CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
7151 CVE-2014-1512 399 Exec Code 2014-03-19 2017-12-15
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage collection is occurring, as demonstrated by improper handling of BumpChunk objects.
7152 CVE-2014-1511 264 Bypass 2014-03-19 2017-12-15
9.3
None Remote Medium Not required Complete Complete Complete
Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.
7153 CVE-2014-1510 94 Exec Code 2014-03-19 2017-12-15
9.3
None Remote Medium Not required Complete Complete Complete
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call.
7154 CVE-2014-1507 22 Dir. Trav. Bypass 2014-03-19 2016-11-15
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in the DeviceStorage API in Mozilla FirefoxOS before 1.2.2 allows attackers to bypass the media sandbox protection mechanism, and read or modify arbitrary files, via a crafted application that uses a relative pathname for a DeviceStorageFile object.
7155 CVE-2014-1494 DoS Exec Code Mem. Corr. 2014-03-19 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
7156 CVE-2014-1493 DoS Exec Code Mem. Corr. 2014-03-19 2017-12-15
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
7157 CVE-2014-1488 399 Exec Code 2014-02-06 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js.
7158 CVE-2014-1486 399 Exec Code 2014-02-06 2018-01-02
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data.
7159 CVE-2014-1482 264 DoS Exec Code 2014-02-06 2018-01-02
10.0
None Remote Low Not required Complete Complete Complete
RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted image data, as demonstrated by Goo Create.
7160 CVE-2014-1478 DoS Exec Code Mem. Corr. 2014-02-06 2018-01-02
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the MPostWriteBarrier class in js/src/jit/MIR.h and stack alignment in js/src/jit/AsmJS.cpp in OdinMonkey, and unknown other vectors.
7161 CVE-2014-1477 DoS Exec Code Mem. Corr. 2014-02-06 2018-01-02
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
7162 CVE-2014-1381 264 DoS Exec Code 2014-07-01 2015-12-22
10.0
None Remote Low Not required Complete Complete Complete
Thunderbolt in Apple OS X before 10.9.4 does not properly restrict IOThunderBoltController API calls, which allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted call.
7163 CVE-2014-1379 DoS +Priv 2014-07-01 2015-11-20
10.0
None Remote Low Not required Complete Complete Complete
Graphics Drivers in Apple OS X before 10.9.4 allows attackers to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a 32-bit executable file for a crafted application.
7164 CVE-2014-1377 Exec Code 2014-07-01 2015-11-20
10.0
None Remote Low Not required Complete Complete Complete
Array index error in IOAcceleratorFamily in Apple OS X before 10.9.4 allows attackers to execute arbitrary code via a crafted application.
7165 CVE-2014-1376 264 Exec Code 2014-07-01 2015-11-20
10.0
None Remote Low Not required Complete Complete Complete
Intel Compute in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenCL API call, which allows attackers to execute arbitrary code via a crafted application.
7166 CVE-2014-1373 264 Exec Code 2014-07-01 2015-11-20
10.0
None Remote Low Not required Complete Complete Complete
Intel Graphics Driver in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenGL API call, which allows attackers to execute arbitrary code via a crafted application.
7167 CVE-2014-1359 189 Exec Code 2014-07-01 2015-12-08
10.0
None Remote Low Not required Complete Complete Complete
Integer underflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.
7168 CVE-2014-1358 189 Exec Code Overflow 2014-07-01 2015-12-08
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.
7169 CVE-2014-1357 119 Exec Code Overflow 2014-07-01 2015-12-08
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that generates log messages.
7170 CVE-2014-1356 119 Exec Code Overflow 2014-07-01 2015-12-08
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that sends IPC messages.
7171 CVE-2014-1318 20 Exec Code 2014-04-23 2014-04-23
10.0
None Remote Low Not required Complete Complete Complete
The Intel Graphics Driver in Apple OS X through 10.9.2 does not properly validate a certain pointer, which allows attackers to execute arbitrary code via a crafted application.
7172 CVE-2014-1314 264 Exec Code Bypass 2014-04-23 2014-04-24
10.0
None Remote Low Not required Complete Complete Complete
WindowServer in Apple OS X through 10.9.2 does not prevent session creation by a sandboxed application, which allows attackers to bypass the sandbox protection mechanism and execute arbitrary code via a crafted application.
7173 CVE-2014-1303 119 Exec Code Overflow Bypass 2014-03-26 2016-12-07
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Liang Chen during a Pwn2Own competition at CanSecWest 2014.
7174 CVE-2014-1300 Exec Code 2014-03-26 2016-12-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows remote attackers to execute arbitrary code with root privileges via unknown vectors, as demonstrated by Google during a Pwn4Fun competition at CanSecWest 2014.
7175 CVE-2014-1251 119 DoS Exec Code Overflow 2014-02-26 2015-10-21
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted clef atom in a movie file.
7176 CVE-2014-1250 119 DoS Exec Code Overflow 2014-02-26 2014-03-10
9.3
None Remote Medium Not required Complete Complete Complete
Apple QuickTime before 7.7.5 does not properly perform a byte-swapping operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted ttfo element in a movie file.
7177 CVE-2014-1249 119 DoS Exec Code Overflow 2014-02-26 2014-03-10
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PSD image.
7178 CVE-2014-1248 119 DoS Exec Code Overflow 2014-02-26 2014-03-10
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ldat atom in a movie file.
7179 CVE-2014-1247 119 DoS Exec Code Overflow Mem. Corr. 2014-02-26 2014-03-10
9.3
None Remote Medium Not required Complete Complete Complete
Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted dref atom in a movie file.
7180 CVE-2014-1246 119 DoS Exec Code Overflow 2014-02-26 2014-02-27
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ftab atom in a movie file.
7181 CVE-2014-1245 189 DoS Exec Code 2014-02-26 2014-03-10
9.3
None Remote Medium Not required Complete Complete Complete
Integer signedness error in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted stsz atom in a movie file.
7182 CVE-2014-1244 119 DoS Exec Code Overflow 2014-02-26 2015-10-21
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.
7183 CVE-2014-1243 119 DoS Exec Code Overflow 2014-02-26 2014-02-27
9.3
None Remote Medium Not required Complete Complete Complete
Apple QuickTime before 7.7.5 does not initialize an unspecified pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted track list in a movie file.
7184 CVE-2014-1236 119 Overflow 2014-01-10 2017-06-30
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a "long digit list."
7185 CVE-2014-1209 20 2014-04-11 2014-04-14
9.3
None Remote Medium Not required Complete Complete Complete
VMware vSphere Client 4.0, 4.1, 5.0 before Update 3, and 5.1 before Update 2 does not properly validate updates to Client files, which allows remote attackers to trigger the downloading and execution of an arbitrary program via unspecified vectors.
7186 CVE-2014-1202 94 1 Exec Code 2014-01-24 2014-01-27
9.3
None Remote Medium Not required Complete Complete Complete
The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.
7187 CVE-2014-1201 119 DoS Exec Code Overflow 2014-01-15 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2 LH330 series with firmware 11.17.38-33_1D97A, and Edge3 LH340 series with firmware 11.19.85_1FE3A allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the HTTP_PORT parameter.
7188 CVE-2014-0980 119 1 Exec Code Overflow 2014-02-11 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote attackers to execute arbitrary code via a crafted PUI file.
7189 CVE-2014-0978 119 Overflow 2014-01-10 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file.
7190 CVE-2014-0879 119 Exec Code Overflow 2014-03-21 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the Taskmaster Capture ActiveX control in IBM Datacap Taskmaster Capture 8.0.1, and 8.1 before FP2, allows remote attackers to execute arbitrary code via unspecified vectors.
7191 CVE-2014-0862 Exec Code 2014-03-01 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x before 3.0.1.6 iFix 2 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code via unknown vectors.
7192 CVE-2014-0787 119 Exec Code Overflow 2014-04-12 2017-09-16
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in WellinTech KingSCADA before 3.1.2.13 allows remote attackers to execute arbitrary code via a crafted packet.
7193 CVE-2014-0783 119 Exec Code Overflow 2014-03-14 2015-08-05
9.0
None Remote Low Not required Partial Partial Complete
Stack-based buffer overflow in BKHOdeq.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet.
7194 CVE-2014-0781 119 Exec Code Overflow 2014-03-14 2015-08-05
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets.
7195 CVE-2014-0769 287 2014-04-25 2014-04-25
9.3
None Remote Medium Not required Complete Complete Complete
The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001.
7196 CVE-2014-0760 287 DoS Exec Code 2014-04-25 2014-04-25
9.3
None Remote Medium Not required Complete Complete Complete
The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
7197 CVE-2014-0758 20 2014-02-23 2014-02-24
9.3
None Remote Medium Not required Complete Complete Complete
An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document.
7198 CVE-2014-0754 22 Dir. Trav. 2014-10-03 2016-04-04
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request.
7199 CVE-2014-0749 119 1 Exec Code Overflow 2014-05-16 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in lib/Libdis/disrsi_.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.5.x through 2.5.13 allows remote attackers to execute arbitrary code via a large count value.
7200 CVE-2014-0721 264 2014-02-22 2014-03-05
10.0
None Remote Low Not required Complete Complete Complete
The Cisco Unified SIP Phone 3905 with firmware before 9.4(1) allows remote attackers to obtain root access via a session on the test interface on TCP port 7870, aka Bug ID CSCuh75574.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.