Max CVSS 10.0 Min CVSS 2.1 Total Count36
IDCVSSSummaryLast (major) updatePublished
CVE-2014-4756 3.5
The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4.4 allows remote authenticated users to hijack sessions via unspecified vectors.
06-01-2017 - 22:00 10-09-2014 - 06:55
CVE-2014-4344 7.8
The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash)
06-01-2017 - 22:00 14-08-2014 - 01:01
CVE-2014-4341 5.0
MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.
06-01-2017 - 22:00 20-07-2014 - 07:12
CVE-2014-3596 5.8
The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to
06-01-2017 - 22:00 26-08-2014 - 20:55
CVE-2014-3575 4.3
The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects.
06-01-2017 - 22:00 26-08-2014 - 20:55
CVE-2014-3079 2.1
The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4.4 allows remote authenticated users to bypass authorization checks and visit unspecified URLs with license-usage data via a DESCRIBE clause in a SPAR
06-01-2017 - 21:59 10-09-2014 - 06:55
CVE-2014-1545 10.0
Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions.
06-01-2017 - 21:59 11-06-2014 - 06:57
CVE-2014-1492 4.3
The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which
06-01-2017 - 21:59 25-03-2014 - 09:25
CVE-2014-0909 5.0
The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4.4 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by inter
06-01-2017 - 21:59 10-09-2014 - 06:55
CVE-2014-0591 2.6
The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failure and daemo
06-01-2017 - 21:59 13-01-2014 - 23:29
CVE-2014-0568 10.0
The NtSetInformationFile system call hook feature in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged conte
06-01-2017 - 21:59 17-09-2014 - 06:55
CVE-2014-0567 10.0
Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0561.
06-01-2017 - 21:59 17-09-2014 - 06:55
CVE-2014-0566 10.0
Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0565.
06-01-2017 - 21:59 17-09-2014 - 06:55
CVE-2014-0565 10.0
Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0566.
06-01-2017 - 21:59 17-09-2014 - 06:55
CVE-2014-0563 7.8
Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attackers to cause a denial of service (memory corruption) via unspecified vectors.
06-01-2017 - 21:59 17-09-2014 - 06:55
CVE-2014-0562 4.3
Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)."
06-01-2017 - 21:59 17-09-2014 - 06:55
CVE-2014-0561 10.0
Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0567.
06-01-2017 - 21:59 17-09-2014 - 06:55
CVE-2014-0560 10.0
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.
06-01-2017 - 21:59 17-09-2014 - 06:55
CVE-2013-6800 4.0
An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request, a d
06-01-2017 - 21:59 17-11-2013 - 21:55
CVE-2013-1418 4.3
The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon
06-01-2017 - 21:59 17-11-2013 - 22:55
CVE-2014-1491 5.0
Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellma
30-12-2016 - 21:59 06-02-2014 - 00:44
CVE-2014-1490 5.0
Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to ca
30-12-2016 - 21:59 06-02-2014 - 00:44
CVE-2014-6300 4.3
Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct
21-12-2016 - 21:59 08-11-2014 - 06:55
CVE-2014-3620 5.0
cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain.
02-12-2016 - 22:01 18-11-2014 - 10:59
CVE-2014-3613 5.0
cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a s
02-12-2016 - 22:01 18-11-2014 - 10:59
CVE-2013-1740 5.8
The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certifi
28-11-2016 - 14:08 18-01-2014 - 17:55
CVE-2014-9150 6.4
Race condition in the MoveFileEx call hook feature in Adobe Reader and Acrobat 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently write to files in arbitrary locations, via an NTFS junction atta
17-12-2014 - 11:35 29-11-2014 - 21:59
CVE-2014-3884 4.3
Cross-site scripting (XSS) vulnerability in Usermin before 1.600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.
22-07-2014 - 18:55 20-07-2014 - 07:12
CVE-2014-3885 4.3
Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.
22-07-2014 - 18:54 20-07-2014 - 07:12
CVE-2014-3886 2.6
Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when referrer checking is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.
22-07-2014 - 18:54 20-07-2014 - 07:12
CVE-2014-3924 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows.
17-07-2014 - 01:07 30-05-2014 - 10:55
CVE-2014-3883 6.8
Usermin before 1.600 allows remote attackers to execute arbitrary operating-system commands via unspecified vectors related to a user action.
23-06-2014 - 13:19 21-06-2014 - 11:55
CVE-2013-4156 6.8
Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
31-07-2013 - 00:00 31-07-2013 - 09:20
CVE-2012-3386 4.4
The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vector
04-04-2013 - 23:11 07-08-2012 - 17:55
CVE-2006-4542 6.8
Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute program
09-03-2011 - 00:00 05-09-2006 - 19:04
CVE-2006-3392 5.0
Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before byt
07-03-2011 - 00:00 06-07-2006 - 16:05
Back to Top Mark selected
Back to Top