CVEs from 2014
Total
7,864
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-9520 | high | — | 7.5 | 12y ago | SQL injection vulnerability in execute.php in InfiniteWP Admin Panel before 2.4.4 allows remote attackers to execute arbitrary SQL commands via the historyID parameter. | |||
| CVE-2014-9519 | high | — | 7.5 | 12y ago | SQL injection vulnerability in login.php in InfiniteWP Admin Panel before 2.4.3 allows remote attackers to execute arbitrary SQL commands via the email parameter. | |||
| CVE-2014-9389 | high | — | 7.5 | 12y ago | Directory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attackers to read or write to arbitrary files via unspecified vectors. | |||
| CVE-2014-8084 | high | — | 7.5 | 12y ago | Directory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the aja… | |||
| CVE-2014-8083 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote attackers to execute arbitrary SQL commands via the alert parameter in a search alert subscription… | |||
| CVE-2014-9509 | high | — | 7.5 | 12y ago | Typo3 Vulnerable to Cache Poisoning | |||
| CVE-2014-9277 | high | — | 7.5 | 12y ago | The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injecti… | |||
| CVE-2014-9427 | high | — | 7.5 | 12y ago | sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length d… | |||
| CVE-2014-9455 | high | — | 7.5 | 12y ago | SQL injection vulnerability in showads.php in CTS Projects & Software ClassAd 3.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||
| CVE-2014-9451 | high | — | 7.5 | 12y ago | Multiple stack-based buffer overflows in the DIVA web service API (/webservice) in VDG Security SENSE (formerly DIVA) 2.3.13 allow remote attackers to execute arbitrary code via the (1) user or (2) p… | |||
| CVE-2014-9450 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.8 allow remote attackers to execute arbitrary SQL commands v… | |||
| CVE-2014-8145 | high | — | 7.5 | 12y ago | Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock fu… | |||
| CVE-2014-9425 | high | — | 7.5 | 12y ago | Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of… | |||
| CVE-2014-9424 | high | — | 7.5 | 12y ago | Double free vulnerability in the ssl_parse_clienthello_use_srtp_ext function in d1_srtp.c in LibreSSL before 2.1.2 allows remote attackers to cause a denial of service or possibly have unspecified ot… | |||
| CVE-2014-6228 | high | — | 7.5 | 12y ago | Integer overflow in the string_chunk_split function in hphp/runtime/base/zend-string.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 allows remote attackers to cause a denial of service (a… | |||
| CVE-2014-2208 | high | — | 7.5 | 12y ago | CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbit… | |||
| CVE-2014-8514 | high | — | 7.5 | 12y ago | Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability t… | |||
| CVE-2014-8513 | high | — | 7.5 | 12y ago | Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability t… | |||
| CVE-2014-8512 | high | — | 7.5 | 12y ago | Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability tha… | |||
| CVE-2014-2217 | high | — | 7.5 | 12y ago | Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and conse… | |||
| CVE-2014-8142 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execu… | |||
| CVE-2014-9295 | high | — | 7.5 | 12y ago | Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authe… | |||
| CVE-2014-9294 | high | — | 7.5 | 12y ago | util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. | |||
| CVE-2014-9293 | high | — | 7.5 | 12y ago | The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection … | |||
| CVE-2014-9379 | high | — | 7.5 | 12y ago | The radius_get_attribute function in dissectors/ec_radius.c in Ettercap 0.8.1 performs an incorrect cast, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitr… | |||
| CVE-2014-9378 | high | — | 7.5 | 12y ago | Ettercap 0.8.1 does not validate certain return values, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted (1) name to the parse_line … | |||
| CVE-2014-9377 | high | — | 7.5 | 12y ago | Heap-based buffer overflow in the nbns_spoof function in plug-ins/nbns_spoof/nbns_spoof.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via… | |||
| CVE-2014-9376 | high | — | 7.5 | 12y ago | Integer underflow in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds write) and possibly execute arbitrary code via a small (1) size variable value in the dissector… | |||
| CVE-2014-6396 | high | — | 7.5 | 12y ago | The dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 0.8.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted passwor… | |||
| CVE-2014-9057 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified v… | |||
| CVE-2014-8340 | high | — | 7.5 | 12y ago | SQL injection vulnerability in Php/Functions/log_function.php in phpTrafficA 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via a User-Agent HTTP header. | |||
| CVE-2014-9249 | high | — | 7.5 | 12y ago | The default configuration of Zenoss Core before 5 allows remote attackers to read or modify database information by connecting to unspecified open ports, aka ZEN-15408. | |||
| CVE-2014-6256 | high | — | 7.5 | 12y ago | Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions and place files in a directory with public (1) read or (2) execute access via a move action, aka ZEN-15386. | |||
| CVE-2014-6052 | high | — | 7.5 | 12y ago | The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of serv… | |||
| CVE-2014-1569 | high | — | 7.5 | 12y ago | The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 lengt… | |||
| CVE-2014-8269 | high | — | 7.5 | 12y ago | Multiple stack-based buffer overflows in (1) HWOPOSScale.ocx and (2) HWOPOSSCANNER.ocx in Honeywell OPOS Suite before 1.13.4.15 allow remote attackers to execute arbitrary code via a crafted file tha… | |||
| CVE-2014-7840 | high | — | 7.5 | 12y ago | The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savev… | |||
| CVE-2014-6407 | high | — | 7.5 | 12y ago | Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation. | |||
| CVE-2014-4323 | high | — | 7.5 | 12y ago | The mdp_lut_hw_update function in drivers/video/msm/mdp.c in the MDP display driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and ot… | |||
| CVE-2014-7260 | high | — | 7.5 | 12y ago | The Server Side Includes (SSI) implementation in the File Upload BBS component in ULTRAPOP.JP i-HTTPD allows remote attackers to execute arbitrary commands by uploading files containing commands in S… | |||
| CVE-2014-9264 | high | — | 7.5 | 12y ago | Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to execute arbitrary code via a crafted column alias. | |||
| CVE-2014-4466 | high | — | 7.5 | 12y ago | WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application… | |||
| CVE-2014-8298 | high | — | 7.5 | 12y ago | The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R331.113, R340.x before R340.65, R343.x before R343.36, and R346.x before R346.22, Linux for Tegra (L4T) driver before R21.2, and … | |||
| CVE-2014-9318 | high | — | 7.5 | 12y ago | The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and… | |||
| CVE-2014-9317 | high | — | 7.5 | 12y ago | The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap acce… | |||
| CVE-2014-9316 | high | — | 7.5 | 12y ago | The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap acc… | |||
| CVE-2014-9275 | high | — | 7.5 | 12y ago | UnRTF allows remote attackers to cause a denial of service (out-of-bounds memory access and crash) and possibly execute arbitrary code via a crafted RTF file. | |||
| CVE-2014-9274 | high | — | 7.5 | 12y ago | UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999". | |||
| CVE-2014-8504 | high | — | 7.5 | 12y ago | Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified i… | |||
| CVE-2014-8503 | high | — | 7.5 | 12y ago | Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified i… | |||
| CVE-2014-8502 | high | — | 7.5 | 12y ago | Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspe… | |||
| CVE-2014-8501 | high | — | 7.5 | 12y ago | The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified… | |||
| CVE-2014-8485 | high | — | 7.5 | 12y ago | The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section g… | |||
| CVE-2014-9280 | high | — | 7.5 | 12y ago | The current_user_get_bug_filter function in core/current_user_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary PHP code via the filter parameter. | |||
| CVE-2014-1693 | high | — | 7.5 | 12y ago | Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-dependent attackers to inject arbitrary FTP commands via CRLF sequences in the (1) user, (2) account, (3) … | |||
| CVE-2014-7255 | high | 7.5 | 7.5 | 12y ago | Internet Initiative Japan Inc. SEIL Series routers SEIL/X1 2.50 through 4.62, SEIL/X2 2.50 through 4.62, SEIL/B1 2.50 through 4.62, and SEIL/x86 Fuji 1.70 through 3.22 allow remote attackers to cause… | |||
| CVE-2014-8990 | high | — | 7.5 | 12y ago | default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename. | |||
| CVE-2014-7867 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus servlet in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow… | |||
| CVE-2014-9239 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote … | |||
| CVE-2014-9157 | high | — | 7.5 | 12y ago | Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not … | |||
| CVE-2014-9220 | high | — | 7.5 | 12y ago | SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command. | |||
| CVE-2014-9152 | high | — | 7.5 | 12y ago | The _user_resource_create function in the Services module 7.x-3.x before 7.x-3.10 for Drupal uses a password of 1 when creating new user accounts, which makes it easier for remote attackers to guess … | |||
| CVE-2014-9151 | high | — | 7.5 | 12y ago | The Services module 7.x-3.x before 7.x-3.10 for Drupal does not properly limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attac… | |||
| CVE-2014-9087 | high | — | 7.5 | 12y ago | Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or … | |||
| CVE-2014-9089 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT before 1.2.18 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to view_all_se… | |||
| CVE-2014-9093 | high | — | 7.5 | 12y ago | LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file. | |||
| CVE-2014-9028 | high | — | 7.5 | 12y ago | Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. | |||
| CVE-2014-8962 | high | — | 7.5 | 12y ago | Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. | |||
| CVE-2014-8002 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in decode_slice.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file. | |||
| CVE-2014-8001 | high | — | 7.5 | 12y ago | Buffer overflow in decode.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file. | |||
| CVE-2014-8367 | high | — | 7.5 | 12y ago | SQL injection vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) 6.2.x, 6.3.x before 6.3.6, and 6.4.x before 6.4.2 allows remote attackers to execute arbitrary SQL commands via unspecifi… | |||
| CVE-2014-8413 | high | — | 7.5 | 12y ago | The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs defined in pjsip.conf at startup, which allows remote attackers to by… | |||
| CVE-2014-7845 | high | — | 7.5 | 12y ago | Moodle Temporary Passwords are Brute Force-able | |||
| CVE-2014-8626 | high | — | 7.5 | 12y ago | Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly… | |||
| CVE-2014-9024 | high | — | 7.5 | 12y ago | The Protected Pages module 7.x-2.x before 7.x-2.4 for Drupal allows remote attackers to bypass the password protection via a crafted path. | |||
| CVE-2014-7908 | high | — | 7.5 | 12y ago | Multiple integer overflows in the CheckMov function in media/base/container_names.cc in Google Chrome before 39.0.2171.65 allow remote attackers to cause a denial of service or possibly have unspecif… | |||
| CVE-2014-7907 | high | — | 7.5 | 12y ago | Multiple use-after-free vulnerabilities in modules/screen_orientation/ScreenOrientationController.cpp in Blink, as used in Google Chrome before 39.0.2171.65, allow remote attackers to cause a denial … | |||
| CVE-2014-7906 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the Pepper plugins in Google Chrome before 39.0.2171.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Flas… | |||
| CVE-2014-7904 | high | — | 7.5 | 12y ago | Buffer overflow in Skia, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||
| CVE-2014-7903 | high | — | 7.5 | 12y ago | Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a … | |||
| CVE-2014-7902 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF … | |||
| CVE-2014-7901 | high | — | 7.5 | 12y ago | Integer overflow in the opj_t2_read_packet_data function in fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c in OpenJPEG in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to c… | |||
| CVE-2014-7900 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the CPDF_Parser::IsLinearizedFile function in fpdfapi/fpdf_parser/fpdf_parser_parser.cpp in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attacke… | |||
| CVE-2014-4457 | high | — | 7.5 | 12y ago | The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted app… | |||
| CVE-2014-0250 | high | — | 7.5 | 12y ago | Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allow remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress f… | |||
| CVE-2014-3158 | high | — | 7.5 | 12y ago | Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to "access privileged options" via a long word in an options file, which trigge… | |||
| CVE-2014-5424 | high | — | 7.5 | 12y ago | Rockwell Automation Connected Components Workbench (CCW) before 7.00.00 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an invalid prop… | |||
| CVE-2014-8554 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the mc_project_get_attachments function in api/soap/mc_project_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary SQL commands via the proje… | |||
| CVE-2014-3674 | high | — | 7.5 | 12y ago | Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors. | |||
| CVE-2014-8442 | high | — | 7.5 | 12y ago | Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe … | |||
| CVE-2014-0583 | high | — | 7.5 | 12y ago | Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK… | |||
| CVE-2014-3687 | high | 7.5 | 7.5 | 12y ago | The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplic… | |||
| CVE-2014-3673 | high | 7.5 | 7.5 | 12y ago | The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and ne… | |||
| CVE-2014-3693 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly ex… | |||
| CVE-2014-8668 | high | — | 7.5 | 12y ago | SQL injection vulnerability in SAP Contract Accounting allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-8664 | high | — | 7.5 | 12y ago | SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-8663 | high | — | 7.5 | 12y ago | SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-8351 | high | — | 7.5 | 12y ago | SQL injection vulnerability in info.php in French National Commission on Informatics and Liberty (aka CNIL) CookieViz before 1.0.1 allows remote web servers to execute arbitrary SQL commands via the … | |||
| CVE-2014-8549 | high | — | 7.5 | 12y ago | libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the number of channels to at most 2, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have u… | |||
| CVE-2014-8548 | high | — | 7.5 | 12y ago | Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime… |