CVEs from 2014
Total
7,864
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-4148 | unknown | — | 1.5 | 4y ago | A remote code execution vulnerability exists when the Windows kernel-mode driver improperly handles TrueType fonts. | |||
| CVE-2014-8439 | unknown | — | 1.5 | 4y ago | Adobe Flash Player has a vulnerability in the way it handles a dereferenced memory pointer which could lead to code execution. | |||
| CVE-2014-4123 | unknown | — | 1.5 | 4y ago | Microsoft Internet Explorer contains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web site. | |||
| CVE-2014-2817 | unknown | — | 1.5 | 4y ago | Microsoft Internet Explorer cotains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web site. | |||
| CVE-2014-4077 | unknown | — | 1.5 | 4y ago | Microsoft Input Method Editor (IME) Japanese is a keyboard with Japanese characters that can be enabled on Windows systems as it is included by default (with the default set as disabled). IME Japanes… | |||
| CVE-2014-9163 | unknown | — | 1.5 | 4y ago | Stack-based buffer overflow in Adobe Flash Player allows attackers to execute code remotely. | |||
| CVE-2014-0496 | unknown | — | 1.5 | 4y ago | Adobe Reader and Acrobat contain a use-after-free vulnerability which can allow for code execution. | |||
| CVE-2014-1776 | unknown | — | 1.5 | 4y ago | Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code in the context of the current user. | |||
| CVE-2014-5029 | low | — | 1.5 | 12y ago | The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerabilit… | |||
| CVE-2014-0130 | unknown | — | 1.5 | 12y ago | Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails allows remote attackers to read arbitrary files via a crafted re… | |||
| CVE-2014-2485 | low | — | 1.4 | 12y ago | Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows local users to affect confidentiality via unknown vectors related to Integration Business Serv… | |||
| CVE-2014-6134 | low | — | 1.2 | 11y ago | IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation… | |||
| CVE-2014-5177 | low | — | 1.2 | 12y ago | libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declarat… | |||
| CVE-2014-3537 | low | — | 1.2 | 12y ago | The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/. | |||
| CVE-2014-2343 | low | — | 1.2 | 12y ago | Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows physically proximate attackers to cause a denial of service (excessive data processing) via a crafted DNP request over a serial line. | |||
| CVE-2014-2030 | unknown | — | 1.0 | — | Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary… | |||
| CVE-2014-1947 | unknown | — | 1.0 | — | Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary … | |||
| CVE-2014-9390 | unknown | — | 1.0 | 4y ago | Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; … | |||
| CVE-2014-4248 | low | — | 1.0 | 12y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, and 12.2.3 allows local users to affect confidentiality via … | |||
| CVE-2014-2488 | low | — | 1.0 | 12y ago | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality via … | |||
| CVE-2014-8178 | unknown | — | — | — | Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a cra… | |||
| CVE-2014-3495 | unknown | — | — | — | duplicity 0.6.24 has improper verification of SSL certificates | |||
| CVE-2014-0144 | unknown | — | — | — | QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input va… | |||
| CVE-2014-0147 | unknown | — | — | — | Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while… | |||
| CVE-2014-0148 | unknown | — | — | — | Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_s… | |||
| CVE-2014-3180 | unknown | — | — | — | In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting com… | |||
| CVE-2014-3519 | unknown | — | — | — | The open_by_handle_at function in vzkernel before 042stab090.5 in the OpenVZ modification for the Linux kernel 2.6.32, when using simfs, might allow local container users with CAP_DAC_READ_SEARCH cap… | |||
| CVE-2014-8171 | unknown | — | — | — | The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup. | |||
| CVE-2014-8181 | unknown | — | — | — | The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace. | |||
| CVE-2014-8561 | unknown | — | — | — | imagemagick 6.8.9.6 has remote DOS via infinite loop | |||
| CVE-2014-7210 | unknown | — | — | — | pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered that the maintainer scripts of pdns-backend-mysql grant too wide database permissi… | |||
| CVE-2014-5278 | unknown | — | — | — | A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs. | |||
| CVE-2014-5282 | unknown | — | — | — | Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'. | |||
| CVE-2014-8179 | unknown | — | — | — | Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to injec… | |||
| CVE-2014-0048 | unknown | — | — | — | An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways. | |||
| CVE-2014-1958 | unknown | — | — | — | Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld stri… | |||
| CVE-2014-8184 | unknown | — | — | — | A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A stack-based buffer overflow was found in findTable() in liblouis. An attacker could create a malicious file that would cause appl… | |||
| CVE-2014-3471 | unknown | — | — | — | Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU instance crash) via hotplug and hotunplug operations of Virti… | |||
| CVE-2014-8126 | unknown | — | — | — | The scheduler in HTCondor before 8.2.6 allows remote authenticated users to execute arbitrary code. | |||
| CVE-2014-2079 | unknown | — | — | — | X File Explorer (aka xfe) might allow local users to bypass intended access restrictions and gain access to arbitrary files by leveraging failure to use directory masks when creating files on Samba a… | |||
| CVE-2014-125087 | unknown | — | — | 3y ago | java-xmlbuilder vulnerable to XML External Entity Reference | |||
| CVE-2014-3599 | unknown | — | — | 4y ago | HornetQ REST vulnerable to Improper Restriction of XML External Entity Reference | |||
| CVE-2014-9720 | unknown | — | — | 4y ago | Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determi… | |||
| CVE-2014-4172 | unknown | — | — | 4y ago | Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability | |||
| CVE-2014-3643 | unknown | — | — | 4y ago | jersey: XXE via parameter entities | |||
| CVE-2014-3652 | unknown | — | — | 4y ago | JBoss KeyCloak Open Redirect | |||
| CVE-2014-3656 | unknown | — | — | 4y ago | JBoss KeyCloak Cross-site Scripting Vulnerability | |||
| CVE-2014-3607 | unknown | — | — | 4y ago | Improper Certificate Validation in vt-ldap | |||
| CVE-2014-3603 | unknown | — | — | 4y ago | Improper Validation of Certificate with Host Mismatch in Shibboleth Identity Provider and OpenSAML Java | |||
| CVE-2014-9356 | unknown | — | — | 5y ago | Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or… |