CVEs from 2014
Total
7,866
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-8293 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Voice Of Web AllMyGuests 0.4.1 allows remote attackers to inject arbitrary web script or HTML via the AMG_signin_topic parameter to index.php. | |||
| CVE-2014-3681 | medium | — | 4.3 | 12y ago | Jenkins Cross-site Scripting vulnerability | |||
| CVE-2014-4140 | medium | — | 4.3 | 12y ago | Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability." | |||
| CVE-2014-4122 | medium | — | 4.3 | 12y ago | Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 omits the ASLR protection mechanism, which allows remote attackers to obtain potentially sensitive information about memory addresses by leveraging th… | |||
| CVE-2014-4075 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attackers to inject arbitrary web script or HTML via a cr… | |||
| CVE-2014-1584 | medium | — | 4.3 | 12y ago | The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 skips pinning checks upon an unspecified issuer-verification error, which makes it easier for remote attackers to bypass an … | |||
| CVE-2014-1582 | medium | — | 4.3 | 12y ago | The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 does not properly consider the connection-coalescing behavior of SPDY and HTTP/2 in the case of a shared IP address, which a… | |||
| CVE-2014-0571 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote attackers t… | |||
| CVE-2014-8765 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Project Issue File Review module (PIFR) module 6.x-2.x before 6.x-2.17 for Drupal allow (1) remote attackers to inject arbitrary web script … | |||
| CVE-2014-8069 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in YOOtheme Pagekit CMS 0.8.7 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP Referer header to index.php/user or (2… | |||
| CVE-2014-6313 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the range parameter on the wc-reports … | |||
| CVE-2014-8747 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Drupal Commons module 7.x-3.x before 7.x-3.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to content c… | |||
| CVE-2014-1573 | medium | — | 4.3 | 12y ago | Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not ensure that a scalar context is used for certain CGI parameters,… | |||
| CVE-2014-7139 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin before 2.8.16 for WordPress allow remote attackers to inject arbi… | |||
| CVE-2014-6315 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) c… | |||
| CVE-2014-6243 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the EWWW Image Optimizer plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the error parameter in the ew… | |||
| CVE-2014-4737 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to setup/index.php. | |||
| CVE-2014-3678 | medium | — | 4.3 | 12y ago | Jenkins Monitoring Plugin allows Cross-Site Scripting (XSS) | |||
| CVE-2014-3393 | medium | — | 4.3 | 12y ago | The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.14), 9.0 before 9.0(4.24), 9.1 before 9.… | |||
| CVE-2014-6439 | medium | — | 4.3 | 12y ago | Cross-site scripting in Elasticsearch | |||
| CVE-2014-4661 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in HP Records Manager before 7.3.5 and 8.x before 8.1 Patch 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-3404 | medium | — | 4.3 | 12y ago | The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to trigger acceptance of an invalid message via crafted … | |||
| CVE-2014-7983 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS 3.1.2 through 3.2.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-7982 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-7203 | medium | — | 4.3 | 12y ago | libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors. | |||
| CVE-2014-7202 | medium | — | 4.3 | 12y ago | stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request. | |||
| CVE-2014-6631 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x before 3.2.5 and 3.3.x before 3.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-7189 | medium | — | 4.3 | 12y ago | Man-in-the-middle attack with SessionTicketsDisabled in crypto/tls | |||
| CVE-2014-4871 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in wlsecurity.html on NetCommWireless NB604N routers with firmware before GAN5.CZ56T-B-NC.AU-R4B030.EN allows remote attackers to inject arbitrary web script … | |||
| CVE-2014-0940 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Service Automation Manager 7.2.2.2 before 7.2.2.2-TIV-TSAM-LA0041 allow remote attackers to inject arbitrary web script or HTML via v… | |||
| CVE-2014-4510 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in job.cc in apt-cacher-ng 0.7.26 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2014-1224 | medium | — | 4.3 | 12y ago | Incomplete blacklist vulnerability in the user registration feature in rexx Recruitment R6.1 and R7 without "fixes from 2014-01-15" allows remote attackers to conduct cross-site scripting (XSS) attac… | |||
| CVE-2014-6054 | medium | — | 4.3 | 12y ago | The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) v… | |||
| CVE-2014-2644 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||
| CVE-2014-2645 | medium | — | 4.3 | 12y ago | HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to conduct clickjacking attacks via unknown vectors. | |||
| CVE-2014-7277 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to inject arbitrary web script or HT… | |||
| CVE-2014-6297 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-6296 | medium | — | 4.3 | 12y ago | WEC Map (wec_map) extension for TYPO3 allows Cross-site Scripting | |||
| CVE-2014-6294 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the External links click statistics (outstats) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via uns… | |||
| CVE-2014-6291 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Alphabetic Sitemap (alpha_sitemap) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified… | |||
| CVE-2014-6079 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Local Management Interface in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Acc… | |||
| CVE-2014-7157 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Exinda WAN Optimization Suite 7.0.0 (2160) allows remote attackers to inject arbitrary web script or HTML via the tabsel parameter to admin/launch. | |||
| CVE-2014-3097 | medium | — | 4.3 | 12y ago | Open redirect vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0-TIV-TFIM-IF0015, 6.2.1 before 6.2.1-TIV-TFIM-IF0007, and 6.2.2 before 6.2.2-TIV-TFIM-IF0011 allows remot… | |||
| CVE-2014-2642 | medium | — | 4.3 | 12y ago | HP System Management Homepage (SMH) before 7.4 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||
| CVE-2014-2640 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-6618 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Your Online Shop allows remote attackers to inject arbitrary web script or HTML via the products_id parameter. | |||
| CVE-2014-4727 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the DHCP clients page in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to inject arbi… | |||
| CVE-2014-7199 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.19, 1.22.x before 1.22.11, and 1.23.x before 1.23.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG … | |||
| CVE-2014-5444 | medium | — | 4.3 | 12y ago | Geary before 0.6.3 does not present the user with a warning when a TLS certificate error is detected, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted cer… | |||
| CVE-2014-0170 | medium | — | 4.3 | 12y ago | Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XM… | |||
| CVE-2014-3824 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r6, 7.4 before 7.4r13, and 7.1 before 7.1r20 al… | |||
| CVE-2014-3823 | medium | — | 4.3 | 12y ago | The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via unspe… | |||
| CVE-2014-3820 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 befo… | |||
| CVE-2014-7152 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Easy MailChimp Forms plugin 3.0 through 5.0.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the update_options actio… | |||
| CVE-2014-6445 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in includes/toAdmin.php in Contact Form 7 Integrations plugin 1.0 through 1.3.10 for WordPress allow remote attackers to inject arbitrary web scrip… | |||
| CVE-2014-4958 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Telerik UI for ASP.NET AJAX RadEditor control 2014.1.403.35, 2009.3.1208.20, and other versions allows remote attackers to inject arbitrary web script or H… | |||
| CVE-2014-5315 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Help page in Adobe Acrobat 9.5.2 and earlier and ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspec… | |||
| CVE-2014-3595 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web s… | |||
| CVE-2014-5322 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 13 and Pro Advanced before 13 allows remote attackers to inject arbitrary web script or HTML via u… | |||
| CVE-2014-5316 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Dotclear before 2.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted page. | |||
| CVE-2014-3367 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the vCloud Director component in Cisco Nexus 1000V InterCloud for VMware allows remote attackers to inject arbitrary web script or HTML via an unspecified … | |||
| CVE-2014-5317 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in php365.com 365 Links 3.11 and earlier, 365 Links2 3.11 and earlier, 365 Links+ 2.10 and earlier, and 365 Links2+ 2.10 and earlier allows remote attackers t… | |||
| CVE-2014-4826 | medium | — | 4.3 | 12y ago | IBM Security QRadar SIEM 7.2 before 7.2.3 Patch 1 does not properly handle SSH connections, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. | |||
| CVE-2014-4820 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM Integration Bus Manufacturing Pack 1.x before 1.0.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-4423 | medium | — | 4.3 | 12y ago | The Accounts subsystem in Apple iOS before 8 allows attackers to bypass a sandbox protection mechanism and obtain an active iCloud account's Apple ID and metadata via a crafted application. | |||
| CVE-2014-4409 | medium | — | 4.3 | 12y ago | WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had been stored during nor… | |||
| CVE-2014-4383 | medium | — | 4.3 | 12y ago | The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header. | |||
| CVE-2014-4353 | medium | — | 4.3 | 12y ago | Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent (1) iMessage or (2) MMS. | |||
| CVE-2014-5235 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML v… | |||
| CVE-2014-5234 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML vi… | |||
| CVE-2014-0562 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on OS X allows remote attackers to inject arbitrary web script or HTML via unspecified… | |||
| CVE-2014-6392 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Facebook app 14.0 and the Facebook Messenger app 10.0 for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted filename ext… | |||
| CVE-2014-5259 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in cattranslate.php in the CatTranslate JQuery plugin in BlackCat CMS 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the… | |||
| CVE-2014-4735 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in MyWebSQL 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the table parameter to index.php. | |||
| CVE-2014-5391 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote attackers to inject arbitrary web scri… | |||
| CVE-2014-5129 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Avolve Software ProjectDox 8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-6240 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Google Sitemap (weeaar_googlesitemap) extension 0.4.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecif… | |||
| CVE-2014-6238 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Akronymmanager (aka SB Folderdownload) extension 0.5.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspeci… | |||
| CVE-2014-6234 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Open Graph protocol (jh_opengraphprotocol) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecif… | |||
| CVE-2014-4784 | medium | — | 4.3 | 12y ago | IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not properly restrict use of FRAME elements, which allows remo… | |||
| CVE-2014-3343 | medium | — | 4.3 | 12y ago | Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (DHCPv6 daemon crash) via a malformed DHCPv6 packet, aka Bug ID CSCuo59052. | |||
| CVE-2014-4070 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Lync XSS Inf… | |||
| CVE-2014-5369 | medium | — | 4.3 | 12y ago | Enigmail 1.7.x before 1.7.2 sends emails in plaintext when encryption is enabled and only BCC recipients are specified, which allows remote attackers to obtain sensitive information by sniffing the n… | |||
| CVE-2014-0153 | medium | — | 4.3 | 12y ago | The REST API in oVirt 3.4.0 and earlier stores session IDs in HTML5 local storage, which allows remote attackers to obtain sensitive information via a crafted web page. | |||
| CVE-2014-2379 | medium | — | 4.3 | 12y ago | Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not use encryption, which allows remote attackers to interfere with traffic control by replaying transm… | |||
| CVE-2014-3574 | medium | — | 4.3 | 12y ago | Improper Input Validation in Apache POI | |||
| CVE-2014-3529 | medium | — | 4.3 | 12y ago | Improper Restriction of XML External Entity Reference in Apache POI | |||
| CVE-2014-1566 | medium | — | 4.3 | 12y ago | Mozilla Firefox before 31.1 on Android does not properly restrict copying of local files onto the SD card during processing of file: URLs, which allows attackers to obtain sensitive information from … | |||
| CVE-2014-5136 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Innovative Interfaces Sierra Library Services Platform 1.2_3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||
| CVE-2014-5452 | medium | — | 4.3 | 12y ago | CDA.xsl in HL7 C-CDA 1.1 and earlier does not anticipate the possibility of invalid C-CDA documents with crafted XML attributes, which allows remote attackers to conduct XSS attacks via a document co… | |||
| CVE-2014-5076 | medium | — | 4.3 | 12y ago | The La Banque Postale application before 3.2.6 for Android does not prevent the launching of an activity by a component of another application, which allows attackers to obtain sensitive cached banki… | |||
| CVE-2014-3862 | medium | — | 4.3 | 12y ago | CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in i… | |||
| CVE-2014-3861 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted reference element within a nonXMLBody ele… | |||
| CVE-2014-3601 | medium | — | 4.3 | 12y ago | The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) … | |||
| CVE-2014-3352 | medium | — | 4.3 | 12y ago | Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3_SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obt… | |||
| CVE-2014-5147 | medium | — | 4.3 | 12y ago | Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not properly handle traps from the guest domain that use a different address width, which allows local guest users to cause a denial of … | |||
| CVE-2014-4930 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in event/index2.do in ManageEngine EventLog Analyzer before 9.0 build 9002 allow remote attackers to inject arbitrary web script or HTML via the (1… | |||
| CVE-2014-3344 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 allow remote attack… | |||
| CVE-2014-3575 | medium | — | 4.3 | 12y ago | The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects. | |||
| CVE-2014-5336 | medium | — | 4.3 | 12y ago | Monkey HTTP Server before 1.5.3, when the File Descriptor Table (FDT) is enabled and custom error messages are set, allows remote attackers to cause a denial of service (file descriptor consumption) … |