CVEs from 2014
Total
7,865
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-0476 | low | — | 4.7 | 12y ago | The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerabilit… | |||
| CVE-2014-2477 | low | — | 4.6 | 12y ago | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availa… | |||
| CVE-2014-9311 | low | — | 4.5 | 11y ago | Cross-site scripting (XSS) vulnerability in admin.php in the Shareaholic plugin before 7.6.1.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the location[… | |||
| CVE-2014-9224 | low | — | 4.5 | 12y ago | Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec … | |||
| CVE-2014-9434 | low | — | 4.5 | 12y ago | Cross-site scripting (XSS) vulnerability in admin/managerrelated.php in the administrative backend in Absolut Engine 1.73 allows remote authenticated users to inject arbitrary web script or HTML via … | |||
| CVE-2014-9098 | low | — | 4.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly before 2014-07-23, for WordPress allow remote authenticated users… | |||
| CVE-2014-2021 | low | — | 4.5 | 12y ago | Cross-site scripting (XSS) vulnerability in admincp/apilog.php in vBulletin 4.2.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a c… | |||
| CVE-2014-5276 | low | — | 4.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to inject arbitrary web script or HTML via (1) an uploaded profile picture… | |||
| CVE-2014-2995 | low | — | 4.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in twitget.php in the Twitget plugin before 3.3.3 for WordPress allow remote authenticated administrators to inject arbitrary web script or HTML vi… | |||
| CVE-2014-3740 | low | — | 4.5 | 12y ago | Cross-site scripting (XSS) vulnerability in SpiceWorks before 7.2.00195 allows remote authenticated users to inject arbitrary web script or HTML via the Summary field in a ticket request to the porta… | |||
| CVE-2014-3544 | low | — | 4.5 | 12y ago | Moodle cross-site scripting (XSS) vulnerability | |||
| CVE-2014-0894 | low | — | 4.5 | 12y ago | RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows context-dependent attackers to discover database credentials by reading the DbUser and Db… | |||
| CVE-2014-0910 | low | — | 4.5 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, and 7.0.0 through 7.0.0.2 CF28 allows remote authenticated users to inject… | |||
| CVE-2014-3840 | low | — | 4.5 | 12y ago | Mayan EDMS multiple cross-site scripting (XSS) vulnerabilities | |||
| CVE-2014-2091 | low | — | 4.5 | 12y ago | Cross-site scripting (XSS) vulnerability in mods/_standard/forums/admin/forum_add.php in ATutor 2.1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the title p… | |||
| CVE-2014-2090 | low | — | 4.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in ilias.php in ILIAS 4.4.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tar, (2) tar_val, or (3) title para… | |||
| CVE-2014-0334 | low | — | 4.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple allow remote authenticated users to inject arbitrary web script or HTML via (1) the group parameter to admin/addgroup.php, (2) t… | |||
| CVE-2014-3566 | low | 3.4 | 4.4 | 12y ago | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a pad… | |||
| CVE-2014-8607 | low | — | 3.1 | 11y ago | The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! provides the MySQL username and password on the command line, which allows local users to obtain sensitive information via the ps command. | |||
| CVE-2014-100039 | low | — | 3.1 | 12y ago | mbae.sys in Malwarebytes Anti-Exploit before 1.05.1.2014 allows local users to cause a denial of service (crash) via a crafted size in an unspecified IOCTL call, which triggers an out-of-bounds read.… | |||
| CVE-2014-9418 | low | — | 3.1 | 12y ago | The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei eSpace Desktop before V200R001C03 allows local users to cause a denial of service (memory overflow) via unspecified vectors. | |||
| CVE-2014-9417 | low | — | 3.1 | 12y ago | The Meeting component in Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted image. | |||
| CVE-2014-4703 | low | — | 3.1 | 12y ago | lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists beca… | |||
| CVE-2014-1739 | low | — | 3.1 | 12y ago | The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive in… | |||
| CVE-2014-9415 | low | — | 2.9 | 12y ago | Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted QES file. |