Max CVSS 6.8 Min CVSS 4.0 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2014-0160 5.0
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer ov
10-02-2023 - 16:58 07-04-2014 - 22:55
CVE-2014-2525 6.8
Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.
30-10-2018 - 16:27 28-03-2014 - 15:55
CVE-2014-0138 6.4
The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connec
09-10-2018 - 19:36 15-04-2014 - 14:55
CVE-2014-0139 5.8
cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to sp
16-12-2017 - 02:29 15-04-2014 - 14:55
CVE-2014-2522 4.0
curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certifica
29-04-2017 - 01:59 18-04-2014 - 22:14
CVE-2014-1263 4.3
curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltNam
05-05-2014 - 05:32 27-02-2014 - 01:55
Back to Top Mark selected
Back to Top