CVEs from 2014
Total
7,865
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-0294 | critical | — | 10.0 | 13y ago | Microsoft Forefront Protection 2010 for Exchange Server does not properly parse e-mail content, which might allow remote attackers to execute arbitrary code via a crafted message, aka "RCE Vulnerabil… | |||
| CVE-2014-0257 | critical | — | 10.0 | 13y ago | Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrar… | |||
| CVE-2014-0980 | critical | — | 10.0 | 13y ago | Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote attackers to execute arbitrary code via a crafted PUI file. | |||
| CVE-2014-1488 | critical | — | 10.0 | 13y ago | The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that ha… | |||
| CVE-2014-1478 | critical | — | 10.0 | 13y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and applicat… | |||
| CVE-2014-0329 | critical | — | 10.0 | 13y ago | The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging k… | |||
| CVE-2014-1681 | critical | — | 10.0 | 13y ago | Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.102 have unknown impact and attack vectors, related to 12 "security fixes [that were not] either contributed by external researc… | |||
| CVE-2014-1202 | critical | — | 10.0 | 13y ago | Code injection via property expansion in SoapUI | |||
| CVE-2014-0494 | critical | — | 10.0 | 13y ago | Adobe Digital Editions 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | |||
| CVE-2014-0650 | critical | — | 10.0 | 13y ago | The web interface in Cisco Secure Access Control System (ACS) 5.x before 5.4 Patch 3 allows remote attackers to execute arbitrary operating-system commands via a request to this interface, aka Bug ID… | |||
| CVE-2014-0648 | critical | — | 10.0 | 13y ago | The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authentication and authorization requirements, which allows remote attackers to obtain administr… | |||
| CVE-2014-0495 | critical | — | 10.0 | 13y ago | Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified … | |||
| CVE-2014-0493 | critical | — | 10.0 | 13y ago | Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified … | |||
| CVE-2014-0492 | critical | — | 10.0 | 13y ago | Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, a… | |||
| CVE-2014-0491 | critical | — | 10.0 | 13y ago | Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, a… | |||
| CVE-2014-1201 | critical | — | 10.0 | 13y ago | Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2 LH330 series with firmware 11.17.38-33_1D97A, and Edge3 LH340 series… | |||
| CVE-2014-0428 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors rel… | |||
| CVE-2014-0422 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors rel… | |||
| CVE-2014-0415 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnera… | |||
| CVE-2014-0410 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnera… | |||
| CVE-2014-0659 | critical | — | 10.0 | 13y ago | The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote… | |||
| CVE-2014-1236 | critical | — | 10.0 | 13y ago | Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a "lon… | |||
| CVE-2014-125112 | critical | 9.8 | 9.8 | 2mo ago | Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows … | |||
| CVE-2014-9515 | critical | 9.8 | 9.8 | 9y ago | Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attackers to execute arbitrary code via a crafted serialized object. | |||
| CVE-2014-3630 | critical | 9.8 | 9.8 | 9y ago | XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of se… | |||
| CVE-2014-0121 | critical | 9.8 | 9.8 | 9y ago | The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter. | |||
| CVE-2014-4914 | critical | 9.8 | 9.8 | 9y ago | The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors. | |||
| CVE-2014-8389 | critical | 9.8 | 9.8 | 9y ago | cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware 1.43 21.08.2014, AirLive MD-3025 with firmware 1.81 21.08.2014, AirLive WL-2000CAM with… | |||
| CVE-2014-0073 | critical | 9.8 | 9.8 | 9y ago | The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 throug… | |||
| CVE-2014-3624 | critical | 9.8 | 9.8 | 9y ago | Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT. | |||
| CVE-2014-3600 | critical | 9.8 | 9.8 | 9y ago | Improper Restriction of XML External Entity Reference in Apache ActiveMQ | |||
| CVE-2014-3579 | critical | 9.8 | 9.8 | 9y ago | Apache ActiveMQ Apollo XXE Vulnerability | |||
| CVE-2014-1203 | critical | 9.8 | 9.8 | 9y ago | The get_login_ip_config_file function in Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/ip_login_se… | |||
| CVE-2014-3741 | critical | 9.8 | 9.8 | 9y ago | Potential Command Injection in printer | |||
| CVE-2014-9733 | critical | 9.8 | 9.8 | 9y ago | nw.js before 0.11.5 can simulate user input events in a normal frame, which allows remote attackers to have unspecified impact via unknown vectors. | |||
| CVE-2014-9487 | critical | 9.8 | 9.8 | 9y ago | The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML Externa… | |||
| CVE-2014-8621 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in the Store Locator plugin 2.3 through 3.11 for WordPress allows remote attackers to execute arbitrary SQL commands via the sl_custom_field parameter to sl-xml.php. | |||
| CVE-2014-9474 | critical | 9.8 | 9.8 | 9y ago | Buffer overflow in the mpfr_strtofr function in GNU MPFR before 3.1.2-p11 allows context-dependent attackers to have unspecified impact via vectors related to incorrect documentation for mpn_set_str. | |||
| CVE-2014-8174 | critical | 9.8 | 9.8 | 9y ago | eDeploy makes it easier for remote attackers to execute arbitrary code by leveraging use of HTTP to download files. | |||
| CVE-2014-9513 | critical | 9.8 | 9.8 | 9y ago | Insecure use of temporary files in xbindkeys-config 0.1.3-2 allows remote attackers to execute arbitrary code. | |||
| CVE-2014-8428 | critical | 9.8 | 9.8 | 9y ago | Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 via the use of an improperly protected SSH key. | |||
| CVE-2014-8426 | critical | 9.8 | 9.8 | 9y ago | Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015. | |||
| CVE-2014-7859 | critical | 9.8 | 9.8 | 9y ago | Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows … | |||
| CVE-2014-7858 | critical | 9.8 | 9.8 | 9y ago | The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string. | |||
| CVE-2014-7857 | critical | 9.8 | 9.8 | 9y ago | D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allow remote attackers to bypass … | |||
| CVE-2014-9981 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, an overflow check in the USB interface was insufficient during boot. | |||
| CVE-2014-9980 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a Sample App failed to check a length potentially leading to unauthorized access to secure memory. | |||
| CVE-2014-9979 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a variable is uninitialized in a TrustZone system call potentially leading to the compromise of secure memory. | |||
| CVE-2014-9978 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE service. | |||
| CVE-2014-9977 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in PlayReady DRM. | |||
| CVE-2014-9976 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing. | |||
| CVE-2014-9975 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerability potentially exists in Full Disk Encryption. | |||
| CVE-2014-9974 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths was missing in Keymaster. | |||
| CVE-2014-9973 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of a buffer length was missing in a PlayReady DRM routine. | |||
| CVE-2014-9972 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts can potentially cause a NULL pointer dereference during an out-of-memory condition. | |||
| CVE-2014-9971 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts causes an instruction inside of an assert to not be executed resulting in incorrect control flow. | |||
| CVE-2014-9969 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may use an insecure cryptographic algorithm. | |||
| CVE-2014-9968 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the UIMDIAG interface. | |||
| CVE-2014-9411 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in rollback protection. | |||
| CVE-2014-9984 | critical | 9.8 | 9.8 | 9y ago | nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon cras… | |||
| CVE-2014-3527 | critical | 9.8 | 9.8 | 9y ago | Authorization Bypass in Spring Security | |||
| CVE-2014-9654 | critical | 9.8 | 9.8 | 9y ago | The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring tha… | |||
| CVE-2014-7921 | critical | 9.8 | 9.8 | 9y ago | mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7920. | |||
| CVE-2014-7920 | critical | 9.8 | 9.8 | 9y ago | mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921. | |||
| CVE-2014-3928 | critical | 9.8 | 9.8 | 9y ago | Cougar-LG stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials. | |||
| CVE-2014-3927 | critical | 9.8 | 9.8 | 9y ago | mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to execute arbitrary shell code. | |||
| CVE-2014-9693 | critical | 9.8 | 9.8 | 9y ago | Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R… | |||
| CVE-2014-5009 | critical | 9.8 | 9.8 | 9y ago | Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008. | |||
| CVE-2014-5008 | critical | 9.8 | 9.8 | 9y ago | Snoopy allows remote attackers to execute arbitrary commands. | |||
| CVE-2014-9826 | critical | 9.8 | 9.8 | 9y ago | ImageMagick allows remote attackers to have unspecified impact via vectors related to error handling in sun files. | |||
| CVE-2014-3582 | critical | 9.8 | 9.8 | 9y ago | In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster. | |||
| CVE-2014-6440 | critical | 9.8 | 9.8 | 9y ago | VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service. | |||
| CVE-2014-8731 | critical | 9.8 | 9.8 | 9y ago | PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via vectors related "serialized data and the last part of the concatenated filename," which creates a file in… | |||
| CVE-2014-9939 | critical | 9.8 | 9.8 | 9y ago | ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects. | |||
| CVE-2014-9847 | critical | 9.8 | 9.8 | 9y ago | The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact. | |||
| CVE-2014-9846 | critical | 9.8 | 9.8 | 9y ago | Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact. | |||
| CVE-2014-9843 | critical | 9.8 | 9.8 | 9y ago | The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors. | |||
| CVE-2014-9841 | critical | 9.8 | 9.8 | 9y ago | The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to "throwing of exceptions." | |||
| CVE-2014-9852 | critical | 9.8 | 9.8 | 9y ago | distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors. | |||
| CVE-2014-8708 | critical | 9.8 | 9.8 | 9y ago | Pluck CMS 4.7.2 allows remote attackers to execute arbitrary code via the blog form feature. | |||
| CVE-2014-8705 | critical | 9.8 | 9.8 | 9y ago | PHP remote file inclusion vulnerability in editInplace.php in Wonder CMS 2014 allows remote attackers to execute arbitrary PHP code via a URL in the hook parameter. | |||
| CVE-2014-8704 | critical | 9.8 | 9.8 | 9y ago | Directory traversal vulnerability in index.php in Wonder CMS 2014 allows remote attackers to include and execute arbitrary local files via a crafted theme. | |||
| CVE-2014-9921 | critical | 9.8 | 9.8 | 9y ago | Information disclosure vulnerability in McAfee (now Intel Security) Cloud Analysis and Deconstructive Services (CADS) 1.0.0.3x, 1.0.0.4d and earlier allows remote unauthenticated users to view, add, … | |||
| CVE-2014-8362 | critical | 9.8 | 9.8 | 10y ago | Vivint Sky Control Panel 1.1.1.9926 allows remote attackers to enable and disable the alarm system and modify other security settings via the Web-enabled interface. | |||
| CVE-2014-9912 | critical | 9.8 | 9.8 | 10y ago | The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp… | |||
| CVE-2014-9911 | critical | 9.8 | 9.8 | 10y ago | Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for C/C++ allows remote attackers to cause a den… | |||
| CVE-2014-8241 | critical | 9.8 | 9.8 | 10y ago | XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052. | |||
| CVE-2014-9906 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connectio… | |||
| CVE-2014-9410 | critical | 9.8 | 9.8 | 10y ago | The vfe31_proc_general function in drivers/media/video/msm/vfe/msm_vfe31.c in the MSM-VFE31 driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM… | |||
| CVE-2014-9902 | critical | 9.8 | 9.8 | 10y ago | Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a c… | |||
| CVE-2014-9746 | critical | 9.8 | 9.8 | 10y ago | The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field fun… | |||
| CVE-2014-9761 | critical | 9.8 | 9.8 | 10y ago | Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbi… | |||
| CVE-2014-9766 | critical | 9.8 | 9.8 | 10y ago | Integer overflow in the create_bits function in pixman-bits-image.c in Pixman before 0.32.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code… | |||
| CVE-2014-9757 | critical | 9.8 | 9.8 | 11y ago | The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an X… | |||
| CVE-2014-1532 | critical | 9.8 | 9.8 | 12y ago | Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonk… | |||
| CVE-2014-1524 | critical | 9.8 | 9.8 | 12y ago | The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether obj… | |||
| CVE-2014-1514 | critical | 9.8 | 9.8 | 12y ago | vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a … | |||
| CVE-2014-1493 | critical | 9.8 | 9.8 | 12y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to c… | |||
| CVE-2014-2323 | critical | 9.8 | 9.8 | 12y ago | SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname. | |||
| CVE-2014-1486 | critical | 9.8 | 9.8 | 13y ago | Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers t… |