| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2008-7313 |
77 |
|
Exec Code |
2017-03-31 |
2017-04-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796. |
|
2 |
CVE-2009-5147 |
20 |
|
|
2017-03-29 |
2018-03-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names. |
|
3 |
CVE-2010-4314 |
119 |
|
Exec Code Overflow |
2017-03-11 |
2017-03-15 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Remote attackers can use the iPrint web-browser ActiveX plugin in Novell iPrint Client before 5.42 for Windows XP/Vista/Win7 to execute code by overflowing the "name" parameter. |
|
4 |
CVE-2012-5361 |
119 |
|
Exec Code Overflow |
2017-03-20 |
2018-02-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted WMV file. |
|
5 |
CVE-2013-4659 |
119 |
|
Exec Code Overflow |
2017-03-14 |
2017-03-15 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. This component is used on routers of multiple vendors including ASUS RT-AC66U and TRENDnet TEW-812DRU. |
|
6 |
CVE-2013-5653 |
200 |
|
+Info |
2017-03-07 |
2018-01-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file. |
|
7 |
CVE-2013-6446 |
264 |
|
+Info |
2017-03-23 |
2017-03-28 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job information by leveraging failure to enforce job ACLs. |
|
8 |
CVE-2013-7460 |
284 |
|
Bypass |
2017-03-14 |
2017-03-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
A write protection and execution bypass vulnerability in McAfee (now Intel Security) Application Control (MAC) 6.1.0 for Linux and earlier allows authenticated users to change binaries that are part of the Application Control whitelist and allows execution of binaries via specific conditions. |
|
9 |
CVE-2013-7461 |
284 |
|
Bypass |
2017-03-14 |
2017-03-16 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
A write protection and execution bypass vulnerability in McAfee (now Intel Security) Change Control (MCC) 6.1.0 for Linux and earlier allows authenticated users to change files that are part of write protection rules via specific conditions. |
|
10 |
CVE-2013-7462 |
22 |
|
Dir. Trav. |
2017-03-14 |
2017-03-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A directory traversal vulnerability in the web application in McAfee (now Intel Security) SaaS Control Console (SCC) Platform 6.14 before patch 1070, and 6.15 before patch 1076 allows unauthenticated users to view contents of arbitrary system files that did not have file system level read access restrictions via a null-byte injection exploit. |
|
11 |
CVE-2014-0229 |
264 |
|
DoS |
2017-03-23 |
2017-03-28 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command. |
|
12 |
CVE-2014-3582 |
94 |
|
Exec Code |
2017-03-29 |
2017-05-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster. |
|
13 |
CVE-2014-3926 |
79 |
|
XSS |
2017-03-13 |
2017-03-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in lg.cgi in Cougar LG 1.9 allows remote attackers to inject arbitrary web script or HTML via the "addr" parameter. |
|
14 |
CVE-2014-3931 |
119 |
|
Overflow Mem. Corr. |
2017-03-31 |
2017-04-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
fastping.c in MRLG (aka Multi-Router Looking Glass) before 5.5.0 allows remote attackers to cause an arbitrary memory write and memory corruption. |
|
15 |
CVE-2014-5008 |
77 |
|
Exec Code |
2017-03-31 |
2017-04-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Snoopy allows remote attackers to execute arbitrary commands. |
|
16 |
CVE-2014-5009 |
77 |
|
Exec Code |
2017-03-31 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008. |
|
17 |
CVE-2014-6440 |
119 |
|
DoS Exec Code Overflow |
2017-03-28 |
2017-04-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service. |
|
18 |
CVE-2014-7279 |
264 |
1
|
|
2017-03-23 |
2017-03-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Konke Smart Plug K does not require authentication for TELNET sessions, which allows remote attackers to obtain "equipment management authority" via TCP traffic to port 23. |
|
19 |
CVE-2014-8688 |
200 |
|
+Info |
2017-03-14 |
2020-05-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in Telegram Messenger 2.6 for iOS and 1.8.2 for Android. Secret chat messages are available in cleartext in process memory and a .db file. |
|
20 |
CVE-2014-8701 |
200 |
|
+Info |
2017-03-17 |
2017-03-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Wonder CMS 2014 allows remote attackers to obtain sensitive information by viewing /files/password, which reveals the unsalted MD5 hashed password. |
|
21 |
CVE-2014-8702 |
200 |
|
+Info |
2017-03-17 |
2017-03-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Wonder CMS 2014 allows remote attackers to obtain sensitive information by logging into the application with an array for the password, which reveals the installation path in an error message. |
|
22 |
CVE-2014-8703 |
79 |
|
XSS |
2017-03-17 |
2017-03-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Wonder CMS 2014 allows remote attackers to inject arbitrary web script or HTML. |
|
23 |
CVE-2014-8704 |
22 |
|
Dir. Trav. |
2017-03-17 |
2017-03-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in index.php in Wonder CMS 2014 allows remote attackers to include and execute arbitrary local files via a crafted theme. |
|
24 |
CVE-2014-8705 |
20 |
|
Exec Code File Inclusion |
2017-03-17 |
2017-03-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in editInplace.php in Wonder CMS 2014 allows remote attackers to execute arbitrary PHP code via a URL in the hook parameter. |
|
25 |
CVE-2014-8706 |
200 |
|
+Info |
2017-03-17 |
2017-03-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Pluck CMS 4.7.2 allows remote attackers to obtain sensitive information by (1) changing "PHPSESSID" to an array; (2) adding non-alphanumeric chars to "PHPSESSID"; (3) changing the image parameter to an array; or (4) changing the image parameter to a string, which reveals the installation path in an error message. |
|
26 |
CVE-2014-8707 |
79 |
|
XSS |
2017-03-17 |
2017-03-20 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in TinyMCE in Pluck CMS 4.7.2 allows remote authenticated users to inject arbitrary web script or HTML via the "edit HTML source" option. |
|
27 |
CVE-2014-8708 |
264 |
|
Exec Code |
2017-03-17 |
2017-03-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Pluck CMS 4.7.2 allows remote attackers to execute arbitrary code via the blog form feature. |
|
28 |
CVE-2014-8722 |
200 |
|
+Info |
2017-03-17 |
2021-06-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml. |
|
29 |
CVE-2014-8723 |
200 |
|
+Info |
2017-03-17 |
2017-03-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2) plugins/InnovationPlugin.php, which reveals the installation path in an error message. |
|
30 |
CVE-2014-8731 |
502 |
|
Exec Code |
2017-03-23 |
2018-10-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via vectors related "serialized data and the last part of the concatenated filename," which creates a file in webroot. |
|
31 |
CVE-2014-9114 |
77 |
|
Exec Code |
2017-03-31 |
2021-06-29 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. |
|
32 |
CVE-2014-9645 |
20 |
|
Bypass |
2017-03-12 |
2019-04-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /snd_pcm none /" command. |
|
33 |
CVE-2014-9804 |
|
|
DoS |
2017-03-30 |
2017-04-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
vision.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via vectors related to "too many object." |
|
34 |
CVE-2014-9805 |
20 |
|
DoS |
2017-03-30 |
2017-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file. |
|
35 |
CVE-2014-9806 |
20 |
|
DoS |
2017-03-30 |
2017-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick allows remote attackers to cause a denial of service (file descriptor consumption) via a crafted file. |
|
36 |
CVE-2014-9807 |
415 |
|
DoS |
2017-03-30 |
2017-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors. |
|
37 |
CVE-2014-9808 |
20 |
|
DoS |
2017-03-30 |
2017-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted dpc image. |
|
38 |
CVE-2014-9809 |
20 |
|
DoS |
2017-03-30 |
2017-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image. |
|
39 |
CVE-2014-9810 |
20 |
|
DoS |
2017-03-30 |
2017-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed dpx file. |
|
40 |
CVE-2014-9811 |
20 |
|
DoS |
2017-03-30 |
2017-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The xwd file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed xwd file. |
|
41 |
CVE-2014-9812 |
476 |
|
DoS |
2017-03-30 |
2017-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted ps file. |
|
42 |
CVE-2014-9813 |
20 |
|
DoS |
2017-03-30 |
2017-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted viff file. |
|
43 |
CVE-2014-9814 |
476 |
|
DoS |
2017-03-30 |
2017-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted wpg file. |
|
44 |
CVE-2014-9815 |
20 |
|
DoS |
2017-03-30 |
2017-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file. |
|
45 |
CVE-2014-9816 |
125 |
|
DoS |
2017-03-30 |
2017-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted viff file. |
|
46 |
CVE-2014-9817 |
119 |
|
Overflow |
2017-03-30 |
2017-04-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pdb file. |
|
47 |
CVE-2014-9818 |
125 |
|
DoS |
2017-03-30 |
2017-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a malformed sun file. |
|
48 |
CVE-2014-9819 |
119 |
|
Overflow |
2017-03-30 |
2017-04-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9823. |
|
49 |
CVE-2014-9820 |
119 |
|
Overflow |
2017-03-30 |
2017-04-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pnm file. |
|
50 |
CVE-2014-9821 |
119 |
|
Overflow |
2017-03-30 |
2017-04-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file. |
