-0239 | medium | — | 5.0 | 12y ago | The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a den… | |||
| CVE-2014-0216 | medium | — | 5.0 | 12y ago | Moodle does not properly restrict file access | |||
| CVE-2014-3867 | medium | — | 5.0 | 12y ago | The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote at… | |||
| CVE-2014-1346 | medium | — | 5.0 | 12y ago | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, does not properly interpret Unicode encoding, which allows remote attackers to spoof a postMessage origin, and bypass intended restr… | |||
| CVE-2014-3844 | medium | — | 5.0 | 12y ago | The TinyMCE Color Picker plugin before 1.2 for WordPress does not properly check permissions, which allows remote attackers to modify plugin settings via unspecified vectors. NOTE: some of these det… | |||
| CVE-2014-2604 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in HP IceWall SSO 10.0 Dfw and IceWall MCRP 2.1 and 3.0 allows remote attackers to cause a denial of service via unknown vectors. | |||
| CVE-2014-0949 | medium | — | 5.0 | 12y ago | IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to cause a denial of service (resource consu… | |||
| CVE-2014-1748 | medium | — | 5.0 | 12y ago | The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to spoof the UI by extending scrollbar painting into … | |||
| CVE-2014-1746 | medium | — | 5.0 | 12y ago | The InMemoryUrlProtocol::Read function in media/filters/in_memory_url_protocol.cc in Google Chrome before 35.0.1916.114 relies on an insufficiently large integer data type, which allows remote attack… | |||
| CVE-2014-3271 | medium | — | 5.0 | 12y ago | The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug IDs CSCum85558, CSCum20949, CSCul61849, and CSCul71149. | |||
| CVE-2014-3270 | medium | — | 5.0 | 12y ago | The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (process hang) via a malformed packet, aka Bug ID CSCul80924. | |||
| CVE-2014-3268 | medium | — | 5.0 | 12y ago | Cisco IOS 15.2(4)M4 on Cisco Unified Border Element (CUBE) devices allows remote attackers to cause a denial of service (input-queue consumption and traffic-processing outage) via crafted RTCP packet… | |||
| CVE-2014-2199 | medium | — | 5.0 | 12y ago | meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before 27… | |||
| CVE-2014-3787 | medium | — | 5.0 | 12y ago | SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors. | |||
| CVE-2014-3742 | medium | — | 5.0 | 12y ago | File Descriptor Leak Can Cause DoS Vulnerability in hapi | |||
| CVE-2014-3430 | medium | — | 5.0 | 12y ago | Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource consum… | |||
| CVE-2014-0256 | medium | — | 5.0 | 12y ago | Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold allow remote attackers to cause a denial of service (iSCSI service outage) by sending many crafted packets, aka "iSCSI Target Remote … | |||
| CVE-2014-0255 | medium | — | 5.0 | 12y ago | Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allow remote attackers to cause a denial of service (iSCSI service outage) by sending many crafted packets, aka "iSCSI Target … | |||
| CVE-2014-3225 | medium | — | 5.0 | 12y ago | Cobbler Path Traversal vulnerability | |||
| CVE-2014-2301 | medium | — | 5.0 | 12y ago | OrbiTeam BSCW before 5.0.8 allows remote attackers to obtain sensitive metadata via the inf operations (op=inf) to an object in pub/bscw.cgi/. | |||
| CVE-2014-3214 | medium | — | 5.0 | 12y ago | The prefetch implementation in named in ISC BIND 9.10.0, when a recursive nameserver is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a… | |||
| CVE-2014-0192 | medium | — | 5.0 | 12y ago | Foreman 1.4.0 before 1.5.0 does not properly restrict access to provisioning template previews, which allows remote attackers to obtain sensitive information via the hostname parameter, related to "s… | |||
| CVE-2014-2933 | medium | — | 5.0 | 12y ago | Directory traversal vulnerability in dirmng/index.php in Caldera 9.20 allows remote attackers to access arbitrary directories via a crafted pathname. | |||
| CVE-2014-2891 | medium | — | 5.0 | 12y ago | strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload. | |||
| CVE-2014-0685 | medium | — | 5.0 | 12y ago | Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware allows remote attackers to bypass ACL deny statements via crafted (1) IGMPv2 or (2) IGMPv3 packets, aka Bug ID CSCug61691. | |||
| CVE-2014-0193 | medium | — | 5.0 | 12y ago | Netty denial of service vulnerability | |||
| CVE-2014-0859 | medium | — | 5.0 | 12y ago | The web-server plugin in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, when POST retries are enabled, allows remote attackers to cause a de… | |||
| CVE-2014-3133 | medium | — | 5.0 | 12y ago | SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to … | |||
| CVE-2014-3129 | medium | — | 5.0 | 12y ago | The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1. |