Max CVSS 10.0 Min CVSS 1.8 Total Count44
IDCVSSSummaryLast (major) updatePublished
CVE-2014-3466 6.8
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code
06-01-2017 - 21:59 03-06-2014 - 10:55
CVE-2014-3157 7.5
Heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer function in media/filters/ffmpeg_video_decoder.cc in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impac
06-01-2017 - 21:59 11-06-2014 - 06:57
CVE-2014-3156 7.5
Buffer overflow in the clipboard implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger unexpected bitmap data, related to content/r
06-01-2017 - 21:59 11-06-2014 - 06:57
CVE-2014-3155 5.0
net/spdy/spdy_write_queue.cc in the SPDY implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging incorrect queue maintenance.
06-01-2017 - 21:59 11-06-2014 - 06:57
CVE-2014-3154 7.5
Use-after-free vulnerability in the ChildThread::Shutdown function in content/child/child_thread.cc in the filesystem API in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other im
06-01-2017 - 21:59 11-06-2014 - 06:57
CVE-2014-1545 10.0
Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions.
06-01-2017 - 21:59 11-06-2014 - 06:57
CVE-2014-0240 6.2
The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of runnin
06-01-2017 - 21:59 27-05-2014 - 10:55
CVE-2013-4560 2.6
Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures.
07-12-2016 - 22:03 20-11-2013 - 09:12
CVE-2013-4559 7.6
lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple
07-12-2016 - 22:03 20-11-2013 - 09:12
CVE-2013-4508 5.8
lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network.
07-12-2016 - 22:03 07-11-2013 - 23:47
CVE-2014-2015 7.5
Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and p
28-11-2016 - 14:10 01-11-2014 - 20:55
CVE-2014-1959 5.8
lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue n
28-11-2016 - 14:10 06-03-2014 - 19:10
CVE-2014-0092 5.8
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
28-11-2016 - 14:10 06-03-2014 - 19:10
CVE-2013-6200 6.2
Unspecified vulnerability in m4 in HP HP-UX B.11.23 and B.11.31 allows local users to obtain sensitive information or modify data via unknown vectors.
21-09-2016 - 10:38 11-03-2014 - 09:01
CVE-2014-2323 7.5
SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.
22-08-2016 - 22:07 14-03-2014 - 11:55
CVE-2012-5533 5.0
The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service (infinite loop) via a request with a header containing an empty token, as demonstrated using the "Connection: TE,,Keep-A
22-08-2016 - 22:06 24-11-2012 - 15:55
CVE-2012-6469 5.0
Opera before 12.11 allows remote attackers to determine the existence of arbitrary local files via vectors involving web script in an error page.
08-10-2015 - 10:31 02-01-2013 - 06:46
CVE-2012-6468 9.3
Heap-based buffer overflow in Opera before 12.11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long HTTP response.
08-10-2015 - 10:30 02-01-2013 - 06:46
CVE-2012-6467 4.3
Opera before 12.10 follows Internet shortcuts that are referenced by a (1) IMG element or (2) other inline element, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site, as exploited in the wild in November 20
29-09-2015 - 14:46 02-01-2013 - 06:46
CVE-2014-3477 2.1
The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a de
14-04-2015 - 22:00 01-07-2014 - 13:55
CVE-2014-0397 10.0
Multiple unspecified vulnerabilities in libXtsol in Oracle Solaris 10 and 11.1 have unspecified impact and attack vectors related to "Buffer errors."
07-10-2014 - 20:21 06-10-2014 - 19:55
CVE-2014-2527 6.8
kcleanup.cpp in KDirStat 2.7.0 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a " (double quote) character in the directory name, a different vulnerability than CVE-2014-2528
27-08-2014 - 11:17 26-08-2014 - 10:55
CVE-2014-3465 5.0
The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP d
18-06-2014 - 00:32 10-06-2014 - 10:55
CVE-2014-3961 7.5
SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/.
05-06-2014 - 10:48 04-06-2014 - 10:55
CVE-2013-7239 4.8
memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials.
23-01-2014 - 23:37 13-01-2014 - 16:55
CVE-2013-0179 1.8
The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not
23-01-2014 - 23:31 13-01-2014 - 16:55
CVE-2011-4971 5.0
Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend functions in Memcached 1.4.5 and earlier allow remote attackers to cause a denial of s
23-01-2014 - 23:23 12-12-2013 - 13:55
CVE-2013-7291 1.8
memcached before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (crash) via a request that triggers an "unbounded key print" during logging, related to an issue that was "quickly grepped out of the source t
14-01-2014 - 10:28 13-01-2014 - 16:55
CVE-2013-7290 1.8
The do_item_get function in items.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for
14-01-2014 - 10:16 13-01-2014 - 16:55
CVE-2013-1639 6.8
Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF protection mechanism via a crafted web site that triggers a CORS request.
07-03-2013 - 23:12 08-02-2013 - 06:58
CVE-2013-1638 9.3
Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document.
07-03-2013 - 23:12 08-02-2013 - 06:58
CVE-2013-1637 9.3
Opera before 12.13 allows remote attackers to execute arbitrary code via vectors involving DOM events.
07-03-2013 - 23:12 08-02-2013 - 06:58
CVE-2013-1618 4.0
The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext
07-03-2013 - 23:12 08-02-2013 - 14:55
CVE-2012-6470 9.3
Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a malformed image.
02-01-2013 - 13:39 02-01-2013 - 06:46
CVE-2012-6466 5.0
Opera before 12.10 does not properly handle incorrect size data in a WebP image, which allows remote attackers to obtain potentially sensitive information from process memory by using a crafted image as the fill pattern for a canvas.
02-01-2013 - 13:27 02-01-2013 - 06:46
CVE-2012-6465 9.3
Opera before 12.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed SVG image.
02-01-2013 - 13:19 02-01-2013 - 06:46
CVE-2012-6463 4.3
Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an unspecified sequence of loading of documents and loading of data: URLs.
02-01-2013 - 13:15 02-01-2013 - 06:46
CVE-2012-6472 4.6
Opera before 12.12 on UNIX uses weak permissions for the profile directory, which allows local users to obtain sensitive information by reading a (1) cache file, (2) password file, or (3) configuration file, or (4) possibly gain privileges by modifyi
02-01-2013 - 00:00 02-01-2013 - 06:46
CVE-2012-6471 5.0
Opera before 12.12 allows remote attackers to spoof the address field via a high rate of HTTP requests.
02-01-2013 - 00:00 02-01-2013 - 06:46
CVE-2012-6464 4.3
Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript code that overrides methods of unspecified native objects in documents that have different origins.
02-01-2013 - 00:00 02-01-2013 - 06:46
CVE-2012-6462 5.0
Opera before 12.10 does not properly implement the Cross-Origin Resource Sharing (CORS) specification, which allows remote attackers to bypass intended page-content restrictions via a crafted request.
02-01-2013 - 00:00 02-01-2013 - 06:46
CVE-2012-6461 5.0
The X.509 certificate-validation functionality in the https implementation in Opera before 12.10 allows remote attackers to trigger a false indication of successful revocation-status checking by causing a failure of a single checking service.
02-01-2013 - 00:00 02-01-2013 - 06:46
CVE-2011-4362 5.0
Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via
06-11-2012 - 00:03 24-12-2011 - 14:55
CVE-2009-2415 10.0
Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote attackers to execute arbitrary code via vectors involving length attributes that trigger heap-based buffer overflows.
19-12-2009 - 01:56 10-08-2009 - 14:30
Back to Top Mark selected
Back to Top