| Max CVSS | 10.0 | Min CVSS | 2.6 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2014-1505 | 5.0 |
The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the S
|
12-09-2023 - 14:45 | 19-03-2014 - 10:55 | |
| CVE-2013-4389 | 4.3 |
Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly
|
19-05-2023 - 16:52 | 17-10-2013 - 00:55 | |
| CVE-2014-1715 | 7.5 |
Directory traversal vulnerability in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows has unspecified impact and attack vectors.
|
10-11-2022 - 17:33 | 16-03-2014 - 14:06 | |
| CVE-2014-1713 | 7.5 |
Use-after-free vulnerability in the AttributeSetter function in bindings/templates/attributes.cpp in the bindings in Blink, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers t
|
10-11-2022 - 16:50 | 16-03-2014 - 14:06 | |
| CVE-2014-1705 | 7.5 |
Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
|
10-11-2022 - 16:47 | 16-03-2014 - 14:06 | |
| CVE-2013-6668 | 7.5 |
Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Google Chrome before 33.0.1750.146, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
|
16-08-2022 - 13:30 | 05-03-2014 - 05:11 | |
| CVE-2014-0107 | 7.5 |
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or ac
|
20-10-2021 - 11:15 | 15-04-2014 - 23:13 | |
| CVE-2014-1513 | 9.3 |
TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to exec
|
11-08-2020 - 13:54 | 19-03-2014 - 10:55 | |
| CVE-2014-1493 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and app
|
11-08-2020 - 13:48 | 19-03-2014 - 10:55 | |
| CVE-2014-1512 | 10.0 |
Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by trigge
|
10-08-2020 - 18:42 | 19-03-2014 - 10:55 | |
| CVE-2014-1497 | 6.8 |
The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause
|
06-08-2020 - 20:45 | 19-03-2014 - 10:55 | |
| CVE-2014-1511 | 7.5 |
Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.
|
05-08-2020 - 14:07 | 19-03-2014 - 10:55 | |
| CVE-2014-1514 | 7.5 |
vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to ex
|
05-08-2020 - 14:00 | 19-03-2014 - 10:55 | |
| CVE-2014-1510 | 7.5 |
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment t
|
03-08-2020 - 16:04 | 19-03-2014 - 10:55 | |
| CVE-2014-1508 | 6.4 |
The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of
|
03-08-2020 - 16:04 | 19-03-2014 - 10:55 | |
| CVE-2013-4238 | 4.3 |
The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof ar
|
25-10-2019 - 11:53 | 18-08-2013 - 02:52 | |
| CVE-2014-1912 | 7.5 |
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.
|
25-10-2019 - 11:53 | 01-03-2014 - 00:55 | |
| CVE-2013-6414 | 5.0 |
actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service (memory consumption) via a header containing an invalid MIME type that leads to e
|
08-08-2019 - 15:42 | 07-12-2013 - 00:55 | |
| CVE-2013-6417 | 6.4 |
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attac
|
08-08-2019 - 15:42 | 07-12-2013 - 00:55 | |
| CVE-2013-6415 | 4.3 |
Cross-site scripting (XSS) vulnerability in the number_to_currency helper in actionpack/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via th
|
08-08-2019 - 15:42 | 07-12-2013 - 00:55 | |
| CVE-2013-4491 | 4.3 |
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/translation_helper.rb in the internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script
|
08-08-2019 - 15:42 | 07-12-2013 - 00:55 | |
| CVE-2014-2525 | 6.8 |
Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.
|
30-10-2018 - 16:27 | 28-03-2014 - 15:55 | |
| CVE-2003-0131 | 7.5 |
The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKC
|
19-10-2018 - 15:29 | 24-03-2003 - 05:00 | |
| CVE-2003-0147 | 5.0 |
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the us
|
19-10-2018 - 15:29 | 31-03-2003 - 05:00 | |
| CVE-2013-6666 | 5.8 |
The PepperFlashRendererHost::OnNavigate function in renderer/pepper/pepper_flash_renderer_host.cc in Google Chrome before 33.0.1750.146 does not verify that all headers are Cross-Origin Resource Sharing (CORS) simple headers before proceeding with a
|
07-01-2017 - 02:59 | 05-03-2014 - 05:11 | |
| CVE-2013-6664 | 7.5 |
Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 33.0.1750.146, allows remote attackers to cause a denial of service or possibly h
|
07-01-2017 - 02:59 | 05-03-2014 - 05:11 | |
| CVE-2013-6665 | 7.5 |
Heap-based buffer overflow in the ResourceProvider::InitializeSoftware function in cc/resources/resource_provider.cc in Google Chrome before 33.0.1750.146 allows remote attackers to cause a denial of service or possibly have unspecified other impact
|
07-01-2017 - 02:59 | 05-03-2014 - 05:11 | |
| CVE-2013-6663 | 7.5 |
Use-after-free vulnerability in the SVGImage::setContainerSize function in core/svg/graphics/SVGImage.cpp in the SVG implementation in Blink, as used in Google Chrome before 33.0.1750.146, allows remote attackers to cause a denial of service or possi
|
07-01-2017 - 02:59 | 05-03-2014 - 05:11 | |
| CVE-2013-6667 | 7.5 |
Multiple unspecified vulnerabilities in Google Chrome before 33.0.1750.146 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
|
07-01-2017 - 02:59 | 05-03-2014 - 05:11 | |
| CVE-2014-1702 | 7.5 |
Use-after-free vulnerability in the DatabaseThread::cleanupDatabaseThread function in modules/webdatabase/DatabaseThread.cpp in the web database implementation in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause
|
07-01-2017 - 02:59 | 16-03-2014 - 14:06 | |
| CVE-2014-1701 | 4.3 |
The GenerateFunction function in bindings/scripts/code_generator_v8.pm in Blink, as used in Google Chrome before 33.0.1750.149, does not implement a certain cross-origin restriction for the EventTarget::dispatchEvent function, which allows remote att
|
07-01-2017 - 02:59 | 16-03-2014 - 14:06 | |
| CVE-2014-1704 | 10.0 |
Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18, as used in Google Chrome before 33.0.1750.149, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
|
07-01-2017 - 02:59 | 16-03-2014 - 14:06 | |
| CVE-2014-1700 | 7.5 |
Use-after-free vulnerability in modules/speech/SpeechSynthesis.cpp in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling
|
07-01-2017 - 02:59 | 16-03-2014 - 14:06 | |
| CVE-2014-1703 | 7.5 |
Use-after-free vulnerability in the WebSocketDispatcherHost::SendOrDrop function in content/browser/renderer_host/websocket_dispatcher_host.cc in the Web Sockets implementation in Google Chrome before 33.0.1750.149 might allow remote attackers to byp
|
07-01-2017 - 02:59 | 16-03-2014 - 14:06 | |
| CVE-2013-5951 | 2.6 |
Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer 2.1.3, when used as a component for Joomla!, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) application.js.php in scripts/ or (2) admin.php, (3)
|
31-12-2016 - 02:59 | 25-03-2014 - 16:55 | |
| CVE-2014-2655 | 6.5 |
SQL injection vulnerability in the gen_show_status function in functions.inc.php in Postfix Admin (aka postfixadmin) before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new alias.
|
05-06-2014 - 04:31 | 02-04-2014 - 16:06 | |
| CVE-2013-6656 | 5.0 |
The XSSAuditor::init function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, processes POST requests by using the body of a redirecting page instead of the body of a redirect target, whi
|
01-04-2014 - 06:26 | 24-02-2014 - 04:48 | |
| CVE-2013-6653 | 7.5 |
Use-after-free vulnerability in the web contents implementation in Google Chrome before 33.0.1750.117 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving attempted conflicting access to
|
01-04-2014 - 06:26 | 24-02-2014 - 04:48 | |
| CVE-2013-6660 | 5.0 |
The drag-and-drop implementation in Google Chrome before 33.0.1750.117 does not properly restrict the information in WebDropData data structures, which allows remote attackers to discover full pathnames via a crafted web site.
|
01-04-2014 - 06:26 | 24-02-2014 - 04:48 | |
| CVE-2013-6654 | 7.5 |
The SVGAnimateElement::calculateAnimatedValue function in core/svg/SVGAnimateElement.cpp in Blink, as used in Google Chrome before 33.0.1750.117, does not properly handle unexpected data types, which allows remote attackers to cause a denial of servi
|
01-04-2014 - 06:26 | 24-02-2014 - 04:48 | |
| CVE-2013-6661 | 7.5 |
Multiple unspecified vulnerabilities in Google Chrome before 33.0.1750.117 allow attackers to bypass the sandbox protection mechanism after obtaining renderer access, or have other impact, via unknown vectors.
|
01-04-2014 - 06:26 | 24-02-2014 - 04:48 | |
| CVE-2013-6659 | 6.4 |
The SSLClientSocketNSS::Core::OwnAuthCertHandler function in net/socket/ssl_client_socket_nss.cc in Google Chrome before 33.0.1750.117 does not prevent changes to server X.509 certificates during renegotiations, which allows remote SSL servers to tri
|
01-04-2014 - 06:26 | 24-02-2014 - 04:48 | |
| CVE-2013-6655 | 7.5 |
Use-after-free vulnerability in Blink, as used in Google Chrome before 33.0.1750.117, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to improper handling of overflowchanged DOM event
|
01-04-2014 - 06:26 | 24-02-2014 - 04:48 | |
| CVE-2013-6657 | 6.4 |
core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, inserts the about:blank URL during certain blocking of FORM elements within HTTP requests, which allows remote attackers to bypass the Same Or
|
01-04-2014 - 06:26 | 24-02-2014 - 04:48 | |
| CVE-2013-6658 | 7.5 |
Multiple use-after-free vulnerabilities in the layout implementation in Blink, as used in Google Chrome before 33.0.1750.117, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving (1) runn
|
01-04-2014 - 06:26 | 24-02-2014 - 04:48 |