CVEs from 2014
Total
7,882
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
2.1%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-1300 | critical | — | 10.0 | 12y ago | Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows remote attackers to execute arbitrary code with root privileges via unknown vectors, as demonstrated by Google during a Pwn4Fun competit… | |||
| CVE-2014-2523 | critical | — | 10.0 | 12y ago | net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibl… | |||
| CVE-2014-1512 | critical | — | 10.0 | 12y ago | Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows r… | |||
| CVE-2014-1511 | critical | 9.8 | 10.0 | 12y ago | Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors. | |||
| CVE-2014-1510 | critical | 9.8 | 10.0 | 12y ago | The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript cod… | |||
| CVE-2014-1708 | critical | — | 10.0 | 12y ago | The boot implementation in Google Chrome OS before 33.0.1750.152 does not properly consider file persistence, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2014-1704 | critical | — | 10.0 | 12y ago | Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18, as used in Google Chrome before 33.0.1750.149, allow attackers to cause a denial of service or possibly have other impact via unkn… | |||
| CVE-2014-0783 | critical | — | 10.0 | 12y ago | Stack-based buffer overflow in BKHOdeq.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet. | |||
| CVE-2014-0781 | critical | — | 10.0 | 12y ago | Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets. | |||
| CVE-2014-0505 | critical | — | 10.0 | 12y ago | Adobe Shockwave Player before 12.1.0.150 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||
| CVE-2014-0307 | critical | — | 10.0 | 12y ago | Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a certain sequence of manipulation… | |||
| CVE-2014-2321 | critical | — | 10.0 | 12y ago | web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET … | |||
| CVE-2014-2299 | critical | — | 10.0 | 12y ago | Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a d… | |||
| CVE-2014-0703 | critical | — | 10.0 | 12y ago | Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distribute Aironet IOS software with a race condition in the status of the administrative HTTP server, which allows remote attackers t… | |||
| CVE-2014-0683 | critical | — | 10.0 | 12y ago | The web management interface on the Cisco RV110W firewall with firmware 1.2.0.9 and earlier, RV215W router with firmware 1.1.0.5 and earlier, and CVR100W router with firmware 1.0.1.19 and earlier doe… | |||
| CVE-2014-2206 | critical | — | 10.0 | 12y ago | Stack-based buffer overflow in GetGo Download Manager 4.9.0.1982, 4.8.2.1346, 4.4.5.502, and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long… | |||
| CVE-2014-0862 | critical | — | 10.0 | 12y ago | Unspecified vulnerability in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x before 3.0.1.6 iFix 2 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code… | |||
| CVE-2014-2075 | critical | — | 10.0 | 12y ago | TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator SDK 1.0.0 do not properly enforce administrative authentication requirements, which allows remote attackers to execute arbitrary comm… | |||
| CVE-2014-0721 | critical | — | 10.0 | 12y ago | The Cisco Unified SIP Phone 3905 with firmware before 9.4(1) allows remote attackers to obtain root access via a session on the test interface on TCP port 7870, aka Bug ID CSCuh75574. | |||
| CVE-2014-0498 | critical | — | 10.0 | 12y ago | Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 … | |||
| CVE-2014-0501 | critical | — | 10.0 | 13y ago | Adobe Shockwave Player before 12.0.9.149 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE… | |||
| CVE-2014-0500 | critical | — | 10.0 | 13y ago | Adobe Shockwave Player before 12.0.9.149 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE… | |||
| CVE-2014-0294 | critical | — | 10.0 | 13y ago | Microsoft Forefront Protection 2010 for Exchange Server does not properly parse e-mail content, which might allow remote attackers to execute arbitrary code via a crafted message, aka "RCE Vulnerabil… | |||
| CVE-2014-0257 | critical | — | 10.0 | 13y ago | Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrar… | |||
| CVE-2014-0980 | critical | — | 10.0 | 13y ago | Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote attackers to execute arbitrary code via a crafted PUI file. | |||
| CVE-2014-1488 | critical | — | 10.0 | 13y ago | The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that ha… | |||
| CVE-2014-1478 | critical | — | 10.0 | 13y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and applicat… | |||
| CVE-2014-1681 | critical | — | 10.0 | 13y ago | Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.102 have unknown impact and attack vectors, related to 12 "security fixes [that were not] either contributed by external researc… | |||
| CVE-2014-0494 | critical | — | 10.0 | 13y ago | Adobe Digital Editions 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | |||
| CVE-2014-0650 | critical | — | 10.0 | 13y ago | The web interface in Cisco Secure Access Control System (ACS) 5.x before 5.4 Patch 3 allows remote attackers to execute arbitrary operating-system commands via a request to this interface, aka Bug ID… | |||
| CVE-2014-0648 | critical | — | 10.0 | 13y ago | The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authentication and authorization requirements, which allows remote attackers to obtain administr… | |||
| CVE-2014-0495 | critical | — | 10.0 | 13y ago | Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified … | |||
| CVE-2014-0493 | critical | — | 10.0 | 13y ago | Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified … | |||
| CVE-2014-0492 | critical | — | 10.0 | 13y ago | Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, a… | |||
| CVE-2014-0491 | critical | — | 10.0 | 13y ago | Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, a… | |||
| CVE-2014-1201 | critical | — | 10.0 | 13y ago | Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2 LH330 series with firmware 11.17.38-33_1D97A, and Edge3 LH340 series… | |||
| CVE-2014-0428 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors rel… | |||
| CVE-2014-0422 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors rel… | |||
| CVE-2014-0415 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnera… | |||
| CVE-2014-0410 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnera… | |||
| CVE-2014-0659 | critical | — | 10.0 | 13y ago | The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote… | |||
| CVE-2014-1236 | critical | — | 10.0 | 13y ago | Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a "lon… | |||
| CVE-2014-125112 | critical | 9.8 | 9.8 | 2mo ago | Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows … | |||
| CVE-2014-9515 | critical | 9.8 | 9.8 | 9y ago | Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attackers to execute arbitrary code via a crafted serialized object. | |||
| CVE-2014-3630 | critical | 9.8 | 9.8 | 9y ago | XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of se… | |||
| CVE-2014-0121 | critical | 9.8 | 9.8 | 9y ago | The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter. | |||
| CVE-2014-4914 | critical | 9.8 | 9.8 | 9y ago | The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors. | |||
| CVE-2014-8389 | critical | 9.8 | 9.8 | 9y ago | cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware 1.43 21.08.2014, AirLive MD-3025 with firmware 1.81 21.08.2014, AirLive WL-2000CAM with… | |||
| CVE-2014-0073 | critical | 9.8 | 9.8 | 9y ago | The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 throug… | |||
| CVE-2014-3624 | critical | 9.8 | 9.8 | 9y ago | Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT. | |||
| CVE-2014-3600 | critical | 9.8 | 9.8 | 9y ago | Improper Restriction of XML External Entity Reference in Apache ActiveMQ | |||
| CVE-2014-3579 | critical | 9.8 | 9.8 | 9y ago | Apache ActiveMQ Apollo XXE Vulnerability | |||
| CVE-2014-2023 | critical | 9.8 | 9.8 | 9y ago | Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and earlier and 5.x through 5.2.1 for vBulletin allow remote attackers to execute arbitrary SQL commands via a crafted xmlrpc API r… | |||
| CVE-2014-1203 | critical | 9.8 | 9.8 | 9y ago | The get_login_ip_config_file function in Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/ip_login_se… | |||
| CVE-2014-3741 | critical | 9.8 | 9.8 | 9y ago | Potential Command Injection in printer | |||
| CVE-2014-9733 | critical | 9.8 | 9.8 | 9y ago | nw.js before 0.11.5 can simulate user input events in a normal frame, which allows remote attackers to have unspecified impact via unknown vectors. | |||
| CVE-2014-9487 | critical | 9.8 | 9.8 | 9y ago | The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML Externa… | |||
| CVE-2014-9148 | critical | 9.8 | 9.8 | 9y ago | Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the (1) "Install and Update" or (2) Backup super administrator function via the view parameter in a direct … | |||
| CVE-2014-8621 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in the Store Locator plugin 2.3 through 3.11 for WordPress allows remote attackers to execute arbitrary SQL commands via the sl_custom_field parameter to sl-xml.php. | |||
| CVE-2014-9474 | critical | 9.8 | 9.8 | 9y ago | Buffer overflow in the mpfr_strtofr function in GNU MPFR before 3.1.2-p11 allows context-dependent attackers to have unspecified impact via vectors related to incorrect documentation for mpn_set_str. | |||
| CVE-2014-0030 | critical | 9.8 | 9.8 | 9y ago | The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors. | |||
| CVE-2014-9618 | critical | 9.8 | 9.8 | 9y ago | The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via … | |||
| CVE-2014-9611 | critical | 9.8 | 9.8 | 9y ago | Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accounts and policies via a request to webadmin/nslam/index.php. | |||
| CVE-2014-8174 | critical | 9.8 | 9.8 | 9y ago | eDeploy makes it easier for remote attackers to execute arbitrary code by leveraging use of HTTP to download files. | |||
| CVE-2014-9558 | critical | 9.8 | 9.8 | 9y ago | Multiple SQL injection vulnerabilities in SmartCMS v.2. | |||
| CVE-2014-9513 | critical | 9.8 | 9.8 | 9y ago | Insecure use of temporary files in xbindkeys-config 0.1.3-2 allows remote attackers to execute arbitrary code. | |||
| CVE-2014-8428 | critical | 9.8 | 9.8 | 9y ago | Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 via the use of an improperly protected SSH key. | |||
| CVE-2014-8426 | critical | 9.8 | 9.8 | 9y ago | Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015. | |||
| CVE-2014-7859 | critical | 9.8 | 9.8 | 9y ago | Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows … | |||
| CVE-2014-7858 | critical | 9.8 | 9.8 | 9y ago | The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string. | |||
| CVE-2014-7857 | critical | 9.8 | 9.8 | 9y ago | D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allow remote attackers to bypass … | |||
| CVE-2014-9981 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, an overflow check in the USB interface was insufficient during boot. | |||
| CVE-2014-9980 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a Sample App failed to check a length potentially leading to unauthorized access to secure memory. | |||
| CVE-2014-9979 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a variable is uninitialized in a TrustZone system call potentially leading to the compromise of secure memory. | |||
| CVE-2014-9978 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE service. | |||
| CVE-2014-9977 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in PlayReady DRM. | |||
| CVE-2014-9976 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing. | |||
| CVE-2014-9975 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerability potentially exists in Full Disk Encryption. | |||
| CVE-2014-9974 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths was missing in Keymaster. | |||
| CVE-2014-9973 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of a buffer length was missing in a PlayReady DRM routine. | |||
| CVE-2014-9972 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts can potentially cause a NULL pointer dereference during an out-of-memory condition. | |||
| CVE-2014-9971 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts causes an instruction inside of an assert to not be executed resulting in incorrect control flow. | |||
| CVE-2014-9969 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may use an insecure cryptographic algorithm. | |||
| CVE-2014-9968 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the UIMDIAG interface. | |||
| CVE-2014-9411 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in rollback protection. | |||
| CVE-2014-9984 | critical | 9.8 | 9.8 | 9y ago | nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon cras… | |||
| CVE-2014-3527 | critical | 9.8 | 9.8 | 9y ago | Authorization Bypass in Spring Security | |||
| CVE-2014-9654 | critical | 9.8 | 9.8 | 9y ago | The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring tha… | |||
| CVE-2014-7921 | critical | 9.8 | 9.8 | 9y ago | mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7920. | |||
| CVE-2014-7920 | critical | 9.8 | 9.8 | 9y ago | mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921. | |||
| CVE-2014-3928 | critical | 9.8 | 9.8 | 9y ago | Cougar-LG stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials. | |||
| CVE-2014-3927 | critical | 9.8 | 9.8 | 9y ago | mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to execute arbitrary shell code. | |||
| CVE-2014-9693 | critical | 9.8 | 9.8 | 9y ago | Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R… | |||
| CVE-2014-5009 | critical | 9.8 | 9.8 | 9y ago | Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008. | |||
| CVE-2014-5008 | critical | 9.8 | 9.8 | 9y ago | Snoopy allows remote attackers to execute arbitrary commands. | |||
| CVE-2014-9826 | critical | 9.8 | 9.8 | 9y ago | ImageMagick allows remote attackers to have unspecified impact via vectors related to error handling in sun files. | |||
| CVE-2014-3582 | critical | 9.8 | 9.8 | 9y ago | In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster. | |||
| CVE-2014-6440 | critical | 9.8 | 9.8 | 9y ago | VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service. | |||
| CVE-2014-8731 | critical | 9.8 | 9.8 | 9y ago | PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via vectors related "serialized data and the last part of the concatenated filename," which creates a file in… | |||
| CVE-2014-7279 | critical | 9.8 | 9.8 | 9y ago | The Konke Smart Plug K does not require authentication for TELNET sessions, which allows remote attackers to obtain "equipment management authority" via TCP traffic to port 23. |