CVEs from 2014
Total
7,865
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-4309 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Openfiler 2.99 allow remote attackers to inject arbitrary web script or HTML via the (1) TinkerAjax parameter to uptime.html, or remote authenti… | |||
| CVE-2014-4308 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in NICE Recording eXpress (aka Cybertech eXpress) before 6.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) USRLNM par… | |||
| CVE-2014-4304 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in browse.php in SQL Buddy 1.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the table parameter. | |||
| CVE-2014-4302 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in rating/rating.php in HAM3D Shop Engine allows remote attackers to inject arbitrary web script or HTML via the ID parameter. | |||
| CVE-2014-3877 | medium | — | 4.3 | 12y ago | Incomplete blacklist vulnerability in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allows remote attackers to conduct cross-site scripting (XSS) attacks via the addto parameter to fu… | |||
| CVE-2014-3876 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allow remote attackers to inject arbitrary web script or HTML via the (1) akey par… | |||
| CVE-2014-4189 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attack… | |||
| CVE-2014-4187 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in signup.php in ClipBucket allows remote attackers to inject arbitrary web script or HTML via the Username field. | |||
| CVE-2014-4048 | medium | — | 4.3 | 12y ago | The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service (deadlock) by terminating a subscription request before it is complete, which trigg… | |||
| CVE-2014-4045 | medium | — | 4.3 | 12y ago | The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero, allows remote attackers to cause a denial of service (asser… | |||
| CVE-2014-4165 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in ntop allows remote attackers to inject arbitrary web script or HTML via the title parameter in a list action to plugins/rrdPlugin. | |||
| CVE-2014-4164 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in AlgoSec FireFlow 6.3-b230 allows remote attackers to inject arbitrary web script or HTML via a user signature to SelfService/Prefs.html. | |||
| CVE-2014-3994 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in util/templatetags/djblets_js.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbi… | |||
| CVE-2014-3428 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary web script or HTML via the model parameter to servlet. | |||
| CVE-2014-2002 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in C-BOARD Moyuku 1.01b6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-4161 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||
| CVE-2014-4160 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the testcanvas node in SAP NetWeaver Business Client (NWBC) allow remote attackers to inject arbitrary web script or HTML via the (1) title or (… | |||
| CVE-2014-4037 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor before 2.6.11 and earlier allows remote attackers to inject arbitr… | |||
| CVE-2014-4036 | medium | — | 4.3 | 12y ago | ImpressCMS Cross-site scripting Vulnerability | |||
| CVE-2014-4032 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in apps/app_comment/form_comment.php in Fiyo CMS 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the Nama field. | |||
| CVE-2014-0533 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AI… | |||
| CVE-2014-0532 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AI… | |||
| CVE-2014-0531 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AI… | |||
| CVE-2014-1823 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2010 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containin… | |||
| CVE-2014-1816 | medium | — | 4.3 | 12y ago | Microsoft XML Core Services (aka MSXML) 3.0 and 6.0 does not properly restrict the information transmitted by Internet Explorer during a download action, which allows remote attackers to discover (1)… | |||
| CVE-2014-4017 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Conversion Ninja plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to lp/index.php. | |||
| CVE-2014-3289 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance (ESA) 8.0, Web Security Appliance (WSA) 8.0 (.5 Hot Patch 1) and earlier, and… | |||
| CVE-2014-3036 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in IBM API Management 3.0.0.0, when basic authentication is used for APIs, allows remote attackers to bypass intended restrictions on topology access, and obtain sensitive i… | |||
| CVE-2014-0936 | medium | — | 4.3 | 12y ago | IBM Security AppScan Source 8.0 through 9.0, when the publish-assessment permission is not properly restricted for the configured database server, transmits cleartext assessment data, which allows re… | |||
| CVE-2014-3470 | medium | — | 4.3 | 12y ago | The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers t… | |||
| CVE-2014-0221 | medium | — | 4.3 | 12y ago | The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client… | |||
| CVE-2014-2577 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Transform Content Center in Bottomline Technologies Transform Foundation Server before 4.3.1 Patch 8 and 5.x before 5.2 Patch 7 allow remote… | |||
| CVE-2014-1998 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Nippon Institute of Agroinformatics SOY CMS 1.4.0c and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-3960 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-3948 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the HTML export wizard in the backend module in the powermail extension before 1.6.11 for TYPO3 allows remote attackers to inject arbitrary web script or H… | |||
| CVE-2014-3833 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the (1) Gallery and (2) core components in ownCloud Server before 5.016 and 6.0.x before 6.0.3 allow remote attackers to inject arbitrary web sc… | |||
| CVE-2014-3832 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Documents component in ownCloud Server 6.0.x before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possi… | |||
| CVE-2014-3786 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the contact module (admin/modules/contact.php) in Pixie CMS 1.04 allow remote attackers to inject arbitrary web script or HTML via the (1) uemai… | |||
| CVE-2014-2502 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in rsa_fso.swf in EMC RSA Adaptive Authentication (Hosted) 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-3959 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM, and Link Controller 11.2.1 through 11.5.1, AAM 11.4.0 through 11.5.1… | |||
| CVE-2014-2939 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Alfresco Enterprise before 4.1.6.13 allow remote attackers to inject arbitrary web script or HTML via (1) an XHTML document, (2) a <% tag, or (3… | |||
| CVE-2014-0042 | medium | — | 4.3 | 12y ago | OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded pa… | |||
| CVE-2014-0041 | medium | — | 4.3 | 12y ago | OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain Yum repositories, which disables SSL protection and allows m… | |||
| CVE-2014-0040 | medium | — | 4.3 | 12y ago | OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, uses an HTTP connection to download (1) packages and (2) signing keys from Yum repositories, whi… | |||
| CVE-2014-0119 | medium | — | 4.3 | 12y ago | Missing XML Validation in Apache Tomcat | |||
| CVE-2014-0099 | medium | — | 4.3 | 12y ago | Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat | |||
| CVE-2014-0096 | medium | — | 4.3 | 12y ago | Improper Input Validation in Apache Tomcat | |||
| CVE-2014-2342 | medium | — | 4.3 | 12y ago | Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote attackers to cause a denial of service (excessive data processing) via a crafted DNP3 packet. | |||
| CVE-2014-3010 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.2, 6.3 before 6.3.0.6, 7.0 before 7.0.0.6, 7.5 before 7.5.0.5, and 8.0 before 8.0.0.3 … | |||
| CVE-2014-3924 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows. | |||
| CVE-2014-3923 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the logoLink … | |||
| CVE-2014-3922 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8.5.1.1516 allows remote authenticated users to inject arbitrary web script or HTML via the addW… | |||
| CVE-2014-3921 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in popup.php in the Simple Popup Images plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the z parameter. | |||
| CVE-2014-0246 | medium | — | 4.3 | 12y ago | SOSreport stores the md5 hash of the GRUB bootloader password in an archive, which allows local users to obtain sensitive information by reading the archive. | |||
| CVE-2014-3870 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the bib2html plugin 0.9.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the styleShortName parameter in an adminStyleAdd… | |||
| CVE-2014-0218 | medium | — | 4.3 | 12y ago | Moodle cross-site scripting (XSS) vulnerability | |||
| CVE-2014-0217 | medium | — | 4.3 | 12y ago | Moodle does not check for the moodle/course:viewhiddencourses capability | |||
| CVE-2014-0893 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in customreport.jsp in IBM Maximo Asset Management 7.5.x before 7.5.0.5 IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allo… | |||
| CVE-2014-0906 | medium | — | 4.3 | 12y ago | The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not check whether a session cookie is current, which allows remote attackers to conduct user-search actions by leve… | |||
| CVE-2014-3274 | medium | — | 4.3 | 12y ago | Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory inf… | |||
| CVE-2014-3266 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, ak… | |||
| CVE-2014-0639 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.4 SP1 P3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-2947 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Login.aspx in Bizagi BPM Suite before 10.3 allows remote attackers to inject arbitrary web script or HTML via the txtUsername parameter. | |||
| CVE-2014-3846 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Flying Cart allows remote attackers to inject arbitrary web script or HTML via the p parameter to index.php. | |||
| CVE-2014-3841 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Contact Bank plugin before 2.0.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Label field, related to form lay… | |||
| CVE-2014-0956 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in googlemap.jsp in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows … | |||
| CVE-2014-0955 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0 before 8.0.0.1 CF12, when Social Rendering in Connections integration is enabled, allows remote authenticated users to inject arbi… | |||
| CVE-2014-0952 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in boot_config.jsp in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF28, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allow… | |||
| CVE-2014-0951 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in FilterForm.jsp in IBM WebSphere Portal 7.0 before 7.0.0.2 CF28 and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML v… | |||
| CVE-2014-3808 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive before 6.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) role parameter to roles.lsp, (2) name para… | |||
| CVE-2014-3807 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive 6.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) blog, (2) bloggeruser, or (3) bloggerpasswd param… | |||
| CVE-2014-3803 | medium | — | 4.3 | 12y ago | The SpeechInput feature in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to enable microphone access and obtain speech-recognition text without indication via an INPUT… | |||
| CVE-2014-1747 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the DocumentLoader::maybeCreateArchive function in core/loader/DocumentLoader.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote at… | |||
| CVE-2014-1855 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel before 3.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) capcheck parameter to directories.php or (2) ke… | |||
| CVE-2014-3265 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Auto Update Server (AUS) web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an … | |||
| CVE-2014-2195 | medium | — | 4.3 | 12y ago | Cisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA) devices, when Active Directory is enabled, does not properly handle group names, which allows remote at… | |||
| CVE-2014-2193 | medium | — | 4.3 | 12y ago | Cisco Unified Web and E-Mail Interaction Manager places session identifiers in GET requests, which allows remote attackers to inject conversation text by obtaining a valid identifier, aka Bug ID CSCu… | |||
| CVE-2014-2192 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bu… | |||
| CVE-2014-3735 | medium | — | 4.3 | 12y ago | ir41_32.ax 4.51.16.3 for Intel Indeo Video 4.5 allows remote attackers to cause a denial of service (crash) via a crafted .avi file. | |||
| CVE-2014-3730 | medium | — | 4.3 | 12y ago | The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to condu… | |||
| CVE-2014-3452 | medium | — | 4.3 | 12y ago | Filters\LAV\avfilter-lav-4.dll in K-lite Codec 10.4.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .jpg file. | |||
| CVE-2014-3761 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in D-Link DAP 1150 with firmware 1.2.94 allows remote attackers to inject arbitrary web script or HTML via the res_buf parameter to index.cgi in the Control/U… | |||
| CVE-2014-3758 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the BibTex Publications (si_bibtex) extension 0.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via vectors related to the imp… | |||
| CVE-2014-3262 | medium | — | 4.3 | 12y ago | The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.3(3)S and earlier and IOS XE does not properly validate parameters in ITR control messages, which allows remote attackers to c… | |||
| CVE-2014-0917 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0… | |||
| CVE-2014-1808 | medium | — | 4.3 | 12y ago | Microsoft Office 2013 Gold, SP1, RT, and RT SP1 allows remote attackers to obtain sensitive token information via a web site that sends a crafted response during opening of an Office document, aka "T… | |||
| CVE-2014-1754 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 Gold and SP1, SharePoint Foundation 2013 Gold and SP1, Office Web Apps Server 2013 Gold and SP1, and SharePoint Server 201… | |||
| CVE-2014-0521 | medium | — | 4.3 | 12y ago | Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X do not properly implement JavaScript APIs, which allows remote attackers to obtain sensitive information via a… | |||
| CVE-2014-3456 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in GitLab Enterprise Edition (EE) 6.6.0 before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-0946 | medium | — | 4.3 | 12y ago | The RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 does not send appropriate Cache-Control HTTP headers, whi… | |||
| CVE-2014-0913 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino 8.5.3 FP6 before IF2 and 9.0.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via an e-mail message, aka S… | |||
| CVE-2014-2854 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the SemanticTitle extension before 1.1.0 for MediaWiki allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-3207 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in wserver.ml in SKS Keyserver before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to pks/lookup/undefined1. | |||
| CVE-2014-2689 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Offiria 2.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to installer/index.php. | |||
| CVE-2014-0190 | medium | — | 4.3 | 12y ago | The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image. | |||
| CVE-2014-0110 | medium | — | 4.3 | 12y ago | Uncontrolled Resource Consumption in Apache CXF | |||
| CVE-2014-0109 | medium | — | 4.3 | 12y ago | Uncontrolled Resource Consumption in Apache CXF | |||
| CVE-2014-0362 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability on Google Search Appliance (GSA) devices before 7.0.14.G.216 and 7.2 before 7.2.0.G.114, when dynamic navigation is configured, allows remote attackers to inj… | |||
| CVE-2014-2191 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the web framework in Cisco Broadcast Access Center for Telco and Wireless (aka BAC-TW) allows remote attackers to inject arbitrary web script or HTML via a… | |||
| CVE-2014-0911 | medium | — | 4.3 | 12y ago | inetd in IBM WebSphere MQ 7.1.x before 7.1.0.5 and 7.5.x before 7.5.0.4 allows remote attackers to cause a denial of service (disk or CPU consumption) via unspecified vectors. |