CVEs from 2014
Total
7,864
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-6625 | critical | — | 9.0 | 12y ago | The Policy Manager in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to gain privileges via unspecified vectors. | |||
| CVE-2014-2177 | critical | — | 9.0 | 12y ago | The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote aut… | |||
| CVE-2014-7875 | critical | — | 9.0 | 12y ago | Unspecified vulnerability on the HP LaserJet CM3530 Multifunction Printer CC519A and CC520A with firmware before 53.236.2 allows remote attackers to obtain sensitive information, modify data, or caus… | |||
| CVE-2014-6560 | critical | — | 9.0 | 12y ago | Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrit… | |||
| CVE-2014-6546 | critical | — | 9.0 | 12y ago | Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integ… | |||
| CVE-2014-6545 | critical | — | 9.0 | 12y ago | Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrit… | |||
| CVE-2014-6467 | critical | — | 9.0 | 12y ago | Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrit… | |||
| CVE-2014-6455 | critical | — | 9.0 | 12y ago | Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, … | |||
| CVE-2014-6453 | critical | — | 9.0 | 12y ago | Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrit… | |||
| CVE-2014-3389 | critical | — | 9.0 | 12y ago | The VPN implementation in Cisco ASA Software 7.2 before 7.2(5.15), 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), … | |||
| CVE-2014-5502 | critical | — | 9.0 | 12y ago | The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote authenticated users to inject arbitrary commands via a (1) checkcert_key, (2) webclient_portal_settings, (3) sslvpn_liveu… | |||
| CVE-2014-4868 | critical | — | 9.0 | 12y ago | The management console on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows remote authenticated users to execute arbitrary Linux commands via shell metacharacters in a console comma… | |||
| CVE-2014-2593 | critical | — | 9.0 | 12y ago | The management console in Aruba Networks ClearPass Policy Manager 6.3.0.60730 allows local users to execute arbitrary commands via shell metacharacters in certain arguments of a valid command, as dem… | |||
| CVE-2014-3333 | critical | — | 9.0 | 12y ago | The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote authenticated users to obtain privileged access by conducting an "HTTP Intercept" attack and leveraging the ability to read files … | |||
| CVE-2014-2366 | critical | — | 9.0 | 12y ago | upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code. | |||
| CVE-2014-2606 | critical | — | 9.0 | 12y ago | Unspecified vulnerability in HP StoreVirtual 4000 Storage and StoreVirtual VSA 9.5 through 11.0 allows remote authenticated users to gain privileges via unknown vectors. | |||
| CVE-2014-3816 | critical | — | 9.0 | 12y ago | Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R11, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8-S2, 12.3 bef… | |||
| CVE-2014-2197 | critical | — | 9.0 | 12y ago | The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which all… | |||
| CVE-2014-2613 | critical | — | 9.0 | 12y ago | Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and 9.2x before RC 9.21.0003 p1 on Windows and 9.2x before RC 9.21.0002 p1 on Linux allows remote authenticated users to gain privil… | |||
| CVE-2014-2611 | critical | — | 9.0 | 12y ago | Directory traversal vulnerability in the fndwar web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code, or obtain sensitive information or… | |||
| CVE-2014-2959 | critical | — | 9.0 | 12y ago | logViewer.htm on the Dell ML6000 tape backup system with firmware before i8.2.0.2 (641G.GS103) and the Quantum Scalar i500 tape backup system with firmware before i8.2.2.1 (646G.GS002) allows remote … | |||
| CVE-2014-3790 | critical | — | 9.0 | 12y ago | Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail. | |||
| CVE-2014-2504 | critical | — | 9.0 | 12y ago | EMC Documentum D2 3.1 before P20, 3.1 SP1 before P02, 4.0 before P10, 4.1 before P13, and 4.2 before P01 allows remote authenticated users to bypass intended access restrictions and execute arbitrary… | |||
| CVE-2014-0251 | critical | — | 9.0 | 12y ago | Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1; SharePoint Foundation 2010 SP1 and SP2 and 2013 Gold and SP1; Project Server 2010 S… | |||
| CVE-2014-2170 | critical | — | 9.0 | 12y ago | Cisco TelePresence TC Software 4.x and 5.x before 5.1.7 and 6.x before 6.0.1 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as argume… | |||
| CVE-2014-2169 | critical | — | 9.0 | 12y ago | Cisco TelePresence TC Software 4.x through 6.x before 6.2.0 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as arguments to internal s… | |||
| CVE-2014-0187 | critical | — | 9.0 | 12y ago | The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a s… | |||
| CVE-2014-0359 | critical | — | 9.0 | 12y ago | Xangati XSR before 11 and XNR before 7 allows remote attackers to execute arbitrary commands via shell metacharacters in a gui_input_test.pl params parameter to servlet/Installer. | |||
| CVE-2014-0632 | critical | — | 9.0 | 12y ago | Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote authenticated users to execute arbitrary code via unspecified vectors. | |||
| CVE-2014-0679 | critical | — | 9.0 | 12y ago | Cisco Prime Infrastructure 1.2 and 1.3 before 1.3.0.20-2, 1.4 before 1.4.0.45-2, and 2.0 before 2.0.0.0.294-2 allows remote authenticated users to execute arbitrary commands with root privileges via … | |||
| CVE-2014-0622 | critical | — | 9.0 | 13y ago | The web service in EMC Documentum Foundation Services (DFS) 6.5 through 6.7 before 6.7 SP1 P22, 6.7 SP2 before P08, 7.0 before P12, and 7.1 before P01 does not properly implement content uploading, w… | |||
| CVE-2014-0649 | critical | — | 9.0 | 13y ago | The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authorization requirements, which allows remote authenticated users to obtain superadmin access … | |||
| CVE-2014-8157 | critical | — | 7.5 | 12y ago | Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2… | |||
| CVE-2014-8138 | critical | — | 7.5 | 12y ago | Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG … | |||
| CVE-2014-9029 | critical | — | 7.5 | 12y ago | Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via… | |||
| CVE-2014-8158 | critical | — | 6.8 | 12y ago | Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 200… | |||
| CVE-2014-8137 | critical | — | 6.8 | 12y ago | Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a cr… | |||
| CVE-2014-6278 | unknown | — | 2.5 | 8mo ago | GNU Bash contains an OS command injection vulnerability which allows remote attackers to execute arbitrary commands via a crafted environment. | |||
| CVE-2014-0497 | unknown | — | 2.5 | 2y ago | Adobe Flash Player contains an integer underflow vulnerability that allows a remote attacker to execute arbitrary code. | |||
| CVE-2014-100005 | unknown | — | 2.5 | 2y ago | D-Link DIR-600 routers contain a cross-site request forgery (CSRF) vulnerability that allows an attacker to change router configurations by hijacking an existing administrator session. | |||
| CVE-2014-8361 | unknown | — | 2.5 | 3y ago | Realtek SDK contains an improper input validation vulnerability in the miniigd SOAP service that allows remote attackers to execute malicious code via a crafted NewInternalClient request. | |||
| CVE-2014-0196 | unknown | — | 2.5 | 3y ago | Linux Kernel contains a race condition vulnerability within the n_tty_write function that allows local users to cause a denial-of-service (DoS) or gain privileges via read and write operations with l… | |||
| CVE-2014-3153 | unknown | — | 2.5 | 4y ago | The futex_requeue function in kernel/futex.c in Linux kernel does not ensure that calls have two different futex addresses, which allows local users to gain privileges. | |||
| CVE-2014-3120 | unknown | — | 2.5 | 4y ago | Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code. | |||
| CVE-2014-0322 | unknown | — | 2.5 | 4y ago | Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute code. | |||
| CVE-2014-4113 | unknown | — | 2.5 | 4y ago | Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2014-0160 | unknown | — | 2.5 | 4y ago | The TLS and DTLS implementations in OpenSSL do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information. | |||
| CVE-2014-0780 | unknown | — | 2.5 | 4y ago | InduSoft Web Studio NTWebServer contains a directory traversal vulnerability that allows remote attackers to read administrative passwords in APP files, allowing for remote code execution. | |||
| CVE-2014-6324 | unknown | — | 2.5 | 4y ago | The Kerberos Key Distribution Center (KDC) in Microsoft allows remote authenticated domain users to obtain domain administrator privileges. | |||
| CVE-2014-6287 | unknown | — | 2.5 | 4y ago | The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (HFS or HttpFileServer) allows remote attackers to execute arbitrary programs. | |||
| CVE-2014-6332 | unknown | — | 2.5 | 4y ago | OleAut32.dll in OLE in Microsoft Windows allows remote attackers to remotely execute code via a crafted web site. | |||
| CVE-2014-4114 | unknown | — | 2.5 | 4y ago | A vulnerability exists in Windows Object Linking & Embedding (OLE) that could allow remote code execution if a user opens a file that contains a specially crafted OLE object. | |||
| CVE-2014-6352 | unknown | — | 2.5 | 4y ago | Microsoft Windows allow remote attackers to execute arbitrary code via a crafted OLE object. | |||
| CVE-2014-1761 | unknown | — | 2.5 | 4y ago | Microsoft Word contains a memory corruption vulnerability which when exploited could allow for remote code execution. | |||
| CVE-2014-4404 | unknown | — | 2.5 | 4y ago | Heap-based buffer overflow in IOHIDFamily in Apple OS X, which affects, iOS before 8 and Apple TV before 7, allows attackers to execute arbitrary code in a privileged context. | |||
| CVE-2014-6271 | unknown | — | 2.5 | 4y ago | GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code. | |||
| CVE-2014-7169 | unknown | — | 2.5 | 4y ago | GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code. This CVE correctly remediates the vul… | |||
| CVE-2014-1812 | unknown | — | 2.5 | 5y ago | Microsoft Windows Active Directory contains a privilege escalation vulnerability due to the way it distributes passwords that are configured using Group Policy preferences. An authenticated attacker … | |||
| CVE-2014-3931 | unknown | — | 1.5 | 11mo ago | Multi-Router Looking Glass (MRLG) contains a buffer overflow vulnerability that could allow remote attackers to cause an arbitrary memory write and memory corruption. | |||
| CVE-2014-2120 | unknown | — | 1.5 | 2y ago | Cisco Adaptive Security Appliance (ASA) contains a cross-site scripting (XSS) vulnerability in the WebVPN login page. This vulnerability allows remote attackers to inject arbitrary web script or HTML… | |||
| CVE-2014-0502 | unknown | — | 1.5 | 2y ago | Adobe Flash Player contains a double free vulnerability that allows a remote attacker to execute arbitrary code. | |||
| CVE-2014-4148 | unknown | — | 1.5 | 4y ago | A remote code execution vulnerability exists when the Windows kernel-mode driver improperly handles TrueType fonts. | |||
| CVE-2014-2817 | unknown | — | 1.5 | 4y ago | Microsoft Internet Explorer cotains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web site. | |||
| CVE-2014-0546 | unknown | — | 1.5 | 4y ago | Adobe Reader and Acrobat on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context. | |||
| CVE-2014-4123 | unknown | — | 1.5 | 4y ago | Microsoft Internet Explorer contains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web site. | |||
| CVE-2014-8439 | unknown | — | 1.5 | 4y ago | Adobe Flash Player has a vulnerability in the way it handles a dereferenced memory pointer which could lead to code execution. | |||
| CVE-2014-4077 | unknown | — | 1.5 | 4y ago | Microsoft Input Method Editor (IME) Japanese is a keyboard with Japanese characters that can be enabled on Windows systems as it is included by default (with the default set as disabled). IME Japanes… | |||
| CVE-2014-9163 | unknown | — | 1.5 | 4y ago | Stack-based buffer overflow in Adobe Flash Player allows attackers to execute code remotely. | |||
| CVE-2014-0496 | unknown | — | 1.5 | 4y ago | Adobe Reader and Acrobat contain a use-after-free vulnerability which can allow for code execution. | |||
| CVE-2014-1776 | unknown | — | 1.5 | 4y ago | Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code in the context of the current user. | |||
| CVE-2014-0130 | unknown | — | 1.5 | 12y ago | Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails allows remote attackers to read arbitrary files via a crafted re… | |||
| CVE-2014-2030 | unknown | — | 1.0 | — | Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary… | |||
| CVE-2014-1947 | unknown | — | 1.0 | — | Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary … | |||
| CVE-2014-9390 | unknown | — | 1.0 | 4y ago | Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; … | |||
| CVE-2014-2079 | unknown | — | — | — | X File Explorer (aka xfe) might allow local users to bypass intended access restrictions and gain access to arbitrary files by leveraging failure to use directory masks when creating files on Samba a… | |||
| CVE-2014-3495 | unknown | — | — | — | duplicity 0.6.24 has improper verification of SSL certificates | |||
| CVE-2014-0144 | unknown | — | — | — | QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input va… | |||
| CVE-2014-8126 | unknown | — | — | — | The scheduler in HTCondor before 8.2.6 allows remote authenticated users to execute arbitrary code. | |||
| CVE-2014-0147 | unknown | — | — | — | Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while… | |||
| CVE-2014-0148 | unknown | — | — | — | Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_s… | |||
| CVE-2014-3471 | unknown | — | — | — | Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU instance crash) via hotplug and hotunplug operations of Virti… | |||
| CVE-2014-8184 | unknown | — | — | — | A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A stack-based buffer overflow was found in findTable() in liblouis. An attacker could create a malicious file that would cause appl… | |||
| CVE-2014-0048 | unknown | — | — | — | An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways. | |||
| CVE-2014-8178 | unknown | — | — | — | Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a cra… | |||
| CVE-2014-3180 | unknown | — | — | — | In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting com… | |||
| CVE-2014-1958 | unknown | — | — | — | Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld stri… | |||
| CVE-2014-3519 | unknown | — | — | — | The open_by_handle_at function in vzkernel before 042stab090.5 in the OpenVZ modification for the Linux kernel 2.6.32, when using simfs, might allow local container users with CAP_DAC_READ_SEARCH cap… | |||
| CVE-2014-8171 | unknown | — | — | — | The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup. | |||
| CVE-2014-8179 | unknown | — | — | — | Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to injec… | |||
| CVE-2014-5282 | unknown | — | — | — | Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'. | |||
| CVE-2014-8181 | unknown | — | — | — | The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace. | |||
| CVE-2014-7210 | unknown | — | — | — | pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered that the maintainer scripts of pdns-backend-mysql grant too wide database permissi… | |||
| CVE-2014-8561 | unknown | — | — | — | imagemagick 6.8.9.6 has remote DOS via infinite loop | |||
| CVE-2014-5278 | unknown | — | — | — | A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs. | |||
| CVE-2014-125087 | unknown | — | — | 3y ago | java-xmlbuilder vulnerable to XML External Entity Reference | |||
| CVE-2014-3599 | unknown | — | — | 4y ago | HornetQ REST vulnerable to Improper Restriction of XML External Entity Reference | |||
| CVE-2014-9720 | unknown | — | — | 4y ago | Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determi… | |||
| CVE-2014-4172 | unknown | — | — | 4y ago | Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability | |||
| CVE-2014-3643 | unknown | — | — | 4y ago | jersey: XXE via parameter entities | |||
| CVE-2014-3652 | unknown | — | — | 4y ago | JBoss KeyCloak Open Redirect |