CVEs from 2014
Total
7,931
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
0.5%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2014-8873 | critical | — | 10.0 | 11y ago | A .desktop file in the Debian openjdk-7 package 7u79-2.5.5-1~deb8u1 includes a MIME type registration that is added to /etc/mailcap by mime-support, which allows remote attackers to execute arbitrary… | |
| CVE-2014-7917 | critical | — | 10.0 | 11y ago | Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342615. | |
| CVE-2014-7916 | critical | — | 10.0 | 11y ago | Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342751. | |
| CVE-2014-7915 | critical | — | 10.0 | 11y ago | Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15328708. | |
| CVE-2014-9208 | critical | — | 10.0 | 11y ago | Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execute arbitrary code via unknown vectors. | |
| CVE-2014-9736 | critical | — | 10.0 | 11y ago | GE Healthcare Centricity Clinical Archive Audit Trail Repository has a default password of initinit for the (1) SSL key manager and (2) server keystore; (3) keystore_password for the server truststor… | |
| CVE-2014-7233 | critical | — | 10.0 | 11y ago | GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for "Setup and A… | |
| CVE-2014-7232 | critical | — | 10.0 | 11y ago | GE Healthcare Discovery XR656 and XR656 G2 has a password of (1) 2getin for the insite user, (2) 4$xray for the xruser user, and (3) #superxr for the root user, which has unspecified impact and attac… | |
| CVE-2014-9727 | critical | — | 10.0 | 11y ago | AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm. | |
| CVE-2014-8383 | critical | — | 10.0 | 11y ago | The InFocus IN3128HD projector with firmware 0.26 allows remote attackers to bypass authentication via a direct request to main.html. | |
| CVE-2014-9160 | critical | — | 10.0 | 11y ago | Multiple heap-based buffer overflows in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code via unknown vectors. | |
| CVE-2014-9488 | critical | — | 10.0 | 11y ago | The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read. | |
| CVE-2014-2830 | critical | — | 10.0 | 11y ago | Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils before 6.4, as used in pam_cifscreds, allows remote attackers to have unspecified impact via unknown vectors. | |
| CVE-2014-7876 | critical | — | 10.0 | 11y ago | Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27 and 4 before 2.03 and iLO Chassis Management (CM) firmware before 1.30 allows remote attackers to gain privileges, e… | |
| CVE-2014-5428 | critical | — | 10.0 | 11y ago | Unrestricted file upload vulnerability in unspecified web services in Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka… | |
| CVE-2014-7885 | critical | — | 10.0 | 11y ago | Multiple unspecified vulnerabilities in HP ArcSight Enterprise Security Manager (ESM) before 6.8c have unknown impact and remote attack vectors. | |
| CVE-2014-7898 | critical | — | 10.0 | 11y ago | The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via unspecified vectors. | |
| CVE-2014-7897 | critical | — | 10.0 | 11y ago | The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSScanner.ocx for Imaging Barcode scanner… | |
| CVE-2014-7895 | critical | — | 10.0 | 11y ago | The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCashDrawer.ocx for PUSB Thermal Receipt… | |
| CVE-2014-7894 | critical | — | 10.0 | 11y ago | The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSPOSPrinter.ocx for PUSB Thermal Receipt… | |
| CVE-2014-7893 | critical | — | 10.0 | 11y ago | The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCheckScanner.ocx for PUSB Thermal Recei… | |
| CVE-2014-7892 | critical | — | 10.0 | 11y ago | The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSMSR.ocx for Mini MSR magnetic stripe re… | |
| CVE-2014-7891 | critical | — | 10.0 | 11y ago | The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSPOSKeyboard.ocx for POS keyboards and P… | |
| CVE-2014-7890 | critical | — | 10.0 | 11y ago | The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSToneIndicator.ocx for POS keyboards and… | |
| CVE-2014-7889 | critical | — | 10.0 | 11y ago | The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSLineDisplay.ocx for Retail RP7 VFD Cust… | |
| CVE-2014-7888 | critical | — | 10.0 | 11y ago | The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSMICR.ocx for PUSB Thermal Receipt print… | |
| CVE-2014-8891 | critical | — | 10.0 | 11y ago | Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 … | |
| CVE-2014-9682 | critical | — | 10.0 | 11y ago | dns-sync command injection vulnerability | |
| CVE-2014-8165 | critical | — | 10.0 | 11y ago | scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object. | |
| CVE-2014-8385 | critical | — | 10.0 | 11y ago | Buffer overflow on Advantech EKI-1200 gateways with firmware before 1.63 allows remote attackers to execute arbitrary code via unspecified vectors. | |
| CVE-2014-9353 | critical | — | 10.0 | 12y ago | NetApp OnCommand Balance before 4.2P2 contains a "default privileged account," which allows remote attackers to gain privileges via unspecified vectors. | |
| CVE-2014-0605 | critical | — | 10.0 | 12y ago | Directory traversal vulnerability in the rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to execute arbitrary code via unspecified vectors to t… | |
| CVE-2014-0604 | critical | — | 10.0 | 12y ago | Directory traversal vulnerability in the rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to execute arbitrary code via unspecified vectors to t… | |
| CVE-2014-0603 | critical | — | 10.0 | 12y ago | The rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to cause a denial of service (memory corruption) and execute arbitrary code via vectors rel… | |
| CVE-2014-8836 | critical | — | 10.0 | 12y ago | The Bluetooth driver in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (arbitrary-size bzero of kernel memory) via a crafted… | |
| CVE-2014-8824 | critical | — | 10.0 | 12y ago | The kernel in Apple OS X before 10.10.2 does not properly validate IODataQueue object metadata fields, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | |
| CVE-2014-8822 | critical | — | 10.0 | 12y ago | IOHIDFamily in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a kernel context or cause a denial of service (write to kernel memory) via a crafted app that calls an unspecifi… | |
| CVE-2014-8817 | critical | — | 10.0 | 12y ago | coresymbolicationd in CoreSymbolication in Apple OS X before 10.10.2 does not verify that expected data types are present in XPC messages, which allows attackers to execute arbitrary code in a privil… | |
| CVE-2014-4497 | critical | — | 10.0 | 12y ago | Integer signedness error in IOBluetoothFamily in the Bluetooth implementation in Apple OS X before 10.10 allows attackers to execute arbitrary code in a privileged context or cause a denial of servic… | |
| CVE-2014-4495 | critical | — | 10.0 | 12y ago | The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which… | |
| CVE-2014-4489 | critical | — | 10.0 | 12y ago | IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged… | |
| CVE-2014-4488 | critical | — | 10.0 | 12y ago | IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a p… | |
| CVE-2014-4487 | critical | — | 10.0 | 12y ago | Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app. | |
| CVE-2014-4486 | critical | — | 10.0 | 12y ago | IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to e… | |
| CVE-2014-4480 | critical | — | 10.0 | 12y ago | Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink. | |
| CVE-2014-9198 | critical | — | 10.0 | 12y ago | The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an… | |
| CVE-2014-9197 | critical | — | 10.0 | 12y ago | The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sens… | |
| CVE-2014-6601 | critical | — | 10.0 | 12y ago | Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | |
| CVE-2014-6549 | critical | — | 10.0 | 12y ago | Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | |
| CVE-2014-9199 | critical | — | 10.0 | 12y ago | The Clorius Controls Java web client before 01.00.0009g allows remote attackers to discover credentials by sniffing the network for cleartext-equivalent traffic. | |
| CVE-2014-9195 | critical | — | 10.0 | 12y ago | Phoenix Contact ProConOs and MultiProg do not require authentication, which allows remote attackers to execute arbitrary commands via protocol-compliant traffic. | |
| CVE-2014-5419 | critical | — | 10.0 | 12y ago | GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier use the same RSA private key a… | |
| CVE-2014-3692 | critical | — | 10.0 | 12y ago | The customization template in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 uses a default password for the root account when a password is not specified for a new image, which allows remote at… | |
| CVE-2014-9190 | critical | — | 10.0 | 12y ago | Stack-based buffer overflow in Schneider Electric Wonderware InTouch Access Anywhere Server 10.6 and 11.0 allows remote attackers to execute arbitrary code via a request for a filename that does not … | |
| CVE-2014-9583 | critical | — | 10.0 | 12y ago | common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a … | |
| CVE-2014-9458 | critical | — | 10.0 | 12y ago | Heap-based buffer overflow in the GDB debugger module in Hex-Rays IDA Pro before 6.6 cumulative fix 2014-12-24 allows remote GDB servers to have unspecified impact via unknown vectors. | |
| CVE-2014-9456 | critical | — | 10.0 | 12y ago | Buffer overflow in NotePad++ 6.6.9 allows remote attackers to have unspecified impact via a long Time attribute in an Event element in an XML file. NOTE: this issue was originally incorrectly mapped… | |
| CVE-2014-1905 | critical | — | 10.0 | 12y ago | Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code b… | |
| CVE-2014-9188 | critical | — | 10.0 | 12y ago | Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability t… | |
| CVE-2014-8511 | critical | — | 10.0 | 12y ago | Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability tha… | |
| CVE-2014-9223 | critical | — | 10.0 | 12y ago | Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute arbi… | |
| CVE-2014-9222 | critical | — | 10.0 | 12y ago | AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory cor… | |
| CVE-2014-7249 | critical | — | 10.0 | 12y ago | Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S, Ce… | |
| CVE-2014-9406 | critical | — | 10.0 | 12y ago | ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier has a default password of password for the admin account, which makes it easier for remote attackers to obtain access… | |
| CVE-2014-9387 | critical | — | 10.0 | 12y ago | SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905. | |
| CVE-2014-9373 | critical | — | 10.0 | 12y ago | Directory traversal vulnerability in the CollectorConfInfoServlet servlet in ManageEngine NetFlow Analyzer allows remote attackers to execute arbitrary code via a .. (dot dot) in the filename. | |
| CVE-2014-9371 | critical | — | 10.0 | 12y ago | The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a crafted JSON object. | |
| CVE-2014-9357 | critical | — | 10.0 | 12y ago | Arbitrary Code Execution in github.com/docker/docker | |
| CVE-2014-8118 | critical | — | 10.0 | 12y ago | Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflo… | |
| CVE-2014-7192 | critical | — | 10.0 | 12y ago | Potential for Script Injection in syntax-error | |
| CVE-2014-9165 | critical | — | 10.0 | 12y ago | Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a differen… | |
| CVE-2014-9164 | critical | — | 10.0 | 12y ago | Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |
| CVE-2014-9162 | critical | — | 10.0 | 12y ago | Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to obtain sensitive information via unspecified vect… | |
| CVE-2014-9159 | critical | — | 10.0 | 12y ago | Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different … | |
| CVE-2014-9158 | critical | — | 10.0 | 12y ago | Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vec… | |
| CVE-2014-8461 | critical | — | 10.0 | 12y ago | Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vec… | |
| CVE-2014-8460 | critical | — | 10.0 | 12y ago | Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different … | |
| CVE-2014-8459 | critical | — | 10.0 | 12y ago | Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vec… | |
| CVE-2014-8458 | critical | — | 10.0 | 12y ago | Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vec… | |
| CVE-2014-8457 | critical | — | 10.0 | 12y ago | Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different … | |
| CVE-2014-8456 | critical | — | 10.0 | 12y ago | Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vec… | |
| CVE-2014-8455 | critical | — | 10.0 | 12y ago | Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a differen… | |
| CVE-2014-8454 | critical | — | 10.0 | 12y ago | Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a differen… | |
| CVE-2014-8449 | critical | — | 10.0 | 12y ago | Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors. | |
| CVE-2014-8447 | critical | — | 10.0 | 12y ago | Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vec… | |
| CVE-2014-8446 | critical | — | 10.0 | 12y ago | Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vec… | |
| CVE-2014-8445 | critical | — | 10.0 | 12y ago | Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vec… | |
| CVE-2014-8443 | critical | — | 10.0 | 12y ago | Use-after-free vulnerability in Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary… | |
| CVE-2014-0587 | critical | — | 10.0 | 12y ago | Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code or cause a denial of servi… | |
| CVE-2014-0580 | critical | — | 10.0 | 12y ago | Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows remote attackers to bypass the Same Origin Policy via unspecif… | |
| CVE-2014-8496 | critical | — | 10.0 | 12y ago | Digicom DG-5514T ADSL router with firmware 3.2 generates predictable session IDs, which allows remote attackers to gain administrator privileges via a brute force session hijacking attack. | |
| CVE-2014-8877 | critical | — | 10.0 | 12y ago | The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP … | |
| CVE-2014-9134 | critical | — | 10.0 | 12y ago | Unrestricted file upload vulnerability in Huawei Honor Cube Wireless Router WS860s before V100R001C02B222 allows remote attackers to execute arbitrary code by uploading a file with an executable exte… | |
| CVE-2014-9183 | critical | — | 10.0 | 12y ago | ZTE ZXDSL 831CII has a default password of admin for the admin account, which allows remote attackers to gain administrator privileges. | |
| CVE-2014-8423 | critical | — | 10.0 | 12y ago | Unspecified vulnerability in the management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to execute arbitrary commands via unknown vectors. | |
| CVE-2014-8551 | critical | — | 10.0 | 12y ago | The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 all… | |
| CVE-2014-7247 | critical | — | 10.0 | 12y ago | Unspecified vulnerability in JustSystems Ichitaro 2008 through 2011; Ichitaro Government 6, 7, 2008, 2009, and 2010; Ichitaro Pro; Ichitaro Pro 2; Ichitaro 2011 Sou; Ichitaro 2012 Shou; Ichitaro 2013… | |
| CVE-2014-9002 | critical | — | 10.0 | 12y ago | Lantronix xPrintServer does not properly restrict access to ips/, which allows remote attackers to execute arbitrary commands via the c parameter in an rpc action. | |
| CVE-2014-6626 | critical | — | 10.0 | 12y ago | Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not properly restrict access to unspecified administrative functions, which allows remote attackers to bypass authentication and exec… | |
| CVE-2014-5342 | critical | — | 10.0 | 12y ago | Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-6627. |