CVEs from 2014
Total
7,864
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-4677 | high | 7.8 | 7.8 | 9y ago | The installPackage function in the installerHelper subcomponent in Libmacgpg in GPG Suite before 2015.06 allows local users to execute arbitrary commands with root privileges via shell metacharacters… | |||
| CVE-2014-9914 | high | 7.8 | 7.8 | 10y ago | Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by … | |||
| CVE-2014-9891 | high | 7.8 | 7.8 | 10y ago | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain buffer addresses, which allows attackers to gain privileges via a crafted a… | |||
| CVE-2014-9890 | high | 7.8 | 7.8 | 10y ago | Off-by-one error in drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileg… | |||
| CVE-2014-9889 | high | 7.8 | 7.8 | 10y ago | drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate CPP frame messages, which allows attackers to gai… | |||
| CVE-2014-9888 | high | 7.8 | 7.8 | 10y ago | arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not prevent executable DMA mappings, which might… | |||
| CVE-2014-9887 | high | 7.8 | 7.8 | 10y ago | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain length values, which allows attackers to gain privileges via a… | |||
| CVE-2014-9886 | high | 7.8 | 7.8 | 10y ago | arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers … | |||
| CVE-2014-9885 | high | 7.8 | 7.8 | 10y ago | Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application t… | |||
| CVE-2014-9884 | high | 7.8 | 7.8 | 10y ago | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain pointers, which allows attackers to gain privileges via a craf… | |||
| CVE-2014-9883 | high | 7.8 | 7.8 | 10y ago | Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive inform… | |||
| CVE-2014-9882 | high | 7.8 | 7.8 | 10y ago | Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, ak… | |||
| CVE-2014-9881 | high | 7.8 | 7.8 | 10y ago | drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices uses an incorrect integer data type, which allows attackers to gain privileges or ca… | |||
| CVE-2014-9880 | high | 7.8 | 7.8 | 10y ago | drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate VEN_IOCTL_GET_SEQUENCE_HDR ioctl calls, which allows attac… | |||
| CVE-2014-9879 | high | 7.8 | 7.8 | 10y ago | The mdss mdp3 driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate user-space data, which allows attackers to gain privileges via a crafted application,… | |||
| CVE-2014-9878 | high | 7.8 | 7.8 | 10y ago | drivers/mmc/card/mmc_block_test.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not reject kernel-space buffer addresses, which allows attackers to gain privileges v… | |||
| CVE-2014-9877 | high | 7.8 | 7.8 | 10y ago | drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices mishandles a user-space pointer, which allo… | |||
| CVE-2014-9876 | high | 7.8 | 7.8 | 10y ago | drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain privi… | |||
| CVE-2014-9875 | high | 7.8 | 7.8 | 10y ago | drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application that sends short DCI reque… | |||
| CVE-2014-9874 | high | 7.8 | 7.8 | 10y ago | Buffer overflow in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, related to arch/arm/mac… | |||
| CVE-2014-9873 | high | 7.8 | 7.8 | 10y ago | Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive infor… | |||
| CVE-2014-9872 | high | 7.8 | 7.8 | 10y ago | The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a cr… | |||
| CVE-2014-9871 | high | 7.8 | 7.8 | 10y ago | Multiple buffer overflows in drivers/media/platform/msm/camera_v2/isp/msm_isp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allow attackers to gain pr… | |||
| CVE-2014-9870 | high | 7.8 | 7.8 | 10y ago | The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allow… | |||
| CVE-2014-9869 | high | 7.8 | 7.8 | 10y ago | drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain index values, which all… | |||
| CVE-2014-9868 | high | 7.8 | 7.8 | 10y ago | drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via an appl… | |||
| CVE-2014-9867 | high | 7.8 | 7.8 | 10y ago | drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate the number of streams, which allo… | |||
| CVE-2014-9866 | high | 7.8 | 7.8 | 10y ago | drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate a certain parameter, which allows… | |||
| CVE-2014-9865 | high | 7.8 | 7.8 | 10y ago | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly restrict user-space input, which allows attackers to gain privileges v… | |||
| CVE-2014-9864 | high | 7.8 | 7.8 | 10y ago | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate ioctl calls, which allows attackers to gain privileges via a crafted a… | |||
| CVE-2014-9863 | high | 7.8 | 7.8 | 10y ago | Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a … | |||
| CVE-2014-9862 | high | 7.8 | 7.8 | 10y ago | Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (he… | |||
| CVE-2014-9803 | high | 7.8 | 7.8 | 10y ago | arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Android before 2016-07-05 on Nexus 5X and 6P devices, mishandles execute-only pages, which allows attack… | |||
| CVE-2014-9802 | high | 7.8 | 7.8 | 10y ago | Multiple integer overflows in lib/libfdt/fdt.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, ak… | |||
| CVE-2014-9801 | high | 7.8 | 7.8 | 10y ago | Multiple integer overflows in lib/libfdt/fdt_rw.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android … | |||
| CVE-2014-9800 | high | 7.8 | 7.8 | 10y ago | Integer overflow in lib/heap/heap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android … | |||
| CVE-2014-9799 | high | 7.8 | 7.8 | 10y ago | The makefile in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices omits the -fno-strict-overflow option to gcc, which might allow attackers to gain privileges via a… | |||
| CVE-2014-9796 | high | 7.8 | 7.8 | 10y ago | app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the page size in the kernel header, which allows attackers to bypass intend… | |||
| CVE-2014-9795 | high | 7.8 | 7.8 | 10y ago | app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices does not properly check for an integer overflow, which allows attackers to bypass intended access restrict… | |||
| CVE-2014-9793 | high | 7.8 | 7.8 | 10y ago | platform/msm_shared/mmc.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles the power-on write-protect feature, which allows attackers to gain privileges vi… | |||
| CVE-2014-9792 | high | 7.8 | 7.8 | 10y ago | arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices uses an incorrect integer data type, which allows attackers to gain privileges via a crafted … | |||
| CVE-2014-9790 | high | 7.8 | 7.8 | 10y ago | drivers/mmc/core/debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate pointers used in read and write operations, which allows attackers… | |||
| CVE-2014-9789 | high | 7.8 | 7.8 | 10y ago | The (1) alloc and (2) free APIs in arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices do not validate parameters, which allows attack… | |||
| CVE-2014-9788 | high | 7.8 | 7.8 | 10y ago | Multiple buffer overflows in the voice drivers in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android int… | |||
| CVE-2014-9787 | high | 7.8 | 7.8 | 10y ago | Integer overflow in drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android… | |||
| CVE-2014-9786 | high | 7.8 | 7.8 | 10y ago | Heap-based buffer overflow in drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attack… | |||
| CVE-2014-9785 | high | 7.8 | 7.8 | 10y ago | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate addresses before copying data, which allows attackers to gain privileges via… | |||
| CVE-2014-9784 | high | 7.8 | 7.8 | 10y ago | Multiple buffer overflows in drivers/char/diag/diag_debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted … | |||
| CVE-2014-9783 | high | 7.8 | 7.8 | 10y ago | drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate certain values, which allows attackers to… | |||
| CVE-2014-9782 | high | 7.8 | 7.8 | 10y ago | drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate direction and step parame… | |||
| CVE-2014-9781 | high | 7.8 | 7.8 | 10y ago | Buffer overflow in drivers/video/fbcmap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android … | |||
| CVE-2014-9780 | high | 7.8 | 7.8 | 10y ago | drivers/video/msm/mdss/mdp3_ctrl.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5, 5X, and 6P devices does not validate start and length values, which allows attackers to gain pri… | |||
| CVE-2014-9779 | high | 7.8 | 7.8 | 10y ago | arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to obtain sensitive information from kernel memory via a crafted … | |||
| CVE-2014-9778 | high | 7.8 | 7.8 | 10y ago | The vid_dec_set_h264_mv_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the numb… | |||
| CVE-2014-9777 | high | 7.8 | 7.8 | 10y ago | The vid_dec_set_meta_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number … | |||
| CVE-2014-9904 | high | 7.8 | 7.8 | 10y ago | The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users … | |||
| CVE-2014-6451 | high | — | 7.8 | 11y ago | J-Web in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote attackers to cause a denial of service (system reboot) via unspecified vectors. | |||
| CVE-2014-6450 | high | — | 7.8 | 11y ago | Juniper Junos OS before 11.4R12-S4, 12.1X44 before 12.1X44-D41, 12.1X46 before 12.1X46-D26, 12.1X47 before 12.1X47-D11/D15, 12.2 before 12.2R9, 12.2X50 before 12.2X50-D70, 12.3 before 12.3R8, 12.3X48… | |||
| CVE-2014-9744 | high | — | 7.8 | 11y ago | Memory leak in PolarSSL before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of ClientHello messages. NOTE: this identifier was SPLIT from CVE-20… | |||
| CVE-2014-8628 | high | — | 7.8 | 11y ago | Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted X.509 certificates. NOTE: this id… | |||
| CVE-2014-1972 | high | — | 7.8 | 11y ago | Apache Tapestry Unsafe Object Storage | |||
| CVE-2014-0230 | high | — | 7.8 | 11y ago | Uncontrolled Resource Consumption in Apache Tomcat | |||
| CVE-2014-9369 | high | — | 7.8 | 11y ago | Siemens SPC controllers SPC4000, SPC5000, and SPC6000 before 3.6.0 allow remote attackers to cause a denial of service (device restart) via crafted packets. | |||
| CVE-2014-8892 | high | — | 7.8 | 11y ago | Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 … | |||
| CVE-2014-9402 | high | — | 7.8 | 11y ago | The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denia… | |||
| CVE-2014-6154 | high | — | 7.8 | 12y ago | Directory traversal vulnerability in IBM Optim Performance Manager for DB2 4.1.0.1 through 4.1.1 on Linux, UNIX, and Windows and IBM InfoSphere Optim Performance Manager for DB2 5.1 through 5.3.1 on … | |||
| CVE-2014-9331 | medium | — | 7.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine Desktop Central before 9 build 90130 allows remote attackers to hijack the authentication of administrators for requests that add … | |||
| CVE-2014-8613 | high | — | 7.8 | 12y ago | The sctp module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a cr… | |||
| CVE-2014-7266 | high | — | 7.8 | 12y ago | Algorithmic complexity vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x through 3.1.2 allows remote attackers to cause a denial of service (CPU consumption) via vectors that trigg… | |||
| CVE-2014-8008 | medium | — | 7.8 | 12y ago | Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full p… | |||
| CVE-2014-8478 | high | — | 7.8 | 12y ago | The web server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote attackers to cause a denial of service (reboot) via malfo… | |||
| CVE-2014-9598 | medium | — | 7.8 | 12y ago | The picture_Release function in misc/picture.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (write access violation) via a crafted… | |||
| CVE-2014-9597 | medium | — | 7.8 | 12y ago | The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (DEP violation and applicatio… | |||
| CVE-2014-3018 | high | — | 7.8 | 12y ago | IBM BladeCenter SAS Connectivity Module (aka NSSM) and SAS RAID Module (aka RSSM) before 1.3.3.006 allow remote attackers to cause a denial of service (reboot) via a flood of IP packets. | |||
| CVE-2014-6386 | high | — | 7.8 | 12y ago | Juniper Junos 11.4 before 11.4R8, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R9, 12.3R2 before 12.3R2-S3, 12.3 bef… | |||
| CVE-2014-10019 | medium | — | 7.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in webconfig/wlan/country.html/country in the Teracom T2-B-Gawv1.4U10Y-BI modem allow remote attackers to hijack the authentication of admin… | |||
| CVE-2014-10014 | medium | — | 7.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Event Booking Calendar 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change … | |||
| CVE-2014-10008 | medium | — | 7.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Stark CRM 1.0 allow remote attackers to hijack the authentication of administrators for requests that add (1) an administrator via a craf… | |||
| CVE-2014-10001 | medium | — | 7.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Appointment Scheduler 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) conduct … | |||
| CVE-2014-2598 | medium | — | 7.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Quick Page/Post Redirect plugin before 5.0.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests t… | |||
| CVE-2014-9428 | high | — | 7.8 | 12y ago | The batadv_frag_merge_packets function in net/batman-adv/fragmentation.c in the B.A.T.M.A.N. implementation in the Linux kernel through 3.18.1 uses an incorrect length field during a calculation of a… | |||
| CVE-2014-5359 | high | — | 7.8 | 12y ago | Directory traversal vulnerability in SafeNet Authentication Service (SAS) Outlook Web Access Agent (formerly CRYPTOCard) before 1.03.30109 allows remote attackers to read arbitrary files via a .. (do… | |||
| CVE-2014-9192 | high | — | 7.8 | 12y ago | Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (serv… | |||
| CVE-2014-8500 | high | — | 7.8 | 12y ago | ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and nam… | |||
| CVE-2014-9344 | medium | — | 7.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in Snowfox CMS before 1.0.10 allows remote attackers to hijack the authentication of administrators for requests that add a new admin account via a sub… | |||
| CVE-2014-9265 | medium | — | 7.8 | 12y ago | Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ActiveX control in Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2014-7256 | high | — | 7.8 | 12y ago | The (1) PPP Access Concentrator (PPPAC) and (2) Dial-Up Networking Internet Initiative Japan Inc. SEIL series routers SEIL/x86 Fuji 1.00 through 3.22; SEIL/X1, SEIL/X2, and SEIL/B1 1.00 through 4.62;… | |||
| CVE-2014-8773 | medium | — | 7.8 | 12y ago | MODX Revolution 2.x before 2.2.15 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism by (1) omitting the CSRF token or via a (2) long string in the CSRF toke… | |||
| CVE-2014-8429 | medium | — | 7.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in Xavoc Technocrats xEpan CMS 1.0.4.1, 1.0.4, 1.0.1, and earlier allows remote attackers to hijack the authentication of administrators for requests t… | |||
| CVE-2014-9101 | medium | — | 7.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall 1.7.0 (build 7907 and 7906) and SkaDate Lite 2.0 (build 7651) allow remote attackers to hijack the authentication of administrator… | |||
| CVE-2014-9099 | medium | — | 7.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspeci… | |||
| CVE-2014-8678 | high | — | 7.8 | 12y ago | The ConfigSaveServlet servlet in ManageEngine OpUtils before build 71024 allows remote attackers to "disclose" files via a crafted filename, related to "saveFile." | |||
| CVE-2014-5395 | medium | — | 7.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.0… | |||
| CVE-2014-8953 | medium | — | 7.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Php Scriptlerim Who's Who script allow remote attackers to hijack the authentication of administrators or requests that (1) add an admin … | |||
| CVE-2014-8948 | medium | — | 7.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote attackers to hijack the authentication of administrators for requests that… | |||
| CVE-2014-8369 | high | 7.8 | 7.8 | 12y ago | The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to caus… | |||
| CVE-2014-7826 | high | 7.8 | 7.8 | 12y ago | kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or ca… | |||
| CVE-2014-7825 | high | 7.8 | 7.8 | 12y ago | kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the perf subsystem, which allows local users to cause a denial of servi… | |||
| CVE-2014-8662 | high | — | 7.8 | 12y ago | Unspecified vulnerability in SAP Payroll Process allows remote attackers to cause a denial of service via vectors related to session handling. | |||
| CVE-2014-8654 | medium | — | 7.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway hardware 1.0 with firmware CH6640-3.5.11.7-NOSH allow remote attacke… |