CVEs from 2014
Total
7,862
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-9093 | high | — | 7.5 | 12y ago | LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file. | |||
| CVE-2014-9028 | high | — | 7.5 | 12y ago | Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. | |||
| CVE-2014-8962 | high | — | 7.5 | 12y ago | Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. | |||
| CVE-2014-8002 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in decode_slice.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file. | |||
| CVE-2014-8001 | high | — | 7.5 | 12y ago | Buffer overflow in decode.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file. | |||
| CVE-2014-8367 | high | — | 7.5 | 12y ago | SQL injection vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) 6.2.x, 6.3.x before 6.3.6, and 6.4.x before 6.4.2 allows remote attackers to execute arbitrary SQL commands via unspecifi… | |||
| CVE-2014-8413 | high | — | 7.5 | 12y ago | The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs defined in pjsip.conf at startup, which allows remote attackers to by… | |||
| CVE-2014-7845 | high | — | 7.5 | 12y ago | Moodle Temporary Passwords are Brute Force-able | |||
| CVE-2014-8626 | high | — | 7.5 | 12y ago | Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly… | |||
| CVE-2014-9024 | high | — | 7.5 | 12y ago | The Protected Pages module 7.x-2.x before 7.x-2.4 for Drupal allows remote attackers to bypass the password protection via a crafted path. | |||
| CVE-2014-7908 | high | — | 7.5 | 12y ago | Multiple integer overflows in the CheckMov function in media/base/container_names.cc in Google Chrome before 39.0.2171.65 allow remote attackers to cause a denial of service or possibly have unspecif… | |||
| CVE-2014-7907 | high | — | 7.5 | 12y ago | Multiple use-after-free vulnerabilities in modules/screen_orientation/ScreenOrientationController.cpp in Blink, as used in Google Chrome before 39.0.2171.65, allow remote attackers to cause a denial … | |||
| CVE-2014-7906 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the Pepper plugins in Google Chrome before 39.0.2171.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Flas… | |||
| CVE-2014-7904 | high | — | 7.5 | 12y ago | Buffer overflow in Skia, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||
| CVE-2014-7903 | high | — | 7.5 | 12y ago | Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a … | |||
| CVE-2014-7902 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF … | |||
| CVE-2014-7901 | high | — | 7.5 | 12y ago | Integer overflow in the opj_t2_read_packet_data function in fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c in OpenJPEG in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to c… | |||
| CVE-2014-7900 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the CPDF_Parser::IsLinearizedFile function in fpdfapi/fpdf_parser/fpdf_parser_parser.cpp in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attacke… | |||
| CVE-2014-4457 | high | — | 7.5 | 12y ago | The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted app… | |||
| CVE-2014-0250 | high | — | 7.5 | 12y ago | Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allow remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress f… | |||
| CVE-2014-3158 | high | — | 7.5 | 12y ago | Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to "access privileged options" via a long word in an options file, which trigge… | |||
| CVE-2014-5424 | high | — | 7.5 | 12y ago | Rockwell Automation Connected Components Workbench (CCW) before 7.00.00 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an invalid prop… | |||
| CVE-2014-8554 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the mc_project_get_attachments function in api/soap/mc_project_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary SQL commands via the proje… | |||
| CVE-2014-3674 | high | — | 7.5 | 12y ago | Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors. | |||
| CVE-2014-8442 | high | — | 7.5 | 12y ago | Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe … | |||
| CVE-2014-0583 | high | — | 7.5 | 12y ago | Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK… | |||
| CVE-2014-3687 | high | 7.5 | 7.5 | 12y ago | The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplic… | |||
| CVE-2014-3673 | high | 7.5 | 7.5 | 12y ago | The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and ne… | |||
| CVE-2014-3693 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly ex… | |||
| CVE-2014-8668 | high | — | 7.5 | 12y ago | SQL injection vulnerability in SAP Contract Accounting allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-8664 | high | — | 7.5 | 12y ago | SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-8663 | high | — | 7.5 | 12y ago | SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-8351 | high | — | 7.5 | 12y ago | SQL injection vulnerability in info.php in French National Commission on Informatics and Liberty (aka CNIL) CookieViz before 1.0.1 allows remote web servers to execute arbitrary SQL commands via the … | |||
| CVE-2014-8549 | high | — | 7.5 | 12y ago | libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the number of channels to at most 2, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have u… | |||
| CVE-2014-8548 | high | — | 7.5 | 12y ago | Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime… | |||
| CVE-2014-8547 | high | — | 7.5 | 12y ago | libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified othe… | |||
| CVE-2014-8546 | high | — | 7.5 | 12y ago | Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Cine… | |||
| CVE-2014-8545 | high | — | 7.5 | 12y ago | libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black format without verifying that the bits-per-pixel value is 1, which allows remote attackers to cause a denial of service (out-of… | |||
| CVE-2014-8544 | high | — | 7.5 | 12y ago | libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecifi… | |||
| CVE-2014-8543 | high | — | 7.5 | 12y ago | libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service (out-of-bound… | |||
| CVE-2014-8542 | high | — | 7.5 | 12y ago | libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have … | |||
| CVE-2014-8541 | high | — | 7.5 | 12y ago | libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attacker… | |||
| CVE-2014-5417 | high | — | 7.5 | 12y ago | Cross-site scripting (XSS) vulnerability in Meinberg NTP Server firmware on LANTIME M-Series devices 6.15.019 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecifie… | |||
| CVE-2014-5408 | high | — | 7.5 | 12y ago | Cross-site scripting (XSS) vulnerability in the login script in the Wind Farm Portal on Nordex Control 2 (NC2) SCADA devices 15 and earlier allows remote attackers to inject arbitrary web script or H… | |||
| CVE-2014-2374 | high | — | 7.5 | 12y ago | The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript. | |||
| CVE-2014-2373 | high | — | 7.5 | 12y ago | The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript. | |||
| CVE-2014-0222 | high | — | 7.5 | 12y ago | Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image. | |||
| CVE-2014-0182 | high | — | 7.5 | 12y ago | Heap-based buffer overflow in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image. | |||
| CVE-2014-8474 | high | — | 7.5 | 12y ago | CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption)… | |||
| CVE-2014-8588 | high | — | 7.5 | 12y ago | SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-8587 | high | — | 7.5 | 12y ago | SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) sign… | |||
| CVE-2014-8339 | high | — | 7.5 | 12y ago | SQL injection vulnerability in midroll.php in Nuevolab Nuevoplayer for ClipShare 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ch parameter. | |||
| CVE-2014-0490 | high | — | 7.5 | 12y ago | The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package. | |||
| CVE-2014-0489 | high | — | 7.5 | 12y ago | APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package. | |||
| CVE-2014-0487 | high | — | 7.5 | 12y ago | APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors. | |||
| CVE-2014-8350 | high | — | 7.5 | 12y ago | Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template. | |||
| CVE-2014-5271 | high | — | 7.5 | 12y ago | Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 al… | |||
| CVE-2014-3634 | high | — | 7.5 | 12y ago | rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact … | |||
| CVE-2014-2015 | high | — | 7.5 | 12y ago | Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow a… | |||
| CVE-2014-8244 | high | — | 7.5 | 12y ago | Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300,… | |||
| CVE-2014-8509 | high | — | 7.5 | 12y ago | The lazy_bdecode function in BitTorrent bootstrap-dht (aka Bootstrap) allows remote attackers to execute arbitrary code via a crafted packet, which triggers an out-of-bounds read, related to "Imprope… | |||
| CVE-2014-8081 | high | — | 7.5 | 12y ago | lib/execute/execSetResults.php in TestLink before 1.9.13 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the filter_result_result parameter. | |||
| CVE-2014-3446 | high | — | 7.5 | 12y ago | SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in BSS Continuity CMS 4.2.22640.0 allows remote attackers to execute arbitrary SQL commands via the nodeid parameter. | |||
| CVE-2014-8533 | high | — | 7.5 | 12y ago | McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to execute arbitrary code via vectors related to ICMP redirection. | |||
| CVE-2014-8530 | high | — | 7.5 | 12y ago | Unspecified vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to obtain sensitive information, affect integrity, or cause a denial of service via unknown … | |||
| CVE-2014-8522 | high | — | 7.5 | 12y ago | The MySQL database in McAfee Network Data Loss Prevention (NDLP) before 9.3 does not require a password, which makes it easier for remote attackers to obtain access. | |||
| CVE-2014-3669 | high | — | 7.5 | 12y ago | Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of servic… | |||
| CVE-2014-8506 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in Etiko CMS allow remote attackers to execute arbitrary SQL commands via the (1) page_id parameter to loja/index.php or (2) article_id parameter to index.php. | |||
| CVE-2014-1927 | high | — | 7.5 | 12y ago | The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as … | |||
| CVE-2014-3677 | high | — | 7.5 | 12y ago | Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption. | |||
| CVE-2014-3676 | high | — | 7.5 | 12y ago | Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option." | |||
| CVE-2014-8366 | high | — | 7.5 | 12y ago | SQL injection vulnerability in openSIS 4.5 through 5.3 allows remote attackers to execute arbitrary SQL commands via the Username and password to index.php. | |||
| CVE-2014-8363 | high | — | 7.5 | 12y ago | SQL injection vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter. | |||
| CVE-2014-4840 | high | — | 7.5 | 12y ago | IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote attackers to execute arbitrary code via a crafted URL. | |||
| CVE-2014-4427 | high | — | 7.5 | 12y ago | App Sandbox in Apple OS X before 10.10 allows attackers to bypass a sandbox protection mechanism via the accessibility API. | |||
| CVE-2014-2063 | high | — | 7.5 | 12y ago | Jenkins Vulnerable to Clickjacking | |||
| CVE-2014-8240 | high | — | 7.5 | 12y ago | Integer overflow in TigerVNC allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to screen size handling, which triggers a heap-base… | |||
| CVE-2014-3666 | high | — | 7.5 | 12y ago | Jenkins allows for Code Execution via Crafted Packet to the CLI | |||
| CVE-2014-6500 | high | — | 7.5 | 12y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERV… | |||
| CVE-2014-6491 | high | — | 7.5 | 12y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER… | |||
| CVE-2014-4278 | high | — | 7.5 | 12y ago | Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality… | |||
| CVE-2014-4276 | high | — | 7.5 | 12y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Common Internet File System (CIFS). | |||
| CVE-2014-8294 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in Voice Of Web AllMyGuests 0.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) allmyphp_cookie cookie to admin.php or the (2) Username o… | |||
| CVE-2014-1581 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary cod… | |||
| CVE-2014-1578 | high | — | 7.5 | 12y ago | The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to cause a denial of service (out-of-bounds write and appl… | |||
| CVE-2014-1576 | high | — | 7.5 | 12y ago | Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbit… | |||
| CVE-2014-1575 | high | — | 7.5 | 12y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exe… | |||
| CVE-2014-1574 | high | — | 7.5 | 12y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allow remote attackers to cause a denial of s… | |||
| CVE-2014-8766 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in Allomani Weblinks 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter in a browse action to index.php or (2) unspecified p… | |||
| CVE-2014-6379 | high | — | 7.5 | 12y ago | Juniper Junos 11.4 before R12, 12.1 before R10, 12.1X44 before D35, 12.1X45 before D25, 12.1X46 before D20, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S3, … | |||
| CVE-2014-4313 | high | — | 7.5 | 12y ago | SQL injection vulnerability in Epicor Procurement before 7.4 SP2 allows remote attackers to execute arbitrary SQL commands via the User field. | |||
| CVE-2014-5297 | high | — | 7.5 | 12y ago | The actionSendErrorReport method in protected/controllers/SiteController.php in X2Engine 2.8 through 4.1.7 allows remote attackers to conduct PHP object injection and Server-Side Request Forgery (SSR… | |||
| CVE-2014-2649 | high | — | 7.5 | 12y ago | Unspecified vulnerability in HP Operations Manager 9.20 on UNIX allows remote attackers to execute arbitrary code via unknown vectors. | |||
| CVE-2014-2638 | high | — | 7.5 | 12y ago | Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2344. | |||
| CVE-2014-2637 | high | — | 7.5 | 12y ago | Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2342. | |||
| CVE-2014-2636 | high | — | 7.5 | 12y ago | Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2336. | |||
| CVE-2014-2635 | high | — | 7.5 | 12y ago | Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2343. | |||
| CVE-2014-7984 | high | — | 7.5 | 12y ago | Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to authenticate and bypass intended restrictions via vectors involving GMail authentication. | |||
| CVE-2014-6632 | high | — | 7.5 | 12y ago | Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication. | |||
| CVE-2014-6394 | high | — | 7.5 | 12y ago | visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as d… |