| Max CVSS | 6.8 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2014-0160 | 5.0 |
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer ov
|
02-07-2024 - 16:52 | 07-04-2014 - 22:55 | |
| CVE-2013-6414 | 5.0 |
actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service (memory consumption) via a header containing an invalid MIME type that leads to e
|
08-08-2019 - 15:42 | 07-12-2013 - 00:55 | |
| CVE-2013-4491 | 4.3 |
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/translation_helper.rb in the internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script
|
08-08-2019 - 15:42 | 07-12-2013 - 00:55 | |
| CVE-2014-0082 | 5.0 |
actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memor
|
08-08-2019 - 15:42 | 20-02-2014 - 15:27 | |
| CVE-2014-2525 | 6.8 |
Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.
|
30-10-2018 - 16:27 | 28-03-2014 - 15:55 | |
| CVE-2014-0138 | 6.4 |
The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connec
|
09-10-2018 - 19:36 | 15-04-2014 - 14:55 | |
| CVE-2014-0139 | 5.8 |
cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to sp
|
16-12-2017 - 02:29 | 15-04-2014 - 14:55 | |
| CVE-2014-2522 | 4.0 |
curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certifica
|
29-04-2017 - 01:59 | 18-04-2014 - 22:14 | |
| CVE-2014-1263 | 4.3 |
curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltNam
|
05-05-2014 - 05:32 | 27-02-2014 - 01:55 |