CVEs from 2014
Total
7,862
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-0064 | medium | — | 6.5 | 12y ago | Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remot… | |||
| CVE-2014-0063 | medium | — | 6.5 | 12y ago | Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a den… | |||
| CVE-2014-0061 | medium | — | 6.5 | 12y ago | The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated… | |||
| CVE-2014-0344 | medium | — | 6.5 | 12y ago | Properties.do in ZOHO ManageEngine OpStor before build 8500 does not properly check privilege levels, which allows remote authenticated users to obtain Admin access by using the name parameter in con… | |||
| CVE-2014-2653 | medium | 6.5 | 6.5 | 12y ago | The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertific… | |||
| CVE-2014-0829 | medium | — | 6.5 | 12y ago | Multiple buffer overflows in IBM Rational ClearCase 7.x before 7.1.2.13, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.3 allow remote authenticated users to obtain privileged access via unspecifi… | |||
| CVE-2014-0132 | medium | — | 6.5 | 12y ago | The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SAS… | |||
| CVE-2014-0899 | medium | — | 6.5 | 12y ago | ftpd in IBM AIX 7.1.1 before SP10 and 7.1.2 before SP5, when a Workload Partition (aka WPAR) for AIX 5.2 or 5.3 is used, allows remote authenticated users to bypass intended permission settings and m… | |||
| CVE-2014-2059 | medium | — | 6.5 | 12y ago | Jenkins directory traversal vulnerability | |||
| CVE-2014-0821 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vect… | |||
| CVE-2014-0372 | medium | — | 6.5 | 13y ago | Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.1, and 12.2.2 allows remote authenticated use… | |||
| CVE-2014-5144 | medium | 5.4 | 6.4 | 9y ago | Cross-site scripting (XSS) vulnerability in Telescope before 0.9.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted markdown. | |||
| CVE-2014-9201 | medium | — | 6.4 | 11y ago | Beckwith Electric M-6200 Digital Voltage Regulator Control with firmware before D-0198V04.07.00, M-6200A Digital Voltage Regulator Control with firmware before D-0228V02.01.07, M-2001D Digital Tapcha… | |||
| CVE-2014-8924 | medium | — | 6.4 | 11y ago | The server in IBM License Metric Tool 7.2.2 before IF15 and 7.5 before IF24 and Tivoli Asset Discovery for Distributed 7.2.2 before IF15 and 7.5 before IF24 allows remote attackers to read arbitrary … | |||
| CVE-2014-5409 | medium | — | 6.4 | 11y ago | The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier f… | |||
| CVE-2014-5286 | medium | — | 6.4 | 12y ago | The ActiveMatrix Policy Manager Authentication module in TIBCO ActiveMatrix Policy Agent 3.x before 3.1.2, ActiveMatrix Policy Manager 3.x before 3.1.2, ActiveMatrix Management Agent 1.x before 1.2.1… | |||
| CVE-2014-0227 | medium | — | 6.4 | 12y ago | Improper Input Validation in Apache Tomcat | |||
| CVE-2014-9512 | medium | — | 6.4 | 12y ago | rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path. | |||
| CVE-2014-8268 | medium | — | 6.4 | 12y ago | QPR Portal before 2012.2.1 allows remote attackers to modify or delete notes via a direct request. | |||
| CVE-2014-8370 | medium | — | 6.4 | 12y ago | VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial… | |||
| CVE-2014-6583 | medium | — | 6.4 | 12y ago | Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, and 12.1.3. allows remote attackers to affect confidentiality… | |||
| CVE-2014-6581 | medium | — | 6.4 | 12y ago | Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote … | |||
| CVE-2014-6572 | medium | — | 6.4 | 12y ago | Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote atta… | |||
| CVE-2014-9575 | medium | — | 6.4 | 12y ago | VDG Security SENSE (formerly DIVA) before 2.3.15 allows remote attackers to bypass authentication, and consequently read and modify arbitrary plugin settings, via an encoded : (colon) character in th… | |||
| CVE-2014-4637 | medium | — | 6.4 | 12y ago | Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified par… | |||
| CVE-2014-9447 | medium | — | 6.4 | 12y ago | Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (… | |||
| CVE-2014-9372 | medium | — | 6.4 | 12y ago | Directory traversal vulnerability in the UploadAccountActivities servlet in ManageEngine Password Manager Pro (PMP) before 7103 allows remote attackers to delete arbitrary files via a .. (dot dot) in… | |||
| CVE-2014-9358 | medium | — | 6.4 | 12y ago | Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation o… | |||
| CVE-2014-6255 | medium | — | 6.4 | 12y ago | Open redirect vulnerability in the login form in Zenoss Core before 4.2.5 SP161 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the came_from paramet… | |||
| CVE-2014-8489 | medium | — | 6.4 | 12y ago | Open redirect vulnerability in startSSO.ping in the SP Endpoints in Ping Identity PingFederate 6.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via… | |||
| CVE-2014-9360 | medium | — | 6.4 | 12y ago | XML external entity (XXE) vulnerability in Scalix Web Access 11.4.6.12377 and 12.2.0.14697 allows remote attackers to read arbitrary files and trigger requests to intranet servers via a crafted reque… | |||
| CVE-2014-9351 | medium | — | 6.4 | 12y ago | engine/server/server.cpp in Teeworlds 0.6.x before 0.6.3 allows remote attackers to read memory and cause a denial of service (crash) via unspecified vectors. | |||
| CVE-2014-3068 | medium | — | 6.4 | 12y ago | IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows at… | |||
| CVE-2014-9150 | medium | — | 6.4 | 12y ago | Race condition in the MoveFileEx call hook feature in Adobe Reader and Acrobat 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently write to file… | |||
| CVE-2014-7142 | medium | — | 6.4 | 12y ago | The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size. | |||
| CVE-2014-7141 | medium | — | 6.4 | 12y ago | The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6… | |||
| CVE-2014-9038 | medium | — | 6.4 | 12y ago | wp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to conduct server-side request forgery (SSRF) attacks by referring… | |||
| CVE-2014-7839 | medium | — | 6.4 | 12y ago | XML External Entity Reference in RESTEasy | |||
| CVE-2014-1424 | medium | — | 6.4 | 12y ago | apparmor_parser in the apparmor package before 2.8.95~2430-0ubuntu5.1 in Ubuntu 14.04 allows attackers to bypass AppArmor policies via unspecified vectors, related to a "miscompilation flaw." | |||
| CVE-2014-7194 | medium | — | 6.4 | 12y ago | TIBCO Managed File Transfer Internet Server before 7.2.4, Managed File Transfer Command Center before 7.2.4, Slingshot before 1.9.3, and Vault before 1.1.1 allow remote attackers to obtain sensitive … | |||
| CVE-2014-9022 | medium | — | 6.4 | 12y ago | The Webform Component Roles module 6.x-1.x before 6.x-1.8 and 7.x-1.x before 7.x-1.8 for Drupal allows remote attackers to bypass the "disabled" restriction and modify read-only components via a craf… | |||
| CVE-2014-8769 | medium | — | 6.4 | 12y ago | tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Dist… | |||
| CVE-2014-2684 | medium | — | 6.4 | 12y ago | The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 does not verify that the openid_op_endpoint value i… | |||
| CVE-2014-2681 | medium | — | 6.4 | 12y ago | Several Zend Products Vulnerable to XXE and XEE attacks | |||
| CVE-2014-8566 | medium | — | 6.4 | 12y ago | The mod_auth_mellon module before 0.8.1 allows remote attackers to obtain sensitive information or cause a denial of service (segmentation fault) via unspecified vectors related to a "session overflo… | |||
| CVE-2014-3500 | medium | — | 6.4 | 12y ago | Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL. | |||
| CVE-2014-8582 | medium | — | 6.4 | 12y ago | FortiNet FortiADC-E with firmware 3.1.1 before 4.0.5 and Coyote Point Equalizer with firmware 10.2.0a allows remote attackers to obtain access to arbitrary subnets via unspecified vectors. | |||
| CVE-2014-3697 | medium | — | 6.4 | 12y ago | Absolute path traversal vulnerability in the untar_block function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar ar… | |||
| CVE-2014-3694 | medium | — | 6.4 | 12y ago | The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of … | |||
| CVE-2014-2279 | medium | — | 6.4 | 12y ago | Multiple directory traversal vulnerabilities in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allow (1) remote authenticated users with access to the LogManagement functionality to read arbitrary… | |||
| CVE-2014-6553 | medium | — | 6.4 | 12y ago | Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5 and 11.1.1.7 allows remote attackers to affect confidentiality and integrity via unknown vectors … | |||
| CVE-2014-1577 | medium | — | 6.4 | 12y ago | The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote … | |||
| CVE-2014-7284 | medium | — | 6.4 | 12y ago | The net_get_random_once implementation in net/core/utils.c in the Linux kernel 3.13.x and 3.14.x before 3.14.5 on certain Intel processors does not perform the intended slow-path operation to initial… | |||
| CVE-2014-7185 | medium | — | 6.4 | 12y ago | Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function. | |||
| CVE-2014-6292 | medium | — | 6.4 | 12y ago | TYPO3 femanager extension allows remote frontend users to modify or delete records of other frontend users | |||
| CVE-2014-5319 | medium | — | 6.4 | 12y ago | Directory traversal vulnerability in the S-Link SLFileManager application 1.2.5 and earlier for Android allows remote attackers to write to files via unspecified vectors. | |||
| CVE-2014-5413 | medium | — | 6.4 | 12y ago | Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryp… | |||
| CVE-2014-5412 | medium | — | 6.4 | 12y ago | Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account. | |||
| CVE-2014-3172 | medium | — | 6.4 | 12y ago | The Debugger extension API in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 37.0.2062.94 does not validate a tab's URL before an attach operation, which allows remote attack… | |||
| CVE-2014-3170 | medium | — | 6.4 | 12y ago | extensions/common/url_pattern.cc in Google Chrome before 37.0.2062.94 does not prevent use of a '\0' character in a host name, which allows remote attackers to spoof the extension permission dialog b… | |||
| CVE-2014-5120 | medium | — | 6.4 | 12y ago | gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via … | |||
| CVE-2014-5160 | medium | — | 6.4 | 12y ago | Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or dele… | |||
| CVE-2014-3895 | medium | — | 6.4 | 12y ago | The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/V camera with firmware 1.06 and earlier, TS-WPTCAM camera with firmware 1.08 and earlier, TS-PTCAM camera with firmware 1.08 and … | |||
| CVE-2014-4948 | medium | — | 6.4 | 12y ago | Unspecified vulnerability in Citrix XenServer 6.2 Service Pack 1 and earlier allows attackers to cause a denial of service and obtain sensitive information by modifying the guest virtual hard disk (V… | |||
| CVE-2014-3159 | medium | — | 6.4 | 12y ago | The WebContentsDelegateAndroid::OpenURLFromTab function in components/web_contents_delegate_android/web_contents_delegate_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly… | |||
| CVE-2014-4209 | medium | — | 6.4 | 12y ago | Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity via vectors related to JMX. | |||
| CVE-2014-2493 | medium | — | 6.4 | 12y ago | Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.2.4.0, and 12.1.2.0.0 allows remote attackers to affect confidentiality and availability via … | |||
| CVE-2014-2783 | medium | — | 6.4 | 12y ago | Microsoft Internet Explorer 7 through 11 does not prevent use of wildcard EV SSL certificates, which might allow remote attackers to spoof a trust level by leveraging improper issuance of a wildcard … | |||
| CVE-2014-3308 | medium | — | 6.4 | 12y ago | Cisco IOS XR on Trident line cards in ASR 9000 devices lacks a static punt policer, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted packets, aka B… | |||
| CVE-2014-4507 | medium | — | 6.4 | 12y ago | Directory traversal vulnerability in Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the dst parameter to tftp/fe… | |||
| CVE-2014-3864 | medium | — | 6.4 | 12y ago | Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header lin… | |||
| CVE-2014-3227 | medium | — | 6.4 | 12y ago | dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the "C-style encoded filenames" feature, but is supported in environments with no… | |||
| CVE-2014-1418 | medium | — | 6.4 | 12y ago | Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attacke… | |||
| CVE-2014-2993 | medium | — | 6.4 | 12y ago | The Birebin.com application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted c… | |||
| CVE-2014-2992 | medium | — | 6.4 | 12y ago | The Misli.com application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted cer… | |||
| CVE-2014-0350 | medium | — | 6.4 | 12y ago | The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are r… | |||
| CVE-2014-2269 | medium | — | 6.4 | 12y ago | modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote attackers to reset the password for arbitrary users via a request containing the username, password, and confirmPa… | |||
| CVE-2014-1974 | medium | — | 6.4 | 12y ago | Directory traversal vulnerability in the LYSESOFT AndExplorer application before 20140403 and AndExplorerPro application before 20140405 for Android allows attackers to overwrite or create arbitrary … | |||
| CVE-2014-0071 | medium | — | 6.4 | 12y ago | PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized co… | |||
| CVE-2014-2338 | medium | — | 6.4 | 12y ago | IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set… | |||
| CVE-2014-2439 | medium | — | 6.4 | 12y ago | Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect confidentiality and integrity via unknown vectors … | |||
| CVE-2014-2409 | medium | — | 6.4 | 12y ago | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment. | |||
| CVE-2014-0138 | medium | — | 6.4 | 12y ago | The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, whic… | |||
| CVE-2014-0166 | medium | — | 6.4 | 12y ago | The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it e… | |||
| CVE-2014-1506 | medium | — | 6.4 | 12y ago | Directory traversal vulnerability in Android Crash Reporter in Mozilla Firefox before 28.0 on Android allows attackers to trigger the transmission of local files to arbitrary servers, or cause a deni… | |||
| CVE-2014-0503 | medium | — | 6.4 | 12y ago | Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows remote attackers to bypass the Same Origin Policy via u… | |||
| CVE-2014-2234 | medium | — | 6.4 | 12y ago | A certain Apple patch for OpenSSL in Apple OS X 10.9.2 and earlier uses a Trust Evaluation Agent (TEA) feature without terminating certain TLS/SSL handshakes as specified in the SSL_CTX_set_verify ca… | |||
| CVE-2014-1885 | medium | — | 6.4 | 12y ago | The ForzeArmate application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain write access to external-s… | |||
| CVE-2014-0675 | medium | — | 6.4 | 13y ago | The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers' installations, which makes it easier for remote att… | |||
| CVE-2014-0807 | medium | — | 6.4 | 13y ago | data/class/pages/shopping/LC_Page_Shopping_Deliv.php in LOCKON EC-CUBE 2.4.4 and earlier, and 2.11.0 through 2.12.2, allows remote attackers to modify data via unspecified vectors. | |||
| CVE-2014-9610 | medium | 5.3 | 6.3 | 9y ago | Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user… | |||
| CVE-2014-8677 | medium | 5.3 | 6.3 | 9y ago | The installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create a… | |||
| CVE-2014-8676 | medium | 5.3 | 6.3 | 9y ago | Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL pa… | |||
| CVE-2014-6541 | medium | — | 6.3 | 12y ago | Unspecified vulnerability in the Recovery component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2, when running on Windows, allows remote authenticated users to affec… | |||
| CVE-2014-6465 | medium | — | 6.3 | 12y ago | Unspecified vulnerability in the Oracle Communications Session Border Controller component in Oracle Communications Applications SCX640m5 allows remote authenticated users to affect availability via … | |||
| CVE-2014-3346 | medium | — | 6.3 | 12y ago | The web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) does not validate an unspecified parameter, which allows remote authenticated … | |||
| CVE-2014-4199 | medium | — | 6.3 | 12y ago | vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp. | |||
| CVE-2014-5455 | medium | 5.3 | 6.3 | 12y ago | Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a … | |||
| CVE-2014-2521 | medium | — | 6.3 | 12y ago | EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to read sensitive object metadata via an RPC command. | |||
| CVE-2014-2520 | medium | — | 6.3 | 12y ago | EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL inj… |