CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
8901 CVE-2014-8165 345 Exec Code 2015-02-19 2018-01-05
10.0
None Remote Low Not required Complete Complete Complete
scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.
8902 CVE-2014-8118 189 Exec Code Overflow 2014-12-16 2018-11-29
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow.
8903 CVE-2014-7985 22 Dir. Trav. 2014-10-31 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in EspoCRM before 2.6.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter to install/index.php.
8904 CVE-2014-7921 264 +Priv 2017-04-13 2018-08-13
10.0
None Remote Low Not required Complete Complete Complete
mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7920.
8905 CVE-2014-7920 264 +Priv 2017-04-13 2018-08-13
10.0
None Remote Low Not required Complete Complete Complete
mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921.
8906 CVE-2014-7917 189 Overflow 2015-10-01 2015-10-01
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342615.
8907 CVE-2014-7916 189 Overflow 2015-10-01 2015-10-01
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342751.
8908 CVE-2014-7915 189 Overflow 2015-10-01 2015-10-01
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15328708.
8909 CVE-2014-7898 Exec Code 2015-03-09 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via unspecified vectors.
8910 CVE-2014-7897 Exec Code 2015-03-09 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSScanner.ocx for Imaging Barcode scanners, Linear Barcode scanners, Presentation Barcode scanners, Retail Integrated Barcode scanners, Wireless Barcode scanners, and 2D Value Wireless scanners.
8911 CVE-2014-7895 Exec Code 2015-03-09 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCashDrawer.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, Value Serial/USB Receipt printers, and USB Standard Duty cash drawers, aka ZDI-CAN-2505.
8912 CVE-2014-7894 Exec Code 2015-03-09 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSPOSPrinter.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, and Value Serial/USB Receipt printers, aka ZDI-CAN-2506.
8913 CVE-2014-7893 Exec Code 2015-03-09 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCheckScanner.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, and Value Serial/USB Receipt printers, aka ZDI-CAN-2507.
8914 CVE-2014-7892 Exec Code 2015-03-09 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSMSR.ocx for Mini MSR magnetic stripe readers, Retail Integrated Dual-Head MSR magnetic stripe readers, Integrated Single Head MSR w/o SRED magnetic stripe readers, Integrated Single Head w/o MSR SRED magnetic stripe readers, RP7 Single Head MSR w/o SRED magnetic stripe readers, POS keyboards, and POS keyboards with MSR, aka ZDI-CAN-2508.
8915 CVE-2014-7891 Exec Code 2015-03-09 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSPOSKeyboard.ocx for POS keyboards and POS keyboards with MSR, aka ZDI-CAN-2509.
8916 CVE-2014-7890 Exec Code 2015-03-09 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSToneIndicator.ocx for POS keyboards and POS keyboards with MSR, aka ZDI-CAN-2510.
8917 CVE-2014-7889 Exec Code 2015-03-09 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSLineDisplay.ocx for Retail RP7 VFD Customer Display monitors, Retail Integrated 2x20 Display monitors, Retail Integrated 2x20 Complex monitors, POS Pole Display monitors, Graphical POS Pole Display monitors, and LCD Pole Display monitors, aka ZDI-CAN-2511.
8918 CVE-2014-7888 Exec Code 2015-03-09 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSMICR.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, and Value Serial/USB Receipt printers, aka ZDI-CAN-2512.
8919 CVE-2014-7885 2015-03-14 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in HP ArcSight Enterprise Security Manager (ESM) before 6.8c have unknown impact and remote attack vectors.
8920 CVE-2014-7884 2015-03-14 2019-10-09
9.0
None Remote Low ??? Complete Complete Complete
Multiple unspecified vulnerabilities in HP ArcSight Logger before 6.0P1 have unknown impact and remote authenticated attack vectors.
8921 CVE-2014-7878 310 Exec Code 2014-11-14 2017-09-08
10.0
None Remote Low Not required Complete Complete Complete
The Application Lifecycle Service (ALS) in HP Helion Cloud Development Platform 1.0, when a virtual machine is derived from the Seed Node image, uses the same security keys across different customers' installations, which allows remote attackers to execute arbitrary code by leveraging these keys for a connection.
8922 CVE-2014-7876 DoS Exec Code +Priv 2015-03-31 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27 and 4 before 2.03 and iLO Chassis Management (CM) firmware before 1.30 allows remote attackers to gain privileges, execute arbitrary code, or cause a denial of service via unknown vectors.
8923 CVE-2014-7875 DoS +Info 2014-11-04 2017-09-08
9.0
None Remote Low Not required Partial Partial Complete
Unspecified vulnerability on the HP LaserJet CM3530 Multifunction Printer CC519A and CC520A with firmware before 53.236.2 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.
8924 CVE-2014-7861 20 DoS Exec Code 2014-10-05 2014-10-10
9.3
None Remote Medium Not required Complete Complete Complete
The IOHIDSecurePromptClient function in Apple OS X does not properly validate pointer values, which allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted web site.
8925 CVE-2014-7858 287 Bypass 2017-08-25 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string.
8926 CVE-2014-7857 287 Bypass 2017-08-25 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allow remote attackers to bypass authentication and log in with administrator permissions by passing the cgi_set_wto command in the cmd parameter, and setting the spawned session's cookie to username=admin.
8927 CVE-2014-7297 2014-10-13 2020-01-10
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the folder framework in the Enfold theme before 3.0.1 for WordPress has unknown impact and attack vectors.
8928 CVE-2014-7288 264 1 Exec Code 2015-02-01 2017-09-08
9.0
None Remote Low ??? Complete Complete Complete
Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action.
8929 CVE-2014-7279 264 1 2017-03-23 2017-03-28
10.0
None Remote Low Not required Complete Complete Complete
The Konke Smart Plug K does not require authentication for TELNET sessions, which allows remote attackers to obtain "equipment management authority" via TCP traffic to port 23.
8930 CVE-2014-7249 119 Exec Code Overflow 2014-12-19 2014-12-19
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S, CentreCOM AR450S, CentreCOM AR550S, CentreCOM AR570S, CentreCOM 8700SL, CentreCOM 8948XL, CentreCOM 9924SP, CentreCOM 9924T/4SP, Rapier 48i, and SwitchBlade4000 with firmware before 2.9.1-21 allows remote attackers to execute arbitrary code via a crafted HTTP POST request.
8931 CVE-2014-7247 19 Exec Code 2014-11-26 2015-02-24
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in JustSystems Ichitaro 2008 through 2011; Ichitaro Government 6, 7, 2008, 2009, and 2010; Ichitaro Pro; Ichitaro Pro 2; Ichitaro 2011 Sou; Ichitaro 2012 Shou; Ichitaro 2013 Gen; and Ichitaro 2014 Tetsu allows remote attackers to execute arbitrary code via a crafted file.
8932 CVE-2014-7235 94 Exec Code 2014-10-07 2019-12-10
10.0
None Remote Low Not required Complete Complete Complete
htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014.
8933 CVE-2014-7233 255 2015-08-04 2018-03-28
10.0
None Remote Low Not required Complete Complete Complete
GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for "Setup and Activation" using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors. NOTE: since these passwords appear to be used to access functionality during installation, this issue might not cross privilege boundaries and might not be a vulnerability.
8934 CVE-2014-7232 255 2015-08-04 2018-03-28
10.0
None Remote Low Not required Complete Complete Complete
GE Healthcare Discovery XR656 and XR656 G2 has a password of (1) 2getin for the insite user, (2) 4$xray for the xruser user, and (3) #superxr for the root user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value.
8935 CVE-2014-7224 20 Exec Code 2020-02-07 2020-02-12
9.0
None Remote Low ??? Complete Complete Complete
A Code Execution vulnerability exists in Android prior to 4.4.0 related to the addJavascriptInterface method and the accessibility and accessibilityTraversal objects, which could let a remote malicious user execute arbitrary code.
8936 CVE-2014-7216 119 DoS Exec Code Overflow 2015-09-11 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file.
8937 CVE-2014-7205 94 Exec Code 2014-10-08 2019-07-16
10.0
None Remote Low Not required Complete Complete Complete
Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute arbitrary Javascript code via unspecified vectors.
8938 CVE-2014-7192 94 Exec Code 2014-12-11 2017-09-08
10.0
None Remote Low Not required Complete Complete Complete
Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote attackers to execute arbitrary code via a crafted file.
8939 CVE-2014-7187 119 DoS Overflow 2014-09-28 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.
8940 CVE-2014-7186 119 DoS Overflow 2014-09-28 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack" issue.
8941 CVE-2014-7178 20 Exec Code 2014-11-28 2014-12-17
9.3
None Remote Medium Not required Complete Complete Complete
Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function.
8942 CVE-2014-7169 78 Exec Code 2014-09-25 2018-11-30
10.0
None Remote Low Not required Complete Complete Complete
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
8943 CVE-2014-6633 77 Exec Code 2018-04-12 2018-05-22
9.0
None Remote Low ??? Complete Complete Complete
The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the collection.domain in the webdav module or (2) the formula field in the price_list module.
8944 CVE-2014-6628 Exec Code 2015-05-28 2015-05-29
9.0
None Remote Low ??? Complete Complete Complete
Aruba Networks ClearPass Policy Manager (CPPM) before 6.5.0 allows remote administrators to execute arbitrary code via unspecified vectors.
8945 CVE-2014-6627 284 Exec Code 2014-11-19 2014-11-19
9.0
None Remote Low ??? Complete Complete Complete
Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-5342.
8946 CVE-2014-6626 284 Bypass 2014-11-19 2014-11-19
10.0
None Remote Low Not required Complete Complete Complete
Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not properly restrict access to unspecified administrative functions, which allows remote attackers to bypass authentication and execute administrative actions via unknown vectors.
8947 CVE-2014-6625 284 +Priv 2014-11-19 2014-11-19
9.0
None Remote Low ??? Complete Complete Complete
The Policy Manager in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to gain privileges via unspecified vectors.
8948 CVE-2014-6617 798 2018-03-09 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Softing FG-100 PB PROFIBUS firmware version FG-x00-PB_V2.02.0.00 contains a hardcoded password for the root account, which allows remote attackers to obtain administrative access via a TELNET session.
8949 CVE-2014-6601 2015-01-21 2020-09-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
8950 CVE-2014-6567 Exec Code Overflow 2015-01-21 2016-11-28
9.0
None Remote Low ??? Complete Complete Complete
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information is from the January 2015 CPU. Oracle has not commented on the researcher's claim that this is a stack-based buffer overflow in DBMS_AW.EXECUTE, which allows code execution via a long Current Directory Alias (CDA) command.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.