CVEs from 2014
Total
7,865
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-3881 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in Intercom Web Kyukincho 3.x before 3.0.030 allows remote attackers to hijack the authentication of arbitrary users. | |||
| CVE-2014-3882 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Login rebuilder plugin before 1.2.0 for WordPress allows remote attackers to hijack the authentication of arbitrary users. | |||
| CVE-2014-3299 | medium | — | 6.8 | 12y ago | Cisco IOS allows remote authenticated users to cause a denial of service (device reload) via malformed IPsec packets, aka Bug ID CSCui79745. | |||
| CVE-2014-2005 | medium | 6.8 | 6.8 | 12y ago | Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically… | |||
| CVE-2014-3883 | medium | — | 6.8 | 12y ago | Usermin before 1.600 allows remote attackers to execute arbitrary operating-system commands via unspecified vectors related to a user action. | |||
| CVE-2014-4333 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that co… | |||
| CVE-2014-4188 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote… | |||
| CVE-2014-3850 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Member Approval plugin 131109 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plug… | |||
| CVE-2014-1542 | medium | — | 6.8 | 12y ago | Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel… | |||
| CVE-2014-3836 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud Server before 6.0.3 allow remote attackers to hijack the authentication of users for requests that (1) conduct cross-site script… | |||
| CVE-2014-3466 | medium | — | 6.8 | 12y ago | Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (me… | |||
| CVE-2014-2720 | medium | — | 6.8 | 12y ago | IZArc 4.1.8 displays a file's name on the basis of a ZIP archive's Central Directory entry, but launches this file on the basis of a ZIP archive's local file header, which allows user-assisted remote… | |||
| CVE-2014-0214 | medium | — | 6.8 | 12y ago | Moodle creates a MoodleMobile web-service token with an infinite lifetime | |||
| CVE-2014-0213 | medium | — | 6.8 | 12y ago | Moodle multiple cross-site request forgery (CSRF) vulnerabilities | |||
| CVE-2014-3015 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Web player in IBM Sametime Proxy Server and Web Client 9.0 through 9.0.0.1 allows remote attackers to hijack the authentication of arbitrary use… | |||
| CVE-2014-3267 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests tha… | |||
| CVE-2014-1344 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1343 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1342 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1341 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1339 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1338 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1337 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1336 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1335 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1334 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1333 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1331 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1330 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1329 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1327 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1326 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1324 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1323 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-3845 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the TinyMCE Color Picker plugin before 1.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that… | |||
| CVE-2014-3843 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Search Everything plugin before 8.1.1 for WordPress allows remote attackers to hijack the authentication of unspecified victims via unknown vect… | |||
| CVE-2014-0954 | medium | — | 6.8 | 12y ago | IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 does not validate JSP includes, which allows remote attackers to obt… | |||
| CVE-2014-3802 | medium | — | 6.8 | 12y ago | msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-… | |||
| CVE-2014-3460 | medium | — | 6.8 | 12y ago | Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in Agent Manager in NetIQ Sentinel allows remote attackers to create arbitrary files, and consequently ex… | |||
| CVE-2014-3269 | medium | — | 6.8 | 12y ago | The SNMP module in Cisco IOS XE 3.5E allows remote authenticated users to cause a denial of service (device reload) by polling frequently, aka Bug ID CSCug65204. | |||
| CVE-2014-2194 | medium | — | 6.8 | 12y ago | system/egain/chat/entrypoint in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to have an unspecified impact by injecting a spoofed XML external entity. | |||
| CVE-2014-3760 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP 1150 with firmware 1.2.94 allow remote attackers to hijack the authentication of administrators for requests that (1) enable o… | |||
| CVE-2014-0933 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Information Server Metadata Workbench 8.1 through 9.1 allows remote attackers to hijack the authentication of arbitrary users. | |||
| CVE-2014-1809 | medium | — | 6.8 | 12y ago | The MSCOMCTL library in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1 makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted web … | |||
| CVE-2014-3455 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) CreateProperty, (2) CreateTemplate, (3) CreateForm, and (4) CreateClass special pages in the SemanticForms extension for MediaWik… | |||
| CVE-2014-3454 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in Special:CreateCategory in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attac… | |||
| CVE-2014-3115 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote attackers to hijack the authentication of administrators vi… | |||
| CVE-2014-0090 | medium | — | 6.8 | 12y ago | Session fixation vulnerability in Foreman before 1.4.2 allows remote attackers to hijack web sessions via the session id cookie. | |||
| CVE-2014-2190 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Broadcast Access Center for Telco and Wireless (aka BAC-TW) allows remote attackers to hijack the authentication of arbit… | |||
| CVE-2014-2181 | medium | — | 6.8 | 12y ago | Cisco Adaptive Security Appliance (ASA) Software allows remote authenticated users to read files by sending a crafted URL to the HTTP server, as demonstrated by reading the running configuration, aka… | |||
| CVE-2014-2916 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the subscription page editor (spageedit) in phpList before 3.0.6 allows remote attackers to hijack the authentication of administrators via a reques… | |||
| CVE-2014-0469 | medium | — | 6.8 | 12y ago | Stack-based buffer overflow in a certain Debian patch for xbuffy before 3.3.bl.3.dfsg-9 allows remote attackers to execute arbitrary code via the subject of an email, possibly related to indent subje… | |||
| CVE-2014-3006 | medium | — | 6.8 | 12y ago | Sitepark Information Enterprise Server (IES) 2.9 before 2.9.6, when upgraded from an earlier version, does not properly restrict access, which allows remote attackers to change the manager account pa… | |||
| CVE-2014-2186 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj81777. | |||
| CVE-2014-1526 | medium | — | 6.8 | 12y ago | The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is vis… | |||
| CVE-2014-2327 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by request… | |||
| CVE-2014-1319 | medium | — | 6.8 | 12y ago | Buffer overflow in ImageIO in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image. | |||
| CVE-2014-1315 | medium | — | 6.8 | 12y ago | Format string vulnerability in CoreServicesUIAgent in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format st… | |||
| CVE-2014-1295 | medium | — | 6.8 | 12y ago | Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation a… | |||
| CVE-2014-2659 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the admin UI in Papercut MF and NG before 14.1 (Build 26983) allows remote attackers to hijack the authentication of administrators via unspecified … | |||
| CVE-2014-1615 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Carbon Black before 4.1.0 allow remote attackers to hijack the authentication of administrators for requests that add new administrative … | |||
| CVE-2014-1984 | medium | — | 6.8 | 12y ago | Session fixation vulnerability in the management screen in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to hijack web sessions via unspecified vectors. | |||
| CVE-2014-2880 | medium | — | 6.8 | 12y ago | Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web … | |||
| CVE-2014-0054 | medium | — | 6.8 | 12y ago | Cross-Site Request Forgery in Spring Framework | |||
| CVE-2014-2422 | medium | — | 6.8 | 12y ago | Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX 2.2.51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||
| CVE-2014-0172 | medium | — | 6.8 | 12y ago | Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (ap… | |||
| CVE-2014-2115 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserServlet pages in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to hijack the authentication of arbitrary u… | |||
| CVE-2014-1313 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1312 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1311 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1310 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1309 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1308 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1307 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1305 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1304 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1302 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1301 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1299 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-1298 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2014-2525 | medium | — | 6.8 | 12y ago | Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded cha… | |||
| CVE-2014-0885 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to hijack the authentication of… | |||
| CVE-2014-0126 | medium | — | 6.8 | 12y ago | Moodle cross-site request forgery (CSRF) vulnerability | |||
| CVE-2014-1979 | medium | — | 6.8 | 12y ago | The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail e… | |||
| CVE-2014-1502 | medium | — | 6.8 | 12y ago | The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and… | |||
| CVE-2014-2241 | medium | — | 6.8 | 12y ago | The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly check if a subroutine exists, which allows remote attackers to c… | |||
| CVE-2014-0873 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Data Stewardship, (2) Business Admin, and (3) Product interfaces in IBM InfoSphere Master Data Management (MDM) Server 8.5 before… | |||
| CVE-2014-2047 | medium | — | 6.8 | 12y ago | Session fixation vulnerability in ownCloud before 6.0.2, when PHP is configured to accept session parameters through a GET request, allows remote attackers to hijack web sessions via unspecified vect… | |||
| CVE-2014-1294 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted… | |||
| CVE-2014-1293 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted… | |||
| CVE-2014-1292 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted… | |||
| CVE-2014-1291 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted… | |||
| CVE-2014-1290 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted… | |||
| CVE-2014-1289 | medium | — | 6.8 | 12y ago | WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted… | |||
| CVE-2014-1275 | medium | — | 6.8 | 12y ago | Buffer overflow in ImageIO in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data… | |||
| CVE-2014-0779 | medium | — | 6.8 | 12y ago | The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.456… | |||
| CVE-2014-0336 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the web client in Serena Dimensions CM 12.2 build 7.199.0 allows remote attackers to hijack the authentication of administrators for requests that u… | |||
| CVE-2014-0036 | medium | — | 6.8 | 12y ago | rbovirt uses the rest-client gem with SSL verification disabled | |||
| CVE-2014-1886 | medium | — | 6.8 | 12y ago | The Edinburgh by Bus application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently access external-storage reso… | |||
| CVE-2014-2099 | medium | — | 6.8 | 12y ago | The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before 2.1.4 does not properly calculate line sizes, which allows remote attackers to cause a denial of service (out-of-bounds array ac… |