CVEs from 2014
Total
7,919
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
0.6%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2014-3451 | high | 7.5 | 7.5 | 9y ago | OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks. | |
| CVE-2014-3462 | high | 7.5 | 7.5 | 9y ago | The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes". | |
| CVE-2014-6354 | high | 7.5 | 7.5 | 9y ago | Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 allows remote attackers to execute arbitrary code. | |
| CVE-2014-7919 | high | 7.5 | 7.5 | 9y ago | b/libs/gui/ISurfaceComposer.cpp in Android allows attackers to trigger a denial of service (null pointer dereference and process crash). | |
| CVE-2014-9970 | high | 7.5 | 7.5 | 9y ago | Exposure of Sensitive Information to an Unauthorized Actor in Apache Jasypt | |
| CVE-2014-2960 | high | 7.5 | 7.5 | 9y ago | Vision Critical before 2014-05-30 allows attackers to read arbitrary files via unspecified vectors, as demonstrated by image files and configuration files. | |
| CVE-2014-3930 | high | 7.5 | 7.5 | 9y ago | lg.pl in Cistron-LG 1.01 stores sensitive information under the web root with insufficient access controls, which allows remote attackers to obtain IP addresses and other unspecified router credentia… | |
| CVE-2014-3929 | high | 7.5 | 7.5 | 9y ago | The default configuration for Cougar-LG stores sensitive information under the web root with insufficient access control, which might allow remote attackers to obtain private ssh keys. | |
| CVE-2014-1677 | high | 7.5 | 7.5 | 9y ago | Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information. | |
| CVE-2014-9692 | high | 7.5 | 7.5 | 9y ago | Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R… | |
| CVE-2014-9690 | high | 7.5 | 7.5 | 9y ago | Huawei home gateways WS318 with software V100R001C01B022 and earlier versions are affected by the PIN offline brute force cracking vulnerability of the WPS protocol because the random number generato… | |
| CVE-2014-8572 | high | 7.5 | 7.5 | 9y ago | Huawei AC6605 with software V200R001C00; AC6605 with software V200R002C00; ACU with software V200R001C00; ACU with software V200R002C00; S2300, S3300, S2700, S3700 with software V100R006C05 and earli… | |
| CVE-2014-4706 | high | 7.5 | 7.5 | 9y ago | Huawei Campus S3700HI with software V200R001C00SPC300; Campus S5700 with software V200R002C00SPC100; Campus S7700 with software V200R003C00SPC300,V200R003C00SPC500; LSW S9700 with software V200R001C0… | |
| CVE-2014-3224 | high | 7.5 | 7.5 | 9y ago | Huawei Quidway S9700 V200R003C00SPC500, Quidway S9300 V200R003C00SPC500, Quidway S7700 V200R003C00SPC500, Quidway S6700 V200R003C00SPC300, Quidway S6300 V200R003C00SPC300, Quidway S5700 V200R003C00SP… | |
| CVE-2014-3223 | high | 7.5 | 7.5 | 9y ago | Huawei S9300 with software before V100R006SPH013 and S2300,S3300,S5300,S6300 with software before V100R006SPH010 support Y.1731 and therefore have the Y.1731 vulnerability in processing special packe… | |
| CVE-2014-3221 | high | 7.5 | 7.5 | 9y ago | Huawei Eudemon8000E firewall with software V200R001C01SPC800 and earlier versions allows users to log in to the device using Telnet or SSH. When an attacker sends to the device a mass of TCP packets … | |
| CVE-2014-9804 | high | 7.5 | 7.5 | 9y ago | vision.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via vectors related to "too many object." | |
| CVE-2014-9839 | high | 7.5 | 7.5 | 9y ago | magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access). | |
| CVE-2014-9851 | high | 7.5 | 7.5 | 9y ago | ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash). | |
| CVE-2014-9850 | high | 7.5 | 7.5 | 9y ago | Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption). | |
| CVE-2014-9849 | high | 7.5 | 7.5 | 9y ago | The png coder in ImageMagick allows remote attackers to cause a denial of service (crash). | |
| CVE-2014-9848 | high | 7.5 | 7.5 | 9y ago | Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption). | |
| CVE-2014-9842 | high | 7.5 | 7.5 | 9y ago | Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | |
| CVE-2014-9854 | high | 7.5 | 7.5 | 9y ago | coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image." | |
| CVE-2014-8722 | high | 7.5 | 7.5 | 9y ago | GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.x… | |
| CVE-2014-8701 | high | 7.5 | 7.5 | 9y ago | Wonder CMS 2014 allows remote attackers to obtain sensitive information by viewing /files/password, which reveals the unsalted MD5 hashed password. | |
| CVE-2014-8688 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Telegram Messenger 2.6 for iOS and 1.8.2 for Android. Secret chat messages are available in cleartext in process memory and a .db file. | |
| CVE-2014-9755 | high | 7.5 | 7.5 | 10y ago | The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before… | |
| CVE-2014-9901 | high | 7.5 | 7.5 | 10y ago | The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service (device hang or reboot) via… | |
| CVE-2014-9773 | high | 7.5 | 7.5 | 10y ago | modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks. | |
| CVE-2014-9747 | high | 7.5 | 7.5 | 10y ago | The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial o… | |
| CVE-2014-0236 | high | 7.5 | 7.5 | 10y ago | file before 5.18, as used in the Fileinfo component in PHP before 5.6.0, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a zero root_storage … | |
| CVE-2014-9771 | high | 7.5 | 7.5 | 10y ago | Integer overflow in imlib2 before 1.4.7 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted image, which triggers an invalid read operation. | |
| CVE-2014-9764 | high | 7.5 | 7.5 | 10y ago | imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a crafted GIF file. | |
| CVE-2014-9763 | high | 7.5 | 7.5 | 10y ago | imlib2 before 1.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted PNM file. | |
| CVE-2014-9762 | high | 7.5 | 7.5 | 10y ago | imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a GIF image without a colormap. | |
| CVE-2014-9742 | high | 7.5 | 7.5 | 10y ago | The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x before 1.11.9 improperly uses a single random base, which makes it easier for remote attackers to defeat cryptographic protection me… | |
| CVE-2014-3260 | high | 7.5 | 7.5 | 11y ago | Pacom 1000 CCU and RTU GMS devices allow remote attackers to spoof the controller-to-base data stream by leveraging improper use of cryptography. | |
| CVE-2014-9651 | high | — | 7.5 | 11y ago | Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, and before 5.0 allows attackers to have unspecified impact via a positive START argument to the "substring-index[-ci] procedures… | |
| CVE-2014-6272 | high | — | 7.5 | 11y ago | Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or poss… | |
| CVE-2014-3612 | high | — | 7.5 | 11y ago | Improper Authentication in Apache WSS4J | |
| CVE-2014-3576 | high | 7.5 | 7.5 | 11y ago | Improper Neutralization of Special Elements used in an OS Command in Apache ActiveMQ | |
| CVE-2014-9735 | high | — | 7.5 | 11y ago | The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX function… | |
| CVE-2014-4882 | high | — | 7.5 | 11y ago | Aptexx Resident Anywhere does not require authentication, which allows remote attackers to obtain sensitive information or modify data via a direct request. | |
| CVE-2014-8176 | high | — | 7.5 | 11y ago | The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive betw… | |
| CVE-2014-6284 | high | — | 7.5 | 11y ago | SAP Adaptive Server Enterprise (ASE) before 15.7 SP132 and 16.0 before 16.0 SP01 allows remote attackers to bypass the challenge and response mechanism and obtain access to the probe account via a cr… | |
| CVE-2014-8147 | high | — | 7.5 | 11y ago | The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type… | |
| CVE-2014-8146 | high | — | 7.5 | 11y ago | The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track d… | |
| CVE-2014-8162 | high | — | 7.5 | 11y ago | XML external entity (XXE) in the RPC interface in Spacewalk and Red Hat Network (RHN) Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified imp… | |
| CVE-2014-8125 | high | — | 7.5 | 11y ago | Improper Input Validation in Drools and jBPM | |
| CVE-2014-5370 | high | — | 7.5 | 11y ago | Directory traversal vulnerability in the CFChart servlet (com.naryx.tagfusion.cfm.cfchartServlet) in New Atlanta BlueDragon before 7.1.1.18527 allows remote attackers to read or possibly delete arbit… | |
| CVE-2014-8360 | high | — | 7.5 | 11y ago | Directory traversal vulnerability in inc/autoload.function.php in GLPI before 0.84.8 allows remote attackers to include and execute arbitrary local files via a .._ (dot dot underscore) in an item typ… | |
| CVE-2014-9145 | high | — | 7.5 | 11y ago | Multiple SQL injection vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an edit action to dapur/index.php; (2) cat, (3) user, o… | |
| CVE-2014-9707 | high | — | 7.5 | 11y ago | EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . (dot), which allows remote attackers to conduct directory traversal attacks, cause a denial of service (… | |
| CVE-2014-2027 | high | — | 7.5 | 11y ago | eGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the (1) addr_fields or (2) trans pa… | |
| CVE-2014-9705 | high | — | 7.5 | 11y ago | Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute ar… | |
| CVE-2014-9653 | high | — | 7.5 | 11y ago | readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of … | |
| CVE-2014-9205 | high | — | 7.5 | 11y ago | Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote at… | |
| CVE-2014-9566 | high | — | 7.5 | 11y ago | Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 1… | |
| CVE-2014-3691 | high | — | 7.5 | 11y ago | Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and … | |
| CVE-2014-9688 | high | — | 7.5 | 11y ago | Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users. | |
| CVE-2014-3682 | high | — | 7.5 | 11y ago | XML external entity (XXE) vulnerability in the JBPMBpmn2ResourceImpl function in designer/bpmn2/resource/JBPMBpmn2ResourceImpl.java in jbpm-designer 6.0.x and 6.2.x allows remote attackers to read ar… | |
| CVE-2014-9674 | high | — | 7.5 | 12y ago | The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a de… | |
| CVE-2014-9668 | high | — | 7.5 | 12y ago | The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of se… | |
| CVE-2014-9665 | high | — | 7.5 | 12y ago | The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service (integer over… | |
| CVE-2014-9663 | high | — | 7.5 | 12y ago | The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a … | |
| CVE-2014-9662 | high | — | 7.5 | 12y ago | cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or poss… | |
| CVE-2014-9661 | high | — | 7.5 | 12y ago | type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) o… | |
| CVE-2014-9660 | high | — | 7.5 | 12y ago | The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer der… | |
| CVE-2014-9659 | high | — | 7.5 | 12y ago | cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code… | |
| CVE-2014-9658 | high | — | 7.5 | 12y ago | The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or… | |
| CVE-2014-9657 | high | — | 7.5 | 12y ago | The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read)… | |
| CVE-2014-9656 | high | — | 7.5 | 12y ago | The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-b… | |
| CVE-2014-7864 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in the FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine OpManager 8 through 11.5 build 11400 and IT360 10.5 and earlier allow remote attacke… | |
| CVE-2014-9633 | high | — | 7.5 | 12y ago | The bdisk.sys driver in COMODO Backup before 4.4.1.23 allows remote attackers to gain privileges via a crafted device handle, which triggers a NULL pointer dereference. | |
| CVE-2014-9328 | high | — | 7.5 | 12y ago | ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition." | |
| CVE-2014-9200 | high | — | 7.5 | 12y ago | Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANope… | |
| CVE-2014-8829 | high | — | 7.5 | 12y ago | SceneKit in Apple OS X before 10.10.2 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app. | |
| CVE-2014-8828 | high | — | 7.5 | 12y ago | Sandbox in Apple OS X before 10.10 allows attackers to write to the sandbox-profile cache via a sandboxed app that includes a com.apple.sandbox segment in a path. | |
| CVE-2014-4493 | high | — | 7.5 | 12y ago | The app-installation functionality in MobileInstallation in Apple iOS before 8.1.3 allows attackers to obtain control of the local app container by leveraging access to an enterprise distribution cer… | |
| CVE-2014-4492 | high | — | 7.5 | 12y ago | libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary… | |
| CVE-2014-4485 | high | — | 7.5 | 12y ago | Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of … | |
| CVE-2014-4484 | high | — | 7.5 | 12y ago | FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and applic… | |
| CVE-2014-8154 | high | — | 7.5 | 12y ago | The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash… | |
| CVE-2014-9572 | high | — | 7.5 | 12y ago | MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 does not properly restrict access to /*/install.php, which allows remote attackers to obtain database credentials via the install parameter with t… | |
| CVE-2014-7942 | high | — | 7.5 | 12y ago | The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified … | |
| CVE-2014-7940 | high | — | 7.5 | 12y ago | The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for… | |
| CVE-2014-7938 | high | — | 7.5 | 12y ago | The Fonts implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | |
| CVE-2014-7937 | high | — | 7.5 | 12y ago | Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or poss… | |
| CVE-2014-7935 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in browser/speech/tts_message_filter.cc in the Speech implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly… | |
| CVE-2014-7934 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other … | |
| CVE-2014-7933 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the matroska_read_seek function in libavformat/matroskadec.c in FFmpeg before 2.5.1, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a d… | |
| CVE-2014-7932 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the Element::detach function in core/dom/Element.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause… | |
| CVE-2014-7931 | high | — | 7.5 | 12y ago | factory.cc in Google V8, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted J… | |
| CVE-2014-7930 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in core/events/TreeScopeEventContext.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of se… | |
| CVE-2014-7929 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the HTMLScriptElement::didMoveToNewDocument function in core/html/HTMLScriptElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.9… | |
| CVE-2014-7928 | high | — | 7.5 | 12y ago | hydrogen.cc in Google V8, as used Google Chrome before 40.0.2214.91, does not properly handle arrays with holes, which allows remote attackers to cause a denial of service (memory corruption) or poss… | |
| CVE-2014-7927 | high | — | 7.5 | 12y ago | The SimplifiedLowering::DoLoadBuffer function in compiler/simplified-lowering.cc in Google V8, as used in Google Chrome before 40.0.2214.91, does not properly choose an integer data type, which allow… | |
| CVE-2014-7926 | high | — | 7.5 | 12y ago | The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of… | |
| CVE-2014-7925 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the WebAudio implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified o… |