CVE-2014-2850

Public exploit
The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.
Max CVSS
8.5
EPSS Score
18.81%
Published
2014-04-11
Updated
2014-04-14

CVE-2014-2849

Public exploit
The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.
Max CVSS
8.5
EPSS Score
17.80%
Published
2014-04-11
Updated
2014-04-14

CVE-2014-2424

Public exploit
Unspecified vulnerability in the Oracle Event Processing component in Oracle Fusion Middleware 11.1.1.7.0 allows remote authenticated users to affect integrity via vectors related to CEP system.
Max CVSS
4.0
EPSS Score
97.44%
Published
2014-04-16
Updated
2014-07-24

CVE-2014-2127

Public exploit
Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), 8.3 before 8.3(2.40), 8.4 before 8.4(7.9), 8.6 before 8.6(1.13), 9.0 before 9.0(4.1), and 9.1 before 9.1(4.3) does not properly process management-session information during privilege validation for SSL VPN portal connections, which allows remote authenticated users to gain privileges by establishing a Clientless SSL VPN session and entering crafted URLs, aka Bug ID CSCul70099.
Max CVSS
8.5
EPSS Score
0.56%
Published
2014-04-10
Updated
2023-08-15

CVE-2014-1691

Public exploit
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form.
Max CVSS
7.5
EPSS Score
94.48%
Published
2014-04-01
Updated
2014-04-02

CVE-2014-0763

Public exploit
Multiple SQL injection vulnerabilities in DBVisitor.dll in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary SQL commands via SOAP requests to unspecified functions.
Max CVSS
7.5
EPSS Score
0.87%
Published
2014-04-12
Updated
2015-07-24

CVE-2014-0644

Public exploit
EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file.
Max CVSS
7.8
EPSS Score
36.40%
Published
2014-04-17
Updated
2014-04-17

CVE-2014-0515

Public exploit
Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in April 2014.
Max CVSS
10.0
EPSS Score
97.09%
Published
2014-04-29
Updated
2018-12-13

CVE-2014-0514

Public exploit
The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related issue to CVE-2012-6636.
Max CVSS
9.3
EPSS Score
71.64%
Published
2014-04-15
Updated
2018-10-09

CVE-2014-0160

Known exploited
Public exploit
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
Max CVSS
7.5
EPSS Score
97.51%
Published
2014-04-07
Updated
2023-02-10
CISA KEV Added
2022-05-04

CVE-2014-0114

Public exploit
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.
Max CVSS
7.5
EPSS Score
97.31%
Published
2014-04-30
Updated
2023-02-13

CVE-2014-0112

Public exploit
ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.
Max CVSS
7.5
EPSS Score
97.40%
Published
2014-04-29
Updated
2019-08-12

CVE-2014-0050

Public exploit
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.
Max CVSS
7.5
EPSS Score
16.60%
Published
2014-04-01
Updated
2021-07-17

CVE-2013-2143

Public exploit
The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.
Max CVSS
6.5
EPSS Score
72.72%
Published
2014-04-17
Updated
2021-07-16
14 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!