CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
6951 CVE-2014-1303 119 Exec Code Overflow Bypass 2014-03-26 2016-12-07
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Liang Chen during a Pwn2Own competition at CanSecWest 2014.
6952 CVE-2014-1300 Exec Code 2014-03-26 2016-12-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows remote attackers to execute arbitrary code with root privileges via unknown vectors, as demonstrated by Google during a Pwn4Fun competition at CanSecWest 2014.
6953 CVE-2014-1251 119 DoS Exec Code Overflow 2014-02-26 2015-10-21
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted clef atom in a movie file.
6954 CVE-2014-1250 119 DoS Exec Code Overflow 2014-02-26 2014-03-10
9.3
None Remote Medium Not required Complete Complete Complete
Apple QuickTime before 7.7.5 does not properly perform a byte-swapping operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted ttfo element in a movie file.
6955 CVE-2014-1249 119 DoS Exec Code Overflow 2014-02-26 2014-03-10
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PSD image.
6956 CVE-2014-1248 119 DoS Exec Code Overflow 2014-02-26 2014-03-10
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ldat atom in a movie file.
6957 CVE-2014-1247 119 DoS Exec Code Overflow Mem. Corr. 2014-02-26 2014-03-10
9.3
None Remote Medium Not required Complete Complete Complete
Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted dref atom in a movie file.
6958 CVE-2014-1246 119 DoS Exec Code Overflow 2014-02-26 2014-02-27
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ftab atom in a movie file.
6959 CVE-2014-1245 189 DoS Exec Code 2014-02-26 2014-03-10
9.3
None Remote Medium Not required Complete Complete Complete
Integer signedness error in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted stsz atom in a movie file.
6960 CVE-2014-1244 119 DoS Exec Code Overflow 2014-02-26 2015-10-21
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.
6961 CVE-2014-1243 119 DoS Exec Code Overflow 2014-02-26 2014-02-27
9.3
None Remote Medium Not required Complete Complete Complete
Apple QuickTime before 7.7.5 does not initialize an unspecified pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted track list in a movie file.
6962 CVE-2014-1236 119 Overflow 2014-01-10 2017-06-30
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a "long digit list."
6963 CVE-2014-1209 20 2014-04-11 2014-04-14
9.3
None Remote Medium Not required Complete Complete Complete
VMware vSphere Client 4.0, 4.1, 5.0 before Update 3, and 5.1 before Update 2 does not properly validate updates to Client files, which allows remote attackers to trigger the downloading and execution of an arbitrary program via unspecified vectors.
6964 CVE-2014-1202 94 1 Exec Code 2014-01-24 2014-01-27
9.3
None Remote Medium Not required Complete Complete Complete
The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.
6965 CVE-2014-1201 119 DoS Exec Code Overflow 2014-01-15 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2 LH330 series with firmware 11.17.38-33_1D97A, and Edge3 LH340 series with firmware 11.19.85_1FE3A allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the HTTP_PORT parameter.
6966 CVE-2014-0980 119 1 Exec Code Overflow 2014-02-11 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote attackers to execute arbitrary code via a crafted PUI file.
6967 CVE-2014-0978 119 Overflow 2014-01-10 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file.
6968 CVE-2014-0879 119 Exec Code Overflow 2014-03-21 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the Taskmaster Capture ActiveX control in IBM Datacap Taskmaster Capture 8.0.1, and 8.1 before FP2, allows remote attackers to execute arbitrary code via unspecified vectors.
6969 CVE-2014-0862 Exec Code 2014-03-01 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x before 3.0.1.6 iFix 2 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code via unknown vectors.
6970 CVE-2014-0787 119 Exec Code Overflow 2014-04-12 2017-09-16
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in WellinTech KingSCADA before 3.1.2.13 allows remote attackers to execute arbitrary code via a crafted packet.
6971 CVE-2014-0783 119 Exec Code Overflow 2014-03-14 2015-08-05
9.0
None Remote Low Not required Partial Partial Complete
Stack-based buffer overflow in BKHOdeq.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet.
6972 CVE-2014-0781 119 Exec Code Overflow 2014-03-14 2015-08-05
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets.
6973 CVE-2014-0769 287 2014-04-25 2014-04-25
9.3
None Remote Medium Not required Complete Complete Complete
The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001.
6974 CVE-2014-0760 287 DoS Exec Code 2014-04-25 2014-04-25
9.3
None Remote Medium Not required Complete Complete Complete
The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
6975 CVE-2014-0758 20 2014-02-23 2014-02-24
9.3
None Remote Medium Not required Complete Complete Complete
An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document.
6976 CVE-2014-0754 22 Dir. Trav. 2014-10-03 2016-04-04
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request.
6977 CVE-2014-0749 119 1 Exec Code Overflow 2014-05-16 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in lib/Libdis/disrsi_.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.5.x through 2.5.13 allows remote attackers to execute arbitrary code via a large count value.
6978 CVE-2014-0721 264 2014-02-22 2014-03-05
10.0
None Remote Low Not required Complete Complete Complete
The Cisco Unified SIP Phone 3905 with firmware before 9.4(1) allows remote attackers to obtain root access via a session on the test interface on TCP port 7870, aka Bug ID CSCuh75574.
6979 CVE-2014-0709 255 2014-02-22 2016-09-08
9.3
None Remote Medium Not required Complete Complete Complete
Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to the CLI interface, aka Bug ID CSCui73930.
6980 CVE-2014-0703 362 Bypass 2014-03-06 2014-03-07
10.0
None Remote Low Not required Complete Complete Complete
Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distribute Aironet IOS software with a race condition in the status of the administrative HTTP server, which allows remote attackers to bypass intended access restrictions by connecting to an Aironet access point on which this server had been disabled ineffectively, aka Bug ID CSCuf66202.
6981 CVE-2014-0683 255 2014-03-06 2018-12-15
10.0
None Remote Low Not required Complete Complete Complete
The web management interface on the Cisco RV110W firewall with firmware 1.2.0.9 and earlier, RV215W router with firmware 1.1.0.5 and earlier, and CVR100W router with firmware 1.0.1.19 and earlier does not prevent replaying of modified authentication requests, which allows remote attackers to obtain administrative access by leveraging the ability to intercept requests, aka Bug IDs CSCul94527, CSCum86264, and CSCum86275.
6982 CVE-2014-0679 20 Exec Code 2014-02-27 2019-07-29
9.0
None Remote Low Single system Complete Complete Complete
Cisco Prime Infrastructure 1.2 and 1.3 before 1.3.0.20-2, 1.4 before 1.4.0.45-2, and 2.0 before 2.0.0.0.294-2 allows remote authenticated users to execute arbitrary commands with root privileges via an unspecified URL, aka Bug ID CSCum71308.
6983 CVE-2014-0659 78 Exec Code 2014-01-12 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote attackers to read credential and configuration data, and execute arbitrary commands, via requests to the test interface on TCP port 32764, aka Bug IDs CSCum37566, CSCum43693, CSCum43700, and CSCum43685.
6984 CVE-2014-0650 20 Exec Code 2014-01-16 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
The web interface in Cisco Secure Access Control System (ACS) 5.x before 5.4 Patch 3 allows remote attackers to execute arbitrary operating-system commands via a request to this interface, aka Bug ID CSCue65962.
6985 CVE-2014-0649 264 2014-01-16 2017-08-28
9.0
None Remote Low Single system Complete Complete Complete
The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authorization requirements, which allows remote authenticated users to obtain superadmin access via a request to this interface, aka Bug ID CSCud75180.
6986 CVE-2014-0648 264 2014-01-16 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authentication and authorization requirements, which allows remote attackers to obtain administrative access via a request to this interface, aka Bug ID CSCud75187.
6987 CVE-2014-0632 22 Exec Code Dir. Trav. 2014-04-01 2015-10-13
9.0
None Remote Low Single system Complete Complete Complete
Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote authenticated users to execute arbitrary code via unspecified vectors.
6988 CVE-2014-0622 264 Bypass 2014-02-06 2018-01-02
9.0
None Remote Low Single system Complete Complete Complete
The web service in EMC Documentum Foundation Services (DFS) 6.5 through 6.7 before 6.7 SP1 P22, 6.7 SP2 before P08, 7.0 before P12, and 7.1 before P01 does not properly implement content uploading, which allows remote authenticated users to bypass intended content access restrictions via unspecified vectors.
6989 CVE-2014-0610 DoS Exec Code 2014-09-04 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
The client in Novell GroupWise before 8.0.3 HP4, 2012 before SP3, and 2014 before SP1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors.
6990 CVE-2014-0609 2014-08-17 2017-01-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Novell Open Enterprise Server (OES) 11 SP1 before Scheduled Maintenance Update 9415 and 11 SP2 before Scheduled Maintenance Update 9413 for Linux has unknown impact and attack vectors.
6991 CVE-2014-0607 Exec Code 2014-07-24 2014-07-24
10.0
None Remote Low Not required Complete Complete Complete
Unrestricted file upload vulnerability in Attachmate Verastream Process Designer (VPD) before R6 SP1 Hotfix 1 allows remote attackers to execute arbitrary code by uploading and launching an executable file.
6992 CVE-2014-0605 22 Exec Code Dir. Trav. 2015-02-06 2015-02-09
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in the rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to execute arbitrary code via unspecified vectors to the SaveSettings method.
6993 CVE-2014-0604 22 Exec Code Dir. Trav. 2015-02-06 2015-02-09
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in the rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to execute arbitrary code via unspecified vectors to the StartLog method.
6994 CVE-2014-0603 94 DoS Exec Code Mem. Corr. 2015-02-06 2015-02-09
10.0
None Remote Low Not required Complete Complete Complete
The rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to cause a denial of service (memory corruption) and execute arbitrary code via vectors related to the (1) GetGlobalSettings or (2) GetSiteProperties3 methods, which triggers a dereference of an arbitrary memory address. NOTE: this issue was MERGED with CVE-2014-0606 because it is the same type of vulnerability, affecting the same set of versions, and discovered by the same researcher.
6995 CVE-2014-0598 22 Dir. Trav. 2014-06-18 2017-01-06
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Maintenance Update 9151 on Linux has unspecified impact and remote attack vectors.
6996 CVE-2014-0593 20 Exec Code 2018-06-08 2018-07-31
10.0
None Remote Low Not required Complete Complete Complete
The set_version script as shipped with obs-service-set_version is a source validator for the Open Build Service (OBS). In versions prior to 0.5.3-1.1 this script did not properly sanitize the input provided by the user, allowing for code execution on the executing server.
6997 CVE-2014-0590 Exec Code 2014-11-11 2018-12-13
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0577, CVE-2014-0584, CVE-2014-0585, and CVE-2014-0586.
6998 CVE-2014-0589 119 Exec Code Overflow 2014-11-11 2018-12-13
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0582.
6999 CVE-2014-0588 Exec Code 2014-11-11 2018-12-13
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0573 and CVE-2014-8438.
7000 CVE-2014-0587 94 DoS Exec Code Mem. Corr. 2014-12-10 2018-12-13
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9164.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.