CVEs from 2014
Total
7,866
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-1472 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via… | |||
| CVE-2014-0445 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Te… | |||
| CVE-2014-0434 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the Oracle Agile Product Lifecycle Management for Process component in Oracle Supply Chain Products Suite 6.0, 6.1, and 6.1.1 allows remote attackers to affect integrity … | |||
| CVE-2014-0433 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote attackers to affect availability via unknown vectors related to Thread Pooling. | |||
| CVE-2014-0390 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Java Web Console. | |||
| CVE-2014-0389 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in Oracle iLearning 6.0 allows remote attackers to affect integrity via unknown vectors related to Learner Pages. | |||
| CVE-2014-0382 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect availability via unknown vectors related to JavaFX. | |||
| CVE-2014-0380 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to MultiChanne… | |||
| CVE-2014-0374 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the Oracle Portal component in Oracle Fusion Middleware 11.1.1.6 allows remote attackers to affect integrity via unknown vectors related to Page Parameters and Events. | |||
| CVE-2014-0977 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Rich Text Editor in Movable Type 5.0x, 5.1x before 5.161, 5.2.x before 5.2.9, and 6.0.x before 6.0.1 allows remote attackers to inject arbitrary web sc… | |||
| CVE-2014-1407 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to inject arbitrary web script or HTML via (1) the submit-url… | |||
| CVE-2014-1406 | medium | — | 4.3 | 13y ago | CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with runtime code 1.26 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP respon… | |||
| CVE-2014-0663 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the web framework in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, … | |||
| CVE-2014-0655 | medium | — | 4.3 | 13y ago | The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to change the user-cache contents via a replay attack involving crafted RADIUS C… | |||
| CVE-2014-0654 | medium | — | 4.3 | 13y ago | Cisco Context Directory Agent (CDA) allows remote attackers to modify the cache via a replay attack involving crafted RADIUS accounting messages, aka Bug ID CSCuj45383. | |||
| CVE-2014-0653 | medium | — | 4.3 | 13y ago | The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to trigger authentication-state modifications via a crafted NetBIOS logout probe… | |||
| CVE-2014-0652 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Mappings page in Cisco Context Directory Agent (CDA) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuj… | |||
| CVE-2014-1232 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Foliopress WYSIWYG plugin before 2.6.8.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-2538 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in lib/rack/ssl.rb in the rack-ssl gem before 1.4.0 for Ruby allows remote attackers to inject arbitrary web script or HTML via a URI, which might not be prop… | |||
| CVE-2014-2532 | medium | 4.2 | 4.2 | 12y ago | sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring locate… | |||
| CVE-2014-4274 | medium | — | 4.1 | 12y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to SERVER:MyIS… | |||
| CVE-2014-5407 | medium | — | 4.1 | 12y ago | Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2.2.136 and earlier allow local users to cause a denial of service (application halt) via a malformed (1) setting file or (2) distu… | |||
| CVE-2014-4203 | medium | — | 4.1 | 12y ago | Unspecified vulnerability in the Hyperion Enterprise Performance Management Architect component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows local users to affect confidentiality, integrity, and a… | |||
| CVE-2014-2489 | medium | — | 4.1 | 12y ago | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, int… | |||
| CVE-2014-0378 | medium | — | 4.1 | 13y ago | Unspecified vulnerability in the Spatial component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows local users to affect confidentiality, integrity, and availability via u… | |||
| CVE-2014-5356 | medium | — | 4.0 | 4y ago | OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configurati… | |||
| CVE-2014-3708 | medium | — | 4.0 | 4y ago | OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API re… | |||
| CVE-2014-9913 | medium | 4.0 | 4.0 | 10y ago | Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method. | |||
| CVE-2014-9749 | medium | — | 4.0 | 11y ago | Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerabilit… | |||
| CVE-2014-8910 | medium | — | 4.0 | 11y ago | IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary text files via a crafted XML/XSLT func… | |||
| CVE-2014-8887 | medium | — | 4.0 | 11y ago | IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, 9.1.0.x before 9.1.0.5, and 9.1.1.x before 9.1.1.2 allows remote authenticated users to upload arb… | |||
| CVE-2014-6222 | medium | — | 4.0 | 11y ago | Directory traversal vulnerability in IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, 9.1.0.x before 9.1.0.5, and 9.1.1.x before 9.1.1.2 allows rem… | |||
| CVE-2014-0919 | medium | — | 4.0 | 11y ago | IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users t… | |||
| CVE-2014-9713 | medium | — | 4.0 | 11y ago | The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified… | |||
| CVE-2014-9712 | medium | — | 4.0 | 11y ago | Websense TRITON V-Series appliances before 7.8.3 Hotfix 03 and 7.8.4 before Hotfix 01 allow remote administrators to read arbitrary files and obtain passwords via a crafted path. | |||
| CVE-2014-6131 | medium | — | 4.0 | 11y ago | IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.… | |||
| CVE-2014-8112 | medium | — | 4.0 | 11y ago | 389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authen… | |||
| CVE-2014-9684 | medium | — | 4.0 | 11y ago | OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption)… | |||
| CVE-2014-8487 | medium | — | 4.0 | 11y ago | Kony Management (aka Enterprise Mobile Management or EMM) 1.2 and earlier allows remote authenticated users to read (1) arbitrary messages via the messageId parameter to selfservice/managedevice/getM… | |||
| CVE-2014-9466 | medium | — | 4.0 | 11y ago | Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated user… | |||
| CVE-2014-8023 | medium | — | 4.0 | 11y ago | Cisco Adaptive Security Appliance (ASA) Software 9.2(.3) and earlier, when challenge-response authentication is used, does not properly select tunnel groups, which allows remote authenticated users t… | |||
| CVE-2014-6194 | medium | — | 4.0 | 11y ago | Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.… | |||
| CVE-2014-7853 | medium | — | 4.0 | 12y ago | The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to t… | |||
| CVE-2014-7849 | medium | — | 4.0 | 12y ago | The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 through 6.3.2 does not properly verify authorization conditions, which allows remote authentic… | |||
| CVE-2014-6139 | medium | — | 4.0 | 12y ago | The Search REST API in IBM Business Process Manager 8.0.1.3, 8.5.0.1, and 8.5.5.0 allows remote authenticated users to bypass intended access restrictions and perform task-instance and process-instan… | |||
| CVE-2014-9354 | medium | — | 4.0 | 12y ago | NetApp OnCommand Balance before 4.2P3 allows local users to obtain sensitive information via unspecified vectors related to cleartext storage. | |||
| CVE-2014-9049 | medium | — | 4.0 | 12y ago | The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote authenticated users to obtain all valid session IDs via an unspecified API method. | |||
| CVE-2014-9623 | medium | — | 4.0 | 12y ago | OpenStack Glance Bypass the storage quota and Denial of service | |||
| CVE-2014-6597 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52, 8.53, and 8.54 allows remote authenticated users to affect integrity via vectors relat… | |||
| CVE-2014-6584 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) component in Oracle Sun Systems Products Suite ILOM before 3.2.4 allows remote authenticated users to affect confidentiality via … | |||
| CVE-2014-6579 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect confidentiality via unknown vector… | |||
| CVE-2014-6566 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 allows remote authenticated users to affect integrity via unknown vectors related to Po… | |||
| CVE-2014-6528 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the Siebel Core - System Management component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related… | |||
| CVE-2014-6514 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the PL/SQL component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vectors. | |||
| CVE-2014-8153 | medium | — | 4.0 | 12y ago | The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service (blocked router update processing) by creating eight … | |||
| CVE-2014-6212 | medium | — | 4.0 | 12y ago | The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.… | |||
| CVE-2014-8032 | medium | — | 4.0 | 12y ago | The OutlookAction LI in Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive encrypted-password information via unspecified vectors, aka Bug IDs CSCuj40453 and CSCuj40449. | |||
| CVE-2014-9577 | medium | — | 4.0 | 12y ago | VDG Security SENSE (formerly DIVA) 2.3.13 sends the user database when a user logs in, which allows remote authenticated users to obtain usernames and password hashes by logging in to TCP port 51410 … | |||
| CVE-2014-8131 | medium | — | 4.0 | 12y ago | The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated us… | |||
| CVE-2014-6186 | medium | — | 4.0 | 12y ago | IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.1 allows remote authenticated users to bypass intended o… | |||
| CVE-2014-6181 | medium | — | 4.0 | 12y ago | IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 does not perform access-control checks for contained objects, which allows remote authenticated users to obtain sensitive inf… | |||
| CVE-2014-6177 | medium | — | 4.0 | 12y ago | IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.3 does not perform access-control checks for depth-0 retrieve operations, which allows remote authenti… | |||
| CVE-2014-6155 | medium | — | 4.0 | 12y ago | Multiple directory traversal vulnerabilities in the ServiceRegistry UI in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 al… | |||
| CVE-2014-5215 | medium | — | 4.0 | 12y ago | NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated administrators to discover service-account passwords via a request to (1) roma/jsp/volsc/monitoring/dev_services.jsp or (2)… | |||
| CVE-2014-5214 | medium | — | 4.0 | 12y ago | nps/servlet/webacc in iManager in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated novlwww users to read arbitrary files via a query pa… | |||
| CVE-2014-8015 | medium | — | 4.0 | 12y ago | The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remote authenticated users to obtain access to an arbitrary sponsor's guest account via a modified HTTP request, aka Bug ID CSCur6440… | |||
| CVE-2014-8896 | medium | — | 4.0 | 12y ago | The Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through … | |||
| CVE-2014-8007 | medium | — | 4.0 | 12y ago | Cisco Prime Infrastructure allows remote authenticated users to read device-discovery passwords by examining the HTML source code of the Quick Discovery options page, aka Bug ID CSCum00019. | |||
| CVE-2014-5213 | medium | — | 4.0 | 12y ago | nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote authenticated users to obtain sensitive information from process memo… | |||
| CVE-2014-9403 | medium | — | 4.0 | 12y ago | The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZNC before 1.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by adding a channel w… | |||
| CVE-2014-9355 | medium | — | 4.0 | 12y ago | Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint. | |||
| CVE-2014-8901 | medium | — | 4.0 | 12y ago | IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted XML q… | |||
| CVE-2014-6089 | medium | — | 4.0 | 12y ago | IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticated users to cause a denial of service (d… | |||
| CVE-2014-6082 | medium | — | 4.0 | 12y ago | IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticated users to cause a denial of service (a… | |||
| CVE-2014-6182 | medium | — | 4.0 | 12y ago | Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to … | |||
| CVE-2014-9247 | medium | — | 4.0 | 12y ago | Zenoss Core through 5 Beta 3 allows remote authenticated users to obtain sensitive (1) user account, (2) e-mail address, and (3) role information by visiting the ZenUsers (aka User Manager) page, aka… | |||
| CVE-2014-6210 | medium | — | 4.0 | 12y ago | IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifyin… | |||
| CVE-2014-6209 | medium | — | 4.0 | 12y ago | IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon c… | |||
| CVE-2014-6138 | medium | — | 4.0 | 12y ago | The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to bypass intended grid-data access restrictions via unspecified vectors. | |||
| CVE-2014-8372 | medium | — | 4.0 | 12y ago | AirWatch by VMware On-Premise 7.3.x before 7.3.3.0 (FP3) allows remote authenticated users to obtain the organizational information and statistics from arbitrary tenants via vectors involving a direc… | |||
| CVE-2014-9278 | medium | — | 4.0 | 12y ago | The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in th… | |||
| CVE-2014-8788 | medium | — | 4.0 | 12y ago | GleamTech FileVista before 6.1 allows remote authenticated users to obtain sensitive information via a crafted path when saving a zip file, which reveals the installation path in an error message. | |||
| CVE-2014-9156 | medium | — | 4.0 | 12y ago | The FileField module 6.x-3.x before 6.x-3.13 for Drupal does not properly check permissions to view files, which allows remote authenticated users with permission to create or edit content to read pr… | |||
| CVE-2014-9155 | medium | — | 4.0 | 12y ago | Directory traversal vulnerability in the Avatar Uploader module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta6 for Drupal allows remote authenticated users to read arbitrary files via a .. (… | |||
| CVE-2014-9154 | medium | — | 4.0 | 12y ago | The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or (2) modified nodes or (3) their fields, which allows remote authenticated users to obtain node titl… | |||
| CVE-2014-8961 | medium | — | 4.0 | 12y ago | Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obt… | |||
| CVE-2014-6610 | medium | — | 4.0 | 12y ago | Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a deni… | |||
| CVE-2014-6609 | medium | — | 4.0 | 12y ago | The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an eve… | |||
| CVE-2014-8988 | medium | — | 4.0 | 12y ago | MantisBT before 1.2.18 allows remote authenticated users to bypass the $g_download_attachments_threshold and $g_view_attachments_threshold restrictions and read attachments for private projects by le… | |||
| CVE-2014-7821 | medium | — | 4.0 | 12y ago | OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration. | |||
| CVE-2014-7846 | medium | — | 4.0 | 12y ago | Moodle does not consider the moodle/tag:edit capability before adding a tag | |||
| CVE-2014-7834 | medium | — | 4.0 | 12y ago | Moodle does not verify group permissions | |||
| CVE-2014-7833 | medium | — | 4.0 | 12y ago | Moodle allows attackers to obtain sensitive information | |||
| CVE-2014-7832 | medium | — | 4.0 | 12y ago | Moodle allows attackers to bypass the mod/lti:view capability requirement | |||
| CVE-2014-7831 | medium | — | 4.0 | 12y ago | Moodle exposes hidden grades to students | |||
| CVE-2014-6183 | medium | — | 4.0 | 12y ago | IBM Security Network Protection 5.1 before 5.1.0.0 FP13, 5.1.1 before 5.1.1.0 FP8, 5.1.2 before 5.1.2.0 FP9, 5.1.2.1 before FP5, 5.2 before 5.2.0.0 FP5, and 5.3 before 5.3.0.0 FP1 on XGS devices allo… | |||
| CVE-2014-4807 | medium | — | 4.0 | 12y ago | Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 9.3.0 before FP8 allows remote authenticated users to cause a denial of service (CPU consumption) via a '\0' character. | |||
| CVE-2014-7195 | medium | — | 4.0 | 12y ago | Spotfire Web Player Engine in TIBCO Spotfire Web Player 6.0.x before 6.0.2 and 6.5.x before 6.5.2, Spotfire Deployment Kit 6.0.x before 6.0.2 and 6.5.x before 6.5.2, and Silver Fabric Enabler for Spo… | |||
| CVE-2014-9026 | medium | — | 4.0 | 12y ago | The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the "view own orders" permission to obtai… | |||
| CVE-2014-8735 | medium | — | 4.0 | 12y ago | The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before 7.x-2.2216 for Drupal logs usernames and passwords, which allows remote authenticated users with the "administer bad behavior" per… |