CVEs from 2014
Total
7,872
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-3618 | high | — | 7.5 | 12y ago | Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, relate… | |||
| CVE-2014-5504 | high | — | 7.5 | 12y ago | SolarWinds Log and Event Manager before 6.0 uses "static" credentials, which makes it easier for remote attackers to obtain access to the database and execute arbitrary code via unspecified vectors, … | |||
| CVE-2014-2685 | high | — | 7.5 | 12y ago | The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only th… | |||
| CVE-2014-5285 | high | — | 7.5 | 12y ago | Unspecified vulnerability in the Authentication Module in TIBCO Spotfire Server before 4.5.2, 5.0.x before 5.0.3, 5.5.x before 5.5.2, 6.0.x before 6.0.3, and 6.5.x before 6.5.1 allows remote attacker… | |||
| CVE-2014-0485 | high | — | 7.5 | 12y ago | S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/. | |||
| CVE-2014-5399 | high | — | 7.5 | 12y ago | SQL injection vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-5397 | high | — | 7.5 | 12y ago | Cross-site scripting (XSS) vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to inject arbitrary web script or HTML via unspec… | |||
| CVE-2014-3171 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the V8 bindings in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact … | |||
| CVE-2014-3169 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or po… | |||
| CVE-2014-3168 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other … | |||
| CVE-2014-5458 | high | — | 7.5 | 12y ago | SQL injection vulnerability in sqrl_verify.php in php-sqrl allows remote attackers to execute arbitrary SQL commands via the message parameter. | |||
| CVE-2014-2216 | high | — | 7.5 | 12y ago | The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.0.0 before 5.0.8 on FortiGate devices allows remote attackers to cause a denial of service and possibly execute arbitrary cod… | |||
| CVE-2014-5396 | high | — | 7.5 | 12y ago | The web interface in Schrack Technik microControl with firmware before 1.7.0 (937) has a hardcoded password of not for the "user" account, which makes it easier for remote attackers to obtain access … | |||
| CVE-2014-5262 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-5261 | high | — | 7.5 | 12y ago | The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool comman… | |||
| CVE-2014-4197 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in Bank Soft Systems (BSS) RBS BS-Client 3.17.9 allow remote attackers to execute arbitrary SQL commands via the (1) CARDS or (2) XACTION parameter. | |||
| CVE-2014-5159 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary SQL commands via the ws_data parameter. | |||
| CVE-2014-3490 | high | — | 7.5 | 12y ago | Incorrect Privilege Assignment in RESTEasy | |||
| CVE-2014-3906 | high | — | 7.5 | 12y ago | SQL injection vulnerability in OSK Advance-Flow 4.41 and earlier and Advance-Flow Forms 4.41 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-5203 | high | — | 7.5 | 12y ago | wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x before 3.9.2 might allow remote attackers to execute arbitrary code via crafted serialized data. | |||
| CVE-2014-3514 | high | — | 7.5 | 12y ago | activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection… | |||
| CVE-2014-3063 | high | — | 7.5 | 12y ago | IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1-FP11 and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x before… | |||
| CVE-2014-3904 | high | — | 7.5 | 12y ago | SQL injection vulnerability in lib/admin.php in tenfourzero Shutter 0.1.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-5250 | high | — | 7.5 | 12y ago | Unspecified vulnerability in the AJAX autocompletion callback in the Biblio Autocomplete module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to access data via… | |||
| CVE-2014-5249 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the "Biblio self autocomplete" submodule in the Biblio Autocomplete module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to execu… | |||
| CVE-2014-3512 | high | — | 7.5 | 12y ago | Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have uns… | |||
| CVE-2014-3167 | high | — | 7.5 | 12y ago | Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.143 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2014-3165 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143, allows remote attack… | |||
| CVE-2014-0316 | high | — | 7.5 | 12y ago | Memory leak in the Local RPC (LRPC) server implementation in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 … | |||
| CVE-2014-3086 | high | — | 7.5 | 12y ago | Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveragi… | |||
| CVE-2014-3773 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in TeamPass before 2.1.20 allow remote attackers to execute arbitrary SQL commands via the login parameter in a (1) send_pw_by_email or (2) generate_new_passwor… | |||
| CVE-2014-3772 | high | — | 7.5 | 12y ago | TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via a request to index.php followed by a direct request to a file that calls the session_start function before checking th… | |||
| CVE-2014-3771 | high | — | 7.5 | 12y ago | TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via the language file path in a (1) request to index.php or (2) "change_user_language" request to sources/main.queries.php. | |||
| CVE-2014-5175 | high | — | 7.5 | 12y ago | The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS. | |||
| CVE-2014-3055 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to execute arbitrary SQL commands via unspecified … | |||
| CVE-2014-5114 | high | — | 7.5 | 12y ago | WeBid 1.1.1 allows remote attackers to conduct an LDAP injection attack via the (1) js or (2) cat parameter. | |||
| CVE-2014-3541 | high | — | 7.5 | 12y ago | Moodle vulnerable to PHP object injection attacks | |||
| CVE-2014-4726 | high | — | 7.5 | 12y ago | Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors. | |||
| CVE-2014-4858 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in CWPLogin.aspx in Sabre AirCentre Crew products 2010.2.12.20008 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (… | |||
| CVE-2014-5102 | high | — | 7.5 | 12y ago | SQL injection vulnerability in vBulletin 5.0.4 through 5.1.3 Alpha 5 allows remote attackers to execute arbitrary SQL commands via the criteria[startswith] parameter to ajax/render/memberlist_items. | |||
| CVE-2014-3530 | high | — | 7.5 | 12y ago | XML External Entity Reference in org.picketlink:picketlink-common | |||
| CVE-2014-5017 | high | — | 7.5 | 12y ago | SQL injection vulnerability in CPDB in application/controllers/admin/participantsaction.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to execute arbitrary SQL commands via the sidx par… | |||
| CVE-2014-3161 | high | — | 7.5 | 12y ago | The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayer_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly interact with redirects, which … | |||
| CVE-2014-1999 | high | — | 7.5 | 12y ago | The auto-format feature in the Request_Curl class in FuelPHP 1.1 through 1.7.1 allows remote attackers to execute arbitrary code via a crafted response. | |||
| CVE-2014-1996 | high | — | 7.5 | 12y ago | Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call. | |||
| CVE-2014-2368 | high | — | 7.5 | 12y ago | The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call. | |||
| CVE-2014-2367 | high | — | 7.5 | 12y ago | The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call. | |||
| CVE-2014-4850 | high | — | 7.5 | 12y ago | SQL injection vulnerability in index.php in FoeCMS allows remote attackers to execute arbitrary SQL commands via the i parameter. | |||
| CVE-2014-3515 | high | — | 7.5 | 12y ago | The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers … | |||
| CVE-2014-0539 | high | — | 7.5 | 12y ago | Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adob… | |||
| CVE-2014-0537 | high | — | 7.5 | 12y ago | Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adob… | |||
| CVE-2014-2616 | high | — | 7.5 | 12y ago | Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2091. | |||
| CVE-2014-2615 | high | — | 7.5 | 12y ago | Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2083. | |||
| CVE-2014-2614 | high | — | 7.5 | 12y ago | Unspecified vulnerability in HP SiteScope 11.1x through 11.13 and 11.2x through 11.24 allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-2140. | |||
| CVE-2014-0602 | high | — | 7.5 | 12y ago | Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in NetIQ Security Manager through 6.5.4 allows remote attackers to execute arbitrary code via unspecified… | |||
| CVE-2014-4672 | high | — | 7.5 | 12y ago | Yii PHP Framework arbitrary PHP scripts execution | |||
| CVE-2014-3483 | high | — | 7.5 | 12y ago | SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before … | |||
| CVE-2014-3482 | high | — | 7.5 | 12y ago | SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows r… | |||
| CVE-2014-1371 | high | — | 7.5 | 12y ago | Array index error in Dock in Apple OS X before 10.9.4 allows attackers to execute arbitrary code or cause a denial of service (incorrect function-pointer dereference and application crash) by leverag… | |||
| CVE-2014-4305 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in NICE Recording eXpress (aka Cybertech eXpress) 6.5.7 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-3157 | high | — | 7.5 | 12y ago | Heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer function in media/filters/ffmpeg_video_decoder.cc in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial … | |||
| CVE-2014-3156 | high | — | 7.5 | 12y ago | Buffer overflow in the clipboard implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that t… | |||
| CVE-2014-3154 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the ChildThread::Shutdown function in content/child/child_thread.cc in the filesystem API in Google Chrome before 35.0.1916.153 allows remote attackers to cause a deni… | |||
| CVE-2014-1543 | high | — | 7.5 | 12y ago | Multiple heap-based buffer overflows in the navigator.getGamepads function in the Gamepad API in Mozilla Firefox before 30.0 allow remote attackers to execute arbitrary code by using non-contiguous a… | |||
| CVE-2014-0535 | high | — | 7.5 | 12y ago | Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK &… | |||
| CVE-2014-0534 | high | — | 7.5 | 12y ago | Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK &… | |||
| CVE-2014-4003 | high | — | 7.5 | 12y ago | The System Landscape Directory (SLD) in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system. | |||
| CVE-2014-2508 | high | — | 7.5 | 12y ago | EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks… | |||
| CVE-2014-2503 | high | — | 7.5 | 12y ago | The thumbnail proxy server in EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5, and 6.5 SP6 before P13 allows remote attackers to conduct Documentum Query Language (DQL) injection… | |||
| CVE-2014-3468 | high | — | 7.5 | 12y ago | The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds ac… | |||
| CVE-2014-3973 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.3.21 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-2051 | high | — | 7.5 | 12y ago | ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to conduct an LDAP injection attack via unspecified vectors, as demonstrated using a "login query." | |||
| CVE-2014-3834 | high | — | 7.5 | 12y ago | ownCloud Server before 6.0.3 does not properly check permissions, which allows remote authenticated users to (1) access the contacts of other users via the address book or (2) rename files via unspec… | |||
| CVE-2014-2056 | high | — | 7.5 | 12y ago | PHPDocX, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External… | |||
| CVE-2014-2055 | high | — | 7.5 | 12y ago | XXE in SabreDAV | |||
| CVE-2014-2054 | high | — | 7.5 | 12y ago | PHPExcel vulnerable to XXE attacks through libxml | |||
| CVE-2014-2053 | high | — | 7.5 | 12y ago | getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via a… | |||
| CVE-2014-3937 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the Contextual Related Posts plugin before 1.8.10.2 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-3932 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the device registration component in wsf/webservice.php in CoSoSys Endpoint Protector 4 4.3.0.4 and 4.4.0.2 allows remote attackers to execute arbitrary SQL commands vi… | |||
| CVE-2014-3780 | high | — | 7.5 | 12y ago | Unspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 and 5.4.x before 5.4.4 allows remote attackers to bypass authentication via unspecified vectors, related to a Java servlet. | |||
| CVE-2014-3872 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in the administration login page in D-Link DAP-1350 (Rev. A1) with firmware 1.14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1… | |||
| CVE-2014-3788 | high | — | 7.5 | 12y ago | Heap-based buffer overflow in the Web Server in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary code via a negative value in the Content-Length field… | |||
| CVE-2014-3775 | high | — | 7.5 | 12y ago | libgadu before 1.11.4 and 1.12.0 before 1.12.0-rc3, as used in Pidgin and other products, allows remote Gadu-Gadu file relay servers to cause a denial of service (memory overwrite) or possibly execut… | |||
| CVE-2014-3152 | high | — | 7.5 | 12y ago | Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm.cc in Google V8 before 3.25.28.16, as used in Google Chrome before 35.0.1916.114, allows remote attackers to… | |||
| CVE-2014-1749 | high | — | 7.5 | 12y ago | Multiple unspecified vulnerabilities in Google Chrome before 35.0.1916.114 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2014-1744 | high | — | 7.5 | 12y ago | Integer overflow in the AudioInputRendererHost::OnCreateStream function in content/browser/renderer_host/media/audio_input_renderer_host.cc in Google Chrome before 35.0.1916.114 allows remote attacke… | |||
| CVE-2014-1743 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the StyleElement::removedFromDocument function in core/dom/StyleElement.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a… | |||
| CVE-2014-3776 | high | — | 7.5 | 12y ago | Buffer overflow in the "read-u8vector!" procedure in the srfi-4 unit in CHICKEN stable 4.8.0.7 and development snapshots before 4.9.1 allows remote attackers to cause a denial of service (memory corr… | |||
| CVE-2014-2351 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the LiveData service in CSWorks before 2.5.5233.0 allows remote attackers to execute arbitrary SQL commands via vectors related to pathnames contained in web API reques… | |||
| CVE-2014-1613 | high | — | 7.5 | 12y ago | Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dc_passwd cookie to a password-protected page, which is not properly handled by (1) inc/publ… | |||
| CVE-2014-3759 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in the BibTex Publications (si_bibtex) extension 0.2.3 for TYPO3 allow remote attackers to execute arbitrary SQL commands via vectors related to the (1) search … | |||
| CVE-2014-0211 | high | — | 7.5 | 12y ago | Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to… | |||
| CVE-2014-0210 | high | — | 7.5 | 12y ago | Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_set… | |||
| CVE-2014-1742 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the FrameSelection::updateAppearance function in core/editing/FrameSelection.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allows remote attackers to ca… | |||
| CVE-2014-1741 | high | — | 7.5 | 12y ago | Multiple integer overflows in the replace-data functionality in the CharacterData interface implementation in core/dom/CharacterData.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allow… | |||
| CVE-2014-1740 | high | — | 7.5 | 12y ago | Multiple use-after-free vulnerabilities in net/websockets/websocket_job.cc in the WebSockets implementation in Google Chrome before 34.0.1847.137 allow remote attackers to cause a denial of service o… | |||
| CVE-2014-0520 | high | — | 7.5 | 12y ago | Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass in… | |||
| CVE-2014-0519 | high | — | 7.5 | 12y ago | Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass in… | |||
| CVE-2014-0518 | high | — | 7.5 | 12y ago | Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass in… | |||
| CVE-2014-0517 | high | — | 7.5 | 12y ago | Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass in… |