Total
4525 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-7284 | 1 Malcolm Nooning | 1 Pirpc | 2025-04-12 | 6.8 MEDIUM | N/A |
| The PlRPC module, possibly 0.2020 and earlier, for Perl uses the Storable module, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized. | |||||
| CVE-2014-4672 | 1 Yiiframework | 1 Yiiframework | 2025-04-12 | 7.5 HIGH | N/A |
| The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property. | |||||
| CVE-2014-5090 | 1 Status2k | 1 Status2k | 2025-04-12 | 6.5 MEDIUM | N/A |
| admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the Location field in Add Logs in the Admin Panel. | |||||
| CVE-2014-5112 | 1 Netfortris | 1 Trixbox | 2025-04-12 | 7.5 HIGH | N/A |
| maint/modules/home/index.php in Fonality trixbox allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter. | |||||
| CVE-2014-9266 | 1 Samsung | 1 Smart Viewer | 2025-04-12 | 6.8 MEDIUM | N/A |
| The STWConfig ActiveX control in Samsung SmartViewer does not properly initialize a variable, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2014-0587 | 4 Adobe, Apple, Linux and 1 more | 4 Flash Player, Mac Os X, Linux Kernel and 1 more | 2025-04-12 | 10.0 HIGH | N/A |
| Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9164. | |||||
| CVE-2015-5643 | 1 Icz | 1 Matchasns | 2025-04-12 | 6.8 MEDIUM | N/A |
| The installer in ICZ MATCHA INVOICE before 2.5.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors. | |||||
| CVE-2014-8461 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2025-04-12 | 10.0 HIGH | N/A |
| Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, and CVE-2014-9158. | |||||
| CVE-2014-8877 | 1 Creative Minds | 1 Cm Download Manager | 2025-04-12 | 10.0 HIGH | N/A |
| The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by the PHP create_function function. | |||||
| CVE-2014-0479 | 2 Canonical, Debian | 2 Reportbug, Reportbug | 2025-04-12 | 6.8 MEDIUM | N/A |
| reportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 allows remote attackers to execute arbitrary commands via vectors related to compare_versions and reportbug/checkversions.py. | |||||
| CVE-2015-0088 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2025-04-12 | 9.3 HIGH | N/A |
| Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "Adobe Font Driver Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-0090, CVE-2015-0091, CVE-2015-0092, and CVE-2015-0093. | |||||
| CVE-2014-4043 | 2 Gnu, Opensuse | 2 Glibc, Opensuse | 2025-04-12 | 7.5 HIGH | N/A |
| The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities. | |||||
| CVE-2014-2558 | 1 Skyphe | 1 File-gallery | 2025-04-12 | 6.5 MEDIUM | N/A |
| The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a \' (backslash quote) in the setting fields to /wp-admin/options-media.php, related to the create_function function. | |||||
| CVE-2014-8669 | 1 Sap | 1 Customer Relationship Management | 2025-04-12 | 10.0 HIGH | N/A |
| The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2014-3496 | 1 Redhat | 2 Openshift, Openshift Origin | 2025-04-12 | 10.0 HIGH | N/A |
| cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file. | |||||
| CVE-2013-6468 | 1 Redhat | 3 Jboss Bpm Suite, Jboss Drools, Jboss Enterprise Brms Platform | 2025-04-12 | 6.5 MEDIUM | N/A |
| JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a (1) MVFLEX Expression Language (MVEL) or (2) Drools expression. | |||||
| CVE-2014-0251 | 1 Microsoft | 8 Office Web Apps Server, Project Server, Sharepoint Designer and 5 more | 2025-04-12 | 9.0 HIGH | N/A |
| Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1; SharePoint Foundation 2010 SP1 and SP2 and 2013 Gold and SP1; Project Server 2010 SP1 and SP2 and 2013 Gold and SP1; Web Applications 2010 SP1 and SP2; Office Web Apps Server 2013 Gold and SP1; SharePoint Server 2013 Client Components SDK; and SharePoint Designer 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka "SharePoint Page Content Vulnerability." | |||||
| CVE-2014-2208 | 1 Facebook | 1 Hiphop Virtual Machine | 2025-04-12 | 7.5 HIGH | N/A |
| CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbitrary commands by entering a \n (newline) character before the end of a string. | |||||
| CVE-2014-2909 | 1 Siemens | 6 Simatic S7 Cpu-1211c, Simatic S7 Cpu 1200 Firmware, Simatic S7 Cpu 1212c and 3 more | 2025-04-12 | 5.8 MEDIUM | N/A |
| CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors. | |||||
| CVE-2014-2639 | 1 Hp | 1 Mpio Device Specific Module Manager | 2025-04-12 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in HP MPIO Device Specific Module Manager before 4.02.00 allows local users to gain privileges via unknown vectors. | |||||