CVEs from 2014
Total
7,862
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-2544 | high | — | 7.5 | 12y ago | Unspecified vulnerability in Spotfire Web Player Engine, Spotfire Desktop, and Spotfire Server Authentication Module in TIBCO Spotfire Server 3.3.x before 3.3.4, 4.5.x before 4.5.1, 5.0.x before 5.0.… | |||
| CVE-2014-1729 | high | — | 7.5 | 12y ago | Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22, as used in Google Chrome before 34.0.1847.116, allow attackers to cause a denial of service or possibly have other impact via unkn… | |||
| CVE-2014-1728 | high | — | 7.5 | 12y ago | Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2014-1727 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in content/renderer/renderer_webcolorchooser_impl.h in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecifie… | |||
| CVE-2014-1724 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in Free(b)soft Laboratory Speech Dispatcher 0.7.1, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service (application hang) … | |||
| CVE-2014-1723 | high | — | 7.5 | 12y ago | The UnescapeURLWithOffsetsImpl function in net/base/escape.cc in Google Chrome before 34.0.1847.116 does not properly handle bidirectional Internationalized Resource Identifiers (IRIs), which makes i… | |||
| CVE-2014-1722 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the RenderBlock::addChildIgnoringAnonymousColumnBlocks function in core/rendering/RenderBlock.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remot… | |||
| CVE-2014-1721 | high | — | 7.5 | 12y ago | Google V8, as used in Google Chrome before 34.0.1847.116, does not properly implement lazy deoptimization, which allows remote attackers to cause a denial of service (memory corruption) or possibly h… | |||
| CVE-2014-1720 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the HTMLBodyElement::insertedInto function in core/html/HTMLBodyElement.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a… | |||
| CVE-2014-1719 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the WebSharedWorkerStub::OnTerminateWorkerContext function in content/worker/websharedworker_stub.cc in the Web Workers implementation in Google Chrome before 34.0.184… | |||
| CVE-2014-1718 | high | — | 7.5 | 12y ago | Integer overflow in the SoftwareFrameManager::SwapToNewFrame function in content/browser/renderer_host/software_frame_manager.cc in the software compositor in Google Chrome before 34.0.1847.116 allow… | |||
| CVE-2014-1717 | high | — | 7.5 | 12y ago | Google V8, as used in Google Chrome before 34.0.1847.116, does not properly use numeric casts during handling of typed arrays, which allows remote attackers to cause a denial of service (out-of-bound… | |||
| CVE-2014-1716 | high | — | 7.5 | 12y ago | Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime.cc in Google V8, as used in Google Chrome before 34.0.1847.116, allows remote attackers to inject arbitrary we… | |||
| CVE-2014-2543 | high | — | 7.5 | 12y ago | Buffer overflow in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messa… | |||
| CVE-2014-2210 | high | — | 7.5 | 12y ago | Multiple directory traversal vulnerabilities in CA ERwin Web Portal 9.5 allow remote attackers to obtain sensitive information, bypass intended access restrictions, cause a denial of service, or poss… | |||
| CVE-2014-0592 | high | — | 7.5 | 12y ago | Barclamp (aka barclamp-network) 1.7 for the Crowbar Framework, as used in SUSE Cloud 3, does not enable netfilter on bridges when creating new instances, which allows remote attackers to bypass secur… | |||
| CVE-2014-0635 | high | — | 7.5 | 12y ago | Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors. | |||
| CVE-2014-2034 | high | — | 7.5 | 12y ago | Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to create arbitrary user accounts via unknown vectors related to "an unauthenticated execution path." | |||
| CVE-2014-1645 | high | — | 7.5 | 12y ago | SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspe… | |||
| CVE-2014-1644 | high | — | 7.5 | 12y ago | The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providin… | |||
| CVE-2014-0880 | high | — | 7.5 | 12y ago | IBM SAN Volume Controller; Storwize V3500, V3700, V5000, and V7000; and Flex System V7000 with software 6.3 and 6.4 before 6.4.1.8, and 7.1 and 7.2 before 7.2.0.3, allow remote attackers to obtain CL… | |||
| CVE-2014-0133 | high | — | 7.5 | 12y ago | Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request. | |||
| CVE-2014-2587 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remote authenticated users to execute arbitrary SQL commands via the username of an audit report (aka us… | |||
| CVE-2014-0003 | high | — | 7.5 | 12y ago | Apache Camel's XSLT component allows remote attackers to execute arbitrary Java methods | |||
| CVE-2014-0002 | high | — | 7.5 | 12y ago | Apache Camel's XSLT component allows remote attackers to read arbitrary files | |||
| CVE-2014-1609 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in MantisBT before 1.2.16 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to the (1) mc_project_get_attachments function in … | |||
| CVE-2014-2339 | medium | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in bbs/ajax.autosave.php in GNUboard 5.x and possibly earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) subject or (2) cont… | |||
| CVE-2014-1505 | high | 7.5 | 7.5 | 12y ago | The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement… | |||
| CVE-2014-1608 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the mci_file_get function in api/soap/mc_file_api.php in MantisBT before 1.2.16 allows remote attackers to execute arbitrary SQL commands via a crafted envelope tag in … | |||
| CVE-2014-0057 | high | — | 7.5 | 12y ago | The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unsp… | |||
| CVE-2014-1715 | high | — | 7.5 | 12y ago | Directory traversal vulnerability in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows has unspecified impact and attack vectors. | |||
| CVE-2014-1714 | high | — | 7.5 | 12y ago | The ScopedClipboardWriter::WritePickledData function in ui/base/clipboard/scoped_clipboard_writer.cc in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows does n… | |||
| CVE-2014-1713 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the AttributeSetter function in bindings/templates/attributes.cpp in the bindings in Blink, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before … | |||
| CVE-2014-1711 | high | — | 7.5 | 12y ago | The GPU driver in the kernel in Google Chrome OS before 33.0.1750.152 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown … | |||
| CVE-2014-1710 | high | — | 7.5 | 12y ago | The AsyncPixelTransfersCompletedQuery::End function in gpu/command_buffer/service/query_manager.cc in Google Chrome, as used in Google Chrome OS before 33.0.1750.152, does not check whether a certain… | |||
| CVE-2014-1707 | high | — | 7.5 | 12y ago | Directory traversal vulnerability in CrosDisks in Google Chrome OS before 33.0.1750.152 has unspecified impact and attack vectors. | |||
| CVE-2014-1706 | high | — | 7.5 | 12y ago | crosh in Google Chrome OS before 33.0.1750.152 allows attackers to inject commands via unspecified vectors. | |||
| CVE-2014-1705 | high | — | 7.5 | 12y ago | Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service (memory corruption) or possibly ha… | |||
| CVE-2014-1703 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the WebSocketDispatcherHost::SendOrDrop function in content/browser/renderer_host/websocket_dispatcher_host.cc in the Web Sockets implementation in Google Chrome befor… | |||
| CVE-2014-1702 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the DatabaseThread::cleanupDatabaseThread function in modules/webdatabase/DatabaseThread.cpp in the web database implementation in Blink, as used in Google Chrome befo… | |||
| CVE-2014-1700 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in modules/speech/SpeechSynthesis.cpp in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause a denial of service or possibly have unspe… | |||
| CVE-2014-0895 | high | — | 7.5 | 12y ago | Buffer overflow in the vsflex8l ActiveX control in IBM SPSS SamplePower 3.0.1 before FP1 3.0.1-IM-S3SAMPC-WIN32-FP001-IF02 allows remote attackers to execute arbitrary code via a crafted ComboList pr… | |||
| CVE-2014-2043 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in Resources/System/Templates/Data.aspx in Procentia IntelliPen before 1.1.18.1658 allows remote authenticated users to execute arbitrary SQL commands via the value parame… | |||
| CVE-2014-2240 | high | — | 7.5 | 12y ago | Stack-based buffer overflow in the cf2_hintmap_build function in cff/cf2hints.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary co… | |||
| CVE-2014-2311 | high | — | 7.5 | 12y ago | SQL injection vulnerability in modx.class.php in MODX Revolution 2.0.0 before 2.2.13 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-2318 | high | — | 7.5 | 12y ago | SQL injection vulnerability in ATCOM Netvolution 3 allows remote attackers to execute arbitrary SQL commands via the m parameter. | |||
| CVE-2014-2322 | high | — | 7.5 | 12y ago | Arabic Prawn allows remote attackers to execute arbitrary commands via shell metacharacters | |||
| CVE-2014-2316 | high | — | 7.5 | 12y ago | SQL injection vulnerability in se_search_default in the Search Everything plugin before 7.0.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the s parameter to index.php.… | |||
| CVE-2014-2238 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in the manage configuration page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.16 allows remote authenticated administrators to execute arbitrary SQL commands via… | |||
| CVE-2014-1939 | high | — | 7.5 | 12y ago | java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute ar… | |||
| CVE-2014-1884 | high | — | 7.5 | 12y ago | Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-reso… | |||
| CVE-2014-1883 | high | — | 7.5 | 12y ago | Adobe PhoneGap before 2.6.0 on Android uses the shouldOverrideUrlLoading callback instead of the proper shouldInterceptRequest callback, which allows remote attackers to bypass intended device-resour… | |||
| CVE-2014-1882 | high | — | 7.5 | 12y ago | Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that … | |||
| CVE-2014-1881 | high | — | 7.5 | 12y ago | Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that … | |||
| CVE-2014-2088 | medium | — | 7.5 | 12y ago | Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.1 allows remote authenticated users to execute arbitrary PHP code by using a .php filename in an upload_files action to the uploadFile… | |||
| CVE-2014-1262 | high | — | 7.5 | 12y ago | Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages that trigger memory corruption. | |||
| CVE-2014-1261 | high | — | 7.5 | 12y ago | Integer signedness error in CoreText in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Unicode font. | |||
| CVE-2014-1256 | high | — | 7.5 | 12y ago | Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages. | |||
| CVE-2014-1255 | high | — | 7.5 | 12y ago | Apple Type Services (ATS) in Apple OS X before 10.9.2 does not properly validate calls to the free function, which allows attackers to bypass the App Sandbox protection mechanism via crafted Mach mes… | |||
| CVE-2014-0818 | high | — | 7.5 | 13y ago | Untrusted search path vulnerability in Autodesk AutoCAD before 2014 allows local users to gain privileges and execute arbitrary VBScript code via a Trojan horse FAS file in the FAS file search path. | |||
| CVE-2014-0734 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execu… | |||
| CVE-2014-1921 | high | — | 7.5 | 13y ago | parcimonie before 0.8.1, when using a large keyring, sleeps for the same amount of time between fetches, which allows attackers to correlate key fetches via unspecified vectors. | |||
| CVE-2014-0729 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the Enterprise Mobility Application (EMApp) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a craf… | |||
| CVE-2014-0728 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted UR… | |||
| CVE-2014-0727 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via… | |||
| CVE-2014-0726 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands vi… | |||
| CVE-2014-1459 | medium | — | 7.5 | 13y ago | SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the _position_down_id parameter. NO… | |||
| CVE-2014-1401 | medium | — | 7.5 | 13y ago | Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search parameter to mod/content/content.php or (2) CLI… | |||
| CVE-2014-0045 | high | — | 7.5 | 13y ago | The needSamples method in AudioOutputSpeech.cpp in the client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots, Mumble for iOS 1.1 through 1.2.2, and MumbleKit before commit fd190328a9b24d37382b26… | |||
| CVE-2014-1697 | high | — | 7.5 | 13y ago | The integrated web server in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to execute arbitrary code via crafted packets to TCP port 4999. | |||
| CVE-2014-1487 | high | 7.5 | 7.5 | 13y ago | The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Polic… | |||
| CVE-2014-1485 | high | — | 7.5 | 13y ago | The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directiv… | |||
| CVE-2014-1481 | high | 7.5 | 7.5 | 13y ago | Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging in… | |||
| CVE-2014-1479 | high | 7.5 | 7.5 | 13y ago | The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operatio… | |||
| CVE-2014-1471 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows… | |||
| CVE-2014-0001 | high | — | 7.5 | 13y ago | Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server … | |||
| CVE-2014-0838 | high | — | 7.5 | 13y ago | The AutoUpdate package before 6.4 for IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to execute arbitrary console commands by leveraging control of the server. | |||
| CVE-2014-0810 | high | — | 7.5 | 13y ago | Unspecified vulnerability in JustSystems Sanshiro 2007 before update 3, 2008 before update 5, 2009 before update 6, and 2010 before update 6, and Sanshiro Viewer before 2.0.2.0, allows remote attacke… | |||
| CVE-2014-1671 | medium | — | 7.5 | 13y ago | Multiple SQL injection vulnerabilities in Dell KACE K1000 5.4.76847 and possibly earlier allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the macAddress elem… | |||
| CVE-2014-1475 | high | — | 7.5 | 13y ago | The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows remote OpenID users to authenticate as other users via unspecified vectors. | |||
| CVE-2014-1252 | high | — | 7.5 | 13y ago | Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft W… | |||
| CVE-2014-0792 | high | — | 7.5 | 13y ago | Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types. | |||
| CVE-2014-1466 | high | — | 7.5 | 13y ago | SQL injection vulnerability in CSP MySQL User Manager 2.3 allows remote attackers to execute arbitrary SQL commands via the login field of the login page. | |||
| CVE-2014-0424 | high | — | 7.5 | 13y ago | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnera… | |||
| CVE-2014-0373 | high | — | 7.5 | 13y ago | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Servic… | |||
| CVE-2014-0752 | high | — | 7.5 | 13y ago | The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL. | |||
| CVE-2014-1836 | medium | — | 7.4 | 11y ago | ImpressCMS Path Traversal to Arbitrary File Delete | |||
| CVE-2014-100015 | medium | — | 7.4 | 12y ago | Directory traversal vulnerability in pdmwService.exe in SolidWorks Workgroup PDM 2014 allows remote attackers to write to arbitrary files via a .. (dot dot) in the filename in a file upload. | |||
| CVE-2014-9301 | medium | — | 7.4 | 12y ago | Server-side request forgery (SSRF) vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows remote attackers to trigger outbound requests to intranet servers, conduct port… | |||
| CVE-2014-6036 | medium | — | 7.4 | 12y ago | Directory traversal vulnerability in the multipartRequest servlet in ZOHO ManageEngine OpManager 11.3 and earlier, Social IT Plus 11.0, and IT360 10.3, 10.4, and earlier allows remote attackers or re… | |||
| CVE-2014-8598 | medium | — | 7.4 | 12y ago | The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via th… | |||
| CVE-2014-8305 | medium | — | 7.4 | 12y ago | Open redirect vulnerability in the redir function in includes/function.php in C97net Cart Engine before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attac… | |||
| CVE-2014-4962 | medium | — | 7.4 | 12y ago | Shopizer 1.1.5 and earlier allows remote attackers to reduce the total cost of their shopping cart via a negative number in the productQuantity parameter, which causes the price of the item to be sub… | |||
| CVE-2014-3969 | high | — | 7.4 | 12y ago | Xen 4.4.x, when running on an ARM system, does not properly check write permissions on virtual addresses, which allows local guest administrators to gain privileges via unspecified vectors. | |||
| CVE-2014-3865 | medium | — | 7.4 | 12y ago | Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a source package with a crafted Index: pse… | |||
| CVE-2014-2922 | medium | — | 7.4 | 12y ago | The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.1.0 does not properly handle an object obtained by unserializing a pathname, which all… | |||
| CVE-2014-0049 | high | — | 7.4 | 12y ago | Buffer overflow in the complete_emulated_mmio function in arch/x86/kvm/x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that… | |||
| CVE-2014-1907 | medium | — | 7.4 | 12y ago | Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to (1) read arbitrary files via a .. (dot dot) in… | |||
| CVE-2014-1266 | high | 7.4 | 7.4 | 13y ago | The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6… | |||
| CVE-2014-0691 | high | 7.3 | 7.3 | 9y ago | Cisco WebEx Meetings Server before 1.1 uses meeting IDs with insufficient entropy, which makes it easier for remote attackers to bypass authentication and join arbitrary meetings without a password, … |