CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
6451 CVE-2014-6626 284 Bypass 2014-11-19 2014-11-19
10.0
Admin Remote Low Not required Complete Complete Complete
Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not properly restrict access to unspecified administrative functions, which allows remote attackers to bypass authentication and execute administrative actions via unknown vectors.
6452 CVE-2014-6625 284 +Priv 2014-11-19 2014-11-19
9.0
Admin Remote Low Single system Complete Complete Complete
The Policy Manager in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to gain privileges via unspecified vectors.
6453 CVE-2014-6617 798 2018-03-09 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Softing FG-100 PB PROFIBUS firmware version FG-x00-PB_V2.02.0.00 contains a hardcoded password for the root account, which allows remote attackers to obtain administrative access via a TELNET session.
6454 CVE-2014-6601 2015-01-21 2019-04-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
6455 CVE-2014-6567 Exec Code Overflow 2015-01-21 2016-11-28
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information is from the January 2015 CPU. Oracle has not commented on the researcher's claim that this is a stack-based buffer overflow in DBMS_AW.EXECUTE, which allows code execution via a long Current Directory Alias (CDA) command.
6456 CVE-2014-6562 2014-10-15 2015-02-20
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
6457 CVE-2014-6560 2014-10-15 2014-10-24
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-6453, CVE-2014-6467, and CVE-2014-6545.
6458 CVE-2014-6549 2015-01-21 2016-12-21
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
6459 CVE-2014-6546 2014-10-15 2014-10-24
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
6460 CVE-2014-6545 2014-10-15 2015-11-17
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-6453, CVE-2014-6467, and CVE-2014-6560.
6461 CVE-2014-6532 2014-10-15 2015-03-17
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503.
6462 CVE-2014-6513 2014-10-15 2015-03-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.
6463 CVE-2014-6503 2014-10-15 2015-03-17
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532.
6464 CVE-2014-6485 2014-10-15 2015-02-20
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 8u20 and JavaFX 2.2.65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
6465 CVE-2014-6467 2014-10-15 2015-11-06
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-6453, CVE-2014-6545, and CVE-2014-6560.
6466 CVE-2014-6456 2014-10-15 2015-03-16
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
6467 CVE-2014-6455 2014-10-15 2015-11-13
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
6468 CVE-2014-6453 2014-10-15 2015-11-17
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-6467, CVE-2014-6545, and CVE-2014-6560.
6469 CVE-2014-6436 287 Exec Code Bypass 2018-01-12 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login.
6470 CVE-2014-6434 78 Exec Code 2014-10-07 2014-10-08
10.0
None Remote Low Not required Complete Complete Complete
gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary commands via a the (1) a1 or (2) a2 parameter in a restart action.
6471 CVE-2014-6433 94 2014-10-07 2014-10-08
10.0
None Remote Low Not required Complete Complete Complete
gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary files via a the (1) a1 or (2) a2 parameter in a start action.
6472 CVE-2014-6376 20 DoS Exec Code Mem. Corr. 2014-12-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-6327 and CVE-2014-6329.
6473 CVE-2014-6375 20 DoS Exec Code Mem. Corr. 2014-12-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
6474 CVE-2014-6374 119 DoS Exec Code Overflow Mem. Corr. 2014-12-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
6475 CVE-2014-6373 20 DoS Exec Code Mem. Corr. 2014-12-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
6476 CVE-2014-6369 20 DoS Exec Code Mem. Corr. 2014-12-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
6477 CVE-2014-6366 119 DoS Exec Code Overflow Mem. Corr. 2014-12-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
6478 CVE-2014-6364 Exec Code 2014-12-10 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Microsoft Office 2007 SP3; 2010 SP2; 2013 Gold, SP1, and SP2; and 2013 RT Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability."
6479 CVE-2014-6363 399 DoS Exec Code Mem. Corr. 2014-12-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability."
6480 CVE-2014-6361 94 Exec Code 2014-12-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 Gold and SP1, Excel 2013 RT Gold and SP1, and Office Compatibility Pack allow remote attackers to execute arbitrary code via a crafted Office document, aka "Excel Invalid Pointer Remote Code Execution Vulnerability."
6481 CVE-2014-6360 94 Exec Code 2014-12-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack allow remote attackers to execute arbitrary code via a crafted Office document, aka "Global Free Remote Code Execution in Excel Vulnerability."
6482 CVE-2014-6357 Exec Code 2014-12-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Microsoft Office 2010 SP2, Office 2013 Gold and SP1, Office 2013 RT Gold and SP1, Office for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 Gold and SP1, and Office Web Apps 2010 SP2 and 2013 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Use After Free Word Remote Code Execution Vulnerability."
6483 CVE-2014-6356 94 Exec Code 2014-12-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Array index error in Microsoft Word 2007 SP3, Word 2010 SP2, and Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Invalid Index Remote Code Execution Vulnerability."
6484 CVE-2014-6353 399 DoS Exec Code Mem. Corr. 2014-11-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
6485 CVE-2014-6352 94 Exec Code 2014-10-22 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted PowerPoint document.
6486 CVE-2014-6351 399 DoS Exec Code Mem. Corr. 2014-11-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
6487 CVE-2014-6348 399 DoS Exec Code Mem. Corr. 2014-11-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-6342.
6488 CVE-2014-6347 399 DoS Exec Code Mem. Corr. 2014-11-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
6489 CVE-2014-6344 399 DoS Exec Code Mem. Corr. 2014-11-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
6490 CVE-2014-6343 399 DoS Exec Code Mem. Corr. 2014-11-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
6491 CVE-2014-6342 399 DoS Exec Code Mem. Corr. 2014-11-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-6348.
6492 CVE-2014-6341 399 DoS Exec Code Mem. Corr. 2014-11-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4143.
6493 CVE-2014-6337 399 DoS Exec Code Mem. Corr. 2014-11-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
6494 CVE-2014-6335 94 DoS Exec Code Mem. Corr. 2014-11-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Invalid Pointer Remote Code Execution Vulnerability."
6495 CVE-2014-6334 94 DoS Exec Code Mem. Corr. 2014-11-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Bad Index Remote Code Execution Vulnerability."
6496 CVE-2014-6333 94 Exec Code 2014-11-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Double Delete Remote Code Execution Vulnerability."
6497 CVE-2014-6332 119 Exec Code Overflow 2014-11-11 2019-05-15
9.3
None Remote Medium Not required Complete Complete Complete
OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka "Windows OLE Automation Array Remote Code Execution Vulnerability."
6498 CVE-2014-6330 119 DoS Exec Code Overflow Mem. Corr. 2014-12-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
6499 CVE-2014-6329 119 DoS Exec Code Overflow Mem. Corr. 2014-12-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-6327 and CVE-2014-6376.
6500 CVE-2014-6327 20 DoS Exec Code Mem. Corr. 2014-12-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-6329 and CVE-2014-6376.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.