CVEs from 2014
Total
7,865
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-0147 | unknown | — | — | — | Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while… | |||
| CVE-2014-5282 | unknown | — | — | — | Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'. | |||
| CVE-2014-8179 | unknown | — | — | — | Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to injec… | |||
| CVE-2014-1958 | unknown | — | — | — | Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld stri… | |||
| CVE-2014-5278 | unknown | — | — | — | A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs. | |||
| CVE-2014-3495 | unknown | — | — | — | duplicity 0.6.24 has improper verification of SSL certificates | |||
| CVE-2014-8178 | unknown | — | — | — | Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a cra… | |||
| CVE-2014-125087 | unknown | — | — | 3y ago | java-xmlbuilder vulnerable to XML External Entity Reference | |||
| CVE-2014-3599 | unknown | — | — | 4y ago | HornetQ REST vulnerable to Improper Restriction of XML External Entity Reference | |||
| CVE-2014-9720 | unknown | — | — | 4y ago | Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determi… | |||
| CVE-2014-4172 | unknown | — | — | 4y ago | Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability | |||
| CVE-2014-3643 | unknown | — | — | 4y ago | jersey: XXE via parameter entities | |||
| CVE-2014-3652 | unknown | — | — | 4y ago | JBoss KeyCloak Open Redirect | |||
| CVE-2014-3656 | unknown | — | — | 4y ago | JBoss KeyCloak Cross-site Scripting Vulnerability | |||
| CVE-2014-3607 | unknown | — | — | 4y ago | Improper Certificate Validation in vt-ldap | |||
| CVE-2014-3603 | unknown | — | — | 4y ago | Improper Validation of Certificate with Host Mismatch in Shibboleth Identity Provider and OpenSAML Java | |||
| CVE-2014-9356 | unknown | — | — | 5y ago | Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or… |