CVEs from 2014
Total
7,872
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
2.1%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-2044 | high | — | 7.5 | 12y ago | Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbi… | |||
| CVE-2014-5389 | high | — | 7.5 | 12y ago | SQL injection vulnerability in content-audit-schedule.php in the Content Audit plugin before 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "Audited content typ… | |||
| CVE-2014-0074 | high | — | 7.5 | 12y ago | Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password. | |||
| CVE-2014-3396 | high | — | 7.5 | 12y ago | Cisco IOS XR on ASR 9000 devices does not properly use compression for port-range and address-range encoding, which allows remote attackers to bypass intended Typhoon line-card ACL restrictions via t… | |||
| CVE-2014-6298 | high | — | 7.5 | 12y ago | Unrestricted file upload vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then access… | |||
| CVE-2014-6295 | high | — | 7.5 | 12y ago | WEC Map (wec_map) extension for TYPO3 allows SQL Injection | |||
| CVE-2014-6293 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the Statistics (ke_stats) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild i… | |||
| CVE-2014-6290 | high | — | 7.5 | 12y ago | The News (tt_news) extension before 3.5.2 for TYPO3 allows remote attackers to have unspecified impact via vectors related to an "insecure unserialize" issue. | |||
| CVE-2014-6289 | high | — | 7.5 | 12y ago | yag and pt_extbase extensions for TYPO3 allow remote attackers to bypass access restrictions | |||
| CVE-2014-6288 | high | — | 7.5 | 12y ago | TYPO3 powermail extension allows remote attackers to bypass CAPTCHA protection mechanism | |||
| CVE-2014-3947 | high | — | 7.5 | 12y ago | TYPO3 powermail extension has unrestricted file upload vulnerability | |||
| CVE-2014-6051 | high | — | 7.5 | 12y ago | Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code … | |||
| CVE-2014-1568 | high | — | 7.5 | 12y ago | Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x befo… | |||
| CVE-2014-4424 | high | — | 7.5 | 12y ago | SQL injection vulnerability in Wiki Server in CoreCollaboration in Apple OS X Server before 2.2.3 and 3.x before 3.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vector… | |||
| CVE-2014-2376 | high | — | 7.5 | 12y ago | SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vector… | |||
| CVE-2014-5440 | high | — | 7.5 | 12y ago | SQL injection vulnerability in Login.aspx in MPEX Business Solutions MX-SmartTimer before 13.19.18 allows remote attackers to execute arbitrary SQL commands via the ct100%24CPHContent%24password para… | |||
| CVE-2014-2008 | high | — | 7.5 | 12y ago | SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter. | |||
| CVE-2014-4811 | high | — | 7.5 | 12y ago | IBM Storwize 3500, 3700, 5000, and 7000 devices and SAN Volume Controller 6.x and 7.x before 7.2.0.8 allow remote attackers to reset the administrator superuser password to its default value via a di… | |||
| CVE-2014-5460 | medium | — | 7.5 | 12y ago | Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then a… | |||
| CVE-2014-6241 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the wt_directory extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-6239 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the Address visualization with Google Maps (st_address_map) extension before 0.3.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-6236 | high | — | 7.5 | 12y ago | Unspecified vulnerability in the LumoNet PHP Include (lumophpinclude) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary scripts via vectors related to extension links. | |||
| CVE-2014-6235 | high | — | 7.5 | 12y ago | Unspecified vulnerability in the ke DomPDF extension before 0.0.5 for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors. | |||
| CVE-2014-6233 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the Flat Manager (flatmgr) extension before 2.7.10 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-6231 | high | — | 7.5 | 12y ago | Unspecified vulnerability in the CWT Frontend Edit (cwt_feedit) extension before 1.2.5 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors. | |||
| CVE-2014-2223 | high | — | 7.5 | 12y ago | Unrestricted file upload vulnerability in plog-admin/plog-upload.php in Plogger 1.0 RC1 and earlier allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a… | |||
| CVE-2014-3179 | high | — | 7.5 | 12y ago | Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.120 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2014-3178 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in core/dom/Node.cpp in Blink, as used in Google Chrome before 37.0.2062.120, allows remote attackers to cause a denial of service or possibly have unspecified other impa… | |||
| CVE-2014-0548 | high | — | 7.5 | 12y ago | Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on… | |||
| CVE-2014-3618 | high | — | 7.5 | 12y ago | Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, relate… | |||
| CVE-2014-5504 | high | — | 7.5 | 12y ago | SolarWinds Log and Event Manager before 6.0 uses "static" credentials, which makes it easier for remote attackers to obtain access to the database and execute arbitrary code via unspecified vectors, … | |||
| CVE-2014-2685 | high | — | 7.5 | 12y ago | The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only th… | |||
| CVE-2014-5285 | high | — | 7.5 | 12y ago | Unspecified vulnerability in the Authentication Module in TIBCO Spotfire Server before 4.5.2, 5.0.x before 5.0.3, 5.5.x before 5.5.2, 6.0.x before 6.0.3, and 6.5.x before 6.5.1 allows remote attacker… | |||
| CVE-2014-0485 | high | — | 7.5 | 12y ago | S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/. | |||
| CVE-2014-5119 | high | — | 7.5 | 12y ago | Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code … | |||
| CVE-2014-5399 | high | — | 7.5 | 12y ago | SQL injection vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-5397 | high | — | 7.5 | 12y ago | Cross-site scripting (XSS) vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to inject arbitrary web script or HTML via unspec… | |||
| CVE-2014-3171 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the V8 bindings in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact … | |||
| CVE-2014-3169 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or po… | |||
| CVE-2014-3168 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other … | |||
| CVE-2014-5458 | high | — | 7.5 | 12y ago | SQL injection vulnerability in sqrl_verify.php in php-sqrl allows remote attackers to execute arbitrary SQL commands via the message parameter. | |||
| CVE-2014-2216 | high | — | 7.5 | 12y ago | The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.0.0 before 5.0.8 on FortiGate devices allows remote attackers to cause a denial of service and possibly execute arbitrary cod… | |||
| CVE-2014-5396 | high | — | 7.5 | 12y ago | The web interface in Schrack Technik microControl with firmware before 1.7.0 (937) has a hardcoded password of not for the "user" account, which makes it easier for remote attackers to obtain access … | |||
| CVE-2014-5262 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-5261 | high | — | 7.5 | 12y ago | The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool comman… | |||
| CVE-2014-5097 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in Free Reprintables ArticleFR 3.0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) get or (2) set action to… | |||
| CVE-2014-4197 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in Bank Soft Systems (BSS) RBS BS-Client 3.17.9 allow remote attackers to execute arbitrary SQL commands via the (1) CARDS or (2) XACTION parameter. | |||
| CVE-2014-5383 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-5159 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary SQL commands via the ws_data parameter. | |||
| CVE-2014-3490 | high | — | 7.5 | 12y ago | Incorrect Privilege Assignment in RESTEasy | |||
| CVE-2014-3906 | high | — | 7.5 | 12y ago | SQL injection vulnerability in OSK Advance-Flow 4.41 and earlier and Advance-Flow Forms 4.41 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-5203 | high | — | 7.5 | 12y ago | wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x before 3.9.2 might allow remote attackers to execute arbitrary code via crafted serialized data. | |||
| CVE-2014-3514 | high | — | 7.5 | 12y ago | activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection… | |||
| CVE-2014-3063 | high | — | 7.5 | 12y ago | IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1-FP11 and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x before… | |||
| CVE-2014-3904 | high | — | 7.5 | 12y ago | SQL injection vulnerability in lib/admin.php in tenfourzero Shutter 0.1.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-5250 | high | — | 7.5 | 12y ago | Unspecified vulnerability in the AJAX autocompletion callback in the Biblio Autocomplete module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to access data via… | |||
| CVE-2014-5249 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the "Biblio self autocomplete" submodule in the Biblio Autocomplete module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to execu… | |||
| CVE-2014-3512 | high | — | 7.5 | 12y ago | Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have uns… | |||
| CVE-2014-3167 | high | — | 7.5 | 12y ago | Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.143 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2014-3165 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143, allows remote attack… | |||
| CVE-2014-0316 | high | — | 7.5 | 12y ago | Memory leak in the Local RPC (LRPC) server implementation in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 … | |||
| CVE-2014-5201 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the Gallery Objects plugin 0.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the viewid parameter in a go_view_object action to wp-admin/a… | |||
| CVE-2014-5200 | high | — | 7.5 | 12y ago | SQL injection vulnerability in game_play.php in the FB Gorilla plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2014-3086 | high | — | 7.5 | 12y ago | Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveragi… | |||
| CVE-2014-5192 | high | — | 7.5 | 12y ago | SQL injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to execute arbitrary SQL commands via the filter parameter. | |||
| CVE-2014-5189 | high | — | 7.5 | 12y ago | SQL injection vulnerability in lib/optin/optin_page.php in the Lead Octopus plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2014-3773 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in TeamPass before 2.1.20 allow remote attackers to execute arbitrary SQL commands via the login parameter in a (1) send_pw_by_email or (2) generate_new_passwor… | |||
| CVE-2014-3772 | high | — | 7.5 | 12y ago | TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via a request to index.php followed by a direct request to a file that calls the session_start function before checking th… | |||
| CVE-2014-3771 | high | — | 7.5 | 12y ago | TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via the language file path in a (1) request to index.php or (2) "change_user_language" request to sources/main.queries.php. | |||
| CVE-2014-5089 | high | — | 7.5 | 12y ago | SQL injection vulnerability in admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary SQL commands via the log parameter. | |||
| CVE-2014-5082 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the (1) site_id or (… | |||
| CVE-2014-5175 | high | — | 7.5 | 12y ago | The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS. | |||
| CVE-2014-3055 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to execute arbitrary SQL commands via unspecified … | |||
| CVE-2014-5114 | high | — | 7.5 | 12y ago | WeBid 1.1.1 allows remote attackers to conduct an LDAP injection attack via the (1) js or (2) cat parameter. | |||
| CVE-2014-3541 | high | — | 7.5 | 12y ago | Moodle vulnerable to PHP object injection attacks | |||
| CVE-2014-5112 | high | — | 7.5 | 12y ago | maint/modules/home/index.php in Fonality trixbox allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter. | |||
| CVE-2014-5109 | high | — | 7.5 | 12y ago | SQL injection vulnerability in maint/modules/endpointcfg/endpoint_generic.php in Fonality trixbox allows remote attackers to execute arbitrary SQL commands via the mac parameter in a Submit action. | |||
| CVE-2014-5104 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) a… | |||
| CVE-2014-4726 | high | — | 7.5 | 12y ago | Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors. | |||
| CVE-2014-4858 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in CWPLogin.aspx in Sabre AirCentre Crew products 2010.2.12.20008 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (… | |||
| CVE-2014-5102 | high | — | 7.5 | 12y ago | SQL injection vulnerability in vBulletin 5.0.4 through 5.1.3 Alpha 5 allows remote attackers to execute arbitrary SQL commands via the criteria[startswith] parameter to ajax/render/memberlist_items. | |||
| CVE-2014-4736 | high | — | 7.5 | 12y ago | SQL injection vulnerability in E2 before 2.4 (2845) allows remote attackers to execute arbitrary SQL commands via the note-id parameter to @actions/comment-process. | |||
| CVE-2014-3530 | high | — | 7.5 | 12y ago | XML External Entity Reference in org.picketlink:picketlink-common | |||
| CVE-2014-5017 | high | — | 7.5 | 12y ago | SQL injection vulnerability in CPDB in application/controllers/admin/participantsaction.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to execute arbitrary SQL commands via the sidx par… | |||
| CVE-2014-4960 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in models\gallery.php in Youtube Gallery (com_youtubegallery) component 4.x through 4.1.7, and possibly 3.x, for Joomla! allow remote attackers to execute arbit… | |||
| CVE-2014-3161 | high | — | 7.5 | 12y ago | The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayer_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly interact with redirects, which … | |||
| CVE-2014-1999 | high | — | 7.5 | 12y ago | The auto-format feature in the Request_Curl class in FuelPHP 1.1 through 1.7.1 allows remote attackers to execute arbitrary code via a crafted response. | |||
| CVE-2014-1996 | high | — | 7.5 | 12y ago | Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call. | |||
| CVE-2014-2368 | high | — | 7.5 | 12y ago | The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call. | |||
| CVE-2014-2367 | high | — | 7.5 | 12y ago | The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call. | |||
| CVE-2014-4977 | medium | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new … | |||
| CVE-2014-4938 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the WP Rss Poster (wp-rss-poster) plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to w… | |||
| CVE-2014-4852 | high | — | 7.5 | 12y ago | SQL injection vulnerability in admin/uploads.php in The Digital Craft AtomCMS, possibly 2.0, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2014-4850 | high | — | 7.5 | 12y ago | SQL injection vulnerability in index.php in FoeCMS allows remote attackers to execute arbitrary SQL commands via the i parameter. | |||
| CVE-2014-4741 | high | — | 7.5 | 12y ago | SQL injection vulnerability in demo/ads.php in Artifectx xClassified 1.2 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||
| CVE-2014-4194 | high | — | 7.5 | 12y ago | SQL injection vulnerability in zero_transact_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter in a Submit Comment action. | |||
| CVE-2014-3515 | high | — | 7.5 | 12y ago | The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers … | |||
| CVE-2014-0539 | high | — | 7.5 | 12y ago | Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adob… | |||
| CVE-2014-0537 | high | — | 7.5 | 12y ago | Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adob… | |||
| CVE-2014-2616 | high | — | 7.5 | 12y ago | Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2091. |