CVEs from 2014
Total
7,867
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-2739 | medium | — | 4.6 | 12y ago | The cma_req_handler function in drivers/infiniband/core/cma.c in the Linux kernel 3.14.x through 3.14.1 attempts to resolve an RDMA over Converged Ethernet (aka RoCE) address that is properly resolve… | |||
| CVE-2014-0067 | medium | — | 4.6 | 12y ago | The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests… | |||
| CVE-2014-1265 | medium | — | 4.6 | 12y ago | The systemsetup program in the Date and Time subsystem in Apple OS X before 10.9.2 allows local users to bypass intended access restrictions by changing the current time on the system clock. | |||
| CVE-2014-2096 | medium | — | 4.6 | 12y ago | Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0 allows local users to gain privileges via a Trojan horse bin/catfish.py under the current working directory. | |||
| CVE-2014-2095 | medium | — | 4.6 | 12y ago | Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0, when a Fedora package such as 0.8.2-1 is not used, allows local users to gain privileges via a Trojan horse bin/catfish.pyc under t… | |||
| CVE-2014-2094 | medium | — | 4.6 | 12y ago | Untrusted search path vulnerability in Catfish through 0.4.0.3, when a Fedora package such as 0.4.0.2-2 is not used, allows local users to gain privileges via a Trojan horse catfish.pyc in the curren… | |||
| CVE-2014-2093 | medium | — | 4.6 | 12y ago | Untrusted search path vulnerability in Catfish through 0.4.0.3 allows local users to gain privileges via a Trojan horse catfish.py in the current working directory. | |||
| CVE-2014-2019 | medium | 4.6 | 4.6 | 13y ago | The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account act… | |||
| CVE-2014-1950 | medium | — | 4.6 | 13y ago | Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xc_cpumap_alloc function, w… | |||
| CVE-2014-9311 | low | — | 4.5 | 11y ago | Cross-site scripting (XSS) vulnerability in admin.php in the Shareaholic plugin before 7.6.1.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the location[… | |||
| CVE-2014-9224 | low | — | 4.5 | 12y ago | Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec … | |||
| CVE-2014-9434 | low | — | 4.5 | 12y ago | Cross-site scripting (XSS) vulnerability in admin/managerrelated.php in the administrative backend in Absolut Engine 1.73 allows remote authenticated users to inject arbitrary web script or HTML via … | |||
| CVE-2014-9098 | low | — | 4.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly before 2014-07-23, for WordPress allow remote authenticated users… | |||
| CVE-2014-2021 | low | — | 4.5 | 12y ago | Cross-site scripting (XSS) vulnerability in admincp/apilog.php in vBulletin 4.2.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a c… | |||
| CVE-2014-5276 | low | — | 4.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to inject arbitrary web script or HTML via (1) an uploaded profile picture… | |||
| CVE-2014-2995 | low | — | 4.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in twitget.php in the Twitget plugin before 3.3.3 for WordPress allow remote authenticated administrators to inject arbitrary web script or HTML vi… | |||
| CVE-2014-3740 | low | — | 4.5 | 12y ago | Cross-site scripting (XSS) vulnerability in SpiceWorks before 7.2.00195 allows remote authenticated users to inject arbitrary web script or HTML via the Summary field in a ticket request to the porta… | |||
| CVE-2014-3544 | low | — | 4.5 | 12y ago | Moodle cross-site scripting (XSS) vulnerability | |||
| CVE-2014-0894 | low | — | 4.5 | 12y ago | RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows context-dependent attackers to discover database credentials by reading the DbUser and Db… | |||
| CVE-2014-0910 | low | — | 4.5 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, and 7.0.0 through 7.0.0.2 CF28 allows remote authenticated users to inject… | |||
| CVE-2014-3840 | low | — | 4.5 | 12y ago | Mayan EDMS multiple cross-site scripting (XSS) vulnerabilities | |||
| CVE-2014-2091 | low | — | 4.5 | 12y ago | Cross-site scripting (XSS) vulnerability in mods/_standard/forums/admin/forum_add.php in ATutor 2.1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the title p… | |||
| CVE-2014-2090 | low | — | 4.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in ilias.php in ILIAS 4.4.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tar, (2) tar_val, or (3) title para… | |||
| CVE-2014-0334 | low | — | 4.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple allow remote authenticated users to inject arbitrary web script or HTML via (1) the group parameter to admin/addgroup.php, (2) t… | |||
| CVE-2014-9227 | medium | — | 4.4 | 11y ago | Multiple untrusted search path vulnerabilities in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow local users to gain privileges via a Trojan horse DLL in an unspecifi… | |||
| CVE-2014-8390 | medium | — | 4.4 | 11y ago | Multiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 allow local users to gain privileges via malformed disturbance-recording data in a (1) CFG or (2) DAT file. | |||
| CVE-2014-8169 | medium | — | 4.4 | 11y ago | automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped pro… | |||
| CVE-2014-8120 | medium | — | 4.4 | 12y ago | The agent in Thermostat before 1.0.6, when using unspecified configurations, allows local users to obtain the JMX management URLs of all local Java virtual machines and gain privileges via unknown ve… | |||
| CVE-2014-9065 | medium | — | 4.4 | 12y ago | common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and hos… | |||
| CVE-2014-1929 | medium | — | 4.4 | 12y ago | python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to "option injection through positional arguments." NOTE: this vulnerability exists b… | |||
| CVE-2014-4444 | medium | — | 4.4 | 12y ago | SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for the correct user, which allows local users to gain privileges in opportunistic circumstances by lev… | |||
| CVE-2014-4435 | medium | — | 4.4 | 12y ago | The "iCloud Find My Mac" feature in Apple OS X before 10.10 does not properly enforce rate limiting of lost-mode PIN entry, which makes it easier for physically proximate attackers to obtain access v… | |||
| CVE-2014-4284 | medium | — | 4.4 | 12y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to IPS transfer module, a different vulnerability than… | |||
| CVE-2014-3566 | low | 3.4 | 4.4 | 12y ago | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a pad… | |||
| CVE-2014-3635 | medium | — | 4.4 | 12y ago | Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to c… | |||
| CVE-2014-3910 | medium | — | 4.4 | 12y ago | Emurasoft EmFTP allows local users to gain privileges via a Trojan horse executable file that is launched during an attempt to read a similarly named file that lacks a filename extension. | |||
| CVE-2014-3251 | medium | — | 4.4 | 12y ago | The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which allo… | |||
| CVE-2014-4228 | medium | — | 4.4 | 12y ago | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and avai… | |||
| CVE-2014-4038 | medium | — | 4.4 | 12y ago | ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to (1) rtas_errd/diag_support.c and /tmp/get_dt_files, (2) scripts/ppc64_diag_mkrsrc and /tmp/diagSEsnap/… | |||
| CVE-2014-1402 | medium | — | 4.4 | 12y ago | The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file wi… | |||
| CVE-2014-0012 | medium | — | 4.4 | 12y ago | FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: thi… | |||
| CVE-2014-1347 | medium | — | 4.4 | 12y ago | Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary u… | |||
| CVE-2014-3204 | medium | — | 4.4 | 12y ago | Unity before 7.2.1, as used in Ubuntu 14.04, does not properly handle keyboard shortcuts, which allows physically proximate attackers to bypass the lock screen and execute arbitrary commands, as demo… | |||
| CVE-2014-3203 | medium | — | 4.4 | 12y ago | Unity before 7.2.1, as used in Ubuntu 14.04, does not properly restrict access to the Dash when the lock screen is active, which allows physically proximate attackers to bypass the lock screen and ex… | |||
| CVE-2014-3202 | medium | — | 4.4 | 12y ago | Unity before 7.2.1 does not properly handle entry activation, which allows physically proximate attackers to bypass the lock screen by holding the ENTER key, which triggers the process to crash. | |||
| CVE-2014-1932 | medium | — | 4.4 | 12y ago | The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (… | |||
| CVE-2014-2441 | medium | — | 4.4 | 12y ago | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.32, 4.2.24, and 4.3.10 allows local users to affect confidentiality, integrity, and avai… | |||
| CVE-2014-2580 | medium | — | 4.4 | 12y ago | The netback driver in Xen, when using certain Linux versions that do not allow sleeping in softirq context, allows local guest administrators to cause a denial of service ("scheduling while atomic" e… | |||
| CVE-2014-1839 | medium | — | 4.4 | 12y ago | The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file. | |||
| CVE-2014-1838 | medium | — | 4.4 | 12y ago | The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via … | |||
| CVE-2014-0819 | medium | — | 4.4 | 12y ago | Untrusted search path vulnerability in Autodesk AutoCAD before 2014 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | |||
| CVE-2014-1876 | medium | — | 4.4 | 13y ago | The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not secu… | |||
| CVE-2014-0039 | medium | — | 4.4 | 13y ago | Untrusted search path vulnerability in fwsnort before 1.6.4, when not running as root, allows local users to execute arbitrary code via a Trojan horse fwsnort.conf in the current working directory. | |||
| CVE-2014-1642 | medium | — | 4.4 | 13y ago | The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest… | |||
| CVE-2014-3995 | medium | — | 4.3 | 4y ago | Cross-site scripting (XSS) vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django allows remote attackers to inject arbitrary web script or HT… | |||
| CVE-2014-3497 | medium | — | 4.3 | 4y ago | Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header. | |||
| CVE-2014-4301 | medium | — | 4.3 | 4y ago | Multiple cross-site scripting (XSS) vulnerabilities in the respond_error function in routing.py in Eugene Pankov Ajenti before 1.2.21.7 allow remote attackers to inject arbitrary web script or HTML v… | |||
| CVE-2014-7144 | medium | — | 4.3 | 4y ago | OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration (pa… | |||
| CVE-2014-0481 | medium | — | 4.3 | 4y ago | The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generatio… | |||
| CVE-2014-9767 | medium | 4.3 | 4.3 | 10y ago | Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before … | |||
| CVE-2014-6276 | medium | 4.3 | 4.3 | 10y ago | schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing… | |||
| CVE-2014-6616 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Softing FG-100 PROFIBUS Single Channel (FG-100-PB) with firmware FG-x00-PB_V2.02.0.00 allows remote attackers to inject arbitrary web script or HTML via th… | |||
| CVE-2014-3148 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in libahttp/err.c in OkCupid OKWS (OK Web Server) allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to a non-existent page, whi… | |||
| CVE-2014-2570 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in www/make_subset.php in PHP Font Lib before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter. | |||
| CVE-2014-9743 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary … | |||
| CVE-2014-8155 | medium | — | 4.3 | 11y ago | GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate tha… | |||
| CVE-2014-0611 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 2012 before Support Pack 4 and 2014 before Support Pack 2 allow remote attackers to inject arbitrary web script or… | |||
| CVE-2014-9741 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Desktop, ArcGIS for Engine, and ArcGIS for Server 10.2.2 and earlier allow remote attackers to inject arbitrary web script or HT… | |||
| CVE-2014-9738 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Tournament module 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script… | |||
| CVE-2014-3653 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template. | |||
| CVE-2014-9230 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to inject arbitrary web scrip… | |||
| CVE-2014-9732 | medium | — | 4.3 | 11y ago | The cabd_extract function in cabd.c in libmspack before 0.5 does not properly maintain decompression callbacks in certain cases where an invalid file follows a valid file, which allows remote attacke… | |||
| CVE-2014-9721 | medium | — | 4.3 | 11y ago | libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header. | |||
| CVE-2014-4778 | medium | — | 4.3 | 11y ago | IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 do not send an X-Frame-Options HTTP header in response to requests for the login page, which a… | |||
| CVE-2014-9326 | medium | — | 4.3 | 11y ago | The automatic signature update functionality in the (1) Phone Home feature in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, GTM, and Link Controller 11.5.0 through 11.6.0, ASM 10.0.0 through 11.6.0, and P… | |||
| CVE-2014-8619 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the autolearn configuration page in Fortinet FortiWeb 5.1.2 through 5.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified ve… | |||
| CVE-2014-8618 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the theme login page in Fortinet FortiADC D models before 4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-8616 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.2.x before 5.2.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) user group … | |||
| CVE-2014-9716 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in WebODF before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via a file name. | |||
| CVE-2014-9714 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the WddxPacket::recursiveAddVar function in HHVM (aka the HipHop Virtual Machine) before 3.5.0 allows remote attackers to inject arbitrary web script or HT… | |||
| CVE-2014-9711 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Any… | |||
| CVE-2014-8617 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Web Action Quarantine Release feature in the WebGUI in Fortinet FortiMail before 4.3.9, 5.0.x before 5.0.8, 5.1.x before 5.1.5, and 5.2.x before 5.2.3 … | |||
| CVE-2014-7896 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 Command View Advanced Edition Software Online Help, as used in HP Device Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Tiered… | |||
| CVE-2014-8921 | medium | — | 4.3 | 11y ago | The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411010515 for Window Phone, as distributed in IBM Notes Traveler 9.0.1, does not properly restrict the number of executions of the a… | |||
| CVE-2014-9685 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums before 2.0.18.13 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-7922 | medium | — | 4.3 | 11y ago | The GoogleAuthUtil.getToken method in the Google Play services SDK before 2015 sets parameters in OAuth token requests upon finding a corresponding _opt_ parameter in the Bundle extras argument, whic… | |||
| CVE-2014-9468 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in InstantASP InstantForum.NET 4.1.3, 4.1.2, 4.1.1, 4.0.0, 4.1.0, and 3.4.0 allow remote attackers to inject arbitrary web script or HTML via the S… | |||
| CVE-2014-6301 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the tables-management module in PNMsoft Sequence Kinetics before 7.7 allow remote attackers to inject arbitrary web script or HTML via unspecifi… | |||
| CVE-2014-6113 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Web Reports component in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified… | |||
| CVE-2014-8911 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.0 and 2.0.1 before 2.0.1.2 FP002 IF003 and 2.0.3 before 2.0.3.2 FP002 allows remote attackers to inject arbitrary web script or H… | |||
| CVE-2014-4804 | medium | — | 4.3 | 12y ago | Curam Universal Access in IBM Curam Social Program Management 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4.5 before iFix007, 6.0.5.4 before iFix005, and 6.0.5.5 before iFix003, when SPI inclusion i… | |||
| CVE-2014-8122 | medium | — | 4.3 | 12y ago | Information disclosure in JBoss Weld | |||
| CVE-2014-8110 | medium | — | 4.3 | 12y ago | Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ | |||
| CVE-2014-3365 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Cisco Prime Security Manager (PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via crafted input to the… | |||
| CVE-2014-2153 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in INSERT pages in Cisco Prime Infrastructure allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID … | |||
| CVE-2014-2147 | medium | — | 4.3 | 12y ago | The web interface in Cisco Prime Infrastructure 2.1 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspe… | |||
| CVE-2014-6362 | medium | — | 4.3 | 12y ago | Use-after-free vulnerability in Microsoft Office 2007 SP3, 2010 SP2, and 2013 Gold and SP1 allows remote attackers to bypass the ASLR protection mechanism via a crafted document, aka "Microsoft Offic… | |||
| CVE-2014-9671 | medium | — | 4.3 | 12y ago | Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via… | |||
| CVE-2014-9670 | medium | — | 4.3 | 12y ago | Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dere… | |||
| CVE-2014-9562 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in display_dialog.php in M2 OptimalSite 0.1 and 2.4 allows remote attackers to inject arbitrary web script or HTML via the image parameter. |