CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
5951 CVE-2014-8459 94 DoS Exec Code Mem. Corr. 2014-12-10 2014-12-11
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8461, and CVE-2014-9158.
5952 CVE-2014-8458 94 DoS Exec Code Mem. Corr. 2014-12-10 2014-12-11
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158.
5953 CVE-2014-8457 119 Exec Code Overflow 2014-12-10 2014-12-11
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8460 and CVE-2014-9159.
5954 CVE-2014-8456 94 DoS Exec Code Mem. Corr. 2014-12-10 2014-12-11
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158.
5955 CVE-2014-8455 Exec Code 2014-12-10 2014-12-11
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8454 and CVE-2014-9165.
5956 CVE-2014-8454 Exec Code 2014-12-10 2014-12-11
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8455 and CVE-2014-9165.
5957 CVE-2014-8449 189 Exec Code Overflow 2014-12-10 2014-12-11
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.
5958 CVE-2014-8447 94 DoS Exec Code Mem. Corr. 2014-12-10 2014-12-11
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158.
5959 CVE-2014-8446 DoS Exec Code Mem. Corr. 2014-12-10 2014-12-11
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158.
5960 CVE-2014-8445 94 DoS Exec Code Mem. Corr. 2014-12-10 2014-12-11
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158.
5961 CVE-2014-8443 Exec Code 2014-12-10 2018-12-20
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code via unspecified vectors.
5962 CVE-2014-8441 DoS Exec Code Mem. Corr. 2014-11-11 2018-12-20
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-0581, and CVE-2014-8440.
5963 CVE-2014-8440 DoS Exec Code Mem. Corr. 2014-11-11 2018-12-20
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-0581, and CVE-2014-8441.
5964 CVE-2014-8439 119 DoS Exec Code Overflow 2014-11-25 2017-09-07
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors.
5965 CVE-2014-8438 Exec Code 2014-11-11 2018-12-20
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0573 and CVE-2014-0588.
5966 CVE-2014-8423 74 Exec Code 2014-11-28 2014-11-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to execute arbitrary commands via unknown vectors.
5967 CVE-2014-8420 20 Exec Code 2014-11-25 2018-03-12
9.0
Admin Remote Low Single system Complete Complete Complete
The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors.
5968 CVE-2014-8418 264 +Priv 2014-11-24 2014-11-25
9.0
None Remote Low Single system Complete Complete Complete
The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol.
5969 CVE-2014-8389 78 2017-12-27 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware 1.43 21.08.2014, AirLive MD-3025 with firmware 1.81 21.08.2014, AirLive WL-2000CAM with firmware LM.1.6.18 14.10.2011, and AirLive POE-200CAM v2 with firmware LM.1.6.17.01 uses hard-coded credentials in the embedded Boa web server, which allows remote attackers to obtain user credentials via crafted HTTP requests.
5970 CVE-2014-8387 78 Exec Code 2014-11-20 2018-10-09
9.0
None Remote Low Single system Complete Complete Complete
cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point allows remote authenticated users to execute arbitrary commands via shell metacharacters in the pinghost parameter to ping.cgi.
5971 CVE-2014-8385 119 Exec Code Overflow 2015-02-12 2015-02-13
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow on Advantech EKI-1200 gateways with firmware before 1.63 allows remote attackers to execute arbitrary code via unspecified vectors.
5972 CVE-2014-8384 2015-05-18 2015-05-19
9.4
None Remote Low Not required None Complete Complete
The InFocus IN3128HD projector with firmware 0.26 does not restrict access to cgi-bin/webctrl.cgi.elf, which allows remote attackers to modify the DHCP server and device IP configuration, reboot the device, change the device name, and have other unspecified impact via a crafted request.
5973 CVE-2014-8383 Bypass 2015-05-18 2015-05-19
10.0
None Remote Low Not required Complete Complete Complete
The InFocus IN3128HD projector with firmware 0.26 allows remote attackers to bypass authentication via a direct request to main.html.
5974 CVE-2014-8373 264 +Priv 2014-12-11 2018-10-09
9.0
Admin Remote Low Single system Complete Complete Complete
The VMware Remote Console (VMRC) function in VMware vCloud Automation Center (vCAC) 6.0.1 through 6.1.1 allows remote authenticated users to gain privileges via vectors involving the "Connect (by) Using VMRC" function.
5975 CVE-2014-8368 264 Exec Code +Priv 2014-11-25 2018-12-20
9.0
None Remote Low Single system Complete Complete Complete
The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain privileges and execute arbitrary commands via unspecified vectors.
5976 CVE-2014-8362 284 2017-01-23 2017-01-25
10.0
None Remote Low Not required Complete Complete Complete
Vivint Sky Control Panel 1.1.1.9926 allows remote attackers to enable and disable the alarm system and modify other security settings via the Web-enabled interface.
5977 CVE-2014-8361 20 Exec Code 2015-05-01 2017-01-02
10.0
None Remote Low Not required Complete Complete Complete
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request.
5978 CVE-2014-8358 426 +Priv 2017-12-11 2017-12-29
9.3
None Remote Medium Not required Complete Complete Complete
Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the "Mobile Partner" directory, which allows remote attackers to gain SYSTEM privileges by compromising a low privilege account and modifying Mobile Partner.exe.
5979 CVE-2014-8329 287 +Info 2014-10-20 2014-10-22
10.0
None Remote Low Not required Complete Complete Complete
Schrack Technik microControl with firmware before 1.7.0 (937) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain access data for the ftp and telnet services via a direct request for ZTPUsrDtls.txt.
5980 CVE-2014-8170 134 Exec Code 2017-09-25 2017-10-11
9.0
None Remote Low Single system Complete Complete Complete
ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate attackers to execute arbitrary commands via a ; (semicolon) in an input string.
5981 CVE-2014-8165 345 Exec Code 2015-02-19 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.
5982 CVE-2014-8118 189 Exec Code Overflow 2014-12-16 2018-11-29
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow.
5983 CVE-2014-7985 22 Dir. Trav. 2014-10-31 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in EspoCRM before 2.6.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter to install/index.php.
5984 CVE-2014-7921 264 +Priv 2017-04-13 2018-08-13
10.0
None Remote Low Not required Complete Complete Complete
mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7920.
5985 CVE-2014-7920 264 +Priv 2017-04-13 2018-08-13
10.0
None Remote Low Not required Complete Complete Complete
mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921.
5986 CVE-2014-7917 189 Overflow 2015-09-30 2015-10-01
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342615.
5987 CVE-2014-7916 189 Overflow 2015-09-30 2015-10-01
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342751.
5988 CVE-2014-7915 189 Overflow 2015-09-30 2015-10-01
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15328708.
5989 CVE-2014-7898 Exec Code 2015-03-09 2015-03-17
10.0
None Remote Low Not required Complete Complete Complete
The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via unspecified vectors.
5990 CVE-2014-7897 Exec Code 2015-03-09 2015-03-17
10.0
None Remote Low Not required Complete Complete Complete
The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSScanner.ocx for Imaging Barcode scanners, Linear Barcode scanners, Presentation Barcode scanners, Retail Integrated Barcode scanners, Wireless Barcode scanners, and 2D Value Wireless scanners.
5991 CVE-2014-7895 Exec Code 2015-03-09 2015-03-12
10.0
None Remote Low Not required Complete Complete Complete
The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCashDrawer.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, Value Serial/USB Receipt printers, and USB Standard Duty cash drawers, aka ZDI-CAN-2505.
5992 CVE-2014-7894 Exec Code 2015-03-09 2015-03-12
10.0
None Remote Low Not required Complete Complete Complete
The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSPOSPrinter.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, and Value Serial/USB Receipt printers, aka ZDI-CAN-2506.
5993 CVE-2014-7893 Exec Code 2015-03-09 2015-03-12
10.0
None Remote Low Not required Complete Complete Complete
The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCheckScanner.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, and Value Serial/USB Receipt printers, aka ZDI-CAN-2507.
5994 CVE-2014-7892 Exec Code 2015-03-09 2015-03-12
10.0
None Remote Low Not required Complete Complete Complete
The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSMSR.ocx for Mini MSR magnetic stripe readers, Retail Integrated Dual-Head MSR magnetic stripe readers, Integrated Single Head MSR w/o SRED magnetic stripe readers, Integrated Single Head w/o MSR SRED magnetic stripe readers, RP7 Single Head MSR w/o SRED magnetic stripe readers, POS keyboards, and POS keyboards with MSR, aka ZDI-CAN-2508.
5995 CVE-2014-7891 Exec Code 2015-03-09 2015-03-12
10.0
None Remote Low Not required Complete Complete Complete
The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSPOSKeyboard.ocx for POS keyboards and POS keyboards with MSR, aka ZDI-CAN-2509.
5996 CVE-2014-7890 Exec Code 2015-03-09 2015-03-12
10.0
None Remote Low Not required Complete Complete Complete
The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSToneIndicator.ocx for POS keyboards and POS keyboards with MSR, aka ZDI-CAN-2510.
5997 CVE-2014-7889 Exec Code 2015-03-09 2015-03-12
10.0
None Remote Low Not required Complete Complete Complete
The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSLineDisplay.ocx for Retail RP7 VFD Customer Display monitors, Retail Integrated 2x20 Display monitors, Retail Integrated 2x20 Complex monitors, POS Pole Display monitors, Graphical POS Pole Display monitors, and LCD Pole Display monitors, aka ZDI-CAN-2511.
5998 CVE-2014-7888 Exec Code 2015-03-09 2015-03-12
10.0
None Remote Low Not required Complete Complete Complete
The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSMICR.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, and Value Serial/USB Receipt printers, aka ZDI-CAN-2512.
5999 CVE-2014-7885 2015-03-13 2018-10-17
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in HP ArcSight Enterprise Security Manager (ESM) before 6.8c have unknown impact and remote attack vectors.
6000 CVE-2014-7884 2015-03-13 2016-08-24
9.0
None Remote Low Single system Complete Complete Complete
Multiple unspecified vulnerabilities in HP ArcSight Logger before 6.0P1 have unknown impact and remote authenticated attack vectors.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.