Security Vulnerabilities, CVEs, Published In January 2014 CVSS score >= 7
The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via vectors that trigger an error condition.
Max CVSS
7.5
EPSS Score
4.27%
Published
2014-01-29
Updated
2023-02-13
Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.102 have unknown impact and attack vectors, related to 12 "security fixes [that were not] either contributed by external researchers or particularly interesting."
Max CVSS
10.0
EPSS Score
0.20%
Published
2014-01-28
Updated
2018-01-03
The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service (host or guest malfunction) or possibly gain privileges via unspecified vectors.
Max CVSS
8.3
EPSS Score
0.38%
Published
2014-01-26
Updated
2018-01-03
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
Max CVSS
7.5
EPSS Score
0.29%
Published
2014-01-22
Updated
2018-10-30
Multiple SQL injection vulnerabilities in Cubic CMS 5.1.1, 5.1.2, and 5.2 allow remote attackers to execute arbitrary SQL commands via the (1) resource_id or (2) version_id parameter to recursos/agent.php or (3) login or (4) pass parameter to login.usuario.
Max CVSS
7.5
EPSS Score
0.24%
Published
2014-01-21
Updated
2017-08-29
Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) p_id parameter to products.php or id parameter to (3) page.php or (4) news.php.
Max CVSS
7.5
EPSS Score
0.47%
Published
2014-01-21
Updated
2017-08-29
The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows remote OpenID users to authenticate as other users via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.69%
Published
2014-01-24
Updated
2014-02-21
SQL injection vulnerability in CSP MySQL User Manager 2.3 allows remote attackers to execute arbitrary SQL commands via the login field of the login page.
Max CVSS
7.5
EPSS Score
0.56%
Published
2014-01-15
Updated
2017-08-29
The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via an HTTP request, as demonstrated by stored XSS attacks.
Max CVSS
7.8
EPSS Score
0.57%
Published
2014-01-10
Updated
2014-05-05
Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file.
Max CVSS
7.5
EPSS Score
4.72%
Published
2014-01-24
Updated
2017-08-29
Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a "long digit list."
Max CVSS
10.0
EPSS Score
3.36%
Published
2014-01-10
Updated
2017-07-01
SQL injection vulnerability in the password reset page in Open Web Analytics (OWA) before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owa_email_address parameter in a base.passwordResetRequest action to index.php.
Max CVSS
7.5
EPSS Score
0.60%
Published
2014-01-15
Updated
2018-10-09
SQL injection vulnerability in Tableau Server 8.0.x before 8.0.7 and 8.1.x before 8.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be exploited by unauthenticated remote attackers if the guest user is enabled.
Max CVSS
7.5
EPSS Score
0.62%
Published
2014-01-31
Updated
2017-08-29
The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.
Max CVSS
9.3
EPSS Score
83.83%
Published
2014-01-25
Updated
2014-01-28
Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2 LH330 series with firmware 11.17.38-33_1D97A, and Edge3 LH340 series with firmware 11.19.85_1FE3A allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the HTTP_PORT parameter.
Max CVSS
10.0
EPSS Score
69.54%
Published
2014-01-15
Updated
2018-10-09
Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file.
Max CVSS
9.3
EPSS Score
3.31%
Published
2014-01-10
Updated
2017-08-29
The AutoUpdate package before 6.4 for IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to execute arbitrary console commands by leveraging control of the server.
Max CVSS
7.5
EPSS Score
0.64%
Published
2014-01-30
Updated
2017-08-29
Unspecified vulnerability in JustSystems Sanshiro 2007 before update 3, 2008 before update 5, 2009 before update 6, and 2010 before update 6, and Sanshiro Viewer before 2.0.2.0, allows remote attackers to execute arbitrary code via a crafted document.
Max CVSS
7.5
EPSS Score
7.02%
Published
2014-01-29
Updated
2014-01-29
Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types.
Max CVSS
7.5
EPSS Score
3.19%
Published
2014-01-17
Updated
2014-01-21
Stack-based buffer overflow in the SCADA server in Ecava IntegraXor before 4.1.4390 allows remote attackers to cause a denial of service (system crash) by triggering access to DLL code located in the IntegraXor directory.
Max CVSS
7.8
EPSS Score
0.67%
Published
2014-01-21
Updated
2015-08-21
Directory traversal vulnerability in CimWebServer.exe (aka the WebView component) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted message to TCP port 10212, aka ZDI-CAN-1623.
Max CVSS
7.5
EPSS Score
41.38%
Published
2014-01-25
Updated
2014-02-21
CVE-2014-0750
Public exploit
Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted HTTP request, aka ZDI-CAN-1622.
Max CVSS
7.5
EPSS Score
38.43%
Published
2014-01-25
Updated
2014-02-21
The SIP module in Cisco TelePresence Video Communication Server (VCS) before 8.1 allows remote attackers to cause a denial of service (process failure) via a crafted SDP message, aka Bug ID CSCue97632.
Max CVSS
7.1
EPSS Score
1.17%
Published
2014-01-22
Updated
2017-08-29
The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote attackers to execute arbitrary commands or cause a denial of service (stack memory corruption) via a crafted XML-RPC message, aka Bug ID CSCui32796.
Max CVSS
8.3
EPSS Score
1.41%
Published
2014-01-22
Updated
2017-08-29
Cisco TelePresence ISDN Gateway with software before 2.2(1.92) allows remote attackers to cause a denial of service (D-channel call outage) via a crafted Q.931 STATUS message, aka Bug ID CSCui50360.
Max CVSS
7.1
EPSS Score
1.17%
Published
2014-01-22
Updated
2017-08-29