| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
8001 |
CVE-2014-2303 |
89 |
|
Exec Code Sql |
2014-06-13 |
2018-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in the file browser component (we_fs.php) in webEdition CMS before 6.2.7-s1.2 and 6.3.x through 6.3.8 before -s1 allow remote attackers to execute arbitrary SQL commands via the (1) table or (2) order parameter. |
|
8002 |
CVE-2014-2302 |
94 |
|
|
2018-07-19 |
2018-09-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org. |
|
8003 |
CVE-2014-2294 |
74 |
|
|
2018-04-17 |
2018-05-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Open Web Analytics (OWA) before 1.5.7 allows remote attackers to conduct PHP object injection attacks via a crafted serialized object in the owa_event parameter to queue.php. |
|
8004 |
CVE-2014-2293 |
94 |
|
Exec Code |
2018-03-26 |
2018-04-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object injection attacks and delete arbitrary files or execute arbitrary PHP code via crafted serialized data in the (1) authentication_method_ser or (2) authentication_info_ser parameter to index.php, or (3) zikulaMobileTheme parameter to index.php. |
|
8005 |
CVE-2014-2292 |
|
|
+Priv |
2014-03-14 |
2014-03-17 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the Linux Network Connect client in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows local users to gain privileges via unspecified vectors. |
|
8006 |
CVE-2014-2286 |
20 |
|
DoS Exec Code |
2014-04-18 |
2014-04-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers. |
|
8007 |
CVE-2014-2273 |
264 |
|
|
2014-12-05 |
2017-08-28 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The hx170dec device driver in Huawei P2-6011 before V100R001C00B043 allows local users to read and write to arbitrary memory locations via unspecified vectors. |
|
8008 |
CVE-2014-2264 |
255 |
|
|
2014-03-02 |
2014-03-03 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session. |
|
8009 |
CVE-2014-2259 |
|
|
DoS |
2014-03-16 |
2014-03-25 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTPS packets. |
|
8010 |
CVE-2014-2258 |
399 |
|
DoS |
2014-03-24 |
2014-03-24 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTPS packets, a different vulnerability than CVE-2014-2259. |
|
8011 |
CVE-2014-2257 |
|
|
DoS |
2014-03-16 |
2014-03-25 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets. |
|
8012 |
CVE-2014-2256 |
399 |
|
DoS |
2014-03-24 |
2014-03-24 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets, a different vulnerability than CVE-2014-2257. |
|
8013 |
CVE-2014-2255 |
|
|
DoS |
2014-03-16 |
2014-03-25 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets. |
|
8014 |
CVE-2014-2254 |
399 |
|
DoS |
2014-03-24 |
2014-03-24 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets, a different vulnerability than CVE-2014-2255. |
|
8015 |
CVE-2014-2240 |
119 |
|
DoS Exec Code Overflow |
2014-03-12 |
2014-04-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in the cf2_hintmap_build function in cff/cf2hints.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of stem hints in a font file. |
|
8016 |
CVE-2014-2223 |
94 |
1
|
Exec Code |
2014-09-11 |
2015-01-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unrestricted file upload vulnerability in plog-admin/plog-upload.php in Plogger 1.0 RC1 and earlier allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file and a non-zero length PNG file, then accessing the PHP file via a direct request to it in plog-content/uploads/archive/. |
|
8017 |
CVE-2014-2217 |
22 |
|
Exec Code Dir. Trav. |
2014-12-25 |
2014-12-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via a full pathname in the UploadID metadata value. |
|
8018 |
CVE-2014-2216 |
|
|
DoS Exec Code |
2014-08-25 |
2017-08-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.0.0 before 5.0.8 on FortiGate devices allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted request. |
|
8019 |
CVE-2014-2211 |
89 |
|
Exec Code Sql |
2014-03-03 |
2014-03-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in portal/addtoapplication.php in POSH (aka Posh portal or Portaneo) 3.0 before 3.3.0 allows remote attackers to execute arbitrary SQL commands via the rssurl parameter. |
|
8020 |
CVE-2014-2210 |
22 |
|
DoS Exec Code Dir. Trav. Bypass +Info |
2014-04-04 |
2015-08-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple directory traversal vulnerabilities in CA ERwin Web Portal 9.5 allow remote attackers to obtain sensitive information, bypass intended access restrictions, cause a denial of service, or possibly execute arbitrary code via unspecified vectors. |
|
8021 |
CVE-2014-2208 |
94 |
|
Exec Code |
2014-12-28 |
2014-12-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbitrary commands by entering a \n (newline) character before the end of a string. |
|
8022 |
CVE-2014-2201 |
|
|
DoS |
2014-05-25 |
2014-05-27 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The Message Transfer Service (MTS) in Cisco NX-OS before 6.2(7) on MDS 9000 devices and 6.0 before 6.0(2) on Nexus 7000 devices allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a large volume of crafted traffic, aka Bug ID CSCtw98915. |
|
8023 |
CVE-2014-2200 |
264 |
|
+Priv |
2014-05-25 |
2014-05-27 |
7.1 |
None |
Remote |
High |
Single system |
Complete |
Complete |
Complete |
|
Cisco NX-OS 5.0 before 5.0(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via an SSH session to a management interface, aka Bug ID CSCti11629. |
|
8024 |
CVE-2014-2176 |
399 |
|
DoS |
2014-06-14 |
2016-09-07 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Cisco IOS XR 4.1.2 through 5.1.1 on ASR 9000 devices, when a Trident-based line card is used, allows remote attackers to cause a denial of service (NP chip and line card reload) via malformed IPv6 packets, aka Bug ID CSCun71928. |
|
8025 |
CVE-2014-2175 |
20 |
|
DoS |
2014-05-02 |
2014-05-02 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allow remote attackers to cause a denial of service (memory consumption) via crafted H.225 packets, aka Bug ID CSCtq78849. |
|
8026 |
CVE-2014-2173 |
264 |
|
+Priv |
2014-05-02 |
2014-05-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 do not properly restrict access to the serial port, which allows local users to gain privileges via unspecified commands, aka Bug ID CSCub67692. |
|
8027 |
CVE-2014-2168 |
119 |
|
Exec Code Overflow |
2014-05-02 |
2014-05-02 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to execute arbitrary code via crafted DNS response packets, aka Bug ID CSCty44804. |
|
8028 |
CVE-2014-2167 |
20 |
|
DoS |
2014-05-02 |
2014-05-02 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCua86589. |
|
8029 |
CVE-2014-2166 |
20 |
|
DoS |
2014-05-02 |
2014-05-02 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The SIP implementation in Cisco TelePresence TC Software 4.x and TE Software 4.x allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCto70562. |
|
8030 |
CVE-2014-2165 |
20 |
|
DoS |
2014-05-02 |
2014-05-02 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCtq72699. |
|
8031 |
CVE-2014-2164 |
20 |
|
DoS |
2014-05-02 |
2014-05-02 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCuj94651. |
|
8032 |
CVE-2014-2163 |
20 |
|
DoS |
2014-05-02 |
2014-05-02 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCua64961. |
|
8033 |
CVE-2014-2162 |
20 |
|
DoS |
2014-05-02 |
2014-05-02 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCud29566. |
|
8034 |
CVE-2014-2161 |
20 |
|
DoS |
2014-05-02 |
2014-05-02 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCty45731. |
|
8035 |
CVE-2014-2160 |
20 |
|
DoS |
2014-05-02 |
2014-05-02 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCty45745. |
|
8036 |
CVE-2014-2159 |
20 |
|
DoS |
2014-05-02 |
2014-05-02 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCtq78722. |
|
8037 |
CVE-2014-2158 |
20 |
|
DoS |
2014-05-02 |
2014-05-02 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45720. |
|
8038 |
CVE-2014-2157 |
20 |
|
DoS |
2014-05-02 |
2014-05-02 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45733. |
|
8039 |
CVE-2014-2156 |
20 |
|
DoS |
2014-05-02 |
2014-05-02 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45739. |
|
8040 |
CVE-2014-2132 |
119 |
|
DoS Overflow |
2014-05-08 |
2014-05-08 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco WebEx Recording Format (WRF) player and Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allow remote attackers to cause a denial of service (application crash) via a crafted (1) .wrf or (2) .arf file that triggers a buffer over-read, aka Bug ID CSCuh52768. |
|
8041 |
CVE-2014-2129 |
20 |
|
DoS |
2014-04-10 |
2014-04-10 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.48), 8.4 before 8.4(6.5), 9.0 before 9.0(3.1), and 9.1 before 9.1(2.5) allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted SIP packets, aka Bug ID CSCuh44052. |
|
8042 |
CVE-2014-2124 |
399 |
|
DoS |
2014-03-20 |
2017-08-28 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Cisco IOS 15.1(2)SY3 and earlier, when used with Supervisor Engine 2T (aka Sup2T) on Catalyst 6500 devices, allows remote attackers to cause a denial of service (device crash) via crafted multicast packets, aka Bug ID CSCuf60783. |
|
8043 |
CVE-2014-2113 |
20 |
|
DoS |
2014-03-27 |
2017-05-22 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco IOS 15.1 through 15.3 and IOS XE 3.3 and 3.5 before 3.5.2E; 3.7 before 3.7.5S; and 3.8, 3.9, and 3.10 before 3.10.2S allow remote attackers to cause a denial of service (I/O memory consumption and device reload) via a malformed IPv6 packet, aka Bug ID CSCui59540. |
|
8044 |
CVE-2014-2112 |
20 |
|
DoS |
2014-03-27 |
2017-05-22 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The SSL VPN (aka WebVPN) feature in Cisco IOS 15.1 through 15.4 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP requests, aka Bug ID CSCuf51357. |
|
8045 |
CVE-2014-2111 |
20 |
|
DoS |
2014-03-27 |
2017-05-22 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The Application Layer Gateway (ALG) module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCue00996. |
|
8046 |
CVE-2014-2109 |
20 |
|
DoS |
2014-03-27 |
2017-05-22 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The TCP Input module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted TCP packets, aka Bug IDs CSCuh33843 and CSCuj41494. |
|
8047 |
CVE-2014-2108 |
20 |
|
DoS |
2014-03-27 |
2014-03-28 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.2 through 3.7 before 3.7.5S and 3.8 through 3.10 before 3.10.1S allow remote attackers to cause a denial of service (device reload) via a malformed IKEv2 packet, aka Bug ID CSCui88426. |
|
8048 |
CVE-2014-2107 |
20 |
|
DoS |
2014-03-27 |
2014-03-28 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Cisco IOS 12.2 and 15.0 through 15.3, when used with the Kailash FPGA before 2.6 on RSP720-3C-10GE and RSP720-3CXL-10GE devices, allows remote attackers to cause a denial of service (route switch processor outage) via crafted IP packets, aka Bug ID CSCug84789. |
|
8049 |
CVE-2014-2106 |
20 |
|
DoS |
2014-03-27 |
2014-03-28 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco IOS 15.3M before 15.3(3)M2 and IOS XE 3.10.xS before 3.10.2S allow remote attackers to cause a denial of service (device reload) via crafted SIP messages, aka Bug ID CSCug45898. |
|
8050 |
CVE-2014-2081 |
89 |
|
Exec Code Sql |
2014-10-20 |
2015-01-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in the login in web_reports/cgi-bin/InfoStation.cgi in Innovative vtls-Virtua before 2013.2.4 and 2014.x before 2014.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. |
