| Max CVSS | 7.5 | Min CVSS | 3.3 | Total Count | 10 |
| ID | CVSS | CVSS3 | Summary | Last (major) update | Published | |
|---|---|---|---|---|---|---|
| CVE-2014-3566 | 4.3 | 3.4 |
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
|
2021-08-31 - 15:44 | 2014-10-15 - 00:55 | |
| CVE-2015-3185 | 4.3 | None |
The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote
|
2021-06-06 - 11:15 | 2015-07-20 - 23:59 | |
| CVE-2015-0248 | 5.0 | None |
The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evalu
|
2018-10-30 - 16:27 | 2015-04-08 - 18:59 | |
| CVE-2015-0251 | 4.0 | None |
The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences.
|
2018-10-30 - 16:27 | 2015-04-08 - 18:59 | |
| CVE-2014-3567 | 7.1 | None |
Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an
|
2017-11-15 - 02:29 | 2014-10-19 - 01:55 | |
| CVE-2014-3568 | 4.3 | None |
OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr
|
2017-11-15 - 02:29 | 2014-10-19 - 01:55 | |
| CVE-2014-6394 | 7.5 | None |
visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "publ
|
2017-09-08 - 01:29 | 2014-10-08 - 17:55 | |
| CVE-2014-3513 | 7.1 | None |
Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.
|
2017-01-03 - 02:59 | 2014-10-19 - 01:55 | |
| CVE-2015-5909 | 5.0 | None |
IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict access to repository e-mail lists, which allows remote attackers to obtain potentially sensitive build information in opportunistic circumstances by leveraging incorrect notificati
|
2016-12-22 - 03:00 | 2015-09-18 - 12:00 | |
| CVE-2015-5910 | 3.3 | None |
IDE Xcode Server in Apple Xcode before 7.0 does not ensure that server traffic is encrypted, which allows remote attackers to obtain sensitive information by sniffing the network.
|
2016-12-22 - 03:00 | 2015-09-18 - 12:00 |