CVEs from 2014
Total
7,865
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-0147 | unknown | — | — | — | Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while… | |||
| CVE-2014-8181 | unknown | — | — | — | The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace. | |||
| CVE-2014-8561 | unknown | — | — | — | imagemagick 6.8.9.6 has remote DOS via infinite loop | |||
| CVE-2014-0144 | unknown | — | — | — | QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input va… | |||
| CVE-2014-3471 | unknown | — | — | — | Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU instance crash) via hotplug and hotunplug operations of Virti… | |||
| CVE-2014-8184 | unknown | — | — | — | A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A stack-based buffer overflow was found in findTable() in liblouis. An attacker could create a malicious file that would cause appl… | |||
| CVE-2014-8171 | unknown | — | — | — | The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup. | |||
| CVE-2014-125087 | unknown | — | — | 3y ago | java-xmlbuilder vulnerable to XML External Entity Reference | |||
| CVE-2014-3599 | unknown | — | — | 4y ago | HornetQ REST vulnerable to Improper Restriction of XML External Entity Reference | |||
| CVE-2014-9720 | unknown | — | — | 4y ago | Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determi… | |||
| CVE-2014-4172 | unknown | — | — | 4y ago | Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability | |||
| CVE-2014-3643 | unknown | — | — | 4y ago | jersey: XXE via parameter entities | |||
| CVE-2014-3652 | unknown | — | — | 4y ago | JBoss KeyCloak Open Redirect | |||
| CVE-2014-3656 | unknown | — | — | 4y ago | JBoss KeyCloak Cross-site Scripting Vulnerability | |||
| CVE-2014-3607 | unknown | — | — | 4y ago | Improper Certificate Validation in vt-ldap | |||
| CVE-2014-3603 | unknown | — | — | 4y ago | Improper Validation of Certificate with Host Mismatch in Shibboleth Identity Provider and OpenSAML Java | |||
| CVE-2014-9356 | unknown | — | — | 5y ago | Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or… |