CVEs from 2014
Total
7,915
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
0.6%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2014-0207 | medium | 6.5 | 6.5 | 12y ago | The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (… | |
| CVE-2014-3857 | medium | — | 6.5 | 12y ago | Multiple SQL injection vulnerabilities in Kerio Control Statistics in Kerio Control (formerly WinRoute Firewall) before 8.3.2 allow remote authenticated users to execute arbitrary SQL commands via th… | |
| CVE-2014-4688 | medium | — | 6.5 | 12y ago | pfSense before 2.1.4 allows remote authenticated users to execute arbitrary commands via (1) the hostname value to diag_dns.php in a Create Alias action, (2) the smartmonemail value to diag_smart.php… | |
| CVE-2014-4649 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in the photo-edit subsystem in Piwigo 2.6.x and 2.7.x before 2.7.0beta2 allows remote authenticated administrators to execute arbitrary SQL commands via the associate[] fi… | |
| CVE-2014-3810 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the members[] parameter… | |
| CVE-2014-2949 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in the web service in F5 ARX Data Manager 3.0.0 through 3.1.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |
| CVE-2014-4046 | medium | — | 6.5 | 12y ago | Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMo… | |
| CVE-2014-2575 | medium | — | 6.5 | 12y ago | Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated … | |
| CVE-2014-3417 | medium | — | 6.5 | 12y ago | uPortal before 4.0.13.1 does not properly check the CONFIG permission, which allows remote authenticated users to configure portlets by leveraging the SUBSCRIBE permission for a portlet. | |
| CVE-2014-3416 | medium | — | 6.5 | 12y ago | uPortal before 4.0.13.1 does not properly check the MANAGE permissions, which allows remote authenticated users to manage arbitrary portlets by leveraging the SUBSCRIBE permission for the portlet-adm… | |
| CVE-2014-3415 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in Sharetronix before 3.4 allows remote authenticated users to execute arbitrary SQL commands via the invite_users[] parameter to the /invite page for a group. | |
| CVE-2014-3275 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted … | |
| CVE-2014-2948 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in workflowenginesoa.asmx in Bizagi BPM Suite through 10.4 allows remote authenticated users to execute arbitrary SQL commands via a crafted SOAP request. | |
| CVE-2014-3210 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in dopbs-backend-forms.php in the Booking System (Booking Calendar) plugin before 1.3 for WordPress allows remote authenticated users to execute arbitrary SQL commands via… | |
| CVE-2014-3453 | medium | — | 6.5 | 12y ago | Eval injection vulnerability in the flag_import_form_validate function in includes/flag.export.inc in the Flag module 7.x-3.0, 7.x-3.5, and earlier for Drupal allows remote authenticated administrato… | |
| CVE-2014-0137 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in the saved_report_delete action in the ReportController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to execute arbitr… | |
| CVE-2014-3246 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary SQL commands via the folder parameter in a fileview_list action to manageajax.php. | |
| CVE-2014-2602 | medium | — | 6.5 | 12y ago | Unspecified vulnerability in HP OneView 1.0 and 1.01 allows remote authenticated users to gain privileges via unknown vectors. | |
| CVE-2014-2558 | medium | — | 6.5 | 12y ago | The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a \' (backslash quote) in the setting field… | |
| CVE-2014-3138 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary… | |
| CVE-2014-2565 | medium | — | 6.5 | 12y ago | The commandline interface in Blue Coat Content Analysis System (CAS) 1.1 before 1.1.4.2 allows remote administrators to execute arbitrary commands via unspecified vectors, related to "command injecti… | |
| CVE-2014-1957 | medium | — | 6.5 | 12y ago | FortiGuard FortiWeb before 5.0.3 allows remote authenticated users to gain privileges via unspecified vectors. | |
| CVE-2014-1523 | medium | 6.5 | 6.5 | 12y ago | Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a… | |
| CVE-2014-2328 | medium | — | 6.5 | 12y ago | lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors. | |
| CVE-2014-2654 | medium | — | 6.5 | 12y ago | Multiple SQL injection vulnerabilities in MobFox mAdserve 2.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) edit_ad_unit.php, (2) view_adu… | |
| CVE-2014-0111 | medium | — | 6.5 | 12y ago | Apache Syncope JEXL Code Injection | |
| CVE-2014-2444 | medium | — | 6.5 | 12y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to InnoDB. | |
| CVE-2014-2436 | medium | — | 6.5 | 12y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related… | |
| CVE-2014-2411 | medium | — | 6.5 | 12y ago | Unspecified vulnerability in the Oracle Identity Analytics component in Oracle Fusion Middleware Oracle Identity Analytics 11.1.1.5 and Sun Role Manager 5.0 allows remote authenticated users to affec… | |
| CVE-2014-2862 | medium | — | 6.5 | 12y ago | PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not check authorization in unspecified situations, which allows remote authenticated users to perform actions via unknown vectors. | |
| CVE-2014-2655 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in the gen_show_status function in functions.inc.php in Postfix Admin (aka postfixadmin) before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands v… | |
| CVE-2014-2669 | medium | — | 6.5 | 12y ago | Multiple integer overflows in contrib/hstore/hstore_io.c in PostgreSQL 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have un… | |
| CVE-2014-0065 | medium | — | 6.5 | 12y ago | Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact… | |
| CVE-2014-0064 | medium | — | 6.5 | 12y ago | Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remot… | |
| CVE-2014-0063 | medium | — | 6.5 | 12y ago | Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a den… | |
| CVE-2014-0061 | medium | — | 6.5 | 12y ago | The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated… | |
| CVE-2014-0344 | medium | — | 6.5 | 12y ago | Properties.do in ZOHO ManageEngine OpStor before build 8500 does not properly check privilege levels, which allows remote authenticated users to obtain Admin access by using the name parameter in con… | |
| CVE-2014-2587 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remote authenticated users to execute arbitrary SQL commands via the username of an audit report (aka us… | |
| CVE-2014-0829 | medium | — | 6.5 | 12y ago | Multiple buffer overflows in IBM Rational ClearCase 7.x before 7.1.2.13, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.3 allow remote authenticated users to obtain privileged access via unspecifi… | |
| CVE-2014-2339 | medium | — | 6.5 | 12y ago | Multiple SQL injection vulnerabilities in bbs/ajax.autosave.php in GNUboard 5.x and possibly earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) subject or (2) cont… | |
| CVE-2014-0132 | medium | — | 6.5 | 12y ago | The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SAS… | |
| CVE-2014-2043 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in Resources/System/Templates/Data.aspx in Procentia IntelliPen before 1.1.18.1658 allows remote authenticated users to execute arbitrary SQL commands via the value parame… | |
| CVE-2014-0899 | medium | — | 6.5 | 12y ago | ftpd in IBM AIX 7.1.1 before SP10 and 7.1.2 before SP5, when a Workload Partition (aka WPAR) for AIX 5.2 or 5.3 is used, allows remote authenticated users to bypass intended permission settings and m… | |
| CVE-2014-2238 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in the manage configuration page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.16 allows remote authenticated administrators to execute arbitrary SQL commands via… | |
| CVE-2014-2088 | medium | — | 6.5 | 12y ago | Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.1 allows remote authenticated users to execute arbitrary PHP code by using a .php filename in an upload_files action to the uploadFile… | |
| CVE-2014-2059 | medium | — | 6.5 | 12y ago | Jenkins directory traversal vulnerability | |
| CVE-2014-0821 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vect… | |
| CVE-2014-1459 | medium | — | 6.5 | 13y ago | SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the _position_down_id parameter. NO… | |
| CVE-2014-1401 | medium | — | 6.5 | 13y ago | Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search parameter to mod/content/content.php or (2) CLI… | |
| CVE-2014-1671 | medium | — | 6.5 | 13y ago | Multiple SQL injection vulnerabilities in Dell KACE K1000 5.4.76847 and possibly earlier allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the macAddress elem… | |
| CVE-2014-1836 | medium | — | 6.4 | 11y ago | ImpressCMS Path Traversal to Arbitrary File Delete | |
| CVE-2014-9201 | medium | — | 6.4 | 11y ago | Beckwith Electric M-6200 Digital Voltage Regulator Control with firmware before D-0198V04.07.00, M-6200A Digital Voltage Regulator Control with firmware before D-0228V02.01.07, M-2001D Digital Tapcha… | |
| CVE-2014-8924 | medium | — | 6.4 | 11y ago | The server in IBM License Metric Tool 7.2.2 before IF15 and 7.5 before IF24 and Tivoli Asset Discovery for Distributed 7.2.2 before IF15 and 7.5 before IF24 allows remote attackers to read arbitrary … | |
| CVE-2014-5409 | medium | — | 6.4 | 11y ago | The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier f… | |
| CVE-2014-5286 | medium | — | 6.4 | 11y ago | The ActiveMatrix Policy Manager Authentication module in TIBCO ActiveMatrix Policy Agent 3.x before 3.1.2, ActiveMatrix Policy Manager 3.x before 3.1.2, ActiveMatrix Management Agent 1.x before 1.2.1… | |
| CVE-2014-0227 | medium | — | 6.4 | 11y ago | Improper Input Validation in Apache Tomcat | |
| CVE-2014-9512 | medium | — | 6.4 | 11y ago | rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path. | |
| CVE-2014-8268 | medium | — | 6.4 | 12y ago | QPR Portal before 2012.2.1 allows remote attackers to modify or delete notes via a direct request. | |
| CVE-2014-8370 | medium | — | 6.4 | 12y ago | VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial… | |
| CVE-2014-6583 | medium | — | 6.4 | 12y ago | Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, and 12.1.3. allows remote attackers to affect confidentiality… | |
| CVE-2014-6581 | medium | — | 6.4 | 12y ago | Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote … | |
| CVE-2014-6572 | medium | — | 6.4 | 12y ago | Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote atta… | |
| CVE-2014-100015 | medium | — | 6.4 | 12y ago | Directory traversal vulnerability in pdmwService.exe in SolidWorks Workgroup PDM 2014 allows remote attackers to write to arbitrary files via a .. (dot dot) in the filename in a file upload. | |
| CVE-2014-9575 | medium | — | 6.4 | 12y ago | VDG Security SENSE (formerly DIVA) before 2.3.15 allows remote attackers to bypass authentication, and consequently read and modify arbitrary plugin settings, via an encoded : (colon) character in th… | |
| CVE-2014-4637 | medium | — | 6.4 | 12y ago | Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified par… | |
| CVE-2014-9447 | medium | — | 6.4 | 12y ago | Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (… | |
| CVE-2014-9372 | medium | — | 6.4 | 12y ago | Directory traversal vulnerability in the UploadAccountActivities servlet in ManageEngine Password Manager Pro (PMP) before 7103 allows remote attackers to delete arbitrary files via a .. (dot dot) in… | |
| CVE-2014-9358 | medium | — | 6.4 | 12y ago | Directory Traversal in Docker in github.com/docker/docker | |
| CVE-2014-6255 | medium | — | 6.4 | 12y ago | Open redirect vulnerability in the login form in Zenoss Core before 4.2.5 SP161 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the came_from paramet… | |
| CVE-2014-8489 | medium | — | 6.4 | 12y ago | Open redirect vulnerability in startSSO.ping in the SP Endpoints in Ping Identity PingFederate 6.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via… | |
| CVE-2014-9360 | medium | — | 6.4 | 12y ago | XML external entity (XXE) vulnerability in Scalix Web Access 11.4.6.12377 and 12.2.0.14697 allows remote attackers to read arbitrary files and trigger requests to intranet servers via a crafted reque… | |
| CVE-2014-9351 | medium | — | 6.4 | 12y ago | engine/server/server.cpp in Teeworlds 0.6.x before 0.6.3 allows remote attackers to read memory and cause a denial of service (crash) via unspecified vectors. | |
| CVE-2014-9301 | medium | — | 6.4 | 12y ago | Server-side request forgery (SSRF) vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows remote attackers to trigger outbound requests to intranet servers, conduct port… | |
| CVE-2014-6036 | medium | — | 6.4 | 12y ago | Directory traversal vulnerability in the multipartRequest servlet in ZOHO ManageEngine OpManager 11.3 and earlier, Social IT Plus 11.0, and IT360 10.3, 10.4, and earlier allows remote attackers or re… | |
| CVE-2014-3068 | medium | — | 6.4 | 12y ago | IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows at… | |
| CVE-2014-9150 | medium | — | 6.4 | 12y ago | Race condition in the MoveFileEx call hook feature in Adobe Reader and Acrobat 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently write to file… | |
| CVE-2014-7142 | medium | — | 6.4 | 12y ago | The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size. | |
| CVE-2014-7141 | medium | — | 6.4 | 12y ago | The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6… | |
| CVE-2014-9038 | medium | — | 6.4 | 12y ago | wp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to conduct server-side request forgery (SSRF) attacks by referring… | |
| CVE-2014-7839 | medium | — | 6.4 | 12y ago | XML External Entity Reference in RESTEasy | |
| CVE-2014-1424 | medium | — | 6.4 | 12y ago | apparmor_parser in the apparmor package before 2.8.95~2430-0ubuntu5.1 in Ubuntu 14.04 allows attackers to bypass AppArmor policies via unspecified vectors, related to a "miscompilation flaw." | |
| CVE-2014-7194 | medium | — | 6.4 | 12y ago | TIBCO Managed File Transfer Internet Server before 7.2.4, Managed File Transfer Command Center before 7.2.4, Slingshot before 1.9.3, and Vault before 1.1.1 allow remote attackers to obtain sensitive … | |
| CVE-2014-9022 | medium | — | 6.4 | 12y ago | The Webform Component Roles module 6.x-1.x before 6.x-1.8 and 7.x-1.x before 7.x-1.8 for Drupal allows remote attackers to bypass the "disabled" restriction and modify read-only components via a craf… | |
| CVE-2014-8769 | medium | — | 6.4 | 12y ago | tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Dist… | |
| CVE-2014-8598 | medium | — | 6.4 | 12y ago | The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via th… | |
| CVE-2014-2684 | medium | — | 6.4 | 12y ago | The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 does not verify that the openid_op_endpoint value i… | |
| CVE-2014-2681 | medium | — | 6.4 | 12y ago | Several Zend Products Vulnerable to XXE and XEE attacks | |
| CVE-2014-8566 | medium | — | 6.4 | 12y ago | The mod_auth_mellon module before 0.8.1 allows remote attackers to obtain sensitive information or cause a denial of service (segmentation fault) via unspecified vectors related to a "session overflo… | |
| CVE-2014-3500 | medium | — | 6.4 | 12y ago | Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL. | |
| CVE-2014-8582 | medium | — | 6.4 | 12y ago | FortiNet FortiADC-E with firmware 3.1.1 before 4.0.5 and Coyote Point Equalizer with firmware 10.2.0a allows remote attackers to obtain access to arbitrary subnets via unspecified vectors. | |
| CVE-2014-3697 | medium | — | 6.4 | 12y ago | Absolute path traversal vulnerability in the untar_block function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar ar… | |
| CVE-2014-3694 | medium | — | 6.4 | 12y ago | The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of … | |
| CVE-2014-2279 | medium | — | 6.4 | 12y ago | Multiple directory traversal vulnerabilities in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allow (1) remote authenticated users with access to the LogManagement functionality to read arbitrary… | |
| CVE-2014-8305 | medium | — | 6.4 | 12y ago | Open redirect vulnerability in the redir function in includes/function.php in C97net Cart Engine before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attac… | |
| CVE-2014-6553 | medium | — | 6.4 | 12y ago | Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5 and 11.1.1.7 allows remote attackers to affect confidentiality and integrity via unknown vectors … | |
| CVE-2014-1577 | medium | — | 6.4 | 12y ago | The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote … | |
| CVE-2014-7284 | medium | — | 6.4 | 12y ago | The net_get_random_once implementation in net/core/utils.c in the Linux kernel 3.13.x and 3.14.x before 3.14.5 on certain Intel processors does not perform the intended slow-path operation to initial… | |
| CVE-2014-7185 | medium | — | 6.4 | 12y ago | Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function. | |
| CVE-2014-6292 | medium | — | 6.4 | 12y ago | TYPO3 femanager extension allows remote frontend users to modify or delete records of other frontend users | |
| CVE-2014-5319 | medium | — | 6.4 | 12y ago | Directory traversal vulnerability in the S-Link SLFileManager application 1.2.5 and earlier for Android allows remote attackers to write to files via unspecified vectors. |