CVEs from 2014
Total
7,882
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
2.1%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-9674 | high | — | 7.5 | 12y ago | The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a de… | |||
| CVE-2014-9668 | high | — | 7.5 | 12y ago | The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of se… | |||
| CVE-2014-9665 | high | — | 7.5 | 12y ago | The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service (integer over… | |||
| CVE-2014-9663 | high | — | 7.5 | 12y ago | The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a … | |||
| CVE-2014-9662 | high | — | 7.5 | 12y ago | cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or poss… | |||
| CVE-2014-9661 | high | — | 7.5 | 12y ago | type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) o… | |||
| CVE-2014-9660 | high | — | 7.5 | 12y ago | The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer der… | |||
| CVE-2014-9659 | high | — | 7.5 | 12y ago | cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code… | |||
| CVE-2014-9658 | high | — | 7.5 | 12y ago | The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or… | |||
| CVE-2014-9657 | high | — | 7.5 | 12y ago | The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read)… | |||
| CVE-2014-9656 | high | — | 7.5 | 12y ago | The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-b… | |||
| CVE-2014-7864 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in the FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine OpManager 8 through 11.5 build 11400 and IT360 10.5 and earlier allow remote attacke… | |||
| CVE-2014-9633 | high | — | 7.5 | 12y ago | The bdisk.sys driver in COMODO Backup before 4.4.1.23 allows remote attackers to gain privileges via a crafted device handle, which triggers a NULL pointer dereference. | |||
| CVE-2014-9328 | high | — | 7.5 | 12y ago | ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition." | |||
| CVE-2014-9200 | high | — | 7.5 | 12y ago | Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANope… | |||
| CVE-2014-8829 | high | — | 7.5 | 12y ago | SceneKit in Apple OS X before 10.10.2 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app. | |||
| CVE-2014-8828 | high | — | 7.5 | 12y ago | Sandbox in Apple OS X before 10.10 allows attackers to write to the sandbox-profile cache via a sandboxed app that includes a com.apple.sandbox segment in a path. | |||
| CVE-2014-4493 | high | — | 7.5 | 12y ago | The app-installation functionality in MobileInstallation in Apple iOS before 8.1.3 allows attackers to obtain control of the local app container by leveraging access to an enterprise distribution cer… | |||
| CVE-2014-4492 | high | — | 7.5 | 12y ago | libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary… | |||
| CVE-2014-4485 | high | — | 7.5 | 12y ago | Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of … | |||
| CVE-2014-4484 | high | — | 7.5 | 12y ago | FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and applic… | |||
| CVE-2014-8154 | high | — | 7.5 | 12y ago | The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash… | |||
| CVE-2014-9572 | high | — | 7.5 | 12y ago | MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 does not properly restrict access to /*/install.php, which allows remote attackers to obtain database credentials via the install parameter with t… | |||
| CVE-2014-7942 | high | — | 7.5 | 12y ago | The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified … | |||
| CVE-2014-7940 | high | — | 7.5 | 12y ago | The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for… | |||
| CVE-2014-7938 | high | — | 7.5 | 12y ago | The Fonts implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | |||
| CVE-2014-7937 | high | — | 7.5 | 12y ago | Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or poss… | |||
| CVE-2014-7935 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in browser/speech/tts_message_filter.cc in the Speech implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly… | |||
| CVE-2014-7934 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other … | |||
| CVE-2014-7933 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the matroska_read_seek function in libavformat/matroskadec.c in FFmpeg before 2.5.1, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a d… | |||
| CVE-2014-7932 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the Element::detach function in core/dom/Element.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause… | |||
| CVE-2014-7931 | high | — | 7.5 | 12y ago | factory.cc in Google V8, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted J… | |||
| CVE-2014-7930 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in core/events/TreeScopeEventContext.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of se… | |||
| CVE-2014-7929 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the HTMLScriptElement::didMoveToNewDocument function in core/html/HTMLScriptElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.9… | |||
| CVE-2014-7928 | high | — | 7.5 | 12y ago | hydrogen.cc in Google V8, as used Google Chrome before 40.0.2214.91, does not properly handle arrays with holes, which allows remote attackers to cause a denial of service (memory corruption) or poss… | |||
| CVE-2014-7927 | high | — | 7.5 | 12y ago | The SimplifiedLowering::DoLoadBuffer function in compiler/simplified-lowering.cc in Google V8, as used in Google Chrome before 40.0.2214.91, does not properly choose an integer data type, which allow… | |||
| CVE-2014-7926 | high | — | 7.5 | 12y ago | The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of… | |||
| CVE-2014-7925 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the WebAudio implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified o… | |||
| CVE-2014-7923 | high | — | 7.5 | 12y ago | The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of… | |||
| CVE-2014-6565 | high | — | 7.5 | 12y ago | Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1.5 allows remote attackers to affect confidentiality, integrity, and availability via vector… | |||
| CVE-2014-8386 | high | — | 7.5 | 12y ago | Multiple stack-based buffer overflows in Advantech AdamView 4.3 and earlier allow remote attackers to execute arbitrary code via a crafted (1) display properties or (2) conditional bitmap parameter i… | |||
| CVE-2014-9604 | high | — | 7.5 | 12y ago | libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly h… | |||
| CVE-2014-9603 | high | — | 7.5 | 12y ago | The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before 2.5.2 does not validate the relationship between a certain length value and the frame width, which allows remote attackers to cause a… | |||
| CVE-2014-9602 | high | — | 7.5 | 12y ago | libavcodec/xface.h in FFmpeg before 2.5.2 establishes certain digits and words array dimensions that do not satisfy a required mathematical relationship, which allows remote attackers to cause a deni… | |||
| CVE-2014-9471 | high | — | 7.5 | 12y ago | The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=… | |||
| CVE-2014-9560 | high | — | 7.5 | 12y ago | SQL injection vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to execute arbitrary SQL commands via the post parameter. | |||
| CVE-2014-9308 | medium | — | 7.5 | 12y ago | Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart (aka WordPress Shopping Cart) plugin before 3.0.9 allows remote authenticated users to … | |||
| CVE-2014-8641 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via… | |||
| CVE-2014-8635 | high | — | 7.5 | 12y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and applicat… | |||
| CVE-2014-8634 | high | — | 7.5 | 12y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to c… | |||
| CVE-2014-10038 | high | — | 7.5 | 12y ago | SQL injection vulnerability in agenda/indexdate.php in DomPHP 0.83 and earlier allows remote attackers to execute arbitrary SQL commands via the ids parameter. | |||
| CVE-2014-10037 | high | — | 7.5 | 12y ago | Directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impact via a .. (dot dot) in the url parameter to photoalbum/index.php. | |||
| CVE-2014-10031 | high | — | 7.5 | 12y ago | Buffer overflow in the IMAPd service in Qualcomm Eudora WorldMail 9.0.333.0 allows remote attackers to execute arbitrary code via a long string in a UID command. | |||
| CVE-2014-100035 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the ticket grid in the admin interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-100031 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in Ganesha Digital Library (GDL) 4.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) download.php or (2) main.php. | |||
| CVE-2014-100022 | high | — | 7.5 | 12y ago | SQL injection vulnerability in question.php in the mTouch Quiz before 3.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the quiz parameter to wp-admin/edit.php. | |||
| CVE-2014-100020 | high | — | 7.5 | 12y ago | SQL injection vulnerability in ChangeEmail.php in iTechClassifieds 3.03.057 allows remote attackers to execute arbitrary SQL commands via the PreviewNum parameter. NOTE: the CatID parameter is alrea… | |||
| CVE-2014-100019 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the LTree converter in Pomm before 1.1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-100014 | high | — | 7.5 | 12y ago | Multiple stack-based buffer overflows in pdmwService.exe in SolidWorks Workgroup PDM 2014 SP2 allow remote attackers to execute arbitrary code via a long string in a (1) 2001, (2) 2002, or (3) 2003 o… | |||
| CVE-2014-100012 | high | — | 7.5 | 12y ago | SQL injection vulnerability in /app in Sendy 1.1.8.4 allows remote attackers to execute arbitrary SQL commands via the i parameter. | |||
| CVE-2014-100011 | high | — | 7.5 | 12y ago | SQL injection vulnerability in /send-to in Sendy 1.1.9.1 allows remote attackers to execute arbitrary SQL commands via the c parameter. | |||
| CVE-2014-10029 | high | — | 7.5 | 12y ago | SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to execute arbitrary SQL commands via the req_new_email parameter. | |||
| CVE-2014-10024 | high | — | 7.5 | 12y ago | Multiple integer signedness errors in DirectShowDemuxFilter, as used in Divx Web Player, Divx Player, and other Divx plugins, allow remote attackers to execute arbitrary code via a (1) negative or (2… | |||
| CVE-2014-10023 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in TopicsViewer 3.0 Beta 1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) edit_block.php, (2) edit_cat.php, (3) edit_note.… | |||
| CVE-2014-10020 | high | — | 7.5 | 12y ago | SQL injection vulnerability in login.php in Simple e-document 1.31 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||
| CVE-2014-10017 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) changeSort or (2) switch parameter in… | |||
| CVE-2014-10015 | high | — | 7.5 | 12y ago | SQL injection vulnerability in load-calendar.php in PHPJabbers Event Booking Calendar 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||
| CVE-2014-10013 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the keywordphrase parameter in a dosearch ac… | |||
| CVE-2014-10011 | high | — | 7.5 | 12y ago | Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX Control (UltraCamX.ocx) for the TRENDnet SecurView camera TV-IP422WN allows remote attackers to execute arbitrary code via a long st… | |||
| CVE-2014-10004 | high | — | 7.5 | 12y ago | SQL injection vulnerability in admin/data_files/move.php in Maian Uploader 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2014-100003 | high | — | 7.5 | 12y ago | SQL injection vulnerability in includes/ym-download_functions.include.php in the Code Futures YourMembers plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ym_dow… | |||
| CVE-2014-2839 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the GD Star Rating plugin 19.22 for WordPress allows remote administrators to execute arbitrary SQL commands via the s parameter in the gd-star-rating-stats page to wp-… | |||
| CVE-2014-9473 | high | — | 7.5 | 12y ago | Unrestricted file upload vulnerability in lib_nonajax.php in the CformsII plugin 14.7 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executabl… | |||
| CVE-2014-9528 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the actionIndex function in protected/modules_core/notification/controllers/ListController.php in HumHub 0.10.0-rc.1 and earlier allows remote authenticated users to ex… | |||
| CVE-2014-7209 | high | — | 7.5 | 12y ago | run-mailcap in the Debian mime-support package before 3.52-1+deb7u1 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename. | |||
| CVE-2014-9521 | high | — | 7.5 | 12y ago | Unrestricted file upload vulnerability in uploadScript.php in InfiniteWP Admin Panel before 2.4.4, when the allWPFiles query parameter is set, allows remote attackers to execute arbitrary code by upl… | |||
| CVE-2014-9520 | high | — | 7.5 | 12y ago | SQL injection vulnerability in execute.php in InfiniteWP Admin Panel before 2.4.4 allows remote attackers to execute arbitrary SQL commands via the historyID parameter. | |||
| CVE-2014-9519 | high | — | 7.5 | 12y ago | SQL injection vulnerability in login.php in InfiniteWP Admin Panel before 2.4.3 allows remote attackers to execute arbitrary SQL commands via the email parameter. | |||
| CVE-2014-9389 | high | — | 7.5 | 12y ago | Directory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attackers to read or write to arbitrary files via unspecified vectors. | |||
| CVE-2014-8084 | high | — | 7.5 | 12y ago | Directory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the aja… | |||
| CVE-2014-8083 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote attackers to execute arbitrary SQL commands via the alert parameter in a search alert subscription… | |||
| CVE-2014-9509 | high | — | 7.5 | 12y ago | Typo3 Vulnerable to Cache Poisoning | |||
| CVE-2014-9277 | high | — | 7.5 | 12y ago | The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injecti… | |||
| CVE-2014-9464 | high | — | 7.5 | 12y ago | SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, rel… | |||
| CVE-2014-9427 | high | — | 7.5 | 12y ago | sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length d… | |||
| CVE-2014-9455 | high | — | 7.5 | 12y ago | SQL injection vulnerability in showads.php in CTS Projects & Software ClassAd 3.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||
| CVE-2014-9451 | high | — | 7.5 | 12y ago | Multiple stack-based buffer overflows in the DIVA web service API (/webservice) in VDG Security SENSE (formerly DIVA) 2.3.13 allow remote attackers to execute arbitrary code via the (1) user or (2) p… | |||
| CVE-2014-9450 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.8 allow remote attackers to execute arbitrary SQL commands v… | |||
| CVE-2014-9448 | high | — | 7.5 | 12y ago | Buffer overflow in Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long string in a WAX file. | |||
| CVE-2014-9445 | high | — | 7.5 | 12y ago | SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remote attackers to execute arbitrary SQL commands via the create parameter to index.php. NOTE: this c… | |||
| CVE-2014-9440 | high | — | 7.5 | 12y ago | SQL injection vulnerability in browse.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||
| CVE-2014-8145 | high | — | 7.5 | 12y ago | Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock fu… | |||
| CVE-2014-9254 | high | — | 7.5 | 12y ago | bb_func_unsub.php in MiniBB 3.1 before 20141127 uses an incorrect regular expression, which allows remote attackers to conduct SQl injection attacks via the code parameter in an unsubscribe action to… | |||
| CVE-2014-9425 | high | — | 7.5 | 12y ago | Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of… | |||
| CVE-2014-9424 | high | — | 7.5 | 12y ago | Double free vulnerability in the ssl_parse_clienthello_use_srtp_ext function in d1_srtp.c in LibreSSL before 2.1.2 allows remote attackers to cause a denial of service or possibly have unspecified ot… | |||
| CVE-2014-6228 | high | — | 7.5 | 12y ago | Integer overflow in the string_chunk_split function in hphp/runtime/base/zend-string.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 allows remote attackers to cause a denial of service (a… | |||
| CVE-2014-2208 | high | — | 7.5 | 12y ago | CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbit… | |||
| CVE-2014-8514 | high | — | 7.5 | 12y ago | Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability t… | |||
| CVE-2014-8513 | high | — | 7.5 | 12y ago | Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability t… | |||
| CVE-2014-8512 | high | — | 7.5 | 12y ago | Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability tha… |