CVEs from 2014
Total
7,864
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-2317 | medium | — | 7.8 | 12y ago | SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. NOTE: some of these details are obtained f… | |||
| CVE-2014-1911 | high | — | 7.8 | 12y ago | The Foscam FI8910W camera with firmware before 11.37.2.55 allows remote attackers to obtain sensitive video and image data via a blank username and password. | |||
| CVE-2014-0707 | high | — | 7.8 | 12y ago | Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSC… | |||
| CVE-2014-0706 | high | — | 7.8 | 12y ago | Cisco Wireless LAN Controller (WLC) devices 7.2 before 7.2.115.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet fram… | |||
| CVE-2014-0701 | high | — | 7.8 | 12y ago | Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, 7.3, and 7.4 before 7.4.110.0 do not properly deallocate memory, which allows remote attackers to cause a denial of service (reb… | |||
| CVE-2014-2264 | high | — | 7.8 | 12y ago | The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session. | |||
| CVE-2014-2089 | medium | — | 7.8 | 12y ago | ILIAS 4.4.1 allows remote attackers to execute arbitrary PHP code via an e-mail attachment that leads to creation of a .php file with a certain client_id pathname. | |||
| CVE-2014-1966 | high | — | 7.8 | 13y ago | The SNMP implementation in Siemens RuggedCom ROS before 3.11, ROS 3.11 for RS950G, ROS 3.12 before 3.12.4, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (device outage)… | |||
| CVE-2014-0719 | high | — | 7.8 | 13y ago | The control-plane access-list implementation in Cisco IPS Software before 7.1(8p2)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (MainApp process outage) via crafted … | |||
| CVE-2014-0499 | high | — | 7.8 | 13y ago | Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK befor… | |||
| CVE-2014-0254 | high | — | 7.8 | 13y ago | The IPv6 implementation in Microsoft Windows 8, Windows Server 2012, and Windows RT does not properly validate packets, which allows remote attackers to cause a denial of service (system hang) via cr… | |||
| CVE-2014-1915 | medium | — | 7.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to hijack the authentication of (1) administrators for requests t… | |||
| CVE-2014-0822 | high | — | 7.8 | 13y ago | The IMAP server in IBM Domino 8.5.x before 8.5.3 FP6 IF1 and 9.0.x before 9.0.1 FP1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, aka SPR KLYH9F4S2Z. | |||
| CVE-2014-1683 | medium | — | 7.8 | 13y ago | The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary … | |||
| CVE-2014-0753 | high | — | 7.8 | 13y ago | Stack-based buffer overflow in the SCADA server in Ecava IntegraXor before 4.1.4390 allows remote attackers to cause a denial of service (system crash) by triggering access to DLL code located in the… | |||
| CVE-2014-0618 | high | — | 7.8 | 13y ago | Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R before 12.1R7, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on SRX Series service gateways, when used as a UAC enforc… | |||
| CVE-2014-1408 | high | — | 7.8 | 13y ago | The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via an HTTP request, as … | |||
| CVE-2014-0621 | medium | — | 7.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that … | |||
| CVE-2014-9284 | high | — | 7.7 | 11y ago | The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, WHR-600D 1.60 and earlier, WHR-300HP2 1.60 and earlier, WMR-300 1.60 and earlier, WEX-300 1.60 and earlier, and BHR-4GRV2 1.04 a… | |||
| CVE-2014-7999 | high | — | 7.7 | 12y ago | Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote authenticated users to install arbitrary firmware by leveraging unspecified HTTP handler access on the local network, … | |||
| CVE-2014-0633 | high | — | 7.7 | 12y ago | The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an … | |||
| CVE-2014-9196 | high | — | 7.6 | 11y ago | Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 controls and Idea and IdeaPLUS relays generates TCP initial sequence number (ISN) values linearly, which makes it easier for rem… | |||
| CVE-2014-5406 | high | — | 7.6 | 11y ago | The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote… | |||
| CVE-2014-6598 | high | — | 7.6 | 12y ago | Unspecified vulnerability in the Oracle Communications Diameter Signaling Router component in Oracle Communications Applications 3.x, 4.x, and 5.0 allows remote attackers to affect confidentiality, i… | |||
| CVE-2014-6493 | high | — | 7.6 | 12y ago | Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different … | |||
| CVE-2014-6492 | high | — | 7.6 | 12y ago | Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related t… | |||
| CVE-2014-4288 | high | — | 7.6 | 12y ago | Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different … | |||
| CVE-2014-3632 | high | — | 7.6 | 12y ago | The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6, all… | |||
| CVE-2014-4343 | high | — | 7.6 | 12y ago | Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote a… | |||
| CVE-2014-2717 | high | — | 7.6 | 12y ago | Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to bypass authentication and obtain adminis… | |||
| CVE-2014-2781 | high | — | 7.6 | 12y ago | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly restrict the excha… | |||
| CVE-2014-2003 | high | — | 7.6 | 12y ago | JustSystems JUST Online Update, as used in Ichitaro through 2014 and other products, does not properly validate signatures of update modules, which allows remote attackers to spoof modules and execut… | |||
| CVE-2014-3261 | high | — | 7.6 | 12y ago | Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System 1.4 before 1.4(1i), NX-OS 5.0 before 5.0(3)U2(2) on Nexus 3000 devices, … | |||
| CVE-2014-0643 | high | — | 7.6 | 12y ago | EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 10.2.4 and 10.3.x before 10.3.2, when Kerberos PAM is enabled, do not require a password, which allows remote attackers to bypass … | |||
| CVE-2014-3121 | high | — | 7.6 | 12y ago | rxvt-unicode before 9.20 does not properly handle OSC escape sequences, which allows user-assisted remote attackers to manipulate arbitrary X window properties and execute arbitrary commands. | |||
| CVE-2014-2168 | high | — | 7.6 | 12y ago | Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to execute arbitrary code via crafted DNS response packets, aka Bug ID CSCty44804. | |||
| CVE-2014-1765 | high | — | 7.6 | 12y ago | Multiple use-after-free vulnerabilities in Microsoft Internet Explorer 6 through 11 allow remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by Sebastian Apelt and An… | |||
| CVE-2014-2428 | high | — | 7.6 | 12y ago | Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to… | |||
| CVE-2014-0448 | high | — | 7.6 | 12y ago | Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | |||
| CVE-2014-0904 | high | — | 7.6 | 12y ago | The update process in IBM Security AppScan Standard 7.9 through 8.8 does not require integrity checks of downloaded files, which allows remote attackers to execute arbitrary code via a crafted file. | |||
| CVE-2014-0387 | high | — | 7.6 | 13y ago | Unspecified vulnerability in Oracle Java SE 6u65 and Java SE 7u45, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related … | |||
| CVE-2014-9706 | high | — | 7.5 | 4y ago | The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly … | |||
| CVE-2014-9462 | high | — | 7.5 | 4y ago | The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command. | |||
| CVE-2014-4326 | high | — | 7.5 | 4y ago | Elasticsearch Logstash allows remote attackers to execute arbitrary commands | |||
| CVE-2014-8119 | high | 7.5 | 7.5 | 9y ago | The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions. | |||
| CVE-2014-3651 | high | 7.5 | 7.5 | 9y ago | Keycloak vulnerable to uncontrolled resource consumption | |||
| CVE-2014-0072 | high | 7.5 | 7.5 | 9y ago | ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin (org.apache.cordova.file-transfer) before 0.4.2 for iOS and the File-Transfer plugin for iOS from Cordova 2.4.0 through 2.9… | |||
| CVE-2014-0115 | high | 7.5 | 7.5 | 9y ago | Apache Storm log viewer path traversal vulnerability | |||
| CVE-2014-3526 | high | 7.5 | 7.5 | 9y ago | Apache Wicket Sensitive Data Exposure | |||
| CVE-2014-3744 | high | 7.5 | 7.5 | 9y ago | Directory Traversal in st | |||
| CVE-2014-3164 | high | 7.5 | 7.5 | 9y ago | cmds/servicemanager/service_manager.c in Android before commit 7d42a3c31ba78a418f9bdde0e0ab951469f321b5 allows attackers to cause a denial of service (NULL pointer dereference, or out-of-bounds write… | |||
| CVE-2014-9697 | high | 7.5 | 7.5 | 9y ago | Huawei USG9560/9520/9580 before V300R001C01SPC300 allows remote attackers to cause a memory leak or denial of service (memory exhaustion, reboot and MPU switchover) via a crafted website. | |||
| CVE-2014-8324 | high | 7.5 | 7.5 | 9y ago | network.c in Aircrack-ng before 1.2 Beta 3 allows remote attackers to cause a denial of service (segmentation fault) via a response with a crafted length parameter. | |||
| CVE-2014-8323 | high | 7.5 | 7.5 | 9y ago | buddy-ng.c in Aircrack-ng before 1.2 Beta 3 allows remote attackers to cause a denial of service (segmentation fault) via a response with a crafted length parameter. | |||
| CVE-2014-7851 | high | 7.5 | 7.5 | 9y ago | oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that us… | |||
| CVE-2014-9616 | high | 7.5 | 7.5 | 9y ago | Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to obtain sensitive information by making a request that redirects to the deny page. | |||
| CVE-2014-7808 | high | 7.5 | 7.5 | 9y ago | Apache Wicket insecure defaults | |||
| CVE-2014-9624 | high | 7.5 | 7.5 | 9y ago | CAPTCHA bypass vulnerability in MantisBT before 1.2.19. | |||
| CVE-2014-6438 | high | 7.5 | 7.5 | 9y ago | The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or applica… | |||
| CVE-2014-9497 | high | 7.5 | 7.5 | 9y ago | Buffer overflow in mpg123 before 1.18.0. | |||
| CVE-2014-9483 | high | 7.5 | 7.5 | 9y ago | Emacs 24.4 allows remote attackers to bypass security restrictions. | |||
| CVE-2014-8871 | high | 7.5 | 7.5 | 9y ago | Directory traversal vulnerability in hybris Commerce software suite 5.0.3.3 and earlier, 5.0.0.3 and earlier, 5.0.4.4 and earlier, 5.1.0.1 and earlier, 5.1.1.2 and earlier, 5.2.0.3 and earlier, and 5… | |||
| CVE-2014-3451 | high | 7.5 | 7.5 | 9y ago | OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks. | |||
| CVE-2014-3462 | high | 7.5 | 7.5 | 9y ago | The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes". | |||
| CVE-2014-6354 | high | 7.5 | 7.5 | 9y ago | Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 allows remote attackers to execute arbitrary code. | |||
| CVE-2014-7919 | high | 7.5 | 7.5 | 9y ago | b/libs/gui/ISurfaceComposer.cpp in Android allows attackers to trigger a denial of service (null pointer dereference and process crash). | |||
| CVE-2014-9970 | high | 7.5 | 7.5 | 9y ago | Exposure of Sensitive Information to an Unauthorized Actor in Apache Jasypt | |||
| CVE-2014-2960 | high | 7.5 | 7.5 | 9y ago | Vision Critical before 2014-05-30 allows attackers to read arbitrary files via unspecified vectors, as demonstrated by image files and configuration files. | |||
| CVE-2014-3930 | high | 7.5 | 7.5 | 9y ago | lg.pl in Cistron-LG 1.01 stores sensitive information under the web root with insufficient access controls, which allows remote attackers to obtain IP addresses and other unspecified router credentia… | |||
| CVE-2014-3929 | high | 7.5 | 7.5 | 9y ago | The default configuration for Cougar-LG stores sensitive information under the web root with insufficient access control, which might allow remote attackers to obtain private ssh keys. | |||
| CVE-2014-9692 | high | 7.5 | 7.5 | 9y ago | Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R… | |||
| CVE-2014-9690 | high | 7.5 | 7.5 | 9y ago | Huawei home gateways WS318 with software V100R001C01B022 and earlier versions are affected by the PIN offline brute force cracking vulnerability of the WPS protocol because the random number generato… | |||
| CVE-2014-8572 | high | 7.5 | 7.5 | 9y ago | Huawei AC6605 with software V200R001C00; AC6605 with software V200R002C00; ACU with software V200R001C00; ACU with software V200R002C00; S2300, S3300, S2700, S3700 with software V100R006C05 and earli… | |||
| CVE-2014-4706 | high | 7.5 | 7.5 | 9y ago | Huawei Campus S3700HI with software V200R001C00SPC300; Campus S5700 with software V200R002C00SPC100; Campus S7700 with software V200R003C00SPC300,V200R003C00SPC500; LSW S9700 with software V200R001C0… | |||
| CVE-2014-3224 | high | 7.5 | 7.5 | 9y ago | Huawei Quidway S9700 V200R003C00SPC500, Quidway S9300 V200R003C00SPC500, Quidway S7700 V200R003C00SPC500, Quidway S6700 V200R003C00SPC300, Quidway S6300 V200R003C00SPC300, Quidway S5700 V200R003C00SP… | |||
| CVE-2014-3223 | high | 7.5 | 7.5 | 9y ago | Huawei S9300 with software before V100R006SPH013 and S2300,S3300,S5300,S6300 with software before V100R006SPH010 support Y.1731 and therefore have the Y.1731 vulnerability in processing special packe… | |||
| CVE-2014-3221 | high | 7.5 | 7.5 | 9y ago | Huawei Eudemon8000E firewall with software V200R001C01SPC800 and earlier versions allows users to log in to the device using Telnet or SSH. When an attacker sends to the device a mass of TCP packets … | |||
| CVE-2014-9804 | high | 7.5 | 7.5 | 9y ago | vision.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via vectors related to "too many object." | |||
| CVE-2014-9839 | high | 7.5 | 7.5 | 9y ago | magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access). | |||
| CVE-2014-9851 | high | 7.5 | 7.5 | 9y ago | ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash). | |||
| CVE-2014-9850 | high | 7.5 | 7.5 | 9y ago | Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption). | |||
| CVE-2014-9849 | high | 7.5 | 7.5 | 9y ago | The png coder in ImageMagick allows remote attackers to cause a denial of service (crash). | |||
| CVE-2014-9848 | high | 7.5 | 7.5 | 9y ago | Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption). | |||
| CVE-2014-9842 | high | 7.5 | 7.5 | 9y ago | Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | |||
| CVE-2014-9854 | high | 7.5 | 7.5 | 9y ago | coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image." | |||
| CVE-2014-8701 | high | 7.5 | 7.5 | 9y ago | Wonder CMS 2014 allows remote attackers to obtain sensitive information by viewing /files/password, which reveals the unsalted MD5 hashed password. | |||
| CVE-2014-8688 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Telegram Messenger 2.6 for iOS and 1.8.2 for Android. Secret chat messages are available in cleartext in process memory and a .db file. | |||
| CVE-2014-9755 | high | 7.5 | 7.5 | 10y ago | The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before… | |||
| CVE-2014-9901 | high | 7.5 | 7.5 | 10y ago | The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service (device hang or reboot) via… | |||
| CVE-2014-9773 | high | 7.5 | 7.5 | 10y ago | modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks. | |||
| CVE-2014-9747 | high | 7.5 | 7.5 | 10y ago | The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial o… | |||
| CVE-2014-0236 | high | 7.5 | 7.5 | 10y ago | file before 5.18, as used in the Fileinfo component in PHP before 5.6.0, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a zero root_storage … | |||
| CVE-2014-9771 | high | 7.5 | 7.5 | 10y ago | Integer overflow in imlib2 before 1.4.7 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted image, which triggers an invalid read operation. | |||
| CVE-2014-9764 | high | 7.5 | 7.5 | 10y ago | imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a crafted GIF file. | |||
| CVE-2014-9763 | high | 7.5 | 7.5 | 10y ago | imlib2 before 1.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted PNM file. | |||
| CVE-2014-9762 | high | 7.5 | 7.5 | 10y ago | imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a GIF image without a colormap. | |||
| CVE-2014-9742 | high | 7.5 | 7.5 | 10y ago | The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x before 1.11.9 improperly uses a single random base, which makes it easier for remote attackers to defeat cryptographic protection me… | |||
| CVE-2014-3260 | high | 7.5 | 7.5 | 11y ago | Pacom 1000 CCU and RTU GMS devices allow remote attackers to spoof the controller-to-base data stream by leveraging improper use of cryptography. | |||
| CVE-2014-9651 | high | — | 7.5 | 11y ago | Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, and before 5.0 allows attackers to have unspecified impact via a positive START argument to the "substring-index[-ci] procedures… | |||
| CVE-2014-6272 | high | — | 7.5 | 11y ago | Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or poss… |