CVEs from 2014
Total
7,862
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-0592 | high | — | 7.5 | 12y ago | Barclamp (aka barclamp-network) 1.7 for the Crowbar Framework, as used in SUSE Cloud 3, does not enable netfilter on bridges when creating new instances, which allows remote attackers to bypass secur… | |||
| CVE-2014-0635 | high | — | 7.5 | 12y ago | Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors. | |||
| CVE-2014-2034 | high | — | 7.5 | 12y ago | Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to create arbitrary user accounts via unknown vectors related to "an unauthenticated execution path." | |||
| CVE-2014-1645 | high | — | 7.5 | 12y ago | SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspe… | |||
| CVE-2014-1644 | high | — | 7.5 | 12y ago | The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providin… | |||
| CVE-2014-0880 | high | — | 7.5 | 12y ago | IBM SAN Volume Controller; Storwize V3500, V3700, V5000, and V7000; and Flex System V7000 with software 6.3 and 6.4 before 6.4.1.8, and 7.1 and 7.2 before 7.2.0.3, allow remote attackers to obtain CL… | |||
| CVE-2014-0133 | high | — | 7.5 | 12y ago | Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request. | |||
| CVE-2014-0003 | high | — | 7.5 | 12y ago | Apache Camel's XSLT component allows remote attackers to execute arbitrary Java methods | |||
| CVE-2014-0002 | high | — | 7.5 | 12y ago | Apache Camel's XSLT component allows remote attackers to read arbitrary files | |||
| CVE-2014-1609 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in MantisBT before 1.2.16 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to the (1) mc_project_get_attachments function in … | |||
| CVE-2014-1505 | high | 7.5 | 7.5 | 12y ago | The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement… | |||
| CVE-2014-1608 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the mci_file_get function in api/soap/mc_file_api.php in MantisBT before 1.2.16 allows remote attackers to execute arbitrary SQL commands via a crafted envelope tag in … | |||
| CVE-2014-0057 | high | — | 7.5 | 12y ago | The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unsp… | |||
| CVE-2014-1715 | high | — | 7.5 | 12y ago | Directory traversal vulnerability in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows has unspecified impact and attack vectors. | |||
| CVE-2014-1714 | high | — | 7.5 | 12y ago | The ScopedClipboardWriter::WritePickledData function in ui/base/clipboard/scoped_clipboard_writer.cc in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows does n… | |||
| CVE-2014-1713 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the AttributeSetter function in bindings/templates/attributes.cpp in the bindings in Blink, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before … | |||
| CVE-2014-1711 | high | — | 7.5 | 12y ago | The GPU driver in the kernel in Google Chrome OS before 33.0.1750.152 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown … | |||
| CVE-2014-1710 | high | — | 7.5 | 12y ago | The AsyncPixelTransfersCompletedQuery::End function in gpu/command_buffer/service/query_manager.cc in Google Chrome, as used in Google Chrome OS before 33.0.1750.152, does not check whether a certain… | |||
| CVE-2014-1707 | high | — | 7.5 | 12y ago | Directory traversal vulnerability in CrosDisks in Google Chrome OS before 33.0.1750.152 has unspecified impact and attack vectors. | |||
| CVE-2014-1706 | high | — | 7.5 | 12y ago | crosh in Google Chrome OS before 33.0.1750.152 allows attackers to inject commands via unspecified vectors. | |||
| CVE-2014-1705 | high | — | 7.5 | 12y ago | Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service (memory corruption) or possibly ha… | |||
| CVE-2014-1703 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the WebSocketDispatcherHost::SendOrDrop function in content/browser/renderer_host/websocket_dispatcher_host.cc in the Web Sockets implementation in Google Chrome befor… | |||
| CVE-2014-1702 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the DatabaseThread::cleanupDatabaseThread function in modules/webdatabase/DatabaseThread.cpp in the web database implementation in Blink, as used in Google Chrome befo… | |||
| CVE-2014-1700 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in modules/speech/SpeechSynthesis.cpp in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause a denial of service or possibly have unspe… | |||
| CVE-2014-0895 | high | — | 7.5 | 12y ago | Buffer overflow in the vsflex8l ActiveX control in IBM SPSS SamplePower 3.0.1 before FP1 3.0.1-IM-S3SAMPC-WIN32-FP001-IF02 allows remote attackers to execute arbitrary code via a crafted ComboList pr… | |||
| CVE-2014-2240 | high | — | 7.5 | 12y ago | Stack-based buffer overflow in the cf2_hintmap_build function in cff/cf2hints.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary co… | |||
| CVE-2014-2311 | high | — | 7.5 | 12y ago | SQL injection vulnerability in modx.class.php in MODX Revolution 2.0.0 before 2.2.13 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-2318 | high | — | 7.5 | 12y ago | SQL injection vulnerability in ATCOM Netvolution 3 allows remote attackers to execute arbitrary SQL commands via the m parameter. | |||
| CVE-2014-2322 | high | — | 7.5 | 12y ago | Arabic Prawn allows remote attackers to execute arbitrary commands via shell metacharacters | |||
| CVE-2014-2316 | high | — | 7.5 | 12y ago | SQL injection vulnerability in se_search_default in the Search Everything plugin before 7.0.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the s parameter to index.php.… | |||
| CVE-2014-1939 | high | — | 7.5 | 12y ago | java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute ar… | |||
| CVE-2014-1884 | high | — | 7.5 | 12y ago | Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-reso… | |||
| CVE-2014-1883 | high | — | 7.5 | 12y ago | Adobe PhoneGap before 2.6.0 on Android uses the shouldOverrideUrlLoading callback instead of the proper shouldInterceptRequest callback, which allows remote attackers to bypass intended device-resour… | |||
| CVE-2014-1882 | high | — | 7.5 | 12y ago | Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that … | |||
| CVE-2014-1881 | high | — | 7.5 | 12y ago | Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that … | |||
| CVE-2014-1262 | high | — | 7.5 | 12y ago | Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages that trigger memory corruption. | |||
| CVE-2014-1261 | high | — | 7.5 | 12y ago | Integer signedness error in CoreText in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Unicode font. | |||
| CVE-2014-1256 | high | — | 7.5 | 12y ago | Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages. | |||
| CVE-2014-1255 | high | — | 7.5 | 12y ago | Apple Type Services (ATS) in Apple OS X before 10.9.2 does not properly validate calls to the free function, which allows attackers to bypass the App Sandbox protection mechanism via crafted Mach mes… | |||
| CVE-2014-0818 | high | — | 7.5 | 13y ago | Untrusted search path vulnerability in Autodesk AutoCAD before 2014 allows local users to gain privileges and execute arbitrary VBScript code via a Trojan horse FAS file in the FAS file search path. | |||
| CVE-2014-0734 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execu… | |||
| CVE-2014-1921 | high | — | 7.5 | 13y ago | parcimonie before 0.8.1, when using a large keyring, sleeps for the same amount of time between fetches, which allows attackers to correlate key fetches via unspecified vectors. | |||
| CVE-2014-0729 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the Enterprise Mobility Application (EMApp) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a craf… | |||
| CVE-2014-0728 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted UR… | |||
| CVE-2014-0727 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via… | |||
| CVE-2014-0726 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands vi… | |||
| CVE-2014-0045 | high | — | 7.5 | 13y ago | The needSamples method in AudioOutputSpeech.cpp in the client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots, Mumble for iOS 1.1 through 1.2.2, and MumbleKit before commit fd190328a9b24d37382b26… | |||
| CVE-2014-1697 | high | — | 7.5 | 13y ago | The integrated web server in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to execute arbitrary code via crafted packets to TCP port 4999. | |||
| CVE-2014-1487 | high | 7.5 | 7.5 | 13y ago | The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Polic… | |||
| CVE-2014-1485 | high | — | 7.5 | 13y ago | The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directiv… | |||
| CVE-2014-1481 | high | 7.5 | 7.5 | 13y ago | Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging in… | |||
| CVE-2014-1479 | high | 7.5 | 7.5 | 13y ago | The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operatio… | |||
| CVE-2014-1471 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows… | |||
| CVE-2014-0001 | high | — | 7.5 | 13y ago | Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server … | |||
| CVE-2014-0838 | high | — | 7.5 | 13y ago | The AutoUpdate package before 6.4 for IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to execute arbitrary console commands by leveraging control of the server. | |||
| CVE-2014-0810 | high | — | 7.5 | 13y ago | Unspecified vulnerability in JustSystems Sanshiro 2007 before update 3, 2008 before update 5, 2009 before update 6, and 2010 before update 6, and Sanshiro Viewer before 2.0.2.0, allows remote attacke… | |||
| CVE-2014-1475 | high | — | 7.5 | 13y ago | The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows remote OpenID users to authenticate as other users via unspecified vectors. | |||
| CVE-2014-1252 | high | — | 7.5 | 13y ago | Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft W… | |||
| CVE-2014-0792 | high | — | 7.5 | 13y ago | Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types. | |||
| CVE-2014-1466 | high | — | 7.5 | 13y ago | SQL injection vulnerability in CSP MySQL User Manager 2.3 allows remote attackers to execute arbitrary SQL commands via the login field of the login page. | |||
| CVE-2014-0424 | high | — | 7.5 | 13y ago | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnera… | |||
| CVE-2014-0373 | high | — | 7.5 | 13y ago | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Servic… | |||
| CVE-2014-0752 | high | — | 7.5 | 13y ago | The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL. | |||
| CVE-2014-3969 | high | — | 7.4 | 12y ago | Xen 4.4.x, when running on an ARM system, does not properly check write permissions on virtual addresses, which allows local guest administrators to gain privileges via unspecified vectors. | |||
| CVE-2014-0049 | high | — | 7.4 | 12y ago | Buffer overflow in the complete_emulated_mmio function in arch/x86/kvm/x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that… | |||
| CVE-2014-1266 | high | 7.4 | 7.4 | 13y ago | The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6… | |||
| CVE-2014-0691 | high | 7.3 | 7.3 | 9y ago | Cisco WebEx Meetings Server before 1.1 uses meeting IDs with insufficient entropy, which makes it easier for remote attackers to bypass authentication and join arbitrary meetings without a password, … | |||
| CVE-2014-0097 | high | 7.3 | 7.3 | 9y ago | Improper Authentication in Spring Security | |||
| CVE-2014-9769 | high | 7.3 | 7.3 | 10y ago | pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly hav… | |||
| CVE-2014-9426 | high | 7.3 | 7.3 | 12y ago | The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attacke… | |||
| CVE-2014-4608 | high | 7.3 | 7.3 | 12y ago | Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to caus… | |||
| CVE-2014-1692 | high | 7.3 | 7.3 | 13y ago | The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attack… | |||
| CVE-2014-5362 | high | 7.2 | 7.2 | 9y ago | The admin interface in Landesk Management Suite 9.6 and earlier allows remote attackers to conduct remote file inclusion attacks involving ASPX pages from third-party sites via the d parameter to (1)… | |||
| CVE-2014-8173 | high | — | 7.2 | 11y ago | The pmd_none_or_trans_huge_or_clear_bad function in include/asm-generic/pgtable.h in the Linux kernel before 3.13 on NUMA systems does not properly determine whether a Page Middle Directory (PMD) ent… | |||
| CVE-2014-6184 | high | — | 7.2 | 11y ago | Stack-based buffer overflow in dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4 through 5.4.3.6, 5.5 through 5.5.4.3, 6.1 through 6.1.5.6, 6.2 before 6.2.5.4, and 6.3 before 6.3.2.3 on UN… | |||
| CVE-2014-6185 | high | — | 7.2 | 12y ago | dsmtca in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.2.3, 6.4 before 6.4.2.2, and 7.1 before 7.1.1.3 does not properly restrict shared-library loading, which allows local users to … | |||
| CVE-2014-8825 | high | — | 7.2 | 12y ago | The kernel in Apple OS X before 10.10.2 does not properly perform identitysvc validation of certain directory-service functionality, which allows local users to gain privileges or spoof directory-ser… | |||
| CVE-2014-8821 | high | — | 7.2 | 12y ago | The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8820. | |||
| CVE-2014-8820 | high | — | 7.2 | 12y ago | The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8821. | |||
| CVE-2014-8819 | high | — | 7.2 | 12y ago | The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8820 and CVE-2014-8821. | |||
| CVE-2014-8920 | high | — | 7.2 | 12y ago | Buffer overflow in the Data Transfer Program in IBM i Access 5770-XE1 5R4, 6.1, and 7.1 on Windows allows local users to gain privileges via unspecified vectors. | |||
| CVE-2014-8148 | high | — | 7.2 | 12y ago | The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root… | |||
| CVE-2014-6524 | high | — | 7.2 | 12y ago | Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel. | |||
| CVE-2014-6521 | high | — | 7.2 | 12y ago | Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via vectors related to CDE - Power Management Utility. | |||
| CVE-2014-6510 | high | — | 7.2 | 12y ago | Unspecified vulnerability in Oracle Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Power Management Utility. | |||
| CVE-2014-1949 | high | — | 7.2 | 12y ago | GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button. | |||
| CVE-2014-9600 | high | — | 7.2 | 12y ago | Untrusted search path vulnerability in Macroplant iExplorer 3.6.3.0 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse itunesmobiledevice.dll. | |||
| CVE-2014-0748 | high | — | 7.2 | 12y ago | apinit on Cray devices with CLE before 4.2.UP02 and 5.x before 5.1.UP00 does not use alpsauth data to validate the UID in a launch message, which allows local users to gain privileges via a modified … | |||
| CVE-2014-7300 | high | — | 7.2 | 12y ago | GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to ex… | |||
| CVE-2014-7995 | high | — | 7.2 | 12y ago | Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow physically proximate attackers to obtain shell access by opening a device's case and connecting a cable to a serial port, aka… | |||
| CVE-2014-8609 | high | — | 7.2 | 12y ago | The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers… | |||
| CVE-2014-7911 | high | — | 7.2 | 12y ago | luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the re… | |||
| CVE-2014-8956 | high | — | 7.2 | 12y ago | Stack-based buffer overflow in the K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) before 12.8.0.119, as used in multiple K7 Computing products, allows local users to execute arbitrar… | |||
| CVE-2014-7136 | high | — | 7.2 | 12y ago | Heap-based buffer overflow in the K7FWFilt.sys kernel mode driver (aka K7Firewall Packet Driver) before 14.0.1.16, as used in multiple K7 Computing products, allows local users to execute arbitrary c… | |||
| CVE-2014-8003 | high | — | 7.2 | 12y ago | Cisco Integrated Management Controller in Cisco Unified Computing System 2.2(2c)A and earlier allows local users to obtain shell access via a crafted map-nfs command, aka Bug ID CSCup05998. | |||
| CVE-2014-2608 | high | — | 7.2 | 12y ago | Unspecified vulnerability in HP Smart Update Manager 6.x before 6.4.1 on Windows, and 6.2.x through 6.4.x before 6.4.1 on Linux, allows local users to obtain sensitive information, and consequently g… | |||
| CVE-2014-8651 | high | — | 7.2 | 12y ago | The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and plasma-desktop before 5.1.1 allows local users to gain privileges via a crafted ntpUtility (ntp utility name) argument. | |||
| CVE-2014-7253 | high | — | 7.2 | 12y ago | FUJITSU F-12C, ARROWS Tab LTE F-01D, ARROWS Kiss F-03D, and REGZA Phone T-01D for Android allows local users to execute arbitrary commands via unspecified vectors. | |||
| CVE-2014-2273 | high | — | 7.2 | 12y ago | The hx170dec device driver in Huawei P2-6011 before V100R001C00B043 allows local users to read and write to arbitrary memory locations via unspecified vectors. | |||
| CVE-2014-8419 | high | — | 7.2 | 12y ago | Wibu-Systems CodeMeter Runtime before 5.20 uses weak permissions (read and write access for all users) for codemeter.exe, which allows local users to gain privileges via a Trojan horse file. |