CVEs from 2014
Total
7,882
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
2.1%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-6385 | medium | — | 6.1 | 12y ago | Juniper Junos 11.4 before 11.4R13, 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, 12.2 before 12.2R9, 12.3R7 before 12.3R7-S1, 12.3 before 12.3R8, 13.1 before 13.… | |||
| CVE-2014-8884 | medium | — | 6.1 | 12y ago | Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial o… | |||
| CVE-2014-7997 | medium | — | 6.1 | 12y ago | The DHCP implementation in Cisco IOS on Aironet access points does not properly handle error conditions with short leases and unsuccessful lease-renewal attempts, which allows remote attackers to cau… | |||
| CVE-2014-3439 | medium | — | 6.1 | 12y ago | ConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to write to arbitrary files via unspecified vectors. | |||
| CVE-2014-3409 | medium | — | 6.1 | 12y ago | The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device relo… | |||
| CVE-2014-7154 | medium | — | 6.1 | 12y ago | Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a d… | |||
| CVE-2014-3379 | medium | — | 6.1 | 12y ago | Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (NPU and card hang or reload) via a malformed MPLS packet, aka Bug ID CSCu… | |||
| CVE-2014-4406 | medium | 6.1 | 6.1 | 12y ago | Cross-site scripting (XSS) vulnerability in Xcode Server in CoreCollaboration in Apple OS X Server before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-2388 | medium | — | 6.1 | 12y ago | The Storage and Access service in BlackBerry OS 10.x before 10.2.1.1925 on Q5, Q10, Z10, and Z30 devices does not enforce the password requirement for SMB filesystem access, which allows context-depe… | |||
| CVE-2014-3322 | medium | — | 6.1 | 12y ago | Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of IP packets, which allows remote attackers to cause a denial of service (chip and card hangs) via mal… | |||
| CVE-2014-3284 | medium | — | 6.1 | 12y ago | Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed PPPoE packet, aka Bug ID CSCuo55180. | |||
| CVE-2014-3273 | medium | — | 6.1 | 12y ago | The LLDP implementation in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a malformed packet, aka Bug ID CSCum96282. | |||
| CVE-2014-1530 | medium | 6.1 | 6.1 | 12y ago | The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL wi… | |||
| CVE-2014-2182 | medium | — | 6.1 | 12y ago | Cisco Adaptive Security Appliance (ASA) Software, when DHCPv6 replay is configured, allows remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 packet, aka Bug ID CSCun4… | |||
| CVE-2014-0353 | medium | — | 6.1 | 12y ago | The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to bypass authentication by using %2F sequences in place of / (slash) characters. | |||
| CVE-2014-2144 | medium | — | 6.1 | 12y ago | Cisco IOS XR does not properly throttle ICMPv6 redirect packets, which allows remote attackers to cause a denial of service (IPv4 and IPv6 transit outage) via crafted redirect messages, aka Bug ID CS… | |||
| CVE-2014-2131 | medium | — | 6.1 | 12y ago | The packet driver in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a series of (1) Virtual Switching Systems (VSS) or (2) Bidirectional Forwarding Detection (BFD)… | |||
| CVE-2014-2526 | medium | 6.1 | 6.1 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive before 6.7 allow remote attackers to inject arbitrary web script or HTML via the (1) sForumName or (2) sDescription parameter to … | |||
| CVE-2014-2252 | medium | — | 6.1 | 12y ago | Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted PROFINET packets, a different vulnerability t… | |||
| CVE-2014-2253 | medium | — | 6.1 | 12y ago | Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted Profinet packets. | |||
| CVE-2014-2309 | medium | — | 6.1 | 12y ago | The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory co… | |||
| CVE-2014-0482 | medium | — | 6.0 | 4y ago | The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.R… | |||
| CVE-2014-3476 | medium | — | 6.0 | 4y ago | OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges b… | |||
| CVE-2014-8175 | medium | — | 6.0 | 11y ago | Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account defined in the users.properties file. | |||
| CVE-2014-9573 | medium | — | 6.0 | 12y ago | SQL injection vulnerability in manage_user_page.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote administrators with FILE privileges to execute arbitrary SQL commands via the… | |||
| CVE-2014-100002 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to Wor… | |||
| CVE-2014-6168 | medium | — | 6.0 | 12y ago | Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1 before 5.1.0.15 IF0056 allows remote authenticated users to hijack the authentication of arbitrary users for reque… | |||
| CVE-2014-6187 | medium | — | 6.0 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x before 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8… | |||
| CVE-2014-9324 | medium | — | 6.0 | 12y ago | The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vector… | |||
| CVE-2014-8270 | medium | — | 6.0 | 12y ago | BMC Track-It! 11.3 allows remote attackers to gain privileges and execute arbitrary code by creating an account whose name matches that of a local system account, then performing a password reset. | |||
| CVE-2014-3058 | medium | — | 6.0 | 12y ago | Cross-site request forgery (CSRF) vulnerability on the IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to hijack the authentication of arbitrary users … | |||
| CVE-2014-6034 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 through 11.3, Social IT Plus 11.0, and IT360 10.… | |||
| CVE-2014-5445 | medium | — | 6.0 | 12y ago | Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via… | |||
| CVE-2014-7816 | medium | — | 6.0 | 12y ago | Improper Limitation of a Pathname to a Restricted Directory in JBoss Undertow | |||
| CVE-2014-8799 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (do… | |||
| CVE-2014-9016 | medium | — | 6.0 | 12y ago | The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service (CPU and m… | |||
| CVE-2014-7992 | medium | — | 6.0 | 12y ago | The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, a… | |||
| CVE-2014-8949 | medium | — | 6.0 | 12y ago | The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4w_trace parameter. NOTE: this c… | |||
| CVE-2014-2268 | medium | — | 6.0 | 12y ago | views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the … | |||
| CVE-2014-4839 | medium | — | 6.0 | 12y ago | Cross-site request forgery (CSRF) vulnerability in birtviewer.query in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 … | |||
| CVE-2014-6251 | medium | — | 6.0 | 12y ago | Stack-based buffer overflow in CPUMiner before 2.4.1 allows remote attackers to have an unspecified impact by sending a mining.subscribe response with a large nonce2 length, then triggering the overf… | |||
| CVE-2014-8313 | medium | — | 6.0 | 12y ago | Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors. | |||
| CVE-2014-3663 | medium | — | 6.0 | 12y ago | Jenkins allows remote authenticated users to bypass intended restrictions and create or destroy arbitrary jobs | |||
| CVE-2014-6483 | medium | — | 6.0 | 12y ago | Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.6 allows remote authenticated users to affect confidentiality, integrity, and availability via unkn… | |||
| CVE-2014-3593 | medium | — | 6.0 | 12y ago | Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration. | |||
| CVE-2014-2641 | medium | — | 6.0 | 12y ago | Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vec… | |||
| CVE-2014-4816 | medium | — | 6.0 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before … | |||
| CVE-2014-4785 | medium | — | 6.0 | 12y ago | Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote au… | |||
| CVE-2014-3037 | medium | — | 6.0 | 12y ago | Cross-site request forgery (CSRF) vulnerability in IBM Configuration Management Application (aka VVC) in IBM Rational Engineering Lifecycle Manager before 4.0.7 and 5.x before 5.0.1, Rational Softwar… | |||
| CVE-2014-4863 | medium | — | 6.0 | 12y ago | The Arris Touchstone DG950A cable modem with software 7.10.131 has an SNMP community of public, which allows remote attackers to obtain sensitive password, key, and SSID information via an SNMP reque… | |||
| CVE-2014-5377 | medium | — | 6.0 | 12y ago | ReadUsersFromMasterServlet in ManageEngine DeviceExpert before 5.9 build 5981 allows remote attackers to obtain user account credentials via a direct request. | |||
| CVE-2014-5337 | medium | — | 6.0 | 12y ago | The WordPress Mobile Pack plugin before 2.0.2 for WordPress does not properly restrict access to password protected posts, which allows remote attackers to obtain sensitive information via an exporta… | |||
| CVE-2014-3024 | medium | — | 6.0 | 12y ago | Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 through 7.5.0.6 and Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2… | |||
| CVE-2014-3040 | medium | — | 6.0 | 12y ago | Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.… | |||
| CVE-2014-5454 | medium | — | 6.0 | 12y ago | Unrestricted file upload vulnerability in the image upload module in SAS Visual Analytics 6.4M1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable exte… | |||
| CVE-2014-5266 | medium | — | 6.0 | 12y ago | The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote atta… | |||
| CVE-2014-5185 | medium | — | 6.0 | 12y ago | SQL injection vulnerability in the Quartz plugin 1.01.1 for WordPress allows remote authenticated users with Contributor privileges to execute arbitrary SQL commands via the quote parameter in an edi… | |||
| CVE-2014-5182 | medium | — | 6.0 | 12y ago | Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for WordPress allow remote authenticated users with Contributor privileges to execute arbitrary SQL commands via vectors related to (1) … | |||
| CVE-2014-5176 | medium | — | 6.0 | 12y ago | SAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||
| CVE-2014-0948 | medium | — | 6.0 | 12y ago | Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code v… | |||
| CVE-2014-0947 | medium | — | 6.0 | 12y ago | Unspecified vulnerability in the server in IBM Rational Software Architect Design Manager 4.0.6 allows remote authenticated users to execute arbitrary code via a crafted update site. | |||
| CVE-2014-3552 | medium | — | 6.0 | 12y ago | The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check whether a session ID is empty, which allows remo… | |||
| CVE-2014-3545 | medium | — | 6.0 | 12y ago | Moodle remote code execution via quiz questions | |||
| CVE-2014-2227 | medium | — | 6.0 | 12y ago | The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which … | |||
| CVE-2014-4684 | medium | — | 6.0 | 12y ago | The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433. | |||
| CVE-2014-3782 | medium | — | 6.0 | 12y ago | Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear before 2.6.3 allow remote authenticated users to execute arbitrary PHP code by … | |||
| CVE-2014-3048 | medium | — | 6.0 | 12y ago | Unspecified vulnerability on the IBM System Storage Virtualization Engine TS7700 allows local users to gain privileges by leveraging the TSSC service-user role to enter a crafted SSH command. | |||
| CVE-2014-0929 | medium | — | 6.0 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Profiles component in IBM Connections through 3.0.1.1 CR3 allows remote authenticated users to hijack the authentication of arbitrary users for … | |||
| CVE-2014-0961 | medium | — | 6.0 | 12y ago | Cross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity Manager (ITIM) 5.0 before 5.0.0.15 and 5.1 before 5.1.0.15 and IBM Security Identity Manager (ISIM) 6.0 before 6.0.0.2 allows re… | |||
| CVE-2014-3942 | medium | — | 6.0 | 12y ago | TYPO3 Color Picker Wizard component allows remote authenticated editors to execute arbitrary PHP code | |||
| CVE-2014-2354 | medium | — | 6.0 | 12y ago | Cogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack. | |||
| CVE-2014-0849 | medium | — | 6.0 | 12y ago | IBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to gain privileges by leveraging memb… | |||
| CVE-2014-3272 | medium | — | 6.0 | 12y ago | The Agent in Cisco Tidal Enterprise Scheduler (TES) 6.1 and earlier allows local users to gain privileges via crafted Tidal Job Buffers (TJB) parameters, aka Bug ID CSCuo33074. | |||
| CVE-2014-3783 | medium | — | 6.0 | 12y ago | SQL injection vulnerability in admin/categories.php in Dotclear before 2.6.3 allows remote authenticated users with the manage categories permission to execute arbitrary SQL commands via the categori… | |||
| CVE-2014-0944 | medium | — | 6.0 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows… | |||
| CVE-2014-1989 | medium | — | 6.0 | 12y ago | Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to bypass intended access restrictions and delete schedule information via unspecified API calls. | |||
| CVE-2014-0162 | medium | — | 6.0 | 12y ago | OpenStack Image Registry and Delivery Service (Glance) Improper Input Validation vulnerability | |||
| CVE-2014-2455 | medium | — | 6.0 | 12y ago | Unspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated users to affect confidentiality, integrity, and availability via … | |||
| CVE-2014-0167 | medium | — | 6.0 | 12y ago | The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, … | |||
| CVE-2014-0105 | medium | — | 6.0 | 12y ago | The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authen… | |||
| CVE-2014-0908 | medium | — | 6.0 | 12y ago | The User Attribute implementation in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access … | |||
| CVE-2014-0634 | medium | — | 6.0 | 12y ago | EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sen… | |||
| CVE-2014-0094 | medium | — | 6.0 | 12y ago | ClassLoader manipulation in Apache Struts | |||
| CVE-2014-2245 | medium | — | 6.0 | 12y ago | SQL injection vulnerability in the News module in CMS Made Simple (CMSMS) before 1.11.10 allows remote authenticated users with the "Modify News" permission to execute arbitrary SQL commands via the … | |||
| CVE-2014-0686 | medium | — | 6.0 | 13y ago | Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul2490… | |||
| CVE-2014-2845 | medium | 5.9 | 5.9 | 9y ago | Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root … | |||
| CVE-2014-7242 | medium | 5.9 | 5.9 | 9y ago | The SumaHo application 3.0.0 and earlier for Android and the SumaHo "driving capability" diagnosis result transmission application 1.2.2 and earlier for Android allow man-in-the-middle attackers to s… | |||
| CVE-2014-3706 | medium | 5.9 | 5.9 | 9y ago | ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates. | |||
| CVE-2014-2903 | medium | 5.9 | 5.9 | 9y ago | CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake. | |||
| CVE-2014-9686 | medium | 5.9 | 5.9 | 9y ago | The Googlemaps plugin 3.2 and earlier for Joomla! allows remote attackers with control of a sub-domain belonging to a victim domain to cause a denial of service via the 'url' parameter to plugin_goog… | |||
| CVE-2014-8878 | medium | 5.9 | 5.9 | 9y ago | KDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote attackers to obtain sensitive information by sniffing the network. | |||
| CVE-2014-4616 | medium | 5.9 | 5.9 | 9y ago | simplejson before 2.6.1 vulnerable to array index error | |||
| CVE-2014-9920 | medium | 5.9 | 5.9 | 9y ago | Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 befor… | |||
| CVE-2014-9754 | medium | 5.9 | 5.9 | 10y ago | The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before… | |||
| CVE-2014-0759 | medium | 5.9 | 5.9 | 12y ago | Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed… | |||
| CVE-2014-8242 | medium | — | 5.8 | 11y ago | librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack. | |||
| CVE-2014-9750 | medium | — | 5.8 | 11y ago | ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemo… | |||
| CVE-2014-9737 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in the Language Switcher Dropdown module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks vi… | |||
| CVE-2014-1750 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in nokia-mapsplaces.php in the Nokia Maps & Places plugin 1.6.6 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks… | |||
| CVE-2014-9672 | medium | — | 5.8 | 12y ago | Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from pr… |