Max CVSS | 10.0 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2014-8639 | 6.8 |
Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows
|
21-10-2024 - 13:55 | 14-01-2015 - 11:59 | |
CVE-2014-8634 | 7.5 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and app
|
21-10-2024 - 13:55 | 14-01-2015 - 11:59 | |
CVE-2014-8638 | 6.8 |
The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-contro
|
21-10-2024 - 13:55 | 14-01-2015 - 11:59 | |
CVE-2014-8641 | 7.5 |
Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data.
|
21-10-2024 - 13:55 | 14-01-2015 - 11:59 | |
CVE-2014-9529 | 6.9 |
Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that
|
14-03-2024 - 19:58 | 09-01-2015 - 21:59 | |
CVE-2014-9584 | 2.1 |
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel
|
13-02-2023 - 00:45 | 09-01-2015 - 21:59 | |
CVE-2014-8133 | 2.1 |
arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mec
|
13-02-2023 - 00:43 | 17-12-2014 - 11:59 | |
CVE-2014-8118 | 10.0 |
Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow.
|
13-02-2023 - 00:42 | 16-12-2014 - 18:59 | |
CVE-2013-6435 | 7.6 |
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the
|
13-02-2023 - 00:29 | 16-12-2014 - 18:59 | |
CVE-2013-6885 | 4.7 |
The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, a
|
13-02-2023 - 00:29 | 29-11-2013 - 04:33 | |
CVE-2014-9271 | 4.3 |
Cross-site scripting (XSS) vulnerability in file_download.php in MantisBT before 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments, as demonstrated
|
04-03-2021 - 20:30 | 09-01-2015 - 18:59 | |
CVE-2014-9269 | 2.6 |
Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 through 1.2.x before 1.2.18, when Extended project browser is enabled, allows remote attackers to inject arbitrary web script or HTML via the project cookie.
|
12-01-2021 - 18:05 | 09-01-2015 - 18:59 | |
CVE-2014-9272 | 4.3 |
The string_insert_href function in MantisBT 1.2.0a1 through 1.2.x before 1.2.18 does not properly validate the URL protocol, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the javascript:// protocol.
|
12-01-2021 - 18:05 | 09-01-2015 - 18:59 | |
CVE-2014-8554 | 7.5 |
SQL injection vulnerability in the mc_project_get_attachments function in api/soap/mc_project_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary SQL commands via the project_id parameter. NOTE: this vulnerability exists b
|
12-01-2021 - 18:05 | 13-11-2014 - 21:32 | |
CVE-2014-9270 | 4.3 |
Cross-site scripting (XSS) vulnerability in the projax_array_serialize_for_autocomplete function in core/projax_api.php in MantisBT 1.1.0a3 through 1.2.17 allows remote attackers to inject arbitrary web script or HTML via the "profile/Platform" field
|
12-01-2021 - 18:05 | 08-12-2014 - 16:59 | |
CVE-2015-0204 | 4.3 |
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak
|
19-07-2018 - 01:29 | 09-01-2015 - 02:59 | |
CVE-2014-9620 | 5.0 |
The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.
|
16-06-2018 - 01:29 | 21-01-2015 - 18:59 | |
CVE-2003-0127 | 7.2 |
The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel.
|
03-05-2018 - 01:29 | 31-03-2003 - 05:00 | |
CVE-2014-9419 | 2.1 |
The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the
|
05-01-2018 - 02:29 | 26-12-2014 - 00:59 | |
CVE-2014-8150 | 4.3 |
CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL. <a href="http://cwe.mit
|
05-01-2018 - 02:29 | 15-01-2015 - 15:59 | |
CVE-2014-8275 | 5.0 |
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted
|
15-11-2017 - 02:29 | 09-01-2015 - 02:59 | |
CVE-2014-3569 | 5.0 |
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon c
|
15-11-2017 - 02:29 | 24-12-2014 - 11:59 | |
CVE-2014-3572 | 5.0 |
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerK
|
15-11-2017 - 02:29 | 09-01-2015 - 02:59 | |
CVE-2014-3570 | 5.0 |
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms
|
15-11-2017 - 02:29 | 09-01-2015 - 02:59 | |
CVE-2015-0205 | 5.0 |
The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to
|
15-11-2017 - 02:29 | 09-01-2015 - 02:59 | |
CVE-2014-3571 | 5.0 |
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation fo
|
20-10-2017 - 01:29 | 09-01-2015 - 02:59 | |
CVE-2015-0206 | 5.0 |
Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading
|
20-10-2017 - 01:29 | 09-01-2015 - 02:59 | |
CVE-2003-0244 | 5.0 |
The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions.
|
11-10-2017 - 01:29 | 27-05-2003 - 04:00 | |
CVE-2003-0364 | 5.0 |
The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions.
|
11-10-2017 - 01:29 | 16-06-2003 - 04:00 | |
CVE-2003-0248 | 10.0 |
The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address.
|
11-10-2017 - 01:29 | 16-06-2003 - 04:00 | |
CVE-2003-0246 | 3.6 |
The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.
|
11-10-2017 - 01:29 | 16-06-2003 - 04:00 | |
CVE-2003-0247 | 5.0 |
Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ("kernel oops").
|
11-10-2017 - 01:29 | 16-06-2003 - 04:00 | |
CVE-2014-9117 | 5.0 |
MantisBT before 1.2.18 uses the public_key parameter value as the key to the CAPTCHA answer, which allows remote attackers to bypass the CAPTCHA protection mechanism by leveraging knowledge of a CAPTCHA answer for a public_key parameter value, as dem
|
08-09-2017 - 01:29 | 06-12-2014 - 21:59 | |
CVE-2014-8553 | 5.0 |
The mci_account_get_array_by_id function in api/soap/mc_account_api.php in MantisBT before 1.2.18 allows remote attackers to obtain sensitive information via a (1) mc_project_get_users, (2) mc_issue_get, (3) mc_filter_get_issues, or (4) mc_project_ge
|
08-09-2017 - 01:29 | 17-12-2014 - 19:59 | |
CVE-2014-9281 | 4.3 |
Cross-site scripting (XSS) vulnerability in admin/copy_field.php in MantisBT before 1.2.18 allows remote attackers to inject arbitrary web script or HTML via the dest_id field.
|
08-09-2017 - 01:29 | 09-12-2014 - 23:59 | |
CVE-2014-8598 | 6.4 |
The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be combined wi
|
08-09-2017 - 01:29 | 18-11-2014 - 15:59 | |
CVE-2014-8988 | 4.0 |
MantisBT before 1.2.18 allows remote authenticated users to bypass the $g_download_attachments_threshold and $g_view_attachments_threshold restrictions and read attachments for private projects by leveraging access to a project that does not restrict
|
08-09-2017 - 01:29 | 24-11-2014 - 15:59 | |
CVE-2014-9280 | 7.5 |
The current_user_get_bug_filter function in core/current_user_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary PHP code via the filter parameter.
|
08-09-2017 - 01:29 | 08-12-2014 - 16:59 | |
CVE-2014-7146 | 7.5 |
The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_repla
|
08-09-2017 - 01:29 | 18-11-2014 - 15:59 | |
CVE-2014-6316 | 5.8 |
core/string_api.php in MantisBT before 1.2.18 does not properly categorize URLs when running under the web root, which allows remote attackers to conduct open redirect and phishing attacks via a crafted URL in the return parameter to login_page.php.
|
08-09-2017 - 01:29 | 12-12-2014 - 11:59 | |
CVE-2014-8738 | 5.0 |
The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive.
|
01-07-2017 - 01:29 | 15-01-2015 - 15:59 | |
CVE-2014-8986 | 3.5 |
Cross-site scripting (XSS) vulnerability in the selection list in the filters in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via a crafted
|
03-01-2017 - 02:59 | 24-11-2014 - 15:59 | |
CVE-2014-9506 | 3.5 |
MantisBT before 1.2.18 does not properly check permissions when sending an email that indicates when a monitored issue is related to another issue, which allows remote authenticated users to obtain sensitive information about restricted issues.
|
03-01-2017 - 02:59 | 04-01-2015 - 21:59 | |
CVE-2014-9089 | 7.5 |
Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT before 1.2.18 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to view_all_set.php.
|
03-01-2017 - 02:59 | 28-11-2014 - 15:59 | |
CVE-2014-9388 | 5.0 |
bug_report.php in MantisBT before 1.2.18 allows remote attackers to assign arbitrary issues via the handler_id parameter.
|
03-01-2017 - 02:59 | 17-12-2014 - 19:59 | |
CVE-2002-0429 | 3.6 |
The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a a binary compatibility interface (lcall).
|
18-10-2016 - 02:20 | 12-08-2002 - 04:00 |