Max CVSS 10.0 Min CVSS 1.9 Total Count53
IDCVSSSummaryLast (major) updatePublished
CVE-2014-0146 1.9
The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an error, related to the initialization of the snapsh
10-08-2017 - 11:29 10-08-2017 - 11:29
CVE-2014-0145 4.6
Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_snapshot_load_tmp in the QCOW 2 block driver (block/q
10-08-2017 - 11:29 10-08-2017 - 11:29
CVE-2014-0143 4.4
Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bo
10-08-2017 - 11:29 10-08-2017 - 11:29
CVE-2014-0142 2.1
QEMU, possibly before 2.0.0, allows local users to cause a denial of service (divide-by-zero error and crash) via a zero value in the (1) tracks field to the seek_to_sector function in block/parallels.c or (2) extent_size field in the bochs function
10-08-2017 - 11:29 10-08-2017 - 11:29
CVE-2010-5298 4.0
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via
26-01-2017 - 15:00 14-04-2014 - 18:38
CVE-2014-2427 7.5
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
06-01-2017 - 21:59 15-04-2014 - 22:55
CVE-2014-2413 4.3
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries.
06-01-2017 - 21:59 15-04-2014 - 22:55
CVE-2014-2403 5.0
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via vectors related to JAXP.
06-01-2017 - 21:59 15-04-2014 - 21:55
CVE-2014-2397 9.3
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
06-01-2017 - 21:59 15-04-2014 - 21:55
CVE-2014-0474 10.0
The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote att
06-01-2017 - 21:59 23-04-2014 - 11:55
CVE-2014-0473 5.0
The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie
06-01-2017 - 21:59 23-04-2014 - 11:55
CVE-2014-0472 5.1
The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URL
06-01-2017 - 21:59 23-04-2014 - 11:55
CVE-2014-0461 9.3
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
06-01-2017 - 21:59 15-04-2014 - 21:55
CVE-2014-0460 5.8
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI.
06-01-2017 - 21:59 15-04-2014 - 21:55
CVE-2014-0459 4.3
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D.
06-01-2017 - 21:59 15-04-2014 - 21:55
CVE-2014-0458 7.5
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and C
06-01-2017 - 21:59 15-04-2014 - 21:55
CVE-2014-0457 10.0
Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
06-01-2017 - 21:59 15-04-2014 - 21:55
CVE-2014-0456 10.0
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
06-01-2017 - 21:59 15-04-2014 - 21:55
CVE-2014-0455 9.3
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 a
06-01-2017 - 21:59 15-04-2014 - 21:55
CVE-2014-0454 7.5
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security.
06-01-2017 - 21:59 15-04-2014 - 21:55
CVE-2014-0453 4.0
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security.
06-01-2017 - 21:59 15-04-2014 - 21:55
CVE-2014-0452 7.5
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and C
06-01-2017 - 21:59 15-04-2014 - 21:55
CVE-2014-0451 7.5
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-2412.
06-01-2017 - 21:59 15-04-2014 - 21:55
CVE-2014-0446 7.5
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
06-01-2017 - 21:59 15-04-2014 - 20:55
CVE-2014-0429 10.0
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
06-01-2017 - 21:59 15-04-2014 - 20:55
CVE-2014-0138 6.4
The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connec
06-01-2017 - 21:59 15-04-2014 - 10:55
CVE-2014-0107 7.5
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or ac
06-01-2017 - 21:59 15-04-2014 - 19:13
CVE-2014-0098 5.0
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handl
06-01-2017 - 21:59 18-03-2014 - 01:18
CVE-2013-6438 5.0
The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) v
06-01-2017 - 21:59 18-03-2014 - 01:18
CVE-2013-6369 6.8
Stack-based buffer overflow in the jbg_dec_in function in libjbig/jbig.c in JBIG-KIT before 2.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted image file.
30-12-2016 - 21:59 11-04-2014 - 10:55
CVE-2014-1514 9.3
vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to ex
21-12-2016 - 21:59 19-03-2014 - 06:55
CVE-2014-1513 9.3
TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to exec
21-12-2016 - 21:59 19-03-2014 - 06:55
CVE-2014-1512 9.3
Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by trigge
21-12-2016 - 21:59 19-03-2014 - 06:55
CVE-2014-1511 9.3
Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.
21-12-2016 - 21:59 19-03-2014 - 06:55
CVE-2014-1510 9.3
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment t
21-12-2016 - 21:59 19-03-2014 - 06:55
CVE-2014-1508 6.8
The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of
21-12-2016 - 21:59 19-03-2014 - 06:55
CVE-2014-1505 6.8
The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the S
21-12-2016 - 21:59 19-03-2014 - 06:55
CVE-2014-1497 6.8
The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause
21-12-2016 - 21:59 19-03-2014 - 06:55
CVE-2014-1493 9.3
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and app
21-12-2016 - 21:59 19-03-2014 - 06:55
CVE-2014-2423 7.5
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and C
06-09-2016 - 09:38 15-04-2014 - 22:55
CVE-2014-2421 10.0
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
22-08-2016 - 22:07 15-04-2014 - 22:55
CVE-2014-2414 7.5
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB.
22-08-2016 - 22:07 15-04-2014 - 22:55
CVE-2014-2412 7.5
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-04
22-08-2016 - 22:07 15-04-2014 - 22:55
CVE-2014-2402 7.5
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 a
22-08-2016 - 22:07 15-04-2014 - 21:55
CVE-2014-2398 3.5
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc.
22-08-2016 - 22:07 15-04-2014 - 21:55
CVE-2014-1876 4.4
The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot
22-08-2016 - 22:07 10-02-2014 - 18:55
CVE-2014-2525 6.8
Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.
05-08-2016 - 11:13 28-03-2014 - 11:55
CVE-2013-6393 6.8
The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML docum
04-08-2016 - 14:25 06-02-2014 - 17:55
CVE-2014-0157 4.3
Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via the descri
31-03-2016 - 13:33 15-04-2014 - 10:55
CVE-2013-7345 5.0
The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a cra
18-11-2014 - 21:59 24-03-2014 - 12:31
CVE-2013-5797 3.5
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and JavaFX 2.2.40 and earlier allows remote authenticated users to affect in
04-10-2014 - 01:12 16-10-2013 - 13:55
CVE-2014-0150 4.9
Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow.
10-05-2014 - 00:01 18-04-2014 - 10:55
CVE-2014-0173 5.8
The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.7.2, 2.8.x before 2.8.2, and 2.9.x before 2.9.3 for
22-04-2014 - 12:05 22-04-2014 - 09:06
Back to Top Mark selected
Back to Top