CVEs from 2014
Total
7,865
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-4510 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in job.cc in apt-cacher-ng 0.7.26 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2014-1224 | medium | — | 4.3 | 12y ago | Incomplete blacklist vulnerability in the user registration feature in rexx Recruitment R6.1 and R7 without "fixes from 2014-01-15" allows remote attackers to conduct cross-site scripting (XSS) attac… | |||
| CVE-2014-6054 | medium | — | 4.3 | 12y ago | The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) v… | |||
| CVE-2014-2644 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||
| CVE-2014-2645 | medium | — | 4.3 | 12y ago | HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to conduct clickjacking attacks via unknown vectors. | |||
| CVE-2014-7277 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to inject arbitrary web script or HT… | |||
| CVE-2014-6297 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-6296 | medium | — | 4.3 | 12y ago | WEC Map (wec_map) extension for TYPO3 allows Cross-site Scripting | |||
| CVE-2014-6294 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the External links click statistics (outstats) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via uns… | |||
| CVE-2014-6291 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Alphabetic Sitemap (alpha_sitemap) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified… | |||
| CVE-2014-6079 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Local Management Interface in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Acc… | |||
| CVE-2014-7157 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Exinda WAN Optimization Suite 7.0.0 (2160) allows remote attackers to inject arbitrary web script or HTML via the tabsel parameter to admin/launch. | |||
| CVE-2014-3097 | medium | — | 4.3 | 12y ago | Open redirect vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0-TIV-TFIM-IF0015, 6.2.1 before 6.2.1-TIV-TFIM-IF0007, and 6.2.2 before 6.2.2-TIV-TFIM-IF0011 allows remot… | |||
| CVE-2014-2642 | medium | — | 4.3 | 12y ago | HP System Management Homepage (SMH) before 7.4 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||
| CVE-2014-2640 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-6618 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Your Online Shop allows remote attackers to inject arbitrary web script or HTML via the products_id parameter. | |||
| CVE-2014-4727 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the DHCP clients page in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to inject arbi… | |||
| CVE-2014-7199 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.19, 1.22.x before 1.22.11, and 1.23.x before 1.23.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG … | |||
| CVE-2014-5444 | medium | — | 4.3 | 12y ago | Geary before 0.6.3 does not present the user with a warning when a TLS certificate error is detected, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted cer… | |||
| CVE-2014-0170 | medium | — | 4.3 | 12y ago | Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XM… | |||
| CVE-2014-3824 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r6, 7.4 before 7.4r13, and 7.1 before 7.1r20 al… | |||
| CVE-2014-3823 | medium | — | 4.3 | 12y ago | The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via unspe… | |||
| CVE-2014-3820 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 befo… | |||
| CVE-2014-7152 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Easy MailChimp Forms plugin 3.0 through 5.0.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the update_options actio… | |||
| CVE-2014-6445 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in includes/toAdmin.php in Contact Form 7 Integrations plugin 1.0 through 1.3.10 for WordPress allow remote attackers to inject arbitrary web scrip… | |||
| CVE-2014-4958 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Telerik UI for ASP.NET AJAX RadEditor control 2014.1.403.35, 2009.3.1208.20, and other versions allows remote attackers to inject arbitrary web script or H… | |||
| CVE-2014-5315 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Help page in Adobe Acrobat 9.5.2 and earlier and ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspec… | |||
| CVE-2014-3595 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web s… | |||
| CVE-2014-5322 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 13 and Pro Advanced before 13 allows remote attackers to inject arbitrary web script or HTML via u… | |||
| CVE-2014-5316 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Dotclear before 2.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted page. | |||
| CVE-2014-3367 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the vCloud Director component in Cisco Nexus 1000V InterCloud for VMware allows remote attackers to inject arbitrary web script or HTML via an unspecified … | |||
| CVE-2014-5317 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in php365.com 365 Links 3.11 and earlier, 365 Links2 3.11 and earlier, 365 Links+ 2.10 and earlier, and 365 Links2+ 2.10 and earlier allows remote attackers t… | |||
| CVE-2014-4826 | medium | — | 4.3 | 12y ago | IBM Security QRadar SIEM 7.2 before 7.2.3 Patch 1 does not properly handle SSH connections, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. | |||
| CVE-2014-4820 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM Integration Bus Manufacturing Pack 1.x before 1.0.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-4423 | medium | — | 4.3 | 12y ago | The Accounts subsystem in Apple iOS before 8 allows attackers to bypass a sandbox protection mechanism and obtain an active iCloud account's Apple ID and metadata via a crafted application. | |||
| CVE-2014-4409 | medium | — | 4.3 | 12y ago | WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had been stored during nor… | |||
| CVE-2014-4383 | medium | — | 4.3 | 12y ago | The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header. | |||
| CVE-2014-4353 | medium | — | 4.3 | 12y ago | Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent (1) iMessage or (2) MMS. | |||
| CVE-2014-5235 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML v… | |||
| CVE-2014-5234 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML vi… | |||
| CVE-2014-0562 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on OS X allows remote attackers to inject arbitrary web script or HTML via unspecified… | |||
| CVE-2014-6392 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Facebook app 14.0 and the Facebook Messenger app 10.0 for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted filename ext… | |||
| CVE-2014-5259 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in cattranslate.php in the CatTranslate JQuery plugin in BlackCat CMS 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the… | |||
| CVE-2014-4735 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in MyWebSQL 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the table parameter to index.php. | |||
| CVE-2014-5391 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote attackers to inject arbitrary web scri… | |||
| CVE-2014-5129 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Avolve Software ProjectDox 8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-6240 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Google Sitemap (weeaar_googlesitemap) extension 0.4.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecif… | |||
| CVE-2014-6238 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Akronymmanager (aka SB Folderdownload) extension 0.5.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspeci… | |||
| CVE-2014-6234 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Open Graph protocol (jh_opengraphprotocol) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecif… | |||
| CVE-2014-4784 | medium | — | 4.3 | 12y ago | IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not properly restrict use of FRAME elements, which allows remo… | |||
| CVE-2014-3343 | medium | — | 4.3 | 12y ago | Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (DHCPv6 daemon crash) via a malformed DHCPv6 packet, aka Bug ID CSCuo59052. | |||
| CVE-2014-4070 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Lync XSS Inf… | |||
| CVE-2014-5369 | medium | — | 4.3 | 12y ago | Enigmail 1.7.x before 1.7.2 sends emails in plaintext when encryption is enabled and only BCC recipients are specified, which allows remote attackers to obtain sensitive information by sniffing the n… | |||
| CVE-2014-0153 | medium | — | 4.3 | 12y ago | The REST API in oVirt 3.4.0 and earlier stores session IDs in HTML5 local storage, which allows remote attackers to obtain sensitive information via a crafted web page. | |||
| CVE-2014-2379 | medium | — | 4.3 | 12y ago | Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not use encryption, which allows remote attackers to interfere with traffic control by replaying transm… | |||
| CVE-2014-3574 | medium | — | 4.3 | 12y ago | Improper Input Validation in Apache POI | |||
| CVE-2014-3529 | medium | — | 4.3 | 12y ago | Improper Restriction of XML External Entity Reference in Apache POI | |||
| CVE-2014-1566 | medium | — | 4.3 | 12y ago | Mozilla Firefox before 31.1 on Android does not properly restrict copying of local files onto the SD card during processing of file: URLs, which allows attackers to obtain sensitive information from … | |||
| CVE-2014-5136 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Innovative Interfaces Sierra Library Services Platform 1.2_3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||
| CVE-2014-5452 | medium | — | 4.3 | 12y ago | CDA.xsl in HL7 C-CDA 1.1 and earlier does not anticipate the possibility of invalid C-CDA documents with crafted XML attributes, which allows remote attackers to conduct XSS attacks via a document co… | |||
| CVE-2014-5076 | medium | — | 4.3 | 12y ago | The La Banque Postale application before 3.2.6 for Android does not prevent the launching of an activity by a component of another application, which allows attackers to obtain sensitive cached banki… | |||
| CVE-2014-3862 | medium | — | 4.3 | 12y ago | CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in i… | |||
| CVE-2014-3861 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted reference element within a nonXMLBody ele… | |||
| CVE-2014-3601 | medium | — | 4.3 | 12y ago | The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) … | |||
| CVE-2014-3352 | medium | — | 4.3 | 12y ago | Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3_SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obt… | |||
| CVE-2014-5147 | medium | — | 4.3 | 12y ago | Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not properly handle traps from the guest domain that use a different address width, which allows local guest users to cause a denial of … | |||
| CVE-2014-4930 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in event/index2.do in ManageEngine EventLog Analyzer before 9.0 build 9002 allow remote attackers to inject arbitrary web script or HTML via the (1… | |||
| CVE-2014-3344 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 allow remote attack… | |||
| CVE-2014-3575 | medium | — | 4.3 | 12y ago | The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects. | |||
| CVE-2014-5336 | medium | — | 4.3 | 12y ago | Monkey HTTP Server before 1.5.3, when the File Descriptor Table (FDT) is enabled and custom error messages are set, allows remote attackers to cause a denial of service (file descriptor consumption) … | |||
| CVE-2014-3587 | medium | — | 4.3 | 12y ago | Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause… | |||
| CVE-2014-5243 | medium | — | 4.3 | 12y ago | MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attacke… | |||
| CVE-2014-5242 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in mediawiki.page.image.pagination.js in MediaWiki 1.22.x before 1.22.9 and 1.23.x before 1.23.2 allows remote attackers to inject arbitrary web script or HTM… | |||
| CVE-2014-5121 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||
| CVE-2014-0232 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to… | |||
| CVE-2014-3022 | medium | — | 4.3 | 12y ago | IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted URL that triggers an… | |||
| CVE-2014-0965 | medium | — | 4.3 | 12y ago | IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted SOAP response. | |||
| CVE-2014-5441 | medium | — | 4.3 | 12y ago | Fat Free CRM subject to Cross-site Scripting | |||
| CVE-2014-5382 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Schrack Technik microControl with firmware 1.7.0 (937) allow remote attackers to inject arbitrary web script or HTML via th… | |||
| CVE-2014-4749 | medium | — | 4.3 | 12y ago | IBM PowerVC 1.2.0 before FixPack3 does not properly use the known_hosts file, which allows man-in-the-middle attackers to spoof SSH servers via an arbitrary server key. | |||
| CVE-2014-3331 | medium | — | 4.3 | 12y ago | The Session Manager component in Packet Data Network Gateway (aka PGW) in Cisco ASR 5000 Series Software 11.0, 12.0, 12.1, 12.2, 14.0, 15.0, 16.x through 16.1.2, and 17.0 allows remote attackers to c… | |||
| CVE-2014-2511 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) starta… | |||
| CVE-2014-5348 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in apps/zxtm/locallog.cgi in Riverbed Stingray (aka SteelApp) Traffic Manager Virtual Appliance 9.6 patchlevel 9620140312 allows remote attackers to inject ar… | |||
| CVE-2014-5344 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Mobiloud (mobiloud-mobile-app-plugin) plugin before 2.3.8 for WordPress allow remote attackers to inject arbitrary web script or HTML via un… | |||
| CVE-2014-5343 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Feng Office allows remote attackers to inject arbitrary web script or HTML via a client Name field. | |||
| CVE-2014-5333 | medium | — | 4.3 | 12y ago | Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android,… | |||
| CVE-2014-3905 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in tenfourzero Shutter 0.1.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-3900 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in admin/picture_modify.php in the photo-edit subsystem in Piwigo 2.6.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the ass… | |||
| CVE-2014-0852 | medium | — | 4.3 | 12y ago | IBM WebSphere DataPower SOA appliances through 4.0.2.15, 5.x through 5.0.0.17, 6.0.0.x through 6.0.0.9, and 6.0.1.x through 6.0.1.5 make it easier for remote attackers to obtain a PreMasterSecret val… | |||
| CVE-2014-5248 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in MyBB before 1.6.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to video MyCode. | |||
| CVE-2014-1546 | medium | — | 4.3 | 12y ago | The response function in the JSONP endpoint in WebService/Server/JSONRPC.pm in jsonrpc.cgi in Bugzilla 3.x and 4.x before 4.0.14, 4.1.x and 4.2.x before 4.2.10, 4.3.x and 4.4.x before 4.4.5, and 4.5.… | |||
| CVE-2014-3898 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Fujitsu ServerView Operations Manager 5.00.09 through 6.30.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-1980 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in include/functions_metadata.inc.php in Piwigo before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the Make field in IPTC Exif me… | |||
| CVE-2014-5139 | medium | — | 4.3 | 12y ago | The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a Se… | |||
| CVE-2014-3511 | medium | — | 4.3 | 12y ago | The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in comm… | |||
| CVE-2014-3510 | medium | — | 4.3 | 12y ago | The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL poi… | |||
| CVE-2014-3508 | medium | — | 4.3 | 12y ago | The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' … | |||
| CVE-2014-3166 | medium | — | 4.3 | 12y ago | The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, and Linux, and before 36.0.1985.135 on Android, does not correctly consider the properties of SPDY … | |||
| CVE-2014-4062 | medium | — | 4.3 | 12y ago | Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, and 3.5.1 does not properly implement the ASLR protection mechanism, which allows remote attackers to obtain sensitive address information via… | |||
| CVE-2014-1820 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Master Data Services (MDS) in Microsoft SQL Server 2012 SP1 and 2014 on 64-bit platforms allows remote attackers to inject arbitrary web script or HTML via… |