CVE-2014-9222

Public exploit
AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the "Misfortune Cookie" vulnerability.
Max CVSS
10.0
EPSS Score
97.21%
Published
2014-12-24
Updated
2018-08-31

CVE-2014-8440

Public exploit
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-0581, and CVE-2014-8441.
Max CVSS
10.0
EPSS Score
97.38%
Published
2014-11-11
Updated
2018-12-20

CVE-2014-8423

Public exploit
Unspecified vulnerability in the management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to execute arbitrary commands via unknown vectors.
Max CVSS
10.0
EPSS Score
40.91%
Published
2014-11-28
Updated
2014-11-28

CVE-2014-7205

Public exploit
Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute arbitrary Javascript code via unspecified vectors.
Max CVSS
10.0
EPSS Score
87.46%
Published
2014-10-08
Updated
2019-07-16

CVE-2014-6352

Known exploited
Public exploit
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted PowerPoint document.
Max CVSS
9.3
EPSS Score
96.88%
Published
2014-10-22
Updated
2018-10-12
CISA KEV Added
2022-02-25

CVE-2014-6332

Known exploited
Public exploit
OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka "Windows OLE Automation Array Remote Code Execution Vulnerability."
Max CVSS
9.3
EPSS Score
97.39%
Published
2014-11-11
Updated
2019-05-15
CISA KEV Added
2022-03-25

CVE-2014-6324

Known exploited
Public exploit
The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain users to obtain domain administrator privileges via a forged signature in a ticket, as exploited in the wild in November 2014, aka "Kerberos Checksum Vulnerability."
Max CVSS
9.0
EPSS Score
97.23%
Published
2014-11-18
Updated
2019-02-26
CISA KEV Added
2022-03-25

CVE-2014-6287

Known exploited
Public exploit
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.
Max CVSS
10.0
EPSS Score
97.29%
Published
2014-10-07
Updated
2021-02-26
CISA KEV Added
2022-03-25

CVE-2014-6278

Public exploit
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.
Max CVSS
10.0
EPSS Score
97.35%
Published
2014-09-30
Updated
2021-11-17

CVE-2014-6271

Known exploited
Public exploit
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
Max CVSS
10.0
EPSS Score
97.56%
Published
2014-09-24
Updated
2021-11-17
CISA KEV Added
2022-01-28

CVE-2014-4936

Public exploit
The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable.
Max CVSS
9.3
EPSS Score
1.45%
Published
2014-12-16
Updated
2016-12-07

CVE-2014-4877

Public exploit
Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.
Max CVSS
9.3
EPSS Score
7.82%
Published
2014-10-29
Updated
2017-02-17

CVE-2014-4404

Known exploited
Public exploit
Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.
Max CVSS
9.3
EPSS Score
0.64%
Published
2014-09-18
Updated
2019-03-08
CISA KEV Added
2022-02-10

CVE-2014-4114

Known exploited
Public exploit
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Office document, as exploited in the wild with a "Sandworm" attack in June through October 2014, aka "Windows OLE Remote Code Execution Vulnerability."
Max CVSS
9.3
EPSS Score
96.96%
Published
2014-10-15
Updated
2018-10-12
CISA KEV Added
2022-03-03

CVE-2014-3936

Public exploit
Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware 1.01 and earlier allows remote attackers to execute arbitrary code via a long Content-Length header in a GetDeviceSettings action in an HNAP request.
Max CVSS
10.0
EPSS Score
95.78%
Published
2014-06-02
Updated
2023-04-26

CVE-2014-3914

Public exploit
Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows remote attackers to (1) create arbitrary files via a .. (dot dot) in the query parameter in a writeDataFile action to the fileRequestor servlet, execute arbitrary files via a .. (dot dot) in the query parameter in a (2) run or (3) runClear action to the fileRequestor servlet, (4) read arbitrary files via a readDataFile action to the fileRequestor servlet, (5) execute arbitrary code via a save_server_groups action to the userRequest servlet, or (6) delete arbitrary files via a del action in the fileRequestServlet servlet.
Max CVSS
10.0
EPSS Score
97.05%
Published
2014-08-07
Updated
2014-08-07

CVE-2014-3913

Public exploit
Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers to execute arbitrary code via a request for a non-existent file.
Max CVSS
10.0
EPSS Score
89.30%
Published
2014-06-04
Updated
2015-08-31

CVE-2014-3829

Public exploit
displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable.
Max CVSS
10.0
EPSS Score
58.47%
Published
2014-10-23
Updated
2019-07-30

CVE-2014-3828

Public exploit
Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id parameter to views/graphs/graphStatus/displayServiceStatus.php, (4) the mnftr_id parameter to configuration/configObject/traps/GetXMLTrapsForVendor.php, or (5) the index parameter to common/javascript/commandGetArgs/cmdGetExample.php in include/.
Max CVSS
10.0
EPSS Score
91.72%
Published
2014-10-23
Updated
2019-07-30

CVE-2014-3804

Public exploit
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) update_system_info_debian_package, (2) ossec_task, (3) set_ossim_setup admin_ip, (4) sync_rserver, or (5) set_ossim_setup framework_ip request, a different vulnerability than CVE-2014-3805.
Max CVSS
10.0
EPSS Score
95.53%
Published
2014-06-13
Updated
2017-09-16

CVE-2014-3791

Public exploit
Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 6.8 allows remote attackers to execute arbitrary code via a long string in a cookie UserID parameter to vfolder.ghp.
Max CVSS
10.0
EPSS Score
90.95%
Published
2014-05-20
Updated
2014-05-21

CVE-2014-2624

Public exploit
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2264.
Max CVSS
10.0
EPSS Score
97.06%
Published
2014-09-11
Updated
2017-08-29

CVE-2014-2623

Public exploit
Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors.
Max CVSS
10.0
EPSS Score
52.18%
Published
2014-07-18
Updated
2017-01-07

CVE-2014-2299

Public exploit
Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data.
Max CVSS
9.3
EPSS Score
95.27%
Published
2014-03-11
Updated
2016-06-02

CVE-2014-2206

Public exploit
Stack-based buffer overflow in GetGo Download Manager 4.9.0.1982, 4.8.2.1346, 4.4.5.502, and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long HTTP Response Header.
Max CVSS
10.0
EPSS Score
77.17%
Published
2014-03-05
Updated
2018-10-09
51 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!