CVEs from 2014
Total
7,862
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-8775 | medium | — | 6.0 | 12y ago | MODX Revolution 2.x before 2.2.15 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive informat… | |||
| CVE-2014-9181 | medium | — | 6.0 | 12y ago | Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the URI to (1) manage/ or (2) web/ or remote auth… | |||
| CVE-2014-7816 | medium | — | 6.0 | 12y ago | Improper Limitation of a Pathname to a Restricted Directory in JBoss Undertow | |||
| CVE-2014-8801 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin before 1.7.15 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the QUER… | |||
| CVE-2014-8799 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (do… | |||
| CVE-2014-9034 | medium | — | 6.0 | 12y ago | wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long … | |||
| CVE-2014-9016 | medium | — | 6.0 | 12y ago | The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service (CPU and m… | |||
| CVE-2014-8768 | medium | — | 6.0 | 12y ago | Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a… | |||
| CVE-2014-8493 | medium | — | 6.0 | 12y ago | ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1. | |||
| CVE-2014-8995 | medium | — | 6.0 | 12y ago | SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie. | |||
| CVE-2014-7992 | medium | — | 6.0 | 12y ago | The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, a… | |||
| CVE-2014-2268 | medium | — | 6.0 | 12y ago | views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the … | |||
| CVE-2014-8555 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the selection parameter. | |||
| CVE-2014-8652 | medium | — | 6.0 | 12y ago | Elipse E3 3.x and earlier allows remote attackers to cause a denial of service (application crash and plant outage) via a rapid series of HTTP requests to index.html on TCP port 1681. | |||
| CVE-2014-8657 | medium | — | 6.0 | 12y ago | The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to cause a denial of service (disconnect all wifi clients) via … | |||
| CVE-2014-8655 | medium | — | 6.0 | 12y ago | The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to bypass authentication and obtain sensitive information via a… | |||
| CVE-2014-0995 | medium | — | 6.0 | 12y ago | The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the… | |||
| CVE-2014-4311 | medium | — | 6.0 | 12y ago | Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allows attackers to obtain the (1) Database Connection and (2) E-mail Connection passwords by reading HTML source code of the database connection a… | |||
| CVE-2014-4839 | medium | — | 6.0 | 12y ago | Cross-site request forgery (CSRF) vulnerability in birtviewer.query in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 … | |||
| CVE-2014-6251 | medium | — | 6.0 | 12y ago | Stack-based buffer overflow in CPUMiner before 2.4.1 allows remote attackers to have an unspecified impact by sending a mining.subscribe response with a large nonce2 length, then triggering the overf… | |||
| CVE-2014-5094 | medium | — | 6.0 | 12y ago | Status2k allows remote attackers to obtain configuration information via a phpinfo action in a request to status/index.php, which calls the phpinfo function. | |||
| CVE-2014-6308 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php. | |||
| CVE-2014-8313 | medium | — | 6.0 | 12y ago | Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors. | |||
| CVE-2014-3663 | medium | — | 6.0 | 12y ago | Jenkins allows remote authenticated users to bypass intended restrictions and create or destroy arbitrary jobs | |||
| CVE-2014-6483 | medium | — | 6.0 | 12y ago | Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.6 allows remote authenticated users to affect confidentiality, integrity, and availability via unkn… | |||
| CVE-2014-3593 | medium | — | 6.0 | 12y ago | Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration. | |||
| CVE-2014-5300 | medium | — | 6.0 | 12y ago | Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 allows remote attackers to bypass the signature check, impersonate arbitrary users, and execute commands via a message without a signature. | |||
| CVE-2014-2641 | medium | — | 6.0 | 12y ago | Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vec… | |||
| CVE-2014-4816 | medium | — | 6.0 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before … | |||
| CVE-2014-2009 | medium | — | 6.0 | 12y ago | The mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to obtain credentials, the installation path, and other sensitive information via a direct request to api/curllog.log. | |||
| CVE-2014-4785 | medium | — | 6.0 | 12y ago | Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote au… | |||
| CVE-2014-3037 | medium | — | 6.0 | 12y ago | Cross-site request forgery (CSRF) vulnerability in IBM Configuration Management Application (aka VVC) in IBM Rational Engineering Lifecycle Manager before 4.0.7 and 5.x before 5.0.1, Rational Softwar… | |||
| CVE-2014-4863 | medium | — | 6.0 | 12y ago | The Arris Touchstone DG950A cable modem with software 7.10.131 has an SNMP community of public, which allows remote attackers to obtain sensitive password, key, and SSID information via an SNMP reque… | |||
| CVE-2014-5377 | medium | — | 6.0 | 12y ago | ReadUsersFromMasterServlet in ManageEngine DeviceExpert before 5.9 build 5981 allows remote attackers to obtain user account credentials via a direct request. | |||
| CVE-2014-5465 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in force-download.php in the Download Shortcode plugin 0.2.3 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file… | |||
| CVE-2014-5337 | medium | — | 6.0 | 12y ago | The WordPress Mobile Pack plugin before 2.0.2 for WordPress does not properly restrict access to password protected posts, which allows remote attackers to obtain sensitive information via an exporta… | |||
| CVE-2014-3024 | medium | — | 6.0 | 12y ago | Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 through 7.5.0.6 and Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2… | |||
| CVE-2014-3040 | medium | — | 6.0 | 12y ago | Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.… | |||
| CVE-2014-5454 | medium | — | 6.0 | 12y ago | Unrestricted file upload vulnerability in the image upload module in SAS Visual Analytics 6.4M1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable exte… | |||
| CVE-2014-5368 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows re… | |||
| CVE-2014-5350 | medium | — | 6.0 | 12y ago | Multiple directory traversal vulnerabilities in Bitdefender GravityZone before 5.1.11.432 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the id parameter to webservice/CORE/… | |||
| CVE-2014-5349 | medium | — | 6.0 | 12y ago | Stack-based buffer overflow in Baidu Spark Browser 26.5.9999.3511 allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print JavaScript function. | |||
| CVE-2014-5266 | medium | — | 6.0 | 12y ago | The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote atta… | |||
| CVE-2014-5185 | medium | — | 6.0 | 12y ago | SQL injection vulnerability in the Quartz plugin 1.01.1 for WordPress allows remote authenticated users with Contributor privileges to execute arbitrary SQL commands via the quote parameter in an edi… | |||
| CVE-2014-5182 | medium | — | 6.0 | 12y ago | Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for WordPress allow remote authenticated users with Contributor privileges to execute arbitrary SQL commands via vectors related to (1) … | |||
| CVE-2014-5176 | medium | — | 6.0 | 12y ago | SAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||
| CVE-2014-0948 | medium | — | 6.0 | 12y ago | Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code v… | |||
| CVE-2014-0947 | medium | — | 6.0 | 12y ago | Unspecified vulnerability in the server in IBM Rational Software Architect Design Manager 4.0.6 allows remote authenticated users to execute arbitrary code via a crafted update site. | |||
| CVE-2014-5116 | medium | — | 6.0 | 12y ago | The cairo_image_surface_get_data function in Cairo 1.10.2, as used in GTK+ and Wireshark, allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a large string. | |||
| CVE-2014-5115 | medium | — | 6.0 | 12y ago | Absolute path traversal vulnerability in DirPHP 1.0 allows remote attackers to read arbitrary files via a full pathname in the phpfile parameter to index.php. | |||
| CVE-2014-3552 | medium | — | 6.0 | 12y ago | The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check whether a session ID is empty, which allows remo… | |||
| CVE-2014-3545 | medium | — | 6.0 | 12y ago | Moodle remote code execution via quiz questions | |||
| CVE-2014-5111 | medium | — | 6.0 | 12y ago | Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/aster… | |||
| CVE-2014-4684 | medium | — | 6.0 | 12y ago | The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433. | |||
| CVE-2014-4154 | medium | — | 6.0 | 12y ago | ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA passwo… | |||
| CVE-2014-3427 | medium | — | 6.0 | 12y ago | CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model paramete… | |||
| CVE-2014-4940 | medium | — | 6.0 | 12y ago | Multiple directory traversal vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/… | |||
| CVE-2014-4937 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in includes/bookx_export.php BookX plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||
| CVE-2014-4643 | medium | — | 6.0 | 12y ago | Multiple heap-based buffer overflows in the client in Core FTP LE 2.2 build 1798 allow remote FTP servers to cause a denial of service (application crash) and possibly execute arbitrary code via a lo… | |||
| CVE-2014-4306 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in logs-x.php in WebTitan before 4.04 allows remote attackers to read arbitrary files via a .. (dot dot) in the logfile parameter in a download action. | |||
| CVE-2014-3782 | medium | — | 6.0 | 12y ago | Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear before 2.6.3 allow remote authenticated users to execute arbitrary PHP code by … | |||
| CVE-2014-3048 | medium | — | 6.0 | 12y ago | Unspecified vulnerability on the IBM System Storage Virtualization Engine TS7700 allows local users to gain privileges by leveraging the TSSC service-user role to enter a crafted SSH command. | |||
| CVE-2014-0929 | medium | — | 6.0 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Profiles component in IBM Connections through 3.0.1.1 CR3 allows remote authenticated users to hijack the authentication of arbitrary users for … | |||
| CVE-2014-0961 | medium | — | 6.0 | 12y ago | Cross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity Manager (ITIM) 5.0 before 5.0.0.15 and 5.1 before 5.1.0.15 and IBM Security Identity Manager (ISIM) 6.0 before 6.0.0.2 allows re… | |||
| CVE-2014-3976 | medium | — | 6.0 | 12y ago | Buffer overflow in A10 Networks Advanced Core Operating System (ACOS) before 2.7.0-p6 and 2.7.1 before 2.7.1-P1_55 allows remote attackers to cause a denial of service (crash) and possibly execute ar… | |||
| CVE-2014-3975 | medium | — | 6.0 | 12y ago | Absolute path traversal vulnerability in filemanager.php in AuraCMS 3.0 allows remote attackers to list a directory via a full pathname in the viewdir parameter. | |||
| CVE-2014-3942 | medium | — | 6.0 | 12y ago | TYPO3 Color Picker Wizard component allows remote authenticated editors to execute arbitrary PHP code | |||
| CVE-2014-2354 | medium | — | 6.0 | 12y ago | Cogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack. | |||
| CVE-2014-0849 | medium | — | 6.0 | 12y ago | IBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to gain privileges by leveraging memb… | |||
| CVE-2014-3272 | medium | — | 6.0 | 12y ago | The Agent in Cisco Tidal Enterprise Scheduler (TES) 6.1 and earlier allows local users to gain privileges via crafted Tidal Job Buffers (TJB) parameters, aka Bug ID CSCuo33074. | |||
| CVE-2014-3848 | medium | — | 6.0 | 12y ago | The iMember360 plugin before 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to obtain database credentials via the i4w_dbinfo parameter. | |||
| CVE-2014-3783 | medium | — | 6.0 | 12y ago | SQL injection vulnerability in admin/categories.php in Dotclear before 2.6.3 allows remote authenticated users with the manage categories permission to execute arbitrary SQL commands via the categori… | |||
| CVE-2014-3806 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo Operations Manager before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the xml_path parameter. | |||
| CVE-2014-0944 | medium | — | 6.0 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows… | |||
| CVE-2014-1989 | medium | — | 6.0 | 12y ago | Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to bypass intended access restrictions and delete schedule information via unspecified API calls. | |||
| CVE-2014-1843 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Propert… | |||
| CVE-2014-1842 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar … | |||
| CVE-2014-1841 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. (dot dot… | |||
| CVE-2014-0162 | medium | — | 6.0 | 12y ago | OpenStack Image Registry and Delivery Service (Glance) Improper Input Validation vulnerability | |||
| CVE-2014-2976 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 18081. | |||
| CVE-2014-2455 | medium | — | 6.0 | 12y ago | Unspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated users to affect confidentiality, integrity, and availability via … | |||
| CVE-2014-0167 | medium | — | 6.0 | 12y ago | The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, … | |||
| CVE-2014-0105 | medium | — | 6.0 | 12y ago | The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authen… | |||
| CVE-2014-0908 | medium | — | 6.0 | 12y ago | The User Attribute implementation in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access … | |||
| CVE-2014-0634 | medium | — | 6.0 | 12y ago | EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sen… | |||
| CVE-2014-2668 | medium | — | 6.0 | 12y ago | Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids. | |||
| CVE-2014-0094 | medium | — | 6.0 | 12y ago | ClassLoader manipulation in Apache Struts | |||
| CVE-2014-2245 | medium | — | 6.0 | 12y ago | SQL injection vulnerability in the News module in CMS Made Simple (CMSMS) before 1.11.10 allows remote authenticated users with the "Modify News" permission to execute arbitrary SQL commands via the … | |||
| CVE-2014-0686 | medium | — | 6.0 | 13y ago | Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul2490… | |||
| CVE-2014-1664 | medium | — | 6.0 | 13y ago | The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens … | |||
| CVE-2014-1637 | medium | — | 6.0 | 13y ago | Command School Student Management System 1.06.01 does not properly restrict access to sw/backup/backup_ray2.php, which allows remote attackers to download a database backup via a direct request. | |||
| CVE-2014-2845 | medium | 5.9 | 5.9 | 9y ago | Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root … | |||
| CVE-2014-7242 | medium | 5.9 | 5.9 | 9y ago | The SumaHo application 3.0.0 and earlier for Android and the SumaHo "driving capability" diagnosis result transmission application 1.2.2 and earlier for Android allow man-in-the-middle attackers to s… | |||
| CVE-2014-3706 | medium | 5.9 | 5.9 | 9y ago | ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates. | |||
| CVE-2014-2903 | medium | 5.9 | 5.9 | 9y ago | CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake. | |||
| CVE-2014-9686 | medium | 5.9 | 5.9 | 9y ago | The Googlemaps plugin 3.2 and earlier for Joomla! allows remote attackers with control of a sub-domain belonging to a victim domain to cause a denial of service via the 'url' parameter to plugin_goog… | |||
| CVE-2014-8878 | medium | 5.9 | 5.9 | 9y ago | KDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote attackers to obtain sensitive information by sniffing the network. | |||
| CVE-2014-4616 | medium | 5.9 | 5.9 | 9y ago | simplejson before 2.6.1 vulnerable to array index error | |||
| CVE-2014-9920 | medium | 5.9 | 5.9 | 9y ago | Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 befor… | |||
| CVE-2014-9754 | medium | 5.9 | 5.9 | 10y ago | The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before… |