CVEs from 2014
Total
7,872
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-9294 | high | — | 7.5 | 12y ago | util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. | |||
| CVE-2014-9293 | high | — | 7.5 | 12y ago | The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection … | |||
| CVE-2014-9379 | high | — | 7.5 | 12y ago | The radius_get_attribute function in dissectors/ec_radius.c in Ettercap 0.8.1 performs an incorrect cast, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitr… | |||
| CVE-2014-9378 | high | — | 7.5 | 12y ago | Ettercap 0.8.1 does not validate certain return values, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted (1) name to the parse_line … | |||
| CVE-2014-9377 | high | — | 7.5 | 12y ago | Heap-based buffer overflow in the nbns_spoof function in plug-ins/nbns_spoof/nbns_spoof.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via… | |||
| CVE-2014-9376 | high | — | 7.5 | 12y ago | Integer underflow in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds write) and possibly execute arbitrary code via a small (1) size variable value in the dissector… | |||
| CVE-2014-9258 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter. | |||
| CVE-2014-6396 | high | — | 7.5 | 12y ago | The dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 0.8.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted passwor… | |||
| CVE-2014-7285 | medium | — | 7.5 | 12y ago | The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP sc… | |||
| CVE-2014-9057 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified v… | |||
| CVE-2014-8340 | high | — | 7.5 | 12y ago | SQL injection vulnerability in Php/Functions/log_function.php in phpTrafficA 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via a User-Agent HTTP header. | |||
| CVE-2014-9249 | high | — | 7.5 | 12y ago | The default configuration of Zenoss Core before 5 allows remote attackers to read or modify database information by connecting to unspecified open ports, aka ZEN-15408. | |||
| CVE-2014-6256 | high | — | 7.5 | 12y ago | Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions and place files in a directory with public (1) read or (2) execute access via a move action, aka ZEN-15386. | |||
| CVE-2014-6052 | high | — | 7.5 | 12y ago | The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of serv… | |||
| CVE-2014-1569 | high | — | 7.5 | 12y ago | The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 lengt… | |||
| CVE-2014-8269 | high | — | 7.5 | 12y ago | Multiple stack-based buffer overflows in (1) HWOPOSScale.ocx and (2) HWOPOSSCANNER.ocx in Honeywell OPOS Suite before 1.13.4.15 allow remote attackers to execute arbitrary code via a crafted file tha… | |||
| CVE-2014-7840 | high | — | 7.5 | 12y ago | The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savev… | |||
| CVE-2014-6407 | high | — | 7.5 | 12y ago | Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation. | |||
| CVE-2014-4323 | high | — | 7.5 | 12y ago | The mdp_lut_hw_update function in drivers/video/msm/mdp.c in the MDP display driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and ot… | |||
| CVE-2014-7260 | high | — | 7.5 | 12y ago | The Server Side Includes (SSI) implementation in the File Upload BBS component in ULTRAPOP.JP i-HTTPD allows remote attackers to execute arbitrary commands by uploading files containing commands in S… | |||
| CVE-2014-9264 | high | — | 7.5 | 12y ago | Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to execute arbitrary code via a crafted column alias. | |||
| CVE-2014-4466 | high | — | 7.5 | 12y ago | WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application… | |||
| CVE-2014-8298 | high | — | 7.5 | 12y ago | The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R331.113, R340.x before R340.65, R343.x before R343.36, and R346.x before R346.22, Linux for Tegra (L4T) driver before R21.2, and … | |||
| CVE-2014-9318 | high | — | 7.5 | 12y ago | The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and… | |||
| CVE-2014-9317 | high | — | 7.5 | 12y ago | The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap acce… | |||
| CVE-2014-9316 | high | — | 7.5 | 12y ago | The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap acc… | |||
| CVE-2014-9275 | high | — | 7.5 | 12y ago | UnRTF allows remote attackers to cause a denial of service (out-of-bounds memory access and crash) and possibly execute arbitrary code via a crafted RTF file. | |||
| CVE-2014-9274 | high | — | 7.5 | 12y ago | UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999". | |||
| CVE-2014-8504 | high | — | 7.5 | 12y ago | Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified i… | |||
| CVE-2014-8503 | high | — | 7.5 | 12y ago | Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified i… | |||
| CVE-2014-8502 | high | — | 7.5 | 12y ago | Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspe… | |||
| CVE-2014-8501 | high | — | 7.5 | 12y ago | The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified… | |||
| CVE-2014-8485 | high | — | 7.5 | 12y ago | The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section g… | |||
| CVE-2014-9305 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in the shortcodeProductsTable function in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.2 for WordPress allows remote authenticated users to execute arbitrary… | |||
| CVE-2014-9280 | high | — | 7.5 | 12y ago | The current_user_get_bug_filter function in core/current_user_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary PHP code via the filter parameter. | |||
| CVE-2014-5462 | medium | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in OpenEMR 4.1.2 (Patch 7) and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) layout_id parameter to interface/super/edi… | |||
| CVE-2014-1693 | high | — | 7.5 | 12y ago | Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-dependent attackers to inject arbitrary FTP commands via CRLF sequences in the (1) user, (2) account, (3) … | |||
| CVE-2014-7255 | high | 7.5 | 7.5 | 12y ago | Internet Initiative Japan Inc. SEIL Series routers SEIL/X1 2.50 through 4.62, SEIL/X2 2.50 through 4.62, SEIL/B1 2.50 through 4.62, and SEIL/x86 Fuji 1.70 through 3.22 allow remote attackers to cause… | |||
| CVE-2014-8990 | high | — | 7.5 | 12y ago | default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename. | |||
| CVE-2014-7867 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus servlet in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow… | |||
| CVE-2014-9239 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote … | |||
| CVE-2014-9235 | medium | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) _action parameter to group.… | |||
| CVE-2014-9157 | high | — | 7.5 | 12y ago | Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not … | |||
| CVE-2014-9220 | high | — | 7.5 | 12y ago | SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command. | |||
| CVE-2014-9152 | high | — | 7.5 | 12y ago | The _user_resource_create function in the Services module 7.x-3.x before 7.x-3.10 for Drupal uses a password of 1 when creating new user accounts, which makes it easier for remote attackers to guess … | |||
| CVE-2014-9151 | high | — | 7.5 | 12y ago | The Services module 7.x-3.x before 7.x-3.10 for Drupal does not properly limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attac… | |||
| CVE-2014-9087 | high | — | 7.5 | 12y ago | Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or … | |||
| CVE-2014-9089 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT before 1.2.18 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to view_all_se… | |||
| CVE-2014-9093 | high | — | 7.5 | 12y ago | LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file. | |||
| CVE-2014-9028 | high | — | 7.5 | 12y ago | Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. | |||
| CVE-2014-8962 | high | — | 7.5 | 12y ago | Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. | |||
| CVE-2014-8002 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in decode_slice.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file. | |||
| CVE-2014-8001 | high | — | 7.5 | 12y ago | Buffer overflow in decode.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file. | |||
| CVE-2014-8367 | high | — | 7.5 | 12y ago | SQL injection vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) 6.2.x, 6.3.x before 6.3.6, and 6.4.x before 6.4.2 allows remote attackers to execute arbitrary SQL commands via unspecifi… | |||
| CVE-2014-8413 | high | — | 7.5 | 12y ago | The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs defined in pjsip.conf at startup, which allows remote attackers to by… | |||
| CVE-2014-7845 | high | — | 7.5 | 12y ago | Moodle Temporary Passwords are Brute Force-able | |||
| CVE-2014-8626 | high | — | 7.5 | 12y ago | Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly… | |||
| CVE-2014-9024 | high | — | 7.5 | 12y ago | The Protected Pages module 7.x-2.x before 7.x-2.4 for Drupal allows remote attackers to bypass the password protection via a crafted path. | |||
| CVE-2014-9001 | medium | — | 7.5 | 12y ago | reminders/index.php in Incredible PBX 11 2.0.6.5.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) APPTMIN, (2) APPTHR, (3) APPTDA, (4) APPTMO, (5)… | |||
| CVE-2014-9000 | medium | — | 7.5 | 12y ago | Mule Enterprise Management Console (MMC) does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitra… | |||
| CVE-2014-8998 | medium | — | 7.5 | 12y ago | lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace functio… | |||
| CVE-2014-7908 | high | — | 7.5 | 12y ago | Multiple integer overflows in the CheckMov function in media/base/container_names.cc in Google Chrome before 39.0.2171.65 allow remote attackers to cause a denial of service or possibly have unspecif… | |||
| CVE-2014-7907 | high | — | 7.5 | 12y ago | Multiple use-after-free vulnerabilities in modules/screen_orientation/ScreenOrientationController.cpp in Blink, as used in Google Chrome before 39.0.2171.65, allow remote attackers to cause a denial … | |||
| CVE-2014-7906 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the Pepper plugins in Google Chrome before 39.0.2171.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Flas… | |||
| CVE-2014-7904 | high | — | 7.5 | 12y ago | Buffer overflow in Skia, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||
| CVE-2014-7903 | high | — | 7.5 | 12y ago | Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a … | |||
| CVE-2014-7902 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF … | |||
| CVE-2014-7901 | high | — | 7.5 | 12y ago | Integer overflow in the opj_t2_read_packet_data function in fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c in OpenJPEG in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to c… | |||
| CVE-2014-7900 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the CPDF_Parser::IsLinearizedFile function in fpdfapi/fpdf_parser/fpdf_parser_parser.cpp in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attacke… | |||
| CVE-2014-4457 | high | — | 7.5 | 12y ago | The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted app… | |||
| CVE-2014-8499 | medium | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allow remote authenticated use… | |||
| CVE-2014-8498 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote … | |||
| CVE-2014-0250 | high | — | 7.5 | 12y ago | Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allow remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress f… | |||
| CVE-2014-3158 | high | — | 7.5 | 12y ago | Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to "access privileged options" via a long word in an options file, which trigge… | |||
| CVE-2014-5424 | high | — | 7.5 | 12y ago | Rockwell Automation Connected Components Workbench (CCW) before 7.00.00 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an invalid prop… | |||
| CVE-2014-8554 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the mc_project_get_attachments function in api/soap/mc_project_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary SQL commands via the proje… | |||
| CVE-2014-3674 | high | — | 7.5 | 12y ago | Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors. | |||
| CVE-2014-8442 | high | — | 7.5 | 12y ago | Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe … | |||
| CVE-2014-0583 | high | — | 7.5 | 12y ago | Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK… | |||
| CVE-2014-3687 | high | 7.5 | 7.5 | 12y ago | The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplic… | |||
| CVE-2014-3673 | high | 7.5 | 7.5 | 12y ago | The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and ne… | |||
| CVE-2014-3693 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly ex… | |||
| CVE-2014-6030 | medium | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET before 4.125.002 allow (1) remote attackers to execute arbitrary SQL commands via the SurveyID parameter to survey/ReviewReadOnlyS… | |||
| CVE-2014-8668 | high | — | 7.5 | 12y ago | SQL injection vulnerability in SAP Contract Accounting allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-8664 | high | — | 7.5 | 12y ago | SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-8663 | high | — | 7.5 | 12y ago | SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-8351 | high | — | 7.5 | 12y ago | SQL injection vulnerability in info.php in French National Commission on Informatics and Liberty (aka CNIL) CookieViz before 1.0.1 allows remote web servers to execute arbitrary SQL commands via the … | |||
| CVE-2014-8549 | high | — | 7.5 | 12y ago | libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the number of channels to at most 2, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have u… | |||
| CVE-2014-8548 | high | — | 7.5 | 12y ago | Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime… | |||
| CVE-2014-8547 | high | — | 7.5 | 12y ago | libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified othe… | |||
| CVE-2014-8546 | high | — | 7.5 | 12y ago | Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Cine… | |||
| CVE-2014-8545 | high | — | 7.5 | 12y ago | libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black format without verifying that the bits-per-pixel value is 1, which allows remote attackers to cause a denial of service (out-of… | |||
| CVE-2014-8544 | high | — | 7.5 | 12y ago | libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecifi… | |||
| CVE-2014-8543 | high | — | 7.5 | 12y ago | libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service (out-of-bound… | |||
| CVE-2014-8542 | high | — | 7.5 | 12y ago | libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have … | |||
| CVE-2014-8541 | high | — | 7.5 | 12y ago | libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attacker… | |||
| CVE-2014-5417 | high | — | 7.5 | 12y ago | Cross-site scripting (XSS) vulnerability in Meinberg NTP Server firmware on LANTIME M-Series devices 6.15.019 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecifie… | |||
| CVE-2014-5408 | high | — | 7.5 | 12y ago | Cross-site scripting (XSS) vulnerability in the login script in the Wind Farm Portal on Nordex Control 2 (NC2) SCADA devices 15 and earlier allows remote attackers to inject arbitrary web script or H… | |||
| CVE-2014-2374 | high | — | 7.5 | 12y ago | The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript. | |||
| CVE-2014-2373 | high | — | 7.5 | 12y ago | The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript. |