CVEs from 2014
Total
7,926
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
0.6%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2014-1340 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.5 and 7.x before 7.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |
| CVE-2014-1325 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (m… | |
| CVE-2014-3881 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in Intercom Web Kyukincho 3.x before 3.0.030 allows remote attackers to hijack the authentication of arbitrary users. | |
| CVE-2014-4030 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the JW Player plugin before 2.1.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that remove play… | |
| CVE-2014-3882 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Login rebuilder plugin before 1.2.0 for WordPress allows remote attackers to hijack the authentication of arbitrary users. | |
| CVE-2014-3299 | medium | — | 6.8 | 12y ago | Cisco IOS allows remote authenticated users to cause a denial of service (device reload) via malformed IPsec packets, aka Bug ID CSCui79745. | |
| CVE-2014-2005 | medium | 6.8 | 6.8 | 12y ago | Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically… | |
| CVE-2014-3883 | medium | — | 6.8 | 12y ago | Usermin before 1.600 allows remote attackers to execute arbitrary operating-system commands via unspecified vectors related to a user action. | |
| CVE-2014-4333 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that co… | |
| CVE-2014-4155 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that … | |
| CVE-2014-3778 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in goform/RgDdns in ARRIS (formerly Motorola) SBG901 SURFboard Wireless Cable Modem allow remote attackers to hijack the authentication of a… | |
| CVE-2014-4188 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote… | |
| CVE-2014-4163 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Featured Comments plugin 1.2.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that … | |
| CVE-2014-4162 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Zyxel P-660HW-T1 (v3) wireless router allow remote attackers to hijack the authentication of administrators for requests that change … | |
| CVE-2014-3850 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Member Approval plugin 131109 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plug… | |
| CVE-2014-1542 | medium | — | 6.8 | 12y ago | Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel… | |
| CVE-2014-1778 | medium | — | 6.8 | 12y ago | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary web script with increased privileges via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulne… | |
| CVE-2014-1771 | medium | — | 6.8 | 12y ago | SChannel in Microsoft Internet Explorer 6 through 11 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle … | |
| CVE-2014-0195 | medium | — | 6.8 | 12y ago | The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, w… | |
| CVE-2014-3836 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud Server before 6.0.3 allow remote attackers to hijack the authentication of users for requests that (1) conduct cross-site script… | |
| CVE-2014-3466 | medium | — | 6.8 | 12y ago | Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (me… | |
| CVE-2014-2946 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the authentic… | |
| CVE-2014-3414 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in Sharetronix before 3.4 allows remote attackers to hijack the authentication of administrators for requests that add administrative privileges to a u… | |
| CVE-2014-2720 | medium | — | 6.8 | 12y ago | IZArc 4.1.8 displays a file's name on the basis of a ZIP archive's Central Directory entry, but launches this file on the basis of a ZIP archive's local file header, which allows user-assisted remote… | |
| CVE-2014-0214 | medium | — | 6.8 | 12y ago | Moodle creates a MoodleMobile web-service token with an infinite lifetime | |
| CVE-2014-0213 | medium | — | 6.8 | 12y ago | Moodle multiple cross-site request forgery (CSRF) vulnerabilities | |
| CVE-2014-3866 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in user_settings.php in Usercake 2.0.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that c… | |
| CVE-2014-3015 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Web player in IBM Sametime Proxy Server and Web Client 9.0 through 9.0.0.1 allows remote attackers to hijack the authentication of arbitrary use… | |
| CVE-2014-3267 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests tha… | |
| CVE-2014-1344 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |
| CVE-2014-1343 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |
| CVE-2014-1342 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |
| CVE-2014-1341 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |
| CVE-2014-1339 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |
| CVE-2014-1338 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |
| CVE-2014-1337 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |
| CVE-2014-1336 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |
| CVE-2014-1335 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |
| CVE-2014-1334 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |
| CVE-2014-1333 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |
| CVE-2014-1331 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |
| CVE-2014-1330 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |
| CVE-2014-1329 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |
| CVE-2014-1327 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |
| CVE-2014-1326 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |
| CVE-2014-1324 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |
| CVE-2014-1323 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |
| CVE-2014-3845 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the TinyMCE Color Picker plugin before 1.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that… | |
| CVE-2014-3843 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Search Everything plugin before 8.1.1 for WordPress allows remote attackers to hijack the authentication of unspecified victims via unknown vect… | |
| CVE-2014-0954 | medium | — | 6.8 | 12y ago | IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 does not validate JSP includes, which allows remote attackers to obt… | |
| CVE-2014-3802 | medium | — | 6.8 | 12y ago | msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-… | |
| CVE-2014-3792 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in Beetel 450TC2 Router with firmware TX6-0Q-005_retail allows remote attackers to hijack the authentication of administrators for requests that change… | |
| CVE-2014-3460 | medium | — | 6.8 | 12y ago | Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in Agent Manager in NetIQ Sentinel allows remote attackers to create arbitrary files, and consequently ex… | |
| CVE-2014-3269 | medium | — | 6.8 | 12y ago | The SNMP module in Cisco IOS XE 3.5E allows remote authenticated users to cause a denial of service (device reload) by polling frequently, aka Bug ID CSCug65204. | |
| CVE-2014-2194 | medium | — | 6.8 | 12y ago | system/egain/chat/entrypoint in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to have an unspecified impact by injecting a spoofed XML external entity. | |
| CVE-2014-3760 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP 1150 with firmware 1.2.94 allow remote attackers to hijack the authentication of administrators for requests that (1) enable o… | |
| CVE-2014-0933 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Information Server Metadata Workbench 8.1 through 9.1 allows remote attackers to hijack the authentication of arbitrary users. | |
| CVE-2014-1809 | medium | — | 6.8 | 12y ago | The MSCOMCTL library in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1 makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted web … | |
| CVE-2014-2989 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in Open Assessment Technologies TAO 2.5.6 allows remote attackers to hijack the authentication of administrators for requests that create administrativ… | |
| CVE-2014-3455 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) CreateProperty, (2) CreateTemplate, (3) CreateForm, and (4) CreateClass special pages in the SemanticForms extension for MediaWik… | |
| CVE-2014-3454 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in Special:CreateCategory in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attac… | |
| CVE-2014-3115 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote attackers to hijack the authentication of administrators vi… | |
| CVE-2014-0090 | medium | — | 6.8 | 12y ago | Session fixation vulnerability in Foreman before 1.4.2 allows remote attackers to hijack web sessions via the session id cookie. | |
| CVE-2014-2190 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Broadcast Access Center for Telco and Wireless (aka BAC-TW) allows remote attackers to hijack the authentication of arbit… | |
| CVE-2014-2181 | medium | — | 6.8 | 12y ago | Cisco Adaptive Security Appliance (ASA) Software allows remote authenticated users to read files by sending a crafted URL to the HTTP server, as demonstrated by reading the running configuration, aka… | |
| CVE-2014-2916 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the subscription page editor (spageedit) in phpList before 3.0.6 allows remote attackers to hijack the authentication of administrators via a reques… | |
| CVE-2014-0469 | medium | — | 6.8 | 12y ago | Stack-based buffer overflow in a certain Debian patch for xbuffy before 3.3.bl.3.dfsg-9 allows remote attackers to execute arbitrary code via the subject of an email, possibly related to indent subje… | |
| CVE-2014-3006 | medium | — | 6.8 | 12y ago | Sitepark Information Enterprise Server (IES) 2.9 before 2.9.6, when upgraded from an earlier version, does not properly restrict access, which allows remote attackers to change the manager account pa… | |
| CVE-2014-2186 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj81777. | |
| CVE-2014-1526 | medium | — | 6.8 | 12y ago | The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is vis… | |
| CVE-2014-2383 | medium | — | 6.8 | 12y ago | DOMPDF Arbitrary File Read | |
| CVE-2014-2327 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by request… | |
| CVE-2014-1319 | medium | — | 6.8 | 12y ago | Buffer overflow in ImageIO in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image. | |
| CVE-2014-1315 | medium | — | 6.8 | 12y ago | Format string vulnerability in CoreServicesUIAgent in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format st… | |
| CVE-2014-1295 | medium | — | 6.8 | 12y ago | Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation a… | |
| CVE-2014-2659 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the admin UI in Papercut MF and NG before 14.1 (Build 26983) allows remote attackers to hijack the authentication of administrators via unspecified … | |
| CVE-2014-1615 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Carbon Black before 4.1.0 allow remote attackers to hijack the authentication of administrators for requests that add new administrative … | |
| CVE-2014-2341 | medium | — | 6.8 | 12y ago | Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter. | |
| CVE-2014-1990 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in TopAccess (aka the web-based management utility) on TOSHIBA TEC e-Studio 232, 233, 282, and 283 devices allows remote attackers to hijack the authen… | |
| CVE-2014-1984 | medium | — | 6.8 | 12y ago | Session fixation vulnerability in the management screen in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to hijack web sessions via unspecified vectors. | |
| CVE-2014-0054 | medium | — | 6.8 | 12y ago | Cross-Site Request Forgery in Spring Framework | |
| CVE-2014-2422 | medium | — | 6.8 | 12y ago | Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX 2.2.51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |
| CVE-2014-0172 | medium | — | 6.8 | 12y ago | Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (ap… | |
| CVE-2014-2115 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserServlet pages in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to hijack the authentication of arbitrary u… | |
| CVE-2014-2340 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the XCloner plugin before 3.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that create websit… | |
| CVE-2014-1313 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |
| CVE-2014-1312 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |
| CVE-2014-1311 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |
| CVE-2014-1310 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |
| CVE-2014-1309 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |
| CVE-2014-1308 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |
| CVE-2014-1307 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |
| CVE-2014-1305 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |
| CVE-2014-1304 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |
| CVE-2014-1302 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |
| CVE-2014-1301 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |
| CVE-2014-1299 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |
| CVE-2014-1298 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |
| CVE-2014-2671 | medium | — | 6.8 | 12y ago | Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted WAV file. | |
| CVE-2014-2525 | medium | — | 6.8 | 12y ago | Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded cha… |