CVEs from 2014
Total
7,915
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
0.6%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2014-6560 | critical | — | 9.0 | 12y ago | Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrit… | |
| CVE-2014-6546 | critical | — | 9.0 | 12y ago | Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integ… | |
| CVE-2014-6545 | critical | — | 9.0 | 12y ago | Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrit… | |
| CVE-2014-6467 | critical | — | 9.0 | 12y ago | Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrit… | |
| CVE-2014-6455 | critical | — | 9.0 | 12y ago | Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, … | |
| CVE-2014-6453 | critical | — | 9.0 | 12y ago | Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrit… | |
| CVE-2014-3389 | critical | — | 9.0 | 12y ago | The VPN implementation in Cisco ASA Software 7.2 before 7.2(5.15), 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), … | |
| CVE-2014-5308 | critical | — | 9.0 | 12y ago | Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the (1) name parameter in a Search action to lib/project/projectView.p… | |
| CVE-2014-5502 | critical | — | 9.0 | 12y ago | The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote authenticated users to inject arbitrary commands via a (1) checkcert_key, (2) webclient_portal_settings, (3) sslvpn_liveu… | |
| CVE-2014-4868 | critical | — | 9.0 | 12y ago | The management console on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows remote authenticated users to execute arbitrary Linux commands via shell metacharacters in a console comma… | |
| CVE-2014-2593 | critical | — | 9.0 | 12y ago | The management console in Aruba Networks ClearPass Policy Manager 6.3.0.60730 allows local users to execute arbitrary commands via shell metacharacters in certain arguments of a valid command, as dem… | |
| CVE-2014-3333 | critical | — | 9.0 | 12y ago | The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote authenticated users to obtain privileged access by conducting an "HTTP Intercept" attack and leveraging the ability to read files … | |
| CVE-2014-2366 | critical | — | 9.0 | 12y ago | upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code. | |
| CVE-2014-2606 | critical | — | 9.0 | 12y ago | Unspecified vulnerability in HP StoreVirtual 4000 Storage and StoreVirtual VSA 9.5 through 11.0 allows remote authenticated users to gain privileges via unknown vectors. | |
| CVE-2014-3816 | critical | — | 9.0 | 12y ago | Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R11, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8-S2, 12.3 bef… | |
| CVE-2014-2197 | critical | — | 9.0 | 12y ago | The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which all… | |
| CVE-2014-2613 | critical | — | 9.0 | 12y ago | Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and 9.2x before RC 9.21.0003 p1 on Windows and 9.2x before RC 9.21.0002 p1 on Linux allows remote authenticated users to gain privil… | |
| CVE-2014-2611 | critical | — | 9.0 | 12y ago | Directory traversal vulnerability in the fndwar web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code, or obtain sensitive information or… | |
| CVE-2014-2959 | critical | — | 9.0 | 12y ago | logViewer.htm on the Dell ML6000 tape backup system with firmware before i8.2.0.2 (641G.GS103) and the Quantum Scalar i500 tape backup system with firmware before i8.2.2.1 (646G.GS002) allows remote … | |
| CVE-2014-3790 | critical | — | 9.0 | 12y ago | Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail. | |
| CVE-2014-2504 | critical | — | 9.0 | 12y ago | EMC Documentum D2 3.1 before P20, 3.1 SP1 before P02, 4.0 before P10, 4.1 before P13, and 4.2 before P01 allows remote authenticated users to bypass intended access restrictions and execute arbitrary… | |
| CVE-2014-0251 | critical | — | 9.0 | 12y ago | Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1; SharePoint Foundation 2010 SP1 and SP2 and 2013 Gold and SP1; Project Server 2010 S… | |
| CVE-2014-3220 | critical | — | 9.0 | 12y ago | F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page in mgmt/shared/auth… | |
| CVE-2014-2170 | critical | — | 9.0 | 12y ago | Cisco TelePresence TC Software 4.x and 5.x before 5.1.7 and 6.x before 6.0.1 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as argume… | |
| CVE-2014-2169 | critical | — | 9.0 | 12y ago | Cisco TelePresence TC Software 4.x through 6.x before 6.2.0 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as arguments to internal s… | |
| CVE-2014-0187 | critical | — | 9.0 | 12y ago | The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a s… | |
| CVE-2014-0359 | critical | — | 9.0 | 12y ago | Xangati XSR before 11 and XNR before 7 allows remote attackers to execute arbitrary commands via shell metacharacters in a gui_input_test.pl params parameter to servlet/Installer. | |
| CVE-2014-0632 | critical | — | 9.0 | 12y ago | Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote authenticated users to execute arbitrary code via unspecified vectors. | |
| CVE-2014-0783 | critical | — | 9.0 | 12y ago | Stack-based buffer overflow in BKHOdeq.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet. | |
| CVE-2014-0679 | critical | — | 9.0 | 12y ago | Cisco Prime Infrastructure 1.2 and 1.3 before 1.3.0.20-2, 1.4 before 1.4.0.45-2, and 2.0 before 2.0.0.0.294-2 allows remote authenticated users to execute arbitrary commands with root privileges via … | |
| CVE-2014-0622 | critical | — | 9.0 | 13y ago | The web service in EMC Documentum Foundation Services (DFS) 6.5 through 6.7 before 6.7 SP1 P22, 6.7 SP2 before P08, 7.0 before P12, and 7.1 before P01 does not properly implement content uploading, w… | |
| CVE-2014-0649 | critical | — | 9.0 | 13y ago | The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authorization requirements, which allows remote authenticated users to obtain superadmin access … | |
| CVE-2014-3498 | high | 8.8 | 8.8 | 4y ago | The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands. | |
| CVE-2014-0120 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf se… | |
| CVE-2014-3150 | high | 8.8 | 8.8 | 9y ago | Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted Javascript. | |
| CVE-2014-4000 | high | 8.8 | 8.8 | 9y ago | Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashe… | |
| CVE-2014-3709 | high | 8.8 | 8.8 | 9y ago | JBoss Keycloak CSRF Vulnerability | |
| CVE-2014-9118 | high | 8.8 | 8.8 | 9y ago | The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd. | |
| CVE-2014-8357 | high | 8.8 | 8.8 | 9y ago | backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the s… | |
| CVE-2014-2664 | high | 8.8 | 8.8 | 9y ago | Unrestricted file upload vulnerability in the ProfileController::actionUploadPhoto method in protected/controllers/ProfileController.php in X2Engine X2CRM before 4.0 allows remote attackers to execut… | |
| CVE-2014-8170 | high | 8.8 | 8.8 | 9y ago | ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, … | |
| CVE-2014-6106 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site… | |
| CVE-2014-9463 | high | 8.8 | 8.8 | 9y ago | functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php. | |
| CVE-2014-9565 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware 3.4.0000 and earlier. | |
| CVE-2014-9312 | high | 8.8 | 8.8 | 9y ago | Unrestricted File Upload vulnerability in Photo Gallery 1.2.5. | |
| CVE-2014-8900 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in IBM UrbanCode Release 6.0.1.6 and earlier, 6.1.0.7 and earlier, and 6.1.1.1 and earlier. | |
| CVE-2014-5302 | high | 8.8 | 8.8 | 9y ago | Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to ex… | |
| CVE-2014-5301 | high | 8.8 | 8.8 | 9y ago | Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4. | |
| CVE-2014-9831 | high | 8.8 | 8.8 | 9y ago | coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file. | |
| CVE-2014-9830 | high | 8.8 | 8.8 | 9y ago | coders/sun.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted sun file. | |
| CVE-2014-9828 | high | 8.8 | 8.8 | 9y ago | coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file. | |
| CVE-2014-9827 | high | 8.8 | 8.8 | 9y ago | coders/xpm.c in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file. | |
| CVE-2014-9260 | high | 8.8 | 8.8 | 9y ago | The basic_settings function in the download manager plugin for WordPress before 2.7.3 allows remote authenticated users to update every WordPress option. | |
| CVE-2014-8903 | high | 8.8 | 8.8 | 9y ago | IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors. | |
| CVE-2014-8149 | high | 8.8 | 8.8 | 9y ago | OpenDaylight defense4all 1.1.0 and earlier allows remote authenticated users to write report data to arbitrary files. | |
| CVE-2014-0225 | high | 8.8 | 8.8 | 9y ago | Improper Restriction of XML External Entity Reference in Spring Framework | |
| CVE-2014-9696 | high | 8.8 | 8.8 | 9y ago | The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions allows the operator to modify the user configuration of iMana through privilege escalat… | |
| CVE-2014-9695 | high | 8.8 | 8.8 | 9y ago | The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions could allow a non-super-domain user who accesses HMM through SNMPv3 to perform operatio… | |
| CVE-2014-9694 | high | 8.8 | 8.8 | 9y ago | Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R… | |
| CVE-2014-9137 | high | 8.8 | 8.8 | 9y ago | Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with s… | |
| CVE-2014-9136 | high | 8.8 | 8.8 | 9y ago | Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface. | |
| CVE-2014-4707 | high | 8.8 | 8.8 | 9y ago | Huawei Campus S7700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300; S9300 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300; S9700 with software V200R001C00… | |
| CVE-2014-9938 | high | 8.8 | 8.8 | 9y ago | contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution. | |
| CVE-2014-9765 | high | 8.8 | 8.8 | 10y ago | Buffer overflow in the main_get_appheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows remote attackers to execute arbitrary code via a crafted input file. | |
| CVE-2014-9768 | high | 8.8 | 8.8 | 10y ago | IBM Tivoli NetView Access Services (NVAS) allows remote authenticated users to gain privileges by entering the ADM command and modifying a "page ID" field to the EMSPG2 transaction code. NOTE: the v… | |
| CVE-2014-9495 | high | 8.8 | 8.8 | 12y ago | Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrar… | |
| CVE-2014-9489 | high | 8.8 | 8.8 | 12y ago | gollum and gollum-lib allow remote authenticated users to execute arbitrary code | |
| CVE-2014-4627 | high | 8.8 | 8.8 | 12y ago | SQL injection vulnerability in EMC RSA Web Threat Detection 4.x before 4.6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |
| CVE-2014-2815 | high | 8.8 | 8.8 | 12y ago | Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote file that triggers creation of an executable file in a startup folder, aka "OneNote Remote Code Exec… | |
| CVE-2014-1531 | high | 8.8 | 8.8 | 12y ago | Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2… | |
| CVE-2014-1529 | high | 8.8 | 8.8 | 12y ago | The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component r… | |
| CVE-2014-1518 | high | 8.8 | 8.8 | 12y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to c… | |
| CVE-2014-1513 | high | 8.8 | 8.8 | 12y ago | TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayB… | |
| CVE-2014-1509 | high | 8.8 | 8.8 | 12y ago | Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allow… | |
| CVE-2014-1497 | high | 8.8 | 8.8 | 12y ago | The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain se… | |
| CVE-2014-1482 | high | 8.8 | 8.8 | 13y ago | RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attacke… | |
| CVE-2014-2331 | high | — | 8.5 | 11y ago | Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated users to execute arbitrary Python code via a crafted rules.mk file in a snapshot. NOTE: this can be exploited by remote attackers b… | |
| CVE-2014-6141 | high | — | 8.5 | 12y ago | IBM Tivoli Monitoring (ITM) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, 6.2.3 through FP05, and 6.3.0 before FP04 allows remote authenticated users to bypass intended access restricti… | |
| CVE-2014-8143 | high | — | 8.5 | 12y ago | Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccount… | |
| CVE-2014-9193 | high | — | 8.5 | 12y ago | Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allows remote authenticated admins to obtain root privileges by changing a PPP configuration setting. | |
| CVE-2014-7879 | high | — | 8.5 | 12y ago | HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration includes libpam_updbe, allows remote authenticated users to bypass authentication, and consequently execute arbitrary code, via unsp… | |
| CVE-2014-8517 | high | — | 8.5 | 12y ago | The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary c… | |
| CVE-2014-2988 | high | — | 8.5 | 12y ago | EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allows remote authenticated administrators to execute arbit… | |
| CVE-2014-4621 | high | — | 8.5 | 12y ago | EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subtypes of protected system types, which allows remote authenticated u… | |
| CVE-2014-3094 | high | — | 8.5 | 12y ago | Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to execute arbitrary code… | |
| CVE-2014-4618 | high | — | 8.5 | 12y ago | EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to gain privileges via a user-created system object. | |
| CVE-2014-2515 | high | — | 8.5 | 12y ago | EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod,… | |
| CVE-2014-4345 | high | — | 8.5 | 12y ago | Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before … | |
| CVE-2014-3338 | high | — | 8.5 | 12y ago | The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to … | |
| CVE-2014-2625 | high | — | 8.5 | 12y ago | Directory traversal vulnerability in the storedNtxFile function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to read arbitrary files via crafted input,… | |
| CVE-2014-2622 | high | — | 8.5 | 12y ago | Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote authenticated users to obtai… | |
| CVE-2014-2507 | high | — | 8.5 | 12y ago | EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in ar… | |
| CVE-2014-2506 | high | — | 8.5 | 12y ago | EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to obtain super-user privileges for system-object creation, … | |
| CVE-2014-2607 | high | — | 8.5 | 12y ago | Unspecified vulnerability in HP Operations Manager i 9.1 through 9.13 and 9.2 through 9.24 allows remote authenticated users to execute arbitrary code by leveraging the OMi operator role. | |
| CVE-2014-2084 | high | — | 8.5 | 12y ago | Skybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 does not properly restrict access to the Admin interface, which allows remote attackers to obtain s… | |
| CVE-2014-1813 | high | — | 8.5 | 12y ago | Microsoft Web Applications 2010 SP1 and SP2 allows remote authenticated users to execute arbitrary code via crafted page content, aka "Web Applications Page Content Vulnerability." | |
| CVE-2014-2406 | high | — | 8.5 | 12y ago | Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and … | |
| CVE-2014-2850 | high | — | 8.5 | 12y ago | The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address paramet… | |
| CVE-2014-2849 | high | — | 8.5 | 12y ago | The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request. | |
| CVE-2014-2127 | high | — | 8.5 | 12y ago | Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), 8.3 before 8.3(2.40), 8.4 before 8.4(7.9), 8.6 before 8.6(1.13), 9.0 before 9.0(4.1), and 9.1 before 9.1(4.3) does not properly … |