CVEs from 2014
Total
7,864
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-4621 | high | — | 8.5 | 12y ago | EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subtypes of protected system types, which allows remote authenticated u… | |||
| CVE-2014-2008 | high | — | 8.5 | 12y ago | SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter. | |||
| CVE-2014-6235 | high | — | 8.5 | 12y ago | Unspecified vulnerability in the ke DomPDF extension before 0.0.5 for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors. | |||
| CVE-2014-5519 | high | — | 8.5 | 12y ago | The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via shell metacharacters in a device option in the edit[content] parameter to index.php/HeIp. NOTE: some of the… | |||
| CVE-2014-2223 | high | — | 8.5 | 12y ago | Unrestricted file upload vulnerability in plog-admin/plog-upload.php in Plogger 1.0 RC1 and earlier allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a… | |||
| CVE-2014-3094 | high | — | 8.5 | 12y ago | Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to execute arbitrary code… | |||
| CVE-2014-5119 | high | — | 8.5 | 12y ago | Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code … | |||
| CVE-2014-5073 | high | — | 8.5 | 12y ago | vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657 allows remote attackers to execute arbitrary commands via shell metacharacters in the fileDate parameter in a DOWN call. | |||
| CVE-2014-5097 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in Free Reprintables ArticleFR 3.0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) get or (2) set action to… | |||
| CVE-2014-4618 | high | — | 8.5 | 12y ago | EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to gain privileges via a user-created system object. | |||
| CVE-2014-2515 | high | — | 8.5 | 12y ago | EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod,… | |||
| CVE-2014-4345 | high | — | 8.5 | 12y ago | Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before … | |||
| CVE-2014-3338 | high | — | 8.5 | 12y ago | The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to … | |||
| CVE-2014-5201 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the Gallery Objects plugin 0.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the viewid parameter in a go_view_object action to wp-admin/a… | |||
| CVE-2014-5200 | high | — | 8.5 | 12y ago | SQL injection vulnerability in game_play.php in the FB Gorilla plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2014-5192 | high | — | 8.5 | 12y ago | SQL injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to execute arbitrary SQL commands via the filter parameter. | |||
| CVE-2014-5189 | high | — | 8.5 | 12y ago | SQL injection vulnerability in lib/optin/optin_page.php in the Lead Octopus plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2014-5089 | high | — | 8.5 | 12y ago | SQL injection vulnerability in admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary SQL commands via the log parameter. | |||
| CVE-2014-5082 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the (1) site_id or (… | |||
| CVE-2014-5112 | high | — | 8.5 | 12y ago | maint/modules/home/index.php in Fonality trixbox allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter. | |||
| CVE-2014-5109 | high | — | 8.5 | 12y ago | SQL injection vulnerability in maint/modules/endpointcfg/endpoint_generic.php in Fonality trixbox allows remote attackers to execute arbitrary SQL commands via the mac parameter in a Submit action. | |||
| CVE-2014-5104 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) a… | |||
| CVE-2014-4725 | high | — | 8.5 | 12y ago | The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-a… | |||
| CVE-2014-2625 | high | — | 8.5 | 12y ago | Directory traversal vulnerability in the storedNtxFile function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to read arbitrary files via crafted input,… | |||
| CVE-2014-4736 | high | — | 8.5 | 12y ago | SQL injection vulnerability in E2 before 2.4 (2845) allows remote attackers to execute arbitrary SQL commands via the note-id parameter to @actions/comment-process. | |||
| CVE-2014-4511 | high | — | 8.5 | 12y ago | Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstra… | |||
| CVE-2014-4960 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in models\gallery.php in Youtube Gallery (com_youtubegallery) component 4.x through 4.1.7, and possibly 3.x, for Joomla! allow remote attackers to execute arbit… | |||
| CVE-2014-2364 | high | — | 8.5 | 12y ago | Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) … | |||
| CVE-2014-2622 | high | — | 8.5 | 12y ago | Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote authenticated users to obtai… | |||
| CVE-2014-4938 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the WP Rss Poster (wp-rss-poster) plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to w… | |||
| CVE-2014-4852 | high | — | 8.5 | 12y ago | SQL injection vulnerability in admin/uploads.php in The Digital Craft AtomCMS, possibly 2.0, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2014-4741 | high | — | 8.5 | 12y ago | SQL injection vulnerability in demo/ads.php in Artifectx xClassified 1.2 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||
| CVE-2014-4194 | high | — | 8.5 | 12y ago | SQL injection vulnerability in zero_transact_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter in a Submit Comment action. | |||
| CVE-2014-3300 | high | — | 8.5 | 12y ago | The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 10 does not properly implement access control, which allows rem… | |||
| CVE-2014-4644 | high | — | 8.5 | 12y ago | SQL injection vulnerability in superlinks.php in the superlinks plugin 1.4-2 for Cacti allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2014-0007 | high | — | 8.5 | 12y ago | The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetch_boot_file. | |||
| CVE-2014-4334 | high | — | 8.5 | 12y ago | Stack-based buffer overflow in Ubisoft Rayman Legends before 1.3.140380 allows remote attackers to execute arbitrary code via a long string in the "second connection" to TCP port 1001. | |||
| CVE-2014-4307 | high | — | 8.5 | 12y ago | SQL injection vulnerability in categories-x.php in WebTitan before 4.04 allows remote attackers to execute arbitrary SQL commands via the sortkey parameter. | |||
| CVE-2014-4158 | high | — | 8.5 | 12y ago | Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a GET request. | |||
| CVE-2014-2303 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in the file browser component (we_fs.php) in webEdition CMS before 6.2.7-s1.2 and 6.3.x through 6.3.8 before -s1 allow remote attackers to execute arbitrary SQL… | |||
| CVE-2014-4034 | high | — | 8.5 | 12y ago | SQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter. | |||
| CVE-2014-2777 | high | — | 8.5 | 12y ago | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary web script with increased privileges via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulne… | |||
| CVE-2014-2507 | high | — | 8.5 | 12y ago | EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in ar… | |||
| CVE-2014-2506 | high | — | 8.5 | 12y ago | EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to obtain super-user privileges for system-object creation, … | |||
| CVE-2014-3962 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in Videos Tube 1.0 allow remote attackers to execute arbitrary SQL commands via the url parameter to (1) videocat.php or (2) single.php. | |||
| CVE-2014-3961 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter i… | |||
| CVE-2014-3935 | high | — | 8.5 | 12y ago | SQL injection vulnerability in glossaire-aff.php in the Glossaire module 1.0 for XOOPS allows remote attackers to execute arbitrary SQL commands via the lettre parameter. | |||
| CVE-2014-3934 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php. | |||
| CVE-2014-3871 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in register.php in Geodesic Solutions GeoCore MAX 7.3.3 (formerly GeoClassifieds and GeoAuctions) allow remote attackers to execute arbitrary SQL commands via t… | |||
| CVE-2014-2607 | high | — | 8.5 | 12y ago | Unspecified vulnerability in HP Operations Manager i 9.1 through 9.13 and 9.2 through 9.24 allows remote authenticated users to execute arbitrary code by leveraging the OMi operator role. | |||
| CVE-2014-3789 | high | — | 8.5 | 12y ago | GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors. | |||
| CVE-2014-3749 | high | — | 8.5 | 12y ago | SQL injection vulnerability in Construtiva CIS Manager allows remote attackers to execute arbitrary SQL commands via the email parameter to autenticar/lembrarlogin.asp. | |||
| CVE-2014-3757 | high | — | 8.5 | 12y ago | SQL injection vulnerability in sorter.php in the phpManufaktur kitForm extension 0.43 and earlier for the KeepInTouch (KIT) module allows remote attackers to execute arbitrary SQL commands via the so… | |||
| CVE-2014-1813 | high | — | 8.5 | 12y ago | Microsoft Web Applications 2010 SP1 and SP2 allows remote authenticated users to execute arbitrary code via crafted page content, aka "Web Applications Page Content Vulnerability." | |||
| CVE-2014-2934 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to (1) costview2/jobs.php or (2) costview2/printers.php. | |||
| CVE-2014-2913 | high | — | 8.5 | 12y ago | Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to… | |||
| CVE-2014-3139 | high | — | 8.5 | 12y ago | recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 allows remote attackers to bypass authentication by setting the auth parameter to a certain string. | |||
| CVE-2014-0114 | high | — | 8.5 | 12y ago | Arbitrary code execution in Apache Commons BeanUtils | |||
| CVE-2014-0113 | high | — | 8.5 | 12y ago | ClassLoader manipulation in Apache Struts | |||
| CVE-2014-0112 | high | — | 8.5 | 12y ago | ClassLoader manipulation in Apache Struts | |||
| CVE-2014-2846 | high | — | 8.5 | 12y ago | Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute a… | |||
| CVE-2014-1762 | high | — | 8.5 | 12y ago | Unspecified vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code with medium-integrity privileges and bypass a sandbox protection mechanism via … | |||
| CVE-2014-1216 | high | — | 8.5 | 12y ago | Improper Neutralization of Special Elements used in a Command in FitNesse Wiki | |||
| CVE-2014-2921 | high | — | 8.5 | 12y ago | Pimcore Vulnerable to PHP Object Injection Attacks | |||
| CVE-2014-2406 | high | — | 8.5 | 12y ago | Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and … | |||
| CVE-2014-0763 | high | — | 8.5 | 12y ago | An attacker using SQL injection may use arguments to construct queries without proper sanitization. The DBVisitor.dll is exposed through SOAP interfaces, and the exposed functions are vulnerable to… | |||
| CVE-2014-2847 | high | — | 8.5 | 12y ago | SQL injection vulnerability in default.asp in CIS Manager CMS allows remote attackers to execute arbitrary SQL commands via the TroncoID parameter. | |||
| CVE-2014-2540 | high | — | 8.5 | 12y ago | SQL injection vulnerability in OrbitScripts Orbit Open Ad Server before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the site_directory_sort_field parameter to guest/site_direc… | |||
| CVE-2014-2126 | high | — | 8.5 | 12y ago | Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47), 8.4 before 8.4(7.5), 8.7 before 8.7(1.11), 9.0 before 9.0(3.10), and 9.1 before 9.1(3.4) allows remote authenticated users to ga… | |||
| CVE-2014-1691 | high | — | 8.5 | 12y ago | The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted se… | |||
| CVE-2014-0050 | high | — | 8.5 | 12y ago | Commons FileUpload Denial of service vulnerability | |||
| CVE-2014-2119 | high | — | 8.5 | 12y ago | The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management Applian… | |||
| CVE-2014-1945 | high | — | 8.5 | 12y ago | SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter. | |||
| CVE-2014-0629 | high | — | 8.5 | 12y ago | EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 does not properly handle the interaction between the dm_world group and the dm_superusers_dynamic group, which allows remote aut… | |||
| CVE-2014-2211 | high | — | 8.5 | 12y ago | SQL injection vulnerability in portal/addtoapplication.php in POSH (aka Posh portal or Portaneo) 3.0 before 3.3.0 allows remote attackers to execute arbitrary SQL commands via the rssurl parameter. | |||
| CVE-2014-2013 | high | — | 8.5 | 12y ago | Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the Context… | |||
| CVE-2014-1912 | high | — | 8.5 | 12y ago | Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code … | |||
| CVE-2014-1854 | high | — | 8.5 | 12y ago | SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute arbitr… | |||
| CVE-2014-1597 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the CMDB web application in synetics i-doit pro before 1.2.5 and i-doit open allows remote attackers to execute arbitrary SQL commands via the objID parameter to the de… | |||
| CVE-2014-1903 | high | — | 8.5 | 13y ago | admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the A… | |||
| CVE-2014-1204 | high | — | 8.5 | 13y ago | SQL injection vulnerability in Tableau Server 8.0.x before 8.0.7 and 8.1.x before 8.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be… | |||
| CVE-2014-0750 | high | — | 8.5 | 13y ago | Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLI… | |||
| CVE-2014-1636 | high | — | 8.5 | 13y ago | Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin… | |||
| CVE-2014-1619 | high | — | 8.5 | 13y ago | Multiple SQL injection vulnerabilities in Cubic CMS 5.1.1, 5.1.2, and 5.2 allow remote attackers to execute arbitrary SQL commands via the (1) resource_id or (2) version_id parameter to recursos/agen… | |||
| CVE-2014-1618 | high | — | 8.5 | 13y ago | Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) p_id parameter to products.php or id parameter … | |||
| CVE-2014-1206 | high | — | 8.5 | 13y ago | SQL injection vulnerability in the password reset page in Open Web Analytics (OWA) before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owa_email_address parameter in a base… | |||
| CVE-2014-0224 | high | 7.4 | 8.4 | 12y ago | OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a z… | |||
| CVE-2014-2174 | high | — | 8.3 | 11y ago | Cisco TelePresence T, TelePresence TE, and TelePresence TC before 7.1 do not properly implement access control, which allows remote attackers to obtain root privileges by sending packets on the local… | |||
| CVE-2014-8757 | high | — | 8.3 | 12y ago | LG On-Screen Phone (OSP) before 4.3.010 allows remote attackers to bypass authorization via a crafted request. | |||
| CVE-2014-3392 | high | — | 8.3 | 12y ago | The Clientless SSL VPN portal in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), 9.2 before 9.2(… | |||
| CVE-2014-7188 | high | — | 8.3 | 12y ago | The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service (host cr… | |||
| CVE-2014-2375 | high | — | 8.3 | 12y ago | Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial… | |||
| CVE-2014-2357 | high | — | 8.3 | 12y ago | The GPT library in the Telegyr 8979 Master Protocol application in SUBNET SubSTATION Server 2 before SSNET 2.12 HF18808 allows remote attackers to cause a denial of service (persistent service crash)… | |||
| CVE-2014-2969 | high | — | 8.3 | 12y ago | NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify mem… | |||
| CVE-2014-2938 | high | — | 8.3 | 12y ago | Hanvon FaceID before 1.007.110 does not require authentication, which allows remote attackers to modify access-control and attendance-tracking data via API commands. | |||
| CVE-2014-2707 | high | — | 8.3 | 12y ago | cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts… | |||
| CVE-2014-0777 | high | — | 8.3 | 12y ago | The Modbus slave/outstation driver in the OPC Drivers 1.0.20 and earlier in IOServer OPC Server allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafte… | |||
| CVE-2014-2250 | high | — | 8.3 | 12y ago | The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic pr… | |||
| CVE-2014-2251 | high | — | 8.3 | 12y ago | The random-number generator on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic … | |||
| CVE-2014-1666 | high | — | 8.3 | 13y ago | The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which a… |