CVEs from 2014
Total
7,931
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
0.5%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2014-3498 | high | 8.8 | 8.8 | 4y ago | The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands. | |
| CVE-2014-0120 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf se… | |
| CVE-2014-3150 | high | 8.8 | 8.8 | 9y ago | Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted Javascript. | |
| CVE-2014-4000 | high | 8.8 | 8.8 | 9y ago | Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashe… | |
| CVE-2014-3709 | high | 8.8 | 8.8 | 9y ago | JBoss Keycloak CSRF Vulnerability | |
| CVE-2014-9118 | high | 8.8 | 8.8 | 9y ago | The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd. | |
| CVE-2014-8357 | high | 8.8 | 8.8 | 9y ago | backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the s… | |
| CVE-2014-2664 | high | 8.8 | 8.8 | 9y ago | Unrestricted file upload vulnerability in the ProfileController::actionUploadPhoto method in protected/controllers/ProfileController.php in X2Engine X2CRM before 4.0 allows remote attackers to execut… | |
| CVE-2014-8170 | high | 8.8 | 8.8 | 9y ago | ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, … | |
| CVE-2014-6106 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site… | |
| CVE-2014-9463 | high | 8.8 | 8.8 | 9y ago | functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php. | |
| CVE-2014-9565 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware 3.4.0000 and earlier. | |
| CVE-2014-9312 | high | 8.8 | 8.8 | 9y ago | Unrestricted File Upload vulnerability in Photo Gallery 1.2.5. | |
| CVE-2014-8900 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in IBM UrbanCode Release 6.0.1.6 and earlier, 6.1.0.7 and earlier, and 6.1.1.1 and earlier. | |
| CVE-2014-5302 | high | 8.8 | 8.8 | 9y ago | Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to ex… | |
| CVE-2014-5301 | high | 8.8 | 8.8 | 9y ago | Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4. | |
| CVE-2014-9831 | high | 8.8 | 8.8 | 9y ago | coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file. | |
| CVE-2014-9830 | high | 8.8 | 8.8 | 9y ago | coders/sun.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted sun file. | |
| CVE-2014-9828 | high | 8.8 | 8.8 | 9y ago | coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file. | |
| CVE-2014-9827 | high | 8.8 | 8.8 | 9y ago | coders/xpm.c in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file. | |
| CVE-2014-9260 | high | 8.8 | 8.8 | 9y ago | The basic_settings function in the download manager plugin for WordPress before 2.7.3 allows remote authenticated users to update every WordPress option. | |
| CVE-2014-8903 | high | 8.8 | 8.8 | 9y ago | IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors. | |
| CVE-2014-8149 | high | 8.8 | 8.8 | 9y ago | OpenDaylight defense4all 1.1.0 and earlier allows remote authenticated users to write report data to arbitrary files. | |
| CVE-2014-0225 | high | 8.8 | 8.8 | 9y ago | When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references… | |
| CVE-2014-9696 | high | 8.8 | 8.8 | 9y ago | The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions allows the operator to modify the user configuration of iMana through privilege escalat… | |
| CVE-2014-9695 | high | 8.8 | 8.8 | 9y ago | The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions could allow a non-super-domain user who accesses HMM through SNMPv3 to perform operatio… | |
| CVE-2014-9694 | high | 8.8 | 8.8 | 9y ago | Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R… | |
| CVE-2014-9137 | high | 8.8 | 8.8 | 9y ago | Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with s… | |
| CVE-2014-9136 | high | 8.8 | 8.8 | 9y ago | Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface. | |
| CVE-2014-4707 | high | 8.8 | 8.8 | 9y ago | Huawei Campus S7700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300; S9300 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300; S9700 with software V200R001C00… | |
| CVE-2014-9938 | high | 8.8 | 8.8 | 9y ago | contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution. | |
| CVE-2014-9765 | high | 8.8 | 8.8 | 10y ago | Buffer overflow in the main_get_appheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows remote attackers to execute arbitrary code via a crafted input file. | |
| CVE-2014-9768 | high | 8.8 | 8.8 | 10y ago | IBM Tivoli NetView Access Services (NVAS) allows remote authenticated users to gain privileges by entering the ADM command and modifying a "page ID" field to the EMSPG2 transaction code. NOTE: the v… | |
| CVE-2014-9495 | high | 8.8 | 8.8 | 12y ago | Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrar… | |
| CVE-2014-9489 | high | 8.8 | 8.8 | 12y ago | gollum and gollum-lib allow remote authenticated users to execute arbitrary code | |
| CVE-2014-4627 | high | 8.8 | 8.8 | 12y ago | SQL injection vulnerability in EMC RSA Web Threat Detection 4.x before 4.6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |
| CVE-2014-2815 | high | 8.8 | 8.8 | 12y ago | Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote file that triggers creation of an executable file in a startup folder, aka "OneNote Remote Code Exec… | |
| CVE-2014-1531 | high | 8.8 | 8.8 | 12y ago | Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2… | |
| CVE-2014-1529 | high | 8.8 | 8.8 | 12y ago | The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component r… | |
| CVE-2014-1518 | high | 8.8 | 8.8 | 12y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to c… | |
| CVE-2014-1513 | high | 8.8 | 8.8 | 12y ago | TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayB… | |
| CVE-2014-1509 | high | 8.8 | 8.8 | 12y ago | Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allow… | |
| CVE-2014-1497 | high | 8.8 | 8.8 | 12y ago | The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain se… | |
| CVE-2014-1482 | high | 8.8 | 8.8 | 13y ago | RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attacke… | |
| CVE-2014-2331 | high | — | 8.5 | 11y ago | Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated users to execute arbitrary Python code via a crafted rules.mk file in a snapshot. NOTE: this can be exploited by remote attackers b… | |
| CVE-2014-6141 | high | — | 8.5 | 12y ago | IBM Tivoli Monitoring (ITM) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, 6.2.3 through FP05, and 6.3.0 before FP04 allows remote authenticated users to bypass intended access restricti… | |
| CVE-2014-8143 | high | — | 8.5 | 12y ago | Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccount… | |
| CVE-2014-9193 | high | — | 8.5 | 12y ago | Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allows remote authenticated admins to obtain root privileges by changing a PPP configuration setting. | |
| CVE-2014-7879 | high | — | 8.5 | 12y ago | HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration includes libpam_updbe, allows remote authenticated users to bypass authentication, and consequently execute arbitrary code, via unsp… | |
| CVE-2014-8517 | high | — | 8.5 | 12y ago | The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary c… | |
| CVE-2014-2988 | high | — | 8.5 | 12y ago | EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allows remote authenticated administrators to execute arbit… | |
| CVE-2014-4621 | high | — | 8.5 | 12y ago | EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subtypes of protected system types, which allows remote authenticated u… | |
| CVE-2014-3094 | high | — | 8.5 | 12y ago | Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to execute arbitrary code… | |
| CVE-2014-4618 | high | — | 8.5 | 12y ago | EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to gain privileges via a user-created system object. | |
| CVE-2014-2515 | high | — | 8.5 | 12y ago | EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod,… | |
| CVE-2014-4345 | high | — | 8.5 | 12y ago | Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before … | |
| CVE-2014-3338 | high | — | 8.5 | 12y ago | The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to … | |
| CVE-2014-2625 | high | — | 8.5 | 12y ago | Directory traversal vulnerability in the storedNtxFile function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to read arbitrary files via crafted input,… | |
| CVE-2014-2622 | high | — | 8.5 | 12y ago | Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote authenticated users to obtai… | |
| CVE-2014-2507 | high | — | 8.5 | 12y ago | EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in ar… | |
| CVE-2014-2506 | high | — | 8.5 | 12y ago | EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to obtain super-user privileges for system-object creation, … | |
| CVE-2014-2607 | high | — | 8.5 | 12y ago | Unspecified vulnerability in HP Operations Manager i 9.1 through 9.13 and 9.2 through 9.24 allows remote authenticated users to execute arbitrary code by leveraging the OMi operator role. | |
| CVE-2014-2084 | high | — | 8.5 | 12y ago | Skybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 does not properly restrict access to the Admin interface, which allows remote attackers to obtain s… | |
| CVE-2014-1813 | high | — | 8.5 | 12y ago | Microsoft Web Applications 2010 SP1 and SP2 allows remote authenticated users to execute arbitrary code via crafted page content, aka "Web Applications Page Content Vulnerability." | |
| CVE-2014-2406 | high | — | 8.5 | 12y ago | Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and … | |
| CVE-2014-2850 | high | — | 8.5 | 12y ago | The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address paramet… | |
| CVE-2014-2849 | high | — | 8.5 | 12y ago | The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request. | |
| CVE-2014-2127 | high | — | 8.5 | 12y ago | Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), 8.3 before 8.3(2.40), 8.4 before 8.4(7.9), 8.6 before 8.6(1.13), 9.0 before 9.0(4.1), and 9.1 before 9.1(4.3) does not properly … | |
| CVE-2014-2126 | high | — | 8.5 | 12y ago | Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47), 8.4 before 8.4(7.5), 8.7 before 8.7(1.11), 9.0 before 9.0(3.10), and 9.1 before 9.1(3.4) allows remote authenticated users to ga… | |
| CVE-2014-2119 | high | — | 8.5 | 12y ago | The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management Applian… | |
| CVE-2014-0629 | high | — | 8.5 | 12y ago | EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 does not properly handle the interaction between the dm_world group and the dm_superusers_dynamic group, which allows remote aut… | |
| CVE-2014-2174 | high | — | 8.3 | 11y ago | Cisco TelePresence T, TelePresence TE, and TelePresence TC before 7.1 do not properly implement access control, which allows remote attackers to obtain root privileges by sending packets on the local… | |
| CVE-2014-8757 | high | — | 8.3 | 11y ago | LG On-Screen Phone (OSP) before 4.3.010 allows remote attackers to bypass authorization via a crafted request. | |
| CVE-2014-3392 | high | — | 8.3 | 12y ago | The Clientless SSL VPN portal in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), 9.2 before 9.2(… | |
| CVE-2014-7188 | high | — | 8.3 | 12y ago | The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service (host cr… | |
| CVE-2014-2375 | high | — | 8.3 | 12y ago | Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial… | |
| CVE-2014-2357 | high | — | 8.3 | 12y ago | The GPT library in the Telegyr 8979 Master Protocol application in SUBNET SubSTATION Server 2 before SSNET 2.12 HF18808 allows remote attackers to cause a denial of service (persistent service crash)… | |
| CVE-2014-3888 | high | — | 8.3 | 12y ago | Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and ear… | |
| CVE-2014-2969 | high | — | 8.3 | 12y ago | NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify mem… | |
| CVE-2014-2938 | high | — | 8.3 | 12y ago | Hanvon FaceID before 1.007.110 does not require authentication, which allows remote attackers to modify access-control and attendance-tracking data via API commands. | |
| CVE-2014-0782 | high | — | 8.3 | 12y ago | Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM… | |
| CVE-2014-2707 | high | — | 8.3 | 12y ago | cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts… | |
| CVE-2014-0777 | high | — | 8.3 | 12y ago | The Modbus slave/outstation driver in the OPC Drivers 1.0.20 and earlier in IOServer OPC Server allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafte… | |
| CVE-2014-2250 | high | — | 8.3 | 12y ago | The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic pr… | |
| CVE-2014-2251 | high | — | 8.3 | 12y ago | The random-number generator on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic … | |
| CVE-2014-0784 | high | — | 8.3 | 12y ago | Stack-based buffer overflow in BKBCopyD.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet. | |
| CVE-2014-1666 | high | — | 8.3 | 13y ago | The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which a… | |
| CVE-2014-0661 | high | — | 8.3 | 13y ago | The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote a… | |
| CVE-2014-9262 | high | 8.2 | 8.2 | 9y ago | The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files. | |
| CVE-2014-2514 | high | — | 8.2 | 12y ago | EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization and does not properly restrict object types, which allow… | |
| CVE-2014-2513 | high | — | 8.2 | 12y ago | EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization after creation of an object, which allows remote authent… | |
| CVE-2014-2029 | high | 8.1 | 8.1 | 9y ago | The automatic version check functionality in the tools in Percona Toolkit 2.1 allows man-in-the-middle attackers to obtain sensitive information or execute arbitrary code by leveraging use of HTTP to… | |
| CVE-2014-8886 | high | 8.1 | 8.1 | 11y ago | AVM FRITZ!OS before 6.30 extracts the contents of firmware updates before verifying their cryptographic signature, which allows remote attackers to create symlinks or overwrite critical files, and co… | |
| CVE-2014-4422 | high | 8.1 | 8.1 | 12y ago | The kernel in Apple iOS before 8 and Apple TV before 7 uses a predictable random number generator during the early portion of the boot process, which allows attackers to bypass certain kernel-hardeni… | |
| CVE-2014-3053 | high | — | 8.0 | 12y ago | The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.… | |
| CVE-2014-3560 | high | — | 7.9 | 12y ago | NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a… | |
| CVE-2014-1649 | high | — | 7.9 | 12y ago | The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS. | |
| CVE-2014-0356 | high | — | 7.9 | 12y ago | The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to execute arbitrary code via shell metacharacters in input to the (1) detectWeather, (2) set_langua… | |
| CVE-2014-0355 | high | — | 7.9 | 12y ago | Multiple stack-based buffer overflows on the ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allow man-in-the-middle attackers to execute arbitrary code via (1) a long temp att… | |
| CVE-2014-2033 | high | — | 7.9 | 12y ago | The caching feature in SGOS in Blue Coat ProxySG 5.5 through 5.5.11.3, 6.1 through 6.1.6.3, 6.2 through 6.2.15.3, 6.4 through 6.4.6.1, and 6.3 and 6.5 before 6.5.4 allows remote authenticated users t… |