CVEs from 2014
Total
7,864
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-6480 | medium | — | 6.5 | 12y ago | Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.1 allows local users to affect confidentiality, integrity, and availability via unknown vecto… | |||
| CVE-2014-7814 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 allows remote authenticated users to execute arbitrary SQL commands via a crafted REST API request to an SQL filter. | |||
| CVE-2014-9595 | medium | — | 6.5 | 12y ago | Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspeci… | |||
| CVE-2014-9594 | medium | — | 6.5 | 12y ago | Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspeci… | |||
| CVE-2014-8027 | medium | — | 6.5 | 12y ago | The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via … | |||
| CVE-2014-9442 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the q parameter in a … | |||
| CVE-2014-9185 | medium | — | 6.5 | 12y ago | Static code injection vulnerability in install.php in Morfy CMS 1.05 allows remote authenticated users to inject arbitrary PHP code into config.php via the site_url parameter. | |||
| CVE-2014-6080 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote authenticated users… | |||
| CVE-2014-4844 | medium | — | 6.5 | 12y ago | The import/export functionality in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 allows remote authenticated users to bypass intended access… | |||
| CVE-2014-8248 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote authenticated users to execute arbitrary SQL commands via a crafted query. | |||
| CVE-2014-8010 | medium | — | 6.5 | 12y ago | The web framework in Cisco Unified Communications Domain Manager 8 allows remote authenticated administrators to execute arbitrary OS commands via crafted values, aka Bug ID CSCuq50205. | |||
| CVE-2014-8103 | medium | — | 6.5 | 12y ago | X.Org Server (aka xserver and xorg-server) 1.15.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitra… | |||
| CVE-2014-8102 | medium | — | 6.5 | 12y ago | The SProcXFixesSelectSelectionInput function in the XFixes extension in X.Org X Window System (aka X11 or X) X11R6.8.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authe… | |||
| CVE-2014-8101 | medium | — | 6.5 | 12y ago | The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of… | |||
| CVE-2014-8100 | medium | — | 6.5 | 12y ago | The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial o… | |||
| CVE-2014-8099 | medium | — | 6.5 | 12y ago | The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial o… | |||
| CVE-2014-8098 | medium | — | 6.5 | 12y ago | The GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of ser… | |||
| CVE-2014-8097 | medium | — | 6.5 | 12y ago | The DBE extension in X.Org X Window System (aka X11 or X) X11R6.1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-b… | |||
| CVE-2014-8096 | medium | — | 6.5 | 12y ago | The SProcXCMiscGetXIDList function in the XC-MISC extension in X.Org X Window System (aka X11 or X) X11R6.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated us… | |||
| CVE-2014-8095 | medium | — | 6.5 | 12y ago | The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-… | |||
| CVE-2014-8094 | medium | — | 6.5 | 12y ago | Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserver and xorg-server) 1.7.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a… | |||
| CVE-2014-8093 | medium | — | 6.5 | 12y ago | Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated u… | |||
| CVE-2014-8092 | medium | — | 6.5 | 12y ago | Multiple integer overflows in X.Org X Window System (aka X11 or X) X11R1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (cr… | |||
| CVE-2014-8789 | medium | — | 6.5 | 12y ago | GleamTech FileVista before 6.1 allows remote authenticated users to create arbitrary files and possibly execute arbitrary code via a crafted path in a zip archive, which is not properly handled durin… | |||
| CVE-2014-8959 | medium | — | 6.5 | 12y ago | Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authentica… | |||
| CVE-2014-9102 | medium | — | 6.5 | 12y ago | Multiple SQL injection vulnerabilities in the Kunena component before 3.0.6 for Joomla! allow remote authenticated users to execute arbitrary SQL commands via the index value in an array parameter, a… | |||
| CVE-2014-8558 | medium | — | 6.5 | 12y ago | JExperts Channel Platform 5.0.33_CCB allows remote authenticated users to bypass access restrictions via crafted action and key parameters. | |||
| CVE-2014-8417 | medium | — | 6.5 | 12y ago | ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vecto… | |||
| CVE-2014-7871 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API c… | |||
| CVE-2014-7137 | medium | — | 6.5 | 12y ago | Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM before 3.6.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) contactid parameter in an addcontact action, (2)… | |||
| CVE-2014-8999 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in htdocs/modules/system/admin.php in XOOPS before 2.5.7 Final allows remote authenticated users to execute arbitrary SQL commands via the selgroups parameter. | |||
| CVE-2014-0233 | medium | — | 6.5 | 12y ago | Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartr… | |||
| CVE-2014-7959 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the t… | |||
| CVE-2014-5387 | medium | — | 6.5 | 12y ago | Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] paramet… | |||
| CVE-2014-0204 | medium | — | 6.5 | 12y ago | OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges th… | |||
| CVE-2014-8334 | medium | — | 6.5 | 12y ago | The WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) $backup['filepath'] (aka … | |||
| CVE-2014-3366 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka… | |||
| CVE-2014-8531 | medium | — | 6.5 | 12y ago | The TLS/SSL Server in McAfee Network Data Loss Prevention (NDLP) before 9.3 uses weak cipher algorithms, which makes it easier for remote authenticated users to execute arbitrary code via unspecified… | |||
| CVE-2014-4808 | medium | — | 6.5 | 12y ago | Unspecified vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 allows remote authe… | |||
| CVE-2014-3520 | medium | — | 6.5 | 12y ago | OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has … | |||
| CVE-2014-4833 | medium | — | 6.5 | 12y ago | IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote authenticated users to gain privileges via invalid input. | |||
| CVE-2014-3573 | medium | — | 6.5 | 12y ago | The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, uses an "insecure DocumentBuilderFactory," which allows remote attackers to read arbitrary files or… | |||
| CVE-2014-6283 | medium | — | 6.5 | 12y ago | SAP Adaptive Server Enterprise (ASE) 15.7 before SP122 or SP63, 15.5 before ESD#5.4, and 15.0.3 before ESD#4.4 does not properly restrict access, which allows remote authenticated database users to (… | |||
| CVE-2014-2062 | medium | — | 6.5 | 12y ago | Jenkins does not invalidate the API token when a user is deleted | |||
| CVE-2014-2058 | medium | — | 6.5 | 12y ago | Jenkins allows attackers to execute arbitrary jobs | |||
| CVE-2014-6555 | medium | — | 6.5 | 12y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related… | |||
| CVE-2014-6537 | medium | — | 6.5 | 12y ago | Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrit… | |||
| CVE-2014-6530 | medium | — | 6.5 | 12y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors relat… | |||
| CVE-2014-8750 | medium | — | 6.5 | 12y ago | Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance tha… | |||
| CVE-2014-3642 | medium | — | 6.5 | 12y ago | vmdb/app/controllers/application_controller/performance.rb in Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to gain privileges via unspecified vectors, … | |||
| CVE-2014-2643 | medium | — | 6.5 | 12y ago | Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.4 allows remote authenticated users to gain privileges via unknown vectors. | |||
| CVE-2014-4793 | medium | — | 6.5 | 12y ago | IBM WebSphere MQ 8.x before 8.0.0.1 does not properly enforce CHLAUTH rules for blocking client connections in certain circumstances related to the CONNAUTH attribute, which allows remote authenticat… | |||
| CVE-2014-6055 | medium | — | 6.5 | 12y ago | Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly … | |||
| CVE-2014-5324 | medium | — | 6.5 | 12y ago | Unrestricted file upload vulnerability in the N-Media file uploader plugin before 3.4 for WordPress allows remote authenticated users to execute arbitrary PHP code by leveraging Author privileges to … | |||
| CVE-2014-4824 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in IBM Security QRadar SIEM 7.2 before 7.2.3 Patch 1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-2378 | medium | — | 6.5 | 12y ago | Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not verify the integrity of downloaded updates, which allows remote attackers to execute arbitrary code… | |||
| CVE-2014-6252 | medium | — | 6.5 | 12y ago | Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbi… | |||
| CVE-2014-3041 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2 allows re… | |||
| CVE-2014-4767 | medium | — | 6.5 | 12y ago | IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.3 does not properly use the Liberty Repository for feature installation, which allows remote authenticated users to execute a… | |||
| CVE-2014-2517 | medium | — | 6.5 | 12y ago | Unspecified vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to gain privileges via unknown vectors. | |||
| CVE-2014-0966 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Produc… | |||
| CVE-2014-3339 | medium | — | 6.5 | 12y ago | Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to ex… | |||
| CVE-2014-3336 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in the web framework in Cisco Unity Connection 9.1(2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted request, aka Bug ID CSC… | |||
| CVE-2014-5186 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in the All Video Gallery (all-video-gallery) plugin 1.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in … | |||
| CVE-2014-5184 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in the stripshow-storylines page in the stripShow plugin 2.5.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the story par… | |||
| CVE-2014-5183 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in includes/mode-edit.php in the Simple Retail Menus (simple-retail-menus) plugin before 4.1 for WordPress allows remote authenticated editors to execute arbitrary SQL com… | |||
| CVE-2014-3326 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in the web framework in Cisco Security Manager 4.5 and 4.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCup269… | |||
| CVE-2014-3043 | medium | — | 6.5 | 12y ago | IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.3 allows remote authenticated users to gain privileges by leveraging access to the service account. | |||
| CVE-2014-2365 | medium | — | 6.5 | 12y ago | Unspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to create or delete arbitrary files via unknown vectors. | |||
| CVE-2014-4258 | medium | — | 6.5 | 12y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availabil… | |||
| CVE-2014-4236 | medium | — | 6.5 | 12y ago | Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.2.0.4 and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unkn… | |||
| CVE-2014-2484 | medium | — | 6.5 | 12y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related… | |||
| CVE-2014-3480 | medium | 6.5 | 6.5 | 12y ago | The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows r… | |||
| CVE-2014-3478 | medium | 6.5 | 6.5 | 12y ago | Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial … | |||
| CVE-2014-0207 | medium | 6.5 | 6.5 | 12y ago | The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (… | |||
| CVE-2014-4649 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in the photo-edit subsystem in Piwigo 2.6.x and 2.7.x before 2.7.0beta2 allows remote authenticated administrators to execute arbitrary SQL commands via the associate[] fi… | |||
| CVE-2014-3810 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the members[] parameter… | |||
| CVE-2014-2949 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in the web service in F5 ARX Data Manager 3.0.0 through 3.1.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-4046 | medium | — | 6.5 | 12y ago | Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMo… | |||
| CVE-2014-3417 | medium | — | 6.5 | 12y ago | uPortal before 4.0.13.1 does not properly check the CONFIG permission, which allows remote authenticated users to configure portlets by leveraging the SUBSCRIBE permission for a portlet. | |||
| CVE-2014-3416 | medium | — | 6.5 | 12y ago | uPortal before 4.0.13.1 does not properly check the MANAGE permissions, which allows remote authenticated users to manage arbitrary portlets by leveraging the SUBSCRIBE permission for the portlet-adm… | |||
| CVE-2014-3275 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted … | |||
| CVE-2014-2948 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in workflowenginesoa.asmx in Bizagi BPM Suite through 10.4 allows remote authenticated users to execute arbitrary SQL commands via a crafted SOAP request. | |||
| CVE-2014-3453 | medium | — | 6.5 | 12y ago | Eval injection vulnerability in the flag_import_form_validate function in includes/flag.export.inc in the Flag module 7.x-3.0, 7.x-3.5, and earlier for Drupal allows remote authenticated administrato… | |||
| CVE-2014-0137 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in the saved_report_delete action in the ReportController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to execute arbitr… | |||
| CVE-2014-2602 | medium | — | 6.5 | 12y ago | Unspecified vulnerability in HP OneView 1.0 and 1.01 allows remote authenticated users to gain privileges via unknown vectors. | |||
| CVE-2014-2558 | medium | — | 6.5 | 12y ago | The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a \' (backslash quote) in the setting field… | |||
| CVE-2014-2565 | medium | — | 6.5 | 12y ago | The commandline interface in Blue Coat Content Analysis System (CAS) 1.1 before 1.1.4.2 allows remote administrators to execute arbitrary commands via unspecified vectors, related to "command injecti… | |||
| CVE-2014-1957 | medium | — | 6.5 | 12y ago | FortiGuard FortiWeb before 5.0.3 allows remote authenticated users to gain privileges via unspecified vectors. | |||
| CVE-2014-1523 | medium | 6.5 | 6.5 | 12y ago | Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a… | |||
| CVE-2014-2328 | medium | — | 6.5 | 12y ago | lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors. | |||
| CVE-2014-2654 | medium | — | 6.5 | 12y ago | Multiple SQL injection vulnerabilities in MobFox mAdserve 2.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) edit_ad_unit.php, (2) view_adu… | |||
| CVE-2014-0111 | medium | — | 6.5 | 12y ago | Apache Syncope JEXL Code Injection | |||
| CVE-2014-2444 | medium | — | 6.5 | 12y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to InnoDB. | |||
| CVE-2014-2436 | medium | — | 6.5 | 12y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related… | |||
| CVE-2014-2411 | medium | — | 6.5 | 12y ago | Unspecified vulnerability in the Oracle Identity Analytics component in Oracle Fusion Middleware Oracle Identity Analytics 11.1.1.5 and Sun Role Manager 5.0 allows remote authenticated users to affec… | |||
| CVE-2014-2862 | medium | — | 6.5 | 12y ago | PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not check authorization in unspecified situations, which allows remote authenticated users to perform actions via unknown vectors. | |||
| CVE-2014-2655 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in the gen_show_status function in functions.inc.php in Postfix Admin (aka postfixadmin) before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands v… | |||
| CVE-2014-2669 | medium | — | 6.5 | 12y ago | Multiple integer overflows in contrib/hstore/hstore_io.c in PostgreSQL 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have un… | |||
| CVE-2014-0065 | medium | — | 6.5 | 12y ago | Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact… |