CVEs from 2014
Total
7,915
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
0.6%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2014-8502 | high | — | 7.5 | 12y ago | Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspe… | |
| CVE-2014-8501 | high | — | 7.5 | 12y ago | The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified… | |
| CVE-2014-8485 | high | — | 7.5 | 12y ago | The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section g… | |
| CVE-2014-9348 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the formulaireRobot function in admin/robots.lib.php in RobotStats 1.0 allows remote attackers to execute arbitrary SQL commands via the robot parameter to admin/robots… | |
| CVE-2014-9347 | high | — | 7.5 | 12y ago | SQL injection vulnerability in dosearch.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the words_exact parameter. | |
| CVE-2014-9345 | high | — | 7.5 | 12y ago | SQL injection vulnerability in Guruperl.net Advertise With Pleasure! Professional (aka AWP PRO) 6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the group_id parameter in… | |
| CVE-2014-9280 | high | — | 7.5 | 12y ago | The current_user_get_bug_filter function in core/current_user_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary PHP code via the filter parameter. | |
| CVE-2014-4880 | high | — | 7.5 | 12y ago | Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote attackers to execute arbitrary code via an RTSP PLAY request with a long Authorizat… | |
| CVE-2014-1693 | high | — | 7.5 | 12y ago | Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-dependent attackers to inject arbitrary FTP commands via CRLF sequences in the (1) user, (2) account, (3) … | |
| CVE-2014-9304 | high | — | 7.5 | 12y ago | Plex Media Server before 0.9.9.3 allows remote attackers to bypass the web server whitelist, conduct SSRF attacks, and execute arbitrary administrative actions via multiple crafted X-Plex-Url headers… | |
| CVE-2014-7255 | high | 7.5 | 7.5 | 12y ago | Internet Initiative Japan Inc. SEIL Series routers SEIL/X1 2.50 through 4.62, SEIL/X2 2.50 through 4.62, SEIL/B1 2.50 through 4.62, and SEIL/x86 Fuji 1.70 through 3.22 allow remote attackers to cause… | |
| CVE-2014-8990 | high | — | 7.5 | 12y ago | default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename. | |
| CVE-2014-9215 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the CheckEmail function in includes/functions.class.php in PBBoard 3.0.1 before 20141128 allows remote attackers to execute arbitrary SQL commands via the email paramet… | |
| CVE-2014-9144 | high | — | 7.5 | 12y ago | Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter). | |
| CVE-2014-3997 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition 5 through 7 build 7003, IT360 an… | |
| CVE-2014-3996 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90043, Password Manager… | |
| CVE-2014-7868 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbit… | |
| CVE-2014-7867 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus servlet in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow… | |
| CVE-2014-6035 | high | — | 7.5 | 12y ago | Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) i… | |
| CVE-2014-9242 | high | — | 7.5 | 12y ago | SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers to execute arbitrary SQL commands via the page_id parameter. | |
| CVE-2014-9240 | high | — | 7.5 | 12y ago | SQL injection vulnerability in member.php in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the question_id parameter in a do_register act… | |
| CVE-2014-9239 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote … | |
| CVE-2014-9237 | high | — | 7.5 | 12y ago | SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via a tem:Code element in a SOAP request. | |
| CVE-2014-9157 | high | — | 7.5 | 12y ago | Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not … | |
| CVE-2014-9220 | high | — | 7.5 | 12y ago | SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command. | |
| CVE-2014-9178 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin (sp-client-document-manager) 2.4.1 and earlier for WordPress allow remote a… | |
| CVE-2014-9175 | high | — | 7.5 | 12y ago | SQL injection vulnerability in wpdatatables.php in the wpDataTables plugin 1.5.3 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the table_id parameter in a ge… | |
| CVE-2014-9173 | high | — | 7.5 | 12y ago | SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPress allows remote attackers to execute arbitrary SQL commands via the gpid parameter. | |
| CVE-2014-8728 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the login page (login/login) in Subex ROC Fraud Management (aka Fraud Management System and FMS) 7.4 and earlier allows remote attackers to execute arbitrary SQL comman… | |
| CVE-2014-9152 | high | — | 7.5 | 12y ago | The _user_resource_create function in the Services module 7.x-3.x before 7.x-3.10 for Drupal uses a password of 1 when creating new user accounts, which makes it easier for remote attackers to guess … | |
| CVE-2014-9151 | high | — | 7.5 | 12y ago | The Services module 7.x-3.x before 7.x-3.10 for Drupal does not properly limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attac… | |
| CVE-2014-9087 | high | — | 7.5 | 12y ago | Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or … | |
| CVE-2014-9089 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT before 1.2.18 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to view_all_se… | |
| CVE-2014-9097 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly as distributed before 2014-07-23, for WordPress allow (1) remote attackers to … | |
| CVE-2014-9096 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) n parameter. | |
| CVE-2014-9095 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to license/records. | |
| CVE-2014-9093 | high | — | 7.5 | 12y ago | LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file. | |
| CVE-2014-9028 | high | — | 7.5 | 12y ago | Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. | |
| CVE-2014-8962 | high | — | 7.5 | 12y ago | Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. | |
| CVE-2014-8002 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in decode_slice.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file. | |
| CVE-2014-8001 | high | — | 7.5 | 12y ago | Buffer overflow in decode.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file. | |
| CVE-2014-8367 | high | — | 7.5 | 12y ago | SQL injection vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) 6.2.x, 6.3.x before 6.3.6, and 6.4.x before 6.4.2 allows remote attackers to execute arbitrary SQL commands via unspecifi… | |
| CVE-2014-8413 | high | — | 7.5 | 12y ago | The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs defined in pjsip.conf at startup, which allows remote attackers to by… | |
| CVE-2014-7845 | high | — | 7.5 | 12y ago | Moodle Temporary Passwords are Brute Force-able | |
| CVE-2014-8626 | high | — | 7.5 | 12y ago | Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly… | |
| CVE-2014-8682 | high | — | 7.5 | 12y ago | SQL Injection in Gogs in gogs.io/gogs | |
| CVE-2014-8681 | high | — | 7.5 | 12y ago | SQL Injection in github.com/gogits/gogs | |
| CVE-2014-9024 | high | — | 7.5 | 12y ago | The Protected Pages module 7.x-2.x before 7.x-2.4 for Drupal allows remote attackers to bypass the password protection via a crafted path. | |
| CVE-2014-9005 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in vldPersonals before 2.7.1 allow remote attackers to execute arbitrary SQL commands via the (1) country, (2) gender1, or ((3) gender2 parameter in a search ac… | |
| CVE-2014-8997 | high | — | 7.5 | 12y ago | Unrestricted file upload vulnerability in the Photo functionality in DigitalVidhya Digi Online Examination System 2.0 allows remote attackers to execute arbitrary code by uploading a file with an exe… | |
| CVE-2014-7910 | high | — | 7.5 | 12y ago | Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |
| CVE-2014-7908 | high | — | 7.5 | 12y ago | Multiple integer overflows in the CheckMov function in media/base/container_names.cc in Google Chrome before 39.0.2171.65 allow remote attackers to cause a denial of service or possibly have unspecif… | |
| CVE-2014-7907 | high | — | 7.5 | 12y ago | Multiple use-after-free vulnerabilities in modules/screen_orientation/ScreenOrientationController.cpp in Blink, as used in Google Chrome before 39.0.2171.65, allow remote attackers to cause a denial … | |
| CVE-2014-7906 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the Pepper plugins in Google Chrome before 39.0.2171.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Flas… | |
| CVE-2014-7904 | high | — | 7.5 | 12y ago | Buffer overflow in Skia, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |
| CVE-2014-7903 | high | — | 7.5 | 12y ago | Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a … | |
| CVE-2014-7902 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF … | |
| CVE-2014-7901 | high | — | 7.5 | 12y ago | Integer overflow in the opj_t2_read_packet_data function in fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c in OpenJPEG in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to c… | |
| CVE-2014-7900 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the CPDF_Parser::IsLinearizedFile function in fpdfapi/fpdf_parser/fpdf_parser_parser.cpp in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attacke… | |
| CVE-2014-7146 | high | — | 7.5 | 12y ago | The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is… | |
| CVE-2014-4457 | high | — | 7.5 | 12y ago | The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted app… | |
| CVE-2014-8596 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to files/administration/s… | |
| CVE-2014-0250 | high | — | 7.5 | 12y ago | Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allow remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress f… | |
| CVE-2014-3158 | high | — | 7.5 | 12y ago | Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to "access privileged options" via a long word in an options file, which trigge… | |
| CVE-2014-5424 | high | — | 7.5 | 12y ago | Rockwell Automation Connected Components Workbench (CCW) before 7.00.00 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an invalid prop… | |
| CVE-2014-8554 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the mc_project_get_attachments function in api/soap/mc_project_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary SQL commands via the proje… | |
| CVE-2014-3674 | high | — | 7.5 | 12y ago | Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors. | |
| CVE-2014-8442 | high | — | 7.5 | 12y ago | Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe … | |
| CVE-2014-0583 | high | — | 7.5 | 12y ago | Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK… | |
| CVE-2014-3687 | high | 7.5 | 7.5 | 12y ago | The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplic… | |
| CVE-2014-3673 | high | 7.5 | 7.5 | 12y ago | The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and ne… | |
| CVE-2014-3693 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly ex… | |
| CVE-2014-3437 | high | — | 7.5 | 12y ago | The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing … | |
| CVE-2014-8668 | high | — | 7.5 | 12y ago | SQL injection vulnerability in SAP Contract Accounting allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |
| CVE-2014-8664 | high | — | 7.5 | 12y ago | SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |
| CVE-2014-8663 | high | — | 7.5 | 12y ago | SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |
| CVE-2014-8351 | high | — | 7.5 | 12y ago | SQL injection vulnerability in info.php in French National Commission on Informatics and Liberty (aka CNIL) CookieViz before 1.0.1 allows remote web servers to execute arbitrary SQL commands via the … | |
| CVE-2014-8549 | high | — | 7.5 | 12y ago | libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the number of channels to at most 2, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have u… | |
| CVE-2014-8548 | high | — | 7.5 | 12y ago | Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime… | |
| CVE-2014-8547 | high | — | 7.5 | 12y ago | libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified othe… | |
| CVE-2014-8546 | high | — | 7.5 | 12y ago | Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Cine… | |
| CVE-2014-8545 | high | — | 7.5 | 12y ago | libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black format without verifying that the bits-per-pixel value is 1, which allows remote attackers to cause a denial of service (out-of… | |
| CVE-2014-8544 | high | — | 7.5 | 12y ago | libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecifi… | |
| CVE-2014-8543 | high | — | 7.5 | 12y ago | libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service (out-of-bound… | |
| CVE-2014-8542 | high | — | 7.5 | 12y ago | libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have … | |
| CVE-2014-8541 | high | — | 7.5 | 12y ago | libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attacker… | |
| CVE-2014-5417 | high | — | 7.5 | 12y ago | Cross-site scripting (XSS) vulnerability in Meinberg NTP Server firmware on LANTIME M-Series devices 6.15.019 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecifie… | |
| CVE-2014-5408 | high | — | 7.5 | 12y ago | Cross-site scripting (XSS) vulnerability in the login script in the Wind Farm Portal on Nordex Control 2 (NC2) SCADA devices 15 and earlier allows remote attackers to inject arbitrary web script or H… | |
| CVE-2014-2374 | high | — | 7.5 | 12y ago | The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript. | |
| CVE-2014-2373 | high | — | 7.5 | 12y ago | The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript. | |
| CVE-2014-0222 | high | — | 7.5 | 12y ago | Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image. | |
| CVE-2014-0182 | high | — | 7.5 | 12y ago | Heap-based buffer overflow in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image. | |
| CVE-2014-8474 | high | — | 7.5 | 12y ago | CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption)… | |
| CVE-2014-8588 | high | — | 7.5 | 12y ago | SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |
| CVE-2014-8587 | high | — | 7.5 | 12y ago | SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) sign… | |
| CVE-2014-8586 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter. | |
| CVE-2014-8339 | high | — | 7.5 | 12y ago | SQL injection vulnerability in midroll.php in Nuevolab Nuevoplayer for ClipShare 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ch parameter. | |
| CVE-2014-7228 | high | — | 7.5 | 12y ago | Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for … | |
| CVE-2014-0490 | high | — | 7.5 | 12y ago | The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package. | |
| CVE-2014-0489 | high | — | 7.5 | 12y ago | APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package. |