CVEs from 2014
Total
7,865
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-4194 | high | — | 8.5 | 12y ago | SQL injection vulnerability in zero_transact_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter in a Submit Comment action. | |||
| CVE-2014-3300 | high | — | 8.5 | 12y ago | The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 10 does not properly implement access control, which allows rem… | |||
| CVE-2014-4644 | high | — | 8.5 | 12y ago | SQL injection vulnerability in superlinks.php in the superlinks plugin 1.4-2 for Cacti allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2014-0007 | high | — | 8.5 | 12y ago | The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetch_boot_file. | |||
| CVE-2014-4334 | high | — | 8.5 | 12y ago | Stack-based buffer overflow in Ubisoft Rayman Legends before 1.3.140380 allows remote attackers to execute arbitrary code via a long string in the "second connection" to TCP port 1001. | |||
| CVE-2014-4307 | high | — | 8.5 | 12y ago | SQL injection vulnerability in categories-x.php in WebTitan before 4.04 allows remote attackers to execute arbitrary SQL commands via the sortkey parameter. | |||
| CVE-2014-4158 | high | — | 8.5 | 12y ago | Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a GET request. | |||
| CVE-2014-2303 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in the file browser component (we_fs.php) in webEdition CMS before 6.2.7-s1.2 and 6.3.x through 6.3.8 before -s1 allow remote attackers to execute arbitrary SQL… | |||
| CVE-2014-4034 | high | — | 8.5 | 12y ago | SQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter. | |||
| CVE-2014-2777 | high | — | 8.5 | 12y ago | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary web script with increased privileges via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulne… | |||
| CVE-2014-2507 | high | — | 8.5 | 12y ago | EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in ar… | |||
| CVE-2014-2506 | high | — | 8.5 | 12y ago | EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to obtain super-user privileges for system-object creation, … | |||
| CVE-2014-3962 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in Videos Tube 1.0 allow remote attackers to execute arbitrary SQL commands via the url parameter to (1) videocat.php or (2) single.php. | |||
| CVE-2014-3961 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter i… | |||
| CVE-2014-3935 | high | — | 8.5 | 12y ago | SQL injection vulnerability in glossaire-aff.php in the Glossaire module 1.0 for XOOPS allows remote attackers to execute arbitrary SQL commands via the lettre parameter. | |||
| CVE-2014-3934 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php. | |||
| CVE-2014-3871 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in register.php in Geodesic Solutions GeoCore MAX 7.3.3 (formerly GeoClassifieds and GeoAuctions) allow remote attackers to execute arbitrary SQL commands via t… | |||
| CVE-2014-2607 | high | — | 8.5 | 12y ago | Unspecified vulnerability in HP Operations Manager i 9.1 through 9.13 and 9.2 through 9.24 allows remote authenticated users to execute arbitrary code by leveraging the OMi operator role. | |||
| CVE-2014-3789 | high | — | 8.5 | 12y ago | GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors. | |||
| CVE-2014-3749 | high | — | 8.5 | 12y ago | SQL injection vulnerability in Construtiva CIS Manager allows remote attackers to execute arbitrary SQL commands via the email parameter to autenticar/lembrarlogin.asp. | |||
| CVE-2014-3757 | high | — | 8.5 | 12y ago | SQL injection vulnerability in sorter.php in the phpManufaktur kitForm extension 0.43 and earlier for the KeepInTouch (KIT) module allows remote attackers to execute arbitrary SQL commands via the so… | |||
| CVE-2014-1813 | high | — | 8.5 | 12y ago | Microsoft Web Applications 2010 SP1 and SP2 allows remote authenticated users to execute arbitrary code via crafted page content, aka "Web Applications Page Content Vulnerability." | |||
| CVE-2014-2934 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to (1) costview2/jobs.php or (2) costview2/printers.php. | |||
| CVE-2014-2913 | high | — | 8.5 | 12y ago | Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to… | |||
| CVE-2014-3139 | high | — | 8.5 | 12y ago | recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 allows remote attackers to bypass authentication by setting the auth parameter to a certain string. | |||
| CVE-2014-0114 | high | — | 8.5 | 12y ago | Arbitrary code execution in Apache Commons BeanUtils | |||
| CVE-2014-0113 | high | — | 8.5 | 12y ago | ClassLoader manipulation in Apache Struts | |||
| CVE-2014-0112 | high | — | 8.5 | 12y ago | ClassLoader manipulation in Apache Struts | |||
| CVE-2014-2846 | high | — | 8.5 | 12y ago | Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute a… | |||
| CVE-2014-1762 | high | — | 8.5 | 12y ago | Unspecified vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code with medium-integrity privileges and bypass a sandbox protection mechanism via … | |||
| CVE-2014-1216 | high | — | 8.5 | 12y ago | Improper Neutralization of Special Elements used in a Command in FitNesse Wiki | |||
| CVE-2014-2921 | high | — | 8.5 | 12y ago | Pimcore Vulnerable to PHP Object Injection Attacks | |||
| CVE-2014-2406 | high | — | 8.5 | 12y ago | Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and … | |||
| CVE-2014-0763 | high | — | 8.5 | 12y ago | An attacker using SQL injection may use arguments to construct queries without proper sanitization. The DBVisitor.dll is exposed through SOAP interfaces, and the exposed functions are vulnerable to… | |||
| CVE-2014-2847 | high | — | 8.5 | 12y ago | SQL injection vulnerability in default.asp in CIS Manager CMS allows remote attackers to execute arbitrary SQL commands via the TroncoID parameter. | |||
| CVE-2014-2540 | high | — | 8.5 | 12y ago | SQL injection vulnerability in OrbitScripts Orbit Open Ad Server before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the site_directory_sort_field parameter to guest/site_direc… | |||
| CVE-2014-2126 | high | — | 8.5 | 12y ago | Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47), 8.4 before 8.4(7.5), 8.7 before 8.7(1.11), 9.0 before 9.0(3.10), and 9.1 before 9.1(3.4) allows remote authenticated users to ga… | |||
| CVE-2014-1691 | high | — | 8.5 | 12y ago | The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted se… | |||
| CVE-2014-0050 | high | — | 8.5 | 12y ago | Commons FileUpload Denial of service vulnerability | |||
| CVE-2014-2119 | high | — | 8.5 | 12y ago | The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management Applian… | |||
| CVE-2014-1945 | high | — | 8.5 | 12y ago | SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter. | |||
| CVE-2014-0629 | high | — | 8.5 | 12y ago | EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 does not properly handle the interaction between the dm_world group and the dm_superusers_dynamic group, which allows remote aut… | |||
| CVE-2014-2211 | high | — | 8.5 | 12y ago | SQL injection vulnerability in portal/addtoapplication.php in POSH (aka Posh portal or Portaneo) 3.0 before 3.3.0 allows remote attackers to execute arbitrary SQL commands via the rssurl parameter. | |||
| CVE-2014-2013 | high | — | 8.5 | 12y ago | Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the Context… | |||
| CVE-2014-1912 | high | — | 8.5 | 12y ago | Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code … | |||
| CVE-2014-1854 | high | — | 8.5 | 12y ago | SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute arbitr… | |||
| CVE-2014-1597 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the CMDB web application in synetics i-doit pro before 1.2.5 and i-doit open allows remote attackers to execute arbitrary SQL commands via the objID parameter to the de… | |||
| CVE-2014-1903 | high | — | 8.5 | 13y ago | admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the A… | |||
| CVE-2014-1204 | high | — | 8.5 | 13y ago | SQL injection vulnerability in Tableau Server 8.0.x before 8.0.7 and 8.1.x before 8.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be… | |||
| CVE-2014-0750 | high | — | 8.5 | 13y ago | Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLI… | |||
| CVE-2014-1636 | high | — | 8.5 | 13y ago | Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin… | |||
| CVE-2014-1619 | high | — | 8.5 | 13y ago | Multiple SQL injection vulnerabilities in Cubic CMS 5.1.1, 5.1.2, and 5.2 allow remote attackers to execute arbitrary SQL commands via the (1) resource_id or (2) version_id parameter to recursos/agen… | |||
| CVE-2014-1618 | high | — | 8.5 | 13y ago | Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) p_id parameter to products.php or id parameter … | |||
| CVE-2014-1206 | high | — | 8.5 | 13y ago | SQL injection vulnerability in the password reset page in Open Web Analytics (OWA) before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owa_email_address parameter in a base… | |||
| CVE-2014-0224 | high | 7.4 | 8.4 | 12y ago | OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a z… | |||
| CVE-2014-2174 | high | — | 8.3 | 11y ago | Cisco TelePresence T, TelePresence TE, and TelePresence TC before 7.1 do not properly implement access control, which allows remote attackers to obtain root privileges by sending packets on the local… | |||
| CVE-2014-8757 | high | — | 8.3 | 12y ago | LG On-Screen Phone (OSP) before 4.3.010 allows remote attackers to bypass authorization via a crafted request. | |||
| CVE-2014-3392 | high | — | 8.3 | 12y ago | The Clientless SSL VPN portal in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), 9.2 before 9.2(… | |||
| CVE-2014-7188 | high | — | 8.3 | 12y ago | The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service (host cr… | |||
| CVE-2014-2375 | high | — | 8.3 | 12y ago | Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial… | |||
| CVE-2014-2357 | high | — | 8.3 | 12y ago | The GPT library in the Telegyr 8979 Master Protocol application in SUBNET SubSTATION Server 2 before SSNET 2.12 HF18808 allows remote attackers to cause a denial of service (persistent service crash)… | |||
| CVE-2014-2969 | high | — | 8.3 | 12y ago | NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify mem… | |||
| CVE-2014-2938 | high | — | 8.3 | 12y ago | Hanvon FaceID before 1.007.110 does not require authentication, which allows remote attackers to modify access-control and attendance-tracking data via API commands. | |||
| CVE-2014-2707 | high | — | 8.3 | 12y ago | cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts… | |||
| CVE-2014-0777 | high | — | 8.3 | 12y ago | The Modbus slave/outstation driver in the OPC Drivers 1.0.20 and earlier in IOServer OPC Server allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafte… | |||
| CVE-2014-2250 | high | — | 8.3 | 12y ago | The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic pr… | |||
| CVE-2014-2251 | high | — | 8.3 | 12y ago | The random-number generator on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic … | |||
| CVE-2014-1666 | high | — | 8.3 | 13y ago | The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which a… | |||
| CVE-2014-0661 | high | — | 8.3 | 13y ago | The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote a… | |||
| CVE-2014-9619 | high | 7.2 | 8.2 | 9y ago | Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote authenticated users with a… | |||
| CVE-2014-7872 | high | — | 8.2 | 11y ago | Comodo GeekBuddy before 4.18.121 does not restrict access to the VNC server, which allows local users to gain privileges by connecting to the server. | |||
| CVE-2014-7822 | high | — | 8.2 | 11y ago | The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a den… | |||
| CVE-2014-9643 | high | — | 8.2 | 12y ago | K7Sentry.sys in K7 Computing Ultimate Security, Anti-Virus Plus, and Total Security before 14.2.0.253 allows local users to write to arbitrary memory locations, and consequently gain privileges, via … | |||
| CVE-2014-9642 | high | — | 8.2 | 12y ago | bdagent.sys in BullGuard Antivirus, Internet Security, Premium Protection, and Online Backup before 15.0.288 allows local users to write data to arbitrary memory locations, and consequently gain priv… | |||
| CVE-2014-9641 | high | — | 8.2 | 12y ago | The tmeext.sys driver before 2.0.0.1015 in Trend Micro Antivirus Plus, Internet Security, and Maximum Security allows local users to write to arbitrary memory locations, and consequently gain privile… | |||
| CVE-2014-9632 | high | — | 8.2 | 12y ago | The TDI driver (avgtdix.sys) in AVG Internet Security before 2013.3495 Hot Fix 18 and 2015.x before 2015.5315 and Protection before 2015.5315 allows local users to write to arbitrary memory locations… | |||
| CVE-2014-0998 | high | — | 8.2 | 12y ago | Integer signedness error in the vt console driver (formerly Newcons) in FreeBSD 9.3 before p10 and 10.1 before p6 allows local users to cause a denial of service (crash) and possibly gain privileges … | |||
| CVE-2014-9226 | high | — | 8.2 | 12y ago | The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass i… | |||
| CVE-2014-8904 | high | — | 8.2 | 12y ago | lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value. | |||
| CVE-2014-4322 | high | — | 8.2 | 12y ago | drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain… | |||
| CVE-2014-7286 | high | — | 8.2 | 12y ago | Buffer overflow in AClient in Symantec Deployment Solution 6.9 and earlier on Windows XP and Server 2003 allows local users to gain privileges via unspecified vectors. | |||
| CVE-2014-7208 | high | — | 8.2 | 12y ago | GParted before 0.15.0 allows local users to execute arbitrary commands with root privileges via shell metacharacters in a crafted filesystem label. | |||
| CVE-2014-9141 | high | — | 8.2 | 12y ago | The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier uses weak permissions for connectbgdl.exe, which allows local users to execute arbitrary code by modifying this program. | |||
| CVE-2014-9113 | high | — | 8.2 | 12y ago | CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) 7.1 and earlier uses weak permissions (Authenticated Users: Modify and Write) for the (1) Pfx.Engagement.WcfServices, (2) PFXEngDesktop… | |||
| CVE-2014-5284 | high | — | 8.2 | 12y ago | host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable filenames without verifying ownership, which allows local users to modify access restrictions in hosts.deny and gain root… | |||
| CVE-2014-8359 | high | — | 8.2 | 12y ago | Untrusted search path vulnerability in Huawei Mobile Partner for Windows 23.009.05.03.1014 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.d… | |||
| CVE-2014-4076 | high | — | 8.2 | 12y ago | Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to (1) tcpip.sys or (2) tcpip6.sys, aka "TCP/IP Elevation of Privilege Vulnerability." | |||
| CVE-2014-5507 | high | — | 8.2 | 12y ago | iBackup 10.0.0.32 and earlier uses weak permissions (Everyone: Full Control) for ib_service.exe, which allows local users to gain privileges via a Trojan horse file. | |||
| CVE-2014-3631 | high | — | 8.2 | 12y ago | The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to … | |||
| CVE-2014-5453 | high | — | 8.2 | 12y ago | Ubisoft Uplay PC before 4.6.1.3217 use weak permissions (Everyone: Full Control) for the program installation directory (%PROGRAMFILES%\Ubisoft Game Launcher), which allows local users to gain privil… | |||
| CVE-2014-4971 | high | — | 8.2 | 12y ago | Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a cra… | |||
| CVE-2014-1767 | high | — | 8.2 | 12y ago | Double free vulnerability in the Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Win… | |||
| CVE-2014-2514 | high | — | 8.2 | 12y ago | EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization and does not properly restrict object types, which allow… | |||
| CVE-2014-2513 | high | — | 8.2 | 12y ago | EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization after creation of an object, which allows remote authent… | |||
| CVE-2014-2533 | high | — | 8.2 | 12y ago | /sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument. | |||
| CVE-2014-1287 | high | — | 8.2 | 12y ago | USB Host in Apple iOS before 7.1 and Apple TV before 6.1 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted USB messages. | |||
| CVE-2014-2029 | high | 8.1 | 8.1 | 9y ago | The automatic version check functionality in the tools in Percona Toolkit 2.1 allows man-in-the-middle attackers to obtain sensitive information or execute arbitrary code by leveraging use of HTTP to… | |||
| CVE-2014-8886 | high | 8.1 | 8.1 | 11y ago | AVM FRITZ!OS before 6.30 extracts the contents of firmware updates before verifying their cryptographic signature, which allows remote attackers to create symlinks or overwrite critical files, and co… | |||
| CVE-2014-2022 | high | — | 8.1 | 12y ago | SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conc… | |||
| CVE-2014-4422 | high | 8.1 | 8.1 | 12y ago | The kernel in Apple iOS before 8 and Apple TV before 7 uses a predictable random number generator during the early portion of the boot process, which allows attackers to bypass certain kernel-hardeni… |