CVEs from 2014
Total
7,864
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-5421 | medium | — | 6.8 | 12y ago | CareFusion Pyxis SupplyStation 8.1 with hardware test tool 1.0.16 and earlier has a hardcoded database password, which makes it easier for local users to gain privileges by leveraging cabinet access. | |||
| CVE-2014-3408 | medium | — | 6.8 | 12y ago | Cross-site scripting (XSS) vulnerability in the web framework in Cisco Prime Optical 10 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq80… | |||
| CVE-2014-4441 | medium | — | 6.8 | 12y ago | NetFS Client Framework in Apple OS X before 10.10 does not ensure that the disabling of File Sharing is always possible, which allows remote attackers to read or write to files by leveraging a state … | |||
| CVE-2014-4437 | medium | — | 6.8 | 12y ago | LaunchServices in Apple OS X before 10.10 allows attackers to bypass intended sandbox restrictions via an application that specifies a crafted handler for the Content-Type field of an object. | |||
| CVE-2014-4391 | medium | — | 6.8 | 12y ago | The Code Signing feature in Apple OS X before 10.10 does not properly handle incomplete resource envelopes in signed bundles, which allows remote attackers to bypass intended app-author restrictions … | |||
| CVE-2014-4351 | medium | — | 6.8 | 12y ago | Buffer overflow in QuickTime in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio samples in an m4a file. | |||
| CVE-2014-8756 | medium | — | 6.8 | 12y ago | The NcrCtl4.NcrNet.1 control in Panasonic Network Camera Recorder before 4.04R03 allows remote attackers to execute arbitrary code via a crafted GetVOLHeader method call, which writes null bytes to a… | |||
| CVE-2014-8755 | medium | — | 6.8 | 12y ago | Panasonic Network Camera View 3 and 4 allows remote attackers to execute arbitrary code via a crafted page, which triggers an invalid pointer dereference, related to "the ability to nullify an arbitr… | |||
| CVE-2014-8074 | medium | — | 6.8 | 12y ago | Buffer overflow in the SetLogFile method in Foxit.FoxitPDFSDKProCtrl.5 in Foxit PDF SDK ActiveX 2.3 through 5.0.1820 before 5.0.2.924 allows remote attackers to execute arbitrary code via a long stri… | |||
| CVE-2014-2066 | medium | — | 6.8 | 12y ago | Jenkins session fixation vulnerability | |||
| CVE-2014-7237 | medium | — | 6.8 | 12y ago | lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windows, allows remote attackers to bypass intended access restrictions and upload files with restricted names via a null byte (%00) i… | |||
| CVE-2014-3686 | medium | — | 6.8 | 12y ago | wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via … | |||
| CVE-2014-6533 | medium | — | 6.8 | 12y ago | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1 and 6.2 allows remote attackers to affect confidentiality, integrity, and availab… | |||
| CVE-2014-6529 | medium | — | 6.8 | 12y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hermon HCA PCIe driver. | |||
| CVE-2014-6506 | medium | — | 6.8 | 12y ago | Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors… | |||
| CVE-2014-6499 | medium | — | 6.8 | 12y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect confidentiality, i… | |||
| CVE-2014-6470 | medium | — | 6.8 | 12y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Archive Utility. | |||
| CVE-2014-6469 | medium | — | 6.8 | 12y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER. | |||
| CVE-2014-6468 | medium | — | 6.8 | 12y ago | Unspecified vulnerability in Oracle Java SE 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | |||
| CVE-2014-2576 | medium | — | 6.8 | 12y ago | plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-… | |||
| CVE-2014-4124 | medium | — | 6.8 | 12y ago | Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability tha… | |||
| CVE-2014-0570 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote atta… | |||
| CVE-2014-8070 | medium | — | 6.8 | 12y ago | Open redirect vulnerability in YOOtheme Pagekit CMS 0.8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to index.ph… | |||
| CVE-2014-3825 | medium | — | 6.8 | 12y ago | The Juniper SRX Series devices with Junos 11.4 before 11.4R12-S4, 12.1X44 before 12.1X44-D40, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D25, and 12.1X47 before 12.1X47-D10, when an Applicati… | |||
| CVE-2014-5328 | medium | — | 6.8 | 12y ago | Buffer overflow in the Webserver component on the Huawei E5332 router before 21.344.27.00.1080 allows remote authenticated users to cause a denial of service (reboot) via a long parameter in an API s… | |||
| CVE-2014-5327 | medium | — | 6.8 | 12y ago | Buffer overflow in the Webserver component on the Huawei E5332 router before 21.344.27.00.1080 allows remote authenticated users to cause a denial of service (reboot) via a long URI. | |||
| CVE-2014-4867 | medium | — | 6.8 | 12y ago | Cryoserver Security Appliance 7.3.x uses weak permissions for /etc/init.d/cryoserver, which allows local users to gain privileges by leveraging access to the support account and running the /bin/cryo… | |||
| CVE-2014-3391 | medium | — | 6.8 | 12y ago | Untrusted search path vulnerability in Cisco ASA Software 8.x before 8.4(3), 8.5, and 8.7 before 8.7(1.13) allows local users to gain privileges by placing a Trojan horse library file in external mem… | |||
| CVE-2014-3390 | medium | — | 6.8 | 12y ago | The Virtual Network Management Center (VNMC) policy implementation in Cisco ASA Software 8.7 before 8.7(1.14), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows local users to obtain Linux root acc… | |||
| CVE-2014-7296 | medium | — | 6.8 | 12y ago | The default configuration in the accessibility engine in SpagoBI 5.0.0 does not set FEATURE_SECURE_PROCESSING, which allows remote authenticated users to execute arbitrary Java code via a crafted XSL… | |||
| CVE-2014-3187 | medium | — | 6.8 | 12y ago | Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain … | |||
| CVE-2014-7273 | medium | — | 6.8 | 12y ago | The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensiti… | |||
| CVE-2014-0994 | medium | — | 6.8 | 12y ago | Heap-based buffer overflow in the ReadDIB function in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder X… | |||
| CVE-2014-0168 | medium | — | 6.8 | 12y ago | Cross-Site Request Forgery in Jolokia | |||
| CVE-2014-6299 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to hijack the authentication of users for requests that create posts via unspe… | |||
| CVE-2014-7158 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in Exinda WAN Optimization Suite 7.0.0 (2160) allows remote attackers to hijack the authentication of administrators for requests that change the admin… | |||
| CVE-2014-6273 | medium | — | 6.8 | 12y ago | Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted… | |||
| CVE-2014-5267 | medium | — | 6.8 | 12y ago | modules/openid/xrds.inc in Drupal 6.x before 6.33 and 7.x before 7.31 allows remote attackers to have unspecified impact via a crafted DOCTYPE declaration in an XRDS document. | |||
| CVE-2014-0992 | medium | — | 6.8 | 12y ago | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the password parameter. | |||
| CVE-2014-0991 | medium | — | 6.8 | 12y ago | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the projectname parameter. | |||
| CVE-2014-0990 | medium | — | 6.8 | 12y ago | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the UserName parameter. | |||
| CVE-2014-0989 | medium | — | 6.8 | 12y ago | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode2 parameter. | |||
| CVE-2014-0988 | medium | — | 6.8 | 12y ago | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode parameter. | |||
| CVE-2014-0987 | medium | — | 6.8 | 12y ago | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName2 parameter. | |||
| CVE-2014-0986 | medium | — | 6.8 | 12y ago | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the GotoCmd parameter. | |||
| CVE-2014-0985 | medium | — | 6.8 | 12y ago | Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName parameter. | |||
| CVE-2014-4350 | medium | — | 6.8 | 12y ago | Buffer overflow in QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIDI file. | |||
| CVE-2014-1391 | medium | — | 6.8 | 12y ago | QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with … | |||
| CVE-2014-4415 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web… | |||
| CVE-2014-4414 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web… | |||
| CVE-2014-4413 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web… | |||
| CVE-2014-4412 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web… | |||
| CVE-2014-4411 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web… | |||
| CVE-2014-4410 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web… | |||
| CVE-2014-4377 | medium | — | 6.8 | 12y ago | Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF docum… | |||
| CVE-2014-2886 | medium | — | 6.8 | 12y ago | GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untr… | |||
| CVE-2014-0993 | medium | — | 6.8 | 12y ago | Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows remote at… | |||
| CVE-2014-6270 | medium | — | 6.8 | 12y ago | Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute … | |||
| CVE-2014-4789 | medium | — | 6.8 | 12y ago | Session fixation vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote attackers to hijack… | |||
| CVE-2014-4783 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote at… | |||
| CVE-2014-0152 | medium | — | 6.8 | 12y ago | Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors. | |||
| CVE-2014-3909 | medium | — | 6.8 | 12y ago | Session fixation vulnerability in Falcon WisePoint 4.1.19.7 and earlier allows remote attackers to hijack web sessions via unspecified vectors. | |||
| CVE-2014-5506 | medium | — | 6.8 | 12y ago | Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file. | |||
| CVE-2014-5505 | medium | — | 6.8 | 12y ago | Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file. | |||
| CVE-2014-2957 | medium | — | 6.8 | 12y ago | The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to … | |||
| CVE-2014-6041 | medium | — | 6.8 | 12y ago | The Android WebView in Android before 4.4 allows remote attackers to bypass the Same Origin Policy via a crafted attribute containing a \u0000 character, as demonstrated by an onclick="window.open('\… | |||
| CVE-2014-2390 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the User Management module in McAfee Network Security Manager (NSM) before 6.1.15.39 7.1.5.x before 7.1.5.15, 7.1.15.x before 7.1.15.7, 7.5.x before… | |||
| CVE-2014-5263 | medium | — | 6.8 | 12y ago | vmstate_xhci_event in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not terminate the list with the VMSTATE_END_OF_LIST macro, which allows attackers to cause a denial of service (out-of-bounds access, infini… | |||
| CVE-2014-5035 | medium | — | 6.8 | 12y ago | The Netconf (TCP) service in OpenDaylight 1.0 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference in an XML-RPC message, rel… | |||
| CVE-2014-3907 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.11 for WordPress allows remote attackers to hijack the authentication of arbitrary u… | |||
| CVE-2014-3061 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote attackers to hijack the authe… | |||
| CVE-2014-2528 | medium | — | 6.8 | 12y ago | kcleanup.cpp in KDirStat 2.7.3 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a ' (single quote) character in the directory… | |||
| CVE-2014-2527 | medium | — | 6.8 | 12y ago | kcleanup.cpp in KDirStat 2.7.0 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a " (double quote) character in the directory… | |||
| CVE-2014-2633 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to hijack the authentication of unspecified victims via unkno… | |||
| CVE-2014-3597 | medium | — | 6.8 | 12y ago | Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or p… | |||
| CVE-2014-5241 | medium | — | 6.8 | 12y ago | The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 accepts certain long callback values and does not restr… | |||
| CVE-2014-4929 | medium | — | 6.8 | 12y ago | Directory traversal vulnerability in the routing component in ownCloud Server before 5.0.17 and 6.0.x before 6.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot d… | |||
| CVE-2014-2518 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Documentum WDK before 6.7SP1 P28 and 6.7SP2 before P15 allow remote attackers to hijack the authentication of arbitrary users. | |||
| CVE-2014-0641 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users. | |||
| CVE-2014-5205 | medium | — | 6.8 | 12y ago | wp-includes/pluggable.php in WordPress before 3.9.2 does not use delimiters during concatenation of action values and uid values in CSRF tokens, which makes it easier for remote attackers to bypass a… | |||
| CVE-2014-5204 | medium | — | 6.8 | 12y ago | wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote atta… | |||
| CVE-2014-0969 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0-FP5 and InfoSphere Master Data Manageme… | |||
| CVE-2014-1390 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1389 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1388 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1387 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1386 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1385 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1384 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-3509 | medium | — | 6.8 | 12y ago | Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL … | |||
| CVE-2014-3337 | medium | — | 6.8 | 12y ago | The SIP implementation in Cisco Unified Communications Manager (CM) 8.6(.2) and earlier allows remote authenticated users to cause a denial of service (process crash) via a crafted SIP message that i… | |||
| CVE-2014-4061 | medium | — | 6.8 | 12y ago | Microsoft SQL Server 2008 SP3, 2008 R2 SP2, and 2012 SP1 does not properly control use of stack memory for processing of T-SQL batch commands, which allows remote authenticated users to cause a denia… | |||
| CVE-2014-4060 | medium | — | 6.8 | 12y ago | Use-after-free vulnerability in MCPlayer.dll in Microsoft Windows Media Center TV Pack for Windows Vista, Windows 7 SP1, and Windows Media Center for Windows 8 and 8.1 allows remote attackers to exec… | |||
| CVE-2014-2819 | medium | — | 6.8 | 12y ago | Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." | |||
| CVE-2014-5199 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the WordPress File Upload plugin (wp-file-upload) before 2.4.2 for WordPress allows remote attackers to hijack the authentication of administrators … | |||
| CVE-2014-4647 | medium | — | 6.8 | 12y ago | Stack-based buffer overflow in the loadExtensionFactory method in the TSVisualization ActiveX control in Embarcadero ER/Studio Data Architect allows remote attackers to execute arbitrary code via uns… | |||
| CVE-2014-3459 | medium | — | 6.8 | 12y ago | Heap-based buffer overflow in SolarWinds Network Configuration Manager (NCM) before 7.3 allows remote attackers to execute arbitrary code via the PEstrarg1 property. | |||
| CVE-2014-0479 | medium | — | 6.8 | 12y ago | reportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 allows remote attackers to execute arbitrary commands via vectors related to compare_versions and reportbug/checkversions.py. | |||
| CVE-2014-3554 | medium | — | 6.8 | 12y ago | Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp allows remote routers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS Search List (DNSSL)… | |||
| CVE-2014-3896 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in CGI programs in Seeds acmailer before 3.8.17 and 3.9.x before 3.9.10 Beta allow remote attackers to hijack the authentication of arbitrar… |