CVEs from 2014
Total
7,862
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-1959 | medium | — | 5.8 | 12y ago | lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging … | |||
| CVE-2014-0092 | medium | — | 5.8 | 12y ago | lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attack… | |||
| CVE-2014-2243 | medium | — | 5.8 | 12y ago | includes/User.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 terminates validation of a user token upon encountering the first incorrect character, which m… | |||
| CVE-2014-1967 | medium | — | 5.8 | 12y ago | The Denny's application before 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a … | |||
| CVE-2014-1910 | medium | — | 5.8 | 13y ago | Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2.4.4 for Android do not verify X.509 certificates from SSL servers, which allow man-in-the-middle attackers to spoof servers and obtai… | |||
| CVE-2014-1242 | medium | — | 5.8 | 13y ago | Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, which allows man-in-the-middle attackers to spoof content by gaining control over the client-server data stream. | |||
| CVE-2014-0671 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in Cisco MediaSense allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, aka Bug ID CSCum16749. | |||
| CVE-2014-1452 | medium | — | 5.8 | 13y ago | Stack-based buffer overflow in lib/snmpagent.c in bsnmpd, as used in FreeBSD 8.3 through 10.0, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code … | |||
| CVE-2014-0403 | medium | — | 5.8 | 13y ago | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE… | |||
| CVE-2014-0375 | medium | — | 5.8 | 13y ago | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE… | |||
| CVE-2014-0805 | medium | — | 5.8 | 13y ago | Directory traversal vulnerability in the NeoFiler application 5.4.3 and earlier, NeoFiler Free application 5.4.3 and earlier, and NeoFiler Lite application 2.4.2 and earlier for Android allows attack… | |||
| CVE-2014-0804 | medium | — | 5.8 | 13y ago | Directory traversal vulnerability in the CGENE Security File Manager Pro application 1.0.6 and earlier, and Security File Manager Trial application 1.0.6 and earlier, for Android allows attackers to … | |||
| CVE-2014-0803 | medium | — | 5.8 | 13y ago | Directory traversal vulnerability in the tetra filer application 2.3.1 and earlier for Android 4.0.3, tetra filer free application 2.3.1 and earlier for Android 4.0.3, tetra filer application 1.5.1 a… | |||
| CVE-2014-0802 | medium | — | 5.8 | 13y ago | Directory traversal vulnerability in the aokitaka ZIP with Pass application 4.5.7 and earlier, and ZIP with Pass Pro application 6.3.8 and earlier, for Android allows attackers to overwrite or create… | |||
| CVE-2014-1405 | medium | — | 5.8 | 13y ago | Multiple open redirect vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via … | |||
| CVE-2014-3321 | medium | — | 5.7 | 12y ago | Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group virtual interface (BVI) routing is enabled, allows remote attackers to cause a denial of service (chip and card hangs) via a seri… | |||
| CVE-2014-3291 | medium | — | 5.7 | 12y ago | Cisco Wireless LAN Controller (WLC) devices allow remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a zero value in Cisco Discovery Protocol packet data … | |||
| CVE-2014-8612 | medium | — | 5.6 | 12y ago | Multiple array index errors in the Stream Control Transmission Protocol (SCTP) module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allow local users to (1) gain privi… | |||
| CVE-2014-4364 | medium | 5.6 | 5.6 | 12y ago | The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication… | |||
| CVE-2014-1213 | medium | — | 5.6 | 13y ago | Sophos Anti-Virus engine (SAVi) before 3.50.1, as used in VDL 4.97G 9.7.x before 9.7.9, 10.0.x before 10.0.11, and 10.3.x before 10.3.1 does not set an ACL for certain global and session objects, whi… | |||
| CVE-2014-4978 | medium | 5.5 | 5.5 | 9y ago | The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-gr… | |||
| CVE-2014-0219 | medium | 5.5 | 5.5 | 9y ago | Improper Input Validation in Apache Karaf | |||
| CVE-2014-9637 | medium | 5.5 | 5.5 | 9y ago | GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file. | |||
| CVE-2014-0146 | medium | 5.5 | 5.5 | 9y ago | The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an… | |||
| CVE-2014-0142 | medium | 5.5 | 5.5 | 9y ago | QEMU, possibly before 2.0.0, allows local users to cause a denial of service (divide-by-zero error and crash) via a zero value in the (1) tracks field to the seek_to_sector function in block/parallel… | |||
| CVE-2014-8180 | medium | 5.5 | 5.5 | 9y ago | MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service. | |||
| CVE-2014-9951 | medium | 5.5 | 5.5 | 9y ago | In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure Through Timing Discrepancy vulnerability could potentially exist. | |||
| CVE-2014-9947 | medium | 5.5 | 5.5 | 9y ago | In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure vulnerability could potentially exist. | |||
| CVE-2014-9983 | medium | 5.5 | 5.5 | 9y ago | Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained in the archive. This allows remote attackers to write to arbitrary files v… | |||
| CVE-2014-8562 | medium | 5.5 | 5.5 | 9y ago | DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read). | |||
| CVE-2014-8355 | medium | 5.5 | 5.5 | 9y ago | PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read). | |||
| CVE-2014-9818 | medium | 5.5 | 5.5 | 9y ago | ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a malformed sun file. | |||
| CVE-2014-9816 | medium | 5.5 | 5.5 | 9y ago | ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted viff file. | |||
| CVE-2014-9815 | medium | 5.5 | 5.5 | 9y ago | ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file. | |||
| CVE-2014-9814 | medium | 5.5 | 5.5 | 9y ago | ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted wpg file. | |||
| CVE-2014-9813 | medium | 5.5 | 5.5 | 9y ago | ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted viff file. | |||
| CVE-2014-9812 | medium | 5.5 | 5.5 | 9y ago | ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted ps file. | |||
| CVE-2014-9811 | medium | 5.5 | 5.5 | 9y ago | The xwd file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed xwd file. | |||
| CVE-2014-9810 | medium | 5.5 | 5.5 | 9y ago | The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed dpx file. | |||
| CVE-2014-9809 | medium | 5.5 | 5.5 | 9y ago | ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image. | |||
| CVE-2014-9808 | medium | 5.5 | 5.5 | 9y ago | ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted dpc image. | |||
| CVE-2014-9807 | medium | 5.5 | 5.5 | 9y ago | The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors. | |||
| CVE-2014-9806 | medium | 5.5 | 5.5 | 9y ago | ImageMagick allows remote attackers to cause a denial of service (file descriptor consumption) via a crafted file. | |||
| CVE-2014-9805 | medium | 5.5 | 5.5 | 9y ago | ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file. | |||
| CVE-2014-9915 | medium | 5.5 | 5.5 | 9y ago | Off-by-one error in ImageMagick before 6.6.0-4 allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM profile. | |||
| CVE-2014-9840 | medium | 5.5 | 5.5 | 9y ago | ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted palm file. | |||
| CVE-2014-9838 | medium | 5.5 | 5.5 | 9y ago | magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (crash). | |||
| CVE-2014-9836 | medium | 5.5 | 5.5 | 9y ago | ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service via a crafted xpm file. | |||
| CVE-2014-9845 | medium | 5.5 | 5.5 | 9y ago | The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file. | |||
| CVE-2014-9844 | medium | 5.5 | 5.5 | 9y ago | The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file. | |||
| CVE-2014-9853 | medium | 5.5 | 5.5 | 9y ago | Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file. | |||
| CVE-2014-9645 | medium | 5.5 | 5.5 | 9y ago | The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demo… | |||
| CVE-2014-9900 | medium | 5.5 | 5.5 | 10y ago | The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure,… | |||
| CVE-2014-9899 | medium | 5.5 | 5.5 | 10y ago | drivers/usb/host/ehci-msm2.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices omits certain minimum calculations before copying data, which allows attackers to obtain sensit… | |||
| CVE-2014-9898 | medium | 5.5 | 5.5 | 10y ago | arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers … | |||
| CVE-2014-9897 | medium | 5.5 | 5.5 | 10y ago | sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain user-space data, which allows attackers to obtain sensitive… | |||
| CVE-2014-9896 | medium | 5.5 | 5.5 | 10y ago | drivers/char/adsprpc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate parameters and return values, which allows attackers to obtai… | |||
| CVE-2014-9895 | medium | 5.5 | 5.5 | 10y ago | drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize certain data structures, which allows … | |||
| CVE-2014-9894 | medium | 5.5 | 5.5 | 10y ago | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not ensure that certain name strings end in a '\0' character, which allows attackers to o… | |||
| CVE-2014-9893 | medium | 5.5 | 5.5 | 10y ago | drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not properly determine the size of Gamut LUT data, which allows attackers to obtai… | |||
| CVE-2014-9892 | medium | 5.5 | 5.5 | 10y ago | The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a ti… | |||
| CVE-2014-9798 | medium | 5.5 | 5.5 | 10y ago | platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows atta… | |||
| CVE-2014-9903 | medium | 5.5 | 5.5 | 10y ago | The sched_read_attr function in kernel/sched/core.c in the Linux kernel 3.14-rc before 3.14-rc4 uses an incorrect size, which allows local users to obtain sensitive information from kernel stack memo… | |||
| CVE-2014-2332 | medium | — | 5.5 | 11y ago | Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allows remote authenticated users to delete arbitrary files via a request to an unspecified link, related to "Insecure Direct Object References." NOT… | |||
| CVE-2014-6129 | medium | — | 5.5 | 11y ago | IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.… | |||
| CVE-2014-7882 | medium | — | 5.5 | 12y ago | Unspecified vulnerability in HP SiteScope 11.1x and 11.2x allows remote authenticated users to gain privileges via unknown vectors. | |||
| CVE-2014-6586 | medium | — | 5.5 | 12y ago | Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors r… | |||
| CVE-2014-6576 | medium | — | 5.5 | 12y ago | Unspecified vulnerability in the Oracle Adaptive Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote authenticated users to affect confidenti… | |||
| CVE-2014-9493 | medium | — | 5.5 | 12y ago | The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: UR… | |||
| CVE-2014-6122 | medium | — | 5.5 | 12y ago | IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows… | |||
| CVE-2014-9363 | medium | — | 5.5 | 12y ago | Open redirect vulnerability in the path-based meta tag editing form in the Meta tags quick module 7.x-2.x before 7.x-2.8 for Drupal allows remote authenticated users to redirect users to arbitrary we… | |||
| CVE-2014-7837 | medium | — | 5.5 | 12y ago | Moodle allows attackers to remove wiki pages | |||
| CVE-2014-9023 | medium | — | 5.5 | 12y ago | The Twilio module 7.x-1.x before 7.x-1.9 for Drupal does not properly restrict access to the Twilio administration pages, which allows remote authenticated users to read and modify authentication tok… | |||
| CVE-2014-8559 | medium | 5.5 | 5.5 | 12y ago | The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and syst… | |||
| CVE-2014-3690 | medium | 5.5 | 5.5 | 12y ago | arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allow… | |||
| CVE-2014-3647 | medium | 5.5 | 5.5 | 12y ago | arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a c… | |||
| CVE-2014-3646 | medium | 5.5 | 5.5 | 12y ago | arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest O… | |||
| CVE-2014-3610 | medium | 5.5 | 5.5 | 12y ago | The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows g… | |||
| CVE-2014-6032 | medium | — | 5.5 | 12y ago | Multiple XML External Entity (XXE) vulnerabilities in the Configuration utility in F5 BIG-IP LTM, ASM, GTM, and Link Controller 11.0 through 11.6.0 and 10.0.0 through 10.2.4, AAM 11.4.0 through 11.6.… | |||
| CVE-2014-6554 | medium | — | 5.5 | 12y ago | Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.2.1 and 11.1.2.2 allows remote authenticated users to affect confidentiality and integrity via unknow… | |||
| CVE-2014-6489 | medium | — | 5.5 | 12y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and availability via vectors related to SERVER:SP. | |||
| CVE-2014-7975 | medium | 5.5 | 5.5 | 12y ago | The do_umount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAP_SYS_ADMIN capability for do_remount_sb calls that change the root filesystem to read-only, which all… | |||
| CVE-2014-7970 | medium | 5.5 | 5.5 | 12y ago | The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of… | |||
| CVE-2014-3399 | medium | — | 5.5 | 12y ago | The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.2(.2.4) and earlier does not properly manage session information during creation of a SharePoint handler, which allows… | |||
| CVE-2014-3521 | medium | — | 5.5 | 12y ago | The component in (1) /luci/homebase and (2) /luci/cluster menu in Red Hat Conga 0.12.2 allows remote authenticated users to bypass intended access restrictions via a crafted URL. | |||
| CVE-2014-4373 | medium | 5.5 | 5.5 | 12y ago | The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart… | |||
| CVE-2014-4806 | medium | 5.5 | 5.5 | 12y ago | The installation process in IBM Security AppScan Enterprise 8.x before 8.6.0.2 iFix 003, 8.7.x before 8.7.0.1 iFix 003, 8.8.x before 8.8.0.1 iFix 002, and 9.0.x before 9.0.0.1 iFix 001 on Linux place… | |||
| CVE-2014-3464 | medium | — | 5.5 | 12y ago | The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbo… | |||
| CVE-2014-4260 | medium | — | 5.5 | 12y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors … | |||
| CVE-2014-4229 | medium | — | 5.5 | 12y ago | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.2, 6.3, 6.3.1, 6.3.2, 6.3.3, and 6.3.4 allows remote authenticated users to affect … | |||
| CVE-2014-2496 | medium | — | 5.5 | 12y ago | Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect confidentiality and integrity v… | |||
| CVE-2014-2482 | medium | — | 5.5 | 12y ago | Unspecified vulnerability in the Oracle Concurrent Processing component in Oracle E-Business Suite 12.1.3, 12.2.2, and 12.2.3 allows remote authenticated users to affect confidentiality and integrity… | |||
| CVE-2014-2456 | medium | — | 5.5 | 12y ago | Unspecified vulnerability in the PeopleSoft Enterprise ELS Enterprise Learning Management component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiali… | |||
| CVE-2014-4976 | medium | — | 5.5 | 12y ago | Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to change user passwords via the user ID in the savePrefs parameter in a change password request to cgi-bin/admin.cgi. | |||
| CVE-2014-3317 | medium | — | 5.5 | 12y ago | Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete ar… | |||
| CVE-2014-3088 | medium | — | 5.5 | 12y ago | stconf.nsf in IBM Sametime Meeting Server 8.5.1 relies on the client to validate the file format used in wAttach?OpenForm multipart/form-data POST requests, which allows remote authenticated users to… | |||
| CVE-2014-1383 | medium | — | 5.5 | 12y ago | Apple TV before 6.1.2 allows remote authenticated users to bypass an intended password requirement for iTunes Store purchase transactions via unspecified vectors. | |||
| CVE-2014-0203 | medium | 5.5 | 5.5 | 12y ago | The __do_follow_link function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the last pathname component during use of certain filesystems, which allows local users to cause… | |||
| CVE-2014-3292 | medium | — | 5.5 | 12y ago | The Real Time Monitoring Tool (RTMT) implementation in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to (1) read or (2) delete arbitrary files via a crafted URL,… | |||
| CVE-2014-3968 | medium | — | 5.5 | 12y ago | The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an e… |