CVEs from 2014
Total
7,865
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-9421 | critical | — | 9.0 | 11y ago | The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR de… | |||
| CVE-2014-5352 | critical | — | 9.0 | 11y ago | The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x bef… | |||
| CVE-2014-9375 | critical | — | 9.0 | 12y ago | Directory traversal vulnerability in the LibraryFileUploadServlet servlet in Lexmark Markvision Enterprise allows remote authenticated users to write to and execute arbitrary files via a .. (dot dot)… | |||
| CVE-2014-6567 | critical | — | 9.0 | 12y ago | Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integ… | |||
| CVE-2014-3440 | critical | — | 9.0 | 12y ago | The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 a… | |||
| CVE-2014-4259 | critical | — | 9.0 | 12y ago | Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.1 allows remote authenticated users to affect confidentiality, integrity, and availability vi… | |||
| CVE-2014-6158 | critical | — | 9.0 | 12y ago | Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before 1.0.0.4 iFix 10, 1.1 before 1.1.0.5, and 2.0 before 2.0.0.1 and Workload Deployer 3.1.… | |||
| CVE-2014-4626 | critical | — | 9.0 | 12y ago | EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job obje… | |||
| CVE-2014-8373 | critical | — | 9.0 | 12y ago | The VMware Remote Console (VMRC) function in VMware vCloud Automation Center (vCAC) 6.0.1 through 6.1.1 allows remote authenticated users to gain privileges via vectors involving the "Connect (by) Us… | |||
| CVE-2014-4629 | critical | — | 9.0 | 12y ago | EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19 allows remote authenticated users to read or delete arbitrary files via unspecified vectors related to an insecure direct… | |||
| CVE-2014-8368 | critical | — | 9.0 | 12y ago | The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain privileges and execute arbitrary commands via unspecified vectors. | |||
| CVE-2014-8418 | critical | — | 9.0 | 12y ago | The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 1… | |||
| CVE-2014-5314 | critical | — | 9.0 | 12y ago | Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages. | |||
| CVE-2014-6627 | critical | — | 9.0 | 12y ago | Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-5342. | |||
| CVE-2014-6625 | critical | — | 9.0 | 12y ago | The Policy Manager in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to gain privileges via unspecified vectors. | |||
| CVE-2014-2177 | critical | — | 9.0 | 12y ago | The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote aut… | |||
| CVE-2014-7875 | critical | — | 9.0 | 12y ago | Unspecified vulnerability on the HP LaserJet CM3530 Multifunction Printer CC519A and CC520A with firmware before 53.236.2 allows remote attackers to obtain sensitive information, modify data, or caus… | |||
| CVE-2014-6560 | critical | — | 9.0 | 12y ago | Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrit… | |||
| CVE-2014-6546 | critical | — | 9.0 | 12y ago | Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integ… | |||
| CVE-2014-6545 | critical | — | 9.0 | 12y ago | Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrit… | |||
| CVE-2014-6467 | critical | — | 9.0 | 12y ago | Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrit… | |||
| CVE-2014-6455 | critical | — | 9.0 | 12y ago | Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, … | |||
| CVE-2014-6453 | critical | — | 9.0 | 12y ago | Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrit… | |||
| CVE-2014-3389 | critical | — | 9.0 | 12y ago | The VPN implementation in Cisco ASA Software 7.2 before 7.2(5.15), 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), … | |||
| CVE-2014-5502 | critical | — | 9.0 | 12y ago | The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote authenticated users to inject arbitrary commands via a (1) checkcert_key, (2) webclient_portal_settings, (3) sslvpn_liveu… | |||
| CVE-2014-4868 | critical | — | 9.0 | 12y ago | The management console on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows remote authenticated users to execute arbitrary Linux commands via shell metacharacters in a console comma… | |||
| CVE-2014-2593 | critical | — | 9.0 | 12y ago | The management console in Aruba Networks ClearPass Policy Manager 6.3.0.60730 allows local users to execute arbitrary commands via shell metacharacters in certain arguments of a valid command, as dem… | |||
| CVE-2014-3333 | critical | — | 9.0 | 12y ago | The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote authenticated users to obtain privileged access by conducting an "HTTP Intercept" attack and leveraging the ability to read files … | |||
| CVE-2014-2366 | critical | — | 9.0 | 12y ago | upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code. | |||
| CVE-2014-2606 | critical | — | 9.0 | 12y ago | Unspecified vulnerability in HP StoreVirtual 4000 Storage and StoreVirtual VSA 9.5 through 11.0 allows remote authenticated users to gain privileges via unknown vectors. | |||
| CVE-2014-3816 | critical | — | 9.0 | 12y ago | Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R11, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8-S2, 12.3 bef… | |||
| CVE-2014-2197 | critical | — | 9.0 | 12y ago | The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which all… | |||
| CVE-2014-2613 | critical | — | 9.0 | 12y ago | Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and 9.2x before RC 9.21.0003 p1 on Windows and 9.2x before RC 9.21.0002 p1 on Linux allows remote authenticated users to gain privil… | |||
| CVE-2014-2611 | critical | — | 9.0 | 12y ago | Directory traversal vulnerability in the fndwar web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code, or obtain sensitive information or… | |||
| CVE-2014-2959 | critical | — | 9.0 | 12y ago | logViewer.htm on the Dell ML6000 tape backup system with firmware before i8.2.0.2 (641G.GS103) and the Quantum Scalar i500 tape backup system with firmware before i8.2.2.1 (646G.GS002) allows remote … | |||
| CVE-2014-3790 | critical | — | 9.0 | 12y ago | Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail. | |||
| CVE-2014-2504 | critical | — | 9.0 | 12y ago | EMC Documentum D2 3.1 before P20, 3.1 SP1 before P02, 4.0 before P10, 4.1 before P13, and 4.2 before P01 allows remote authenticated users to bypass intended access restrictions and execute arbitrary… | |||
| CVE-2014-0251 | critical | — | 9.0 | 12y ago | Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1; SharePoint Foundation 2010 SP1 and SP2 and 2013 Gold and SP1; Project Server 2010 S… | |||
| CVE-2014-2170 | critical | — | 9.0 | 12y ago | Cisco TelePresence TC Software 4.x and 5.x before 5.1.7 and 6.x before 6.0.1 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as argume… | |||
| CVE-2014-2169 | critical | — | 9.0 | 12y ago | Cisco TelePresence TC Software 4.x through 6.x before 6.2.0 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as arguments to internal s… | |||
| CVE-2014-0187 | critical | — | 9.0 | 12y ago | The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a s… | |||
| CVE-2014-0359 | critical | — | 9.0 | 12y ago | Xangati XSR before 11 and XNR before 7 allows remote attackers to execute arbitrary commands via shell metacharacters in a gui_input_test.pl params parameter to servlet/Installer. | |||
| CVE-2014-0632 | critical | — | 9.0 | 12y ago | Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote authenticated users to execute arbitrary code via unspecified vectors. | |||
| CVE-2014-0679 | critical | — | 9.0 | 12y ago | Cisco Prime Infrastructure 1.2 and 1.3 before 1.3.0.20-2, 1.4 before 1.4.0.45-2, and 2.0 before 2.0.0.0.294-2 allows remote authenticated users to execute arbitrary commands with root privileges via … | |||
| CVE-2014-0622 | critical | — | 9.0 | 13y ago | The web service in EMC Documentum Foundation Services (DFS) 6.5 through 6.7 before 6.7 SP1 P22, 6.7 SP2 before P08, 7.0 before P12, and 7.1 before P01 does not properly implement content uploading, w… | |||
| CVE-2014-0649 | critical | — | 9.0 | 13y ago | The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authorization requirements, which allows remote authenticated users to obtain superadmin access … | |||
| CVE-2014-1649 | high | — | 8.9 | 12y ago | The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS. | |||
| CVE-2014-3498 | high | 8.8 | 8.8 | 4y ago | The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands. | |||
| CVE-2014-0120 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf se… | |||
| CVE-2014-8358 | high | 7.8 | 8.8 | 9y ago | Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the… | |||
| CVE-2014-3150 | high | 8.8 | 8.8 | 9y ago | Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted Javascript. | |||
| CVE-2014-4000 | high | 8.8 | 8.8 | 9y ago | Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashe… | |||
| CVE-2014-3709 | high | 8.8 | 8.8 | 9y ago | JBoss Keycloak CSRF Vulnerability | |||
| CVE-2014-2664 | high | 8.8 | 8.8 | 9y ago | Unrestricted file upload vulnerability in the ProfileController::actionUploadPhoto method in protected/controllers/ProfileController.php in X2Engine X2CRM before 4.0 allows remote attackers to execut… | |||
| CVE-2014-8170 | high | 8.8 | 8.8 | 9y ago | ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, … | |||
| CVE-2014-6106 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site… | |||
| CVE-2014-9565 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware 3.4.0000 and earlier. | |||
| CVE-2014-8393 | high | 7.8 | 8.8 | 9y ago | DLL Hijacking vulnerability in CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015, and Corel PDF Fusion. | |||
| CVE-2014-8900 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in IBM UrbanCode Release 6.0.1.6 and earlier, 6.1.0.7 and earlier, and 6.1.1.1 and earlier. | |||
| CVE-2014-5302 | high | 8.8 | 8.8 | 9y ago | Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to ex… | |||
| CVE-2014-9831 | high | 8.8 | 8.8 | 9y ago | coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file. | |||
| CVE-2014-9830 | high | 8.8 | 8.8 | 9y ago | coders/sun.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted sun file. | |||
| CVE-2014-9828 | high | 8.8 | 8.8 | 9y ago | coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file. | |||
| CVE-2014-9827 | high | 8.8 | 8.8 | 9y ago | coders/xpm.c in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file. | |||
| CVE-2014-8903 | high | 8.8 | 8.8 | 9y ago | IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors. | |||
| CVE-2014-8149 | high | 8.8 | 8.8 | 9y ago | OpenDaylight defense4all 1.1.0 and earlier allows remote authenticated users to write report data to arbitrary files. | |||
| CVE-2014-0225 | high | 8.8 | 8.8 | 9y ago | Improper Restriction of XML External Entity Reference in Spring Framework | |||
| CVE-2014-9696 | high | 8.8 | 8.8 | 9y ago | The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions allows the operator to modify the user configuration of iMana through privilege escalat… | |||
| CVE-2014-9695 | high | 8.8 | 8.8 | 9y ago | The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions could allow a non-super-domain user who accesses HMM through SNMPv3 to perform operatio… | |||
| CVE-2014-9694 | high | 8.8 | 8.8 | 9y ago | Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R… | |||
| CVE-2014-9137 | high | 8.8 | 8.8 | 9y ago | Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with s… | |||
| CVE-2014-9136 | high | 8.8 | 8.8 | 9y ago | Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface. | |||
| CVE-2014-4707 | high | 8.8 | 8.8 | 9y ago | Huawei Campus S7700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300; S9300 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300; S9700 with software V200R001C00… | |||
| CVE-2014-9938 | high | 8.8 | 8.8 | 9y ago | contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution. | |||
| CVE-2014-9765 | high | 8.8 | 8.8 | 10y ago | Buffer overflow in the main_get_appheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows remote attackers to execute arbitrary code via a crafted input file. | |||
| CVE-2014-9768 | high | 8.8 | 8.8 | 10y ago | IBM Tivoli NetView Access Services (NVAS) allows remote authenticated users to gain privileges by entering the ADM command and modifying a "page ID" field to the EMSPG2 transaction code. NOTE: the v… | |||
| CVE-2014-9495 | high | 8.8 | 8.8 | 12y ago | Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrar… | |||
| CVE-2014-9322 | high | 7.8 | 8.8 | 12y ago | arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by tr… | |||
| CVE-2014-9303 | high | — | 8.8 | 12y ago | EntryPass N5200 Active Network Control Panel allows remote attackers to read device memory and obtain the administrator username and password via a URL starting with an ASCII character o through z or… | |||
| CVE-2014-8868 | high | — | 8.8 | 12y ago | EntryPass N5200 Active Network Control Panel does not properly restrict access, which allows remote attackers to obtain the administrator username and password, and possibly other sensitive informati… | |||
| CVE-2014-9489 | high | 8.8 | 8.8 | 12y ago | gollum and gollum-lib allow remote authenticated users to execute arbitrary code | |||
| CVE-2014-8425 | high | — | 8.8 | 12y ago | The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files. | |||
| CVE-2014-8424 | high | — | 8.8 | 12y ago | ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication. | |||
| CVE-2014-4627 | high | 8.8 | 8.8 | 12y ago | SQL injection vulnerability in EMC RSA Web Threat Detection 4.x before 4.6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-2815 | high | 8.8 | 8.8 | 12y ago | Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote file that triggers creation of an executable file in a startup folder, aka "OneNote Remote Code Exec… | |||
| CVE-2014-4927 | high | — | 8.8 | 12y ago | Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long strin… | |||
| CVE-2014-4018 | high | — | 8.8 | 12y ago | The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||
| CVE-2014-2962 | high | — | 8.8 | 12y ago | Absolute path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname i… | |||
| CVE-2014-4153 | high | — | 8.8 | 12y ago | The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted get_file request. | |||
| CVE-2014-1531 | high | 8.8 | 8.8 | 12y ago | Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2… | |||
| CVE-2014-1529 | high | 8.8 | 8.8 | 12y ago | The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component r… | |||
| CVE-2014-1518 | high | 8.8 | 8.8 | 12y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to c… | |||
| CVE-2014-0644 | high | — | 8.8 | 12y ago | EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity r… | |||
| CVE-2014-0358 | high | — | 8.8 | 12y ago | Multiple directory traversal vulnerabilities in Xangati XSR before 11 and XNR before 7 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the file parameter in a getUpgradeStatu… | |||
| CVE-2014-1513 | high | 8.8 | 8.8 | 12y ago | TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayB… | |||
| CVE-2014-1509 | high | 8.8 | 8.8 | 12y ago | Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allow… | |||
| CVE-2014-1497 | high | 8.8 | 8.8 | 12y ago | The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain se… | |||
| CVE-2014-1482 | high | 8.8 | 8.8 | 13y ago | RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attacke… | |||
| CVE-2014-2579 | high | — | 8.6 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.5 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) change the… | |||
| CVE-2014-9147 | high | 7.5 | 8.5 | 9y ago | Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive information via a direct request to the database backup file in .backup/. |