CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2014 (CVSS score >= 9)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-2075 287 Exec Code 2014-02-27 2014-02-27
10.0
None Remote Low Not required Complete Complete Complete
TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator SDK 1.0.0 do not properly enforce administrative authentication requirements, which allows remote attackers to execute arbitrary commands via unspecified vectors.
2 CVE-2014-1861 20 2014-02-18 2014-02-21
9.3
None Remote Medium Not required Complete Complete Complete
The client in Jetro COCKPIT Secure Browsing (JCSB) 4.3.1 and 4.3.3 does not validate the FileName element in an RDP_FILE_TRANSFER document, which allows remote JCSB servers to execute arbitrary programs by providing a .EXE extension.
3 CVE-2014-1490 362 DoS 2014-02-06 2020-07-31
9.3
None Remote Medium Not required Complete Complete Complete
Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.
4 CVE-2014-1488 Exec Code 2014-02-06 2020-08-21
10.0
None Remote Low Not required Complete Complete Complete
The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js.
5 CVE-2014-1486 416 Exec Code 2014-02-06 2020-08-07
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data.
6 CVE-2014-1482 787 DoS Exec Code 2014-02-06 2020-08-11
9.3
None Remote Medium Not required Complete Complete Complete
RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted image data, as demonstrated by Goo Create.
7 CVE-2014-1478 787 DoS Exec Code Mem. Corr. 2014-02-06 2020-08-21
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the MPostWriteBarrier class in js/src/jit/MIR.h and stack alignment in js/src/jit/AsmJS.cpp in OdinMonkey, and unknown other vectors.
8 CVE-2014-1251 119 DoS Exec Code Overflow 2014-02-27 2015-10-21
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted clef atom in a movie file.
9 CVE-2014-1250 119 DoS Exec Code Overflow 2014-02-27 2014-03-10
9.3
None Remote Medium Not required Complete Complete Complete
Apple QuickTime before 7.7.5 does not properly perform a byte-swapping operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted ttfo element in a movie file.
10 CVE-2014-1249 119 DoS Exec Code Overflow 2014-02-27 2014-03-10
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PSD image.
11 CVE-2014-1248 119 DoS Exec Code Overflow 2014-02-27 2014-03-10
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ldat atom in a movie file.
12 CVE-2014-1247 119 DoS Exec Code Overflow Mem. Corr. 2014-02-27 2014-03-10
9.3
None Remote Medium Not required Complete Complete Complete
Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted dref atom in a movie file.
13 CVE-2014-1246 119 DoS Exec Code Overflow 2014-02-27 2014-02-27
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ftab atom in a movie file.
14 CVE-2014-1245 189 DoS Exec Code 2014-02-27 2014-03-10
9.3
None Remote Medium Not required Complete Complete Complete
Integer signedness error in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted stsz atom in a movie file.
15 CVE-2014-1244 119 DoS Exec Code Overflow 2014-02-27 2015-10-21
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.
16 CVE-2014-1243 119 DoS Exec Code Overflow 2014-02-27 2014-02-27
9.3
None Remote Medium Not required Complete Complete Complete
Apple QuickTime before 7.7.5 does not initialize an unspecified pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted track list in a movie file.
17 CVE-2014-0980 119 1 Exec Code Overflow 2014-02-11 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote attackers to execute arbitrary code via a crafted PUI file.
18 CVE-2014-0758 20 2014-02-24 2014-02-24
9.3
None Remote Medium Not required Complete Complete Complete
An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document.
19 CVE-2014-0721 264 2014-02-22 2014-03-06
10.0
None Remote Low Not required Complete Complete Complete
The Cisco Unified SIP Phone 3905 with firmware before 9.4(1) allows remote attackers to obtain root access via a session on the test interface on TCP port 7870, aka Bug ID CSCuh75574.
20 CVE-2014-0709 255 2014-02-22 2016-09-08
9.3
None Remote Medium Not required Complete Complete Complete
Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to the CLI interface, aka Bug ID CSCui73930.
21 CVE-2014-0679 20 Exec Code 2014-02-27 2019-07-29
9.0
None Remote Low ??? Complete Complete Complete
Cisco Prime Infrastructure 1.2 and 1.3 before 1.3.0.20-2, 1.4 before 1.4.0.45-2, and 2.0 before 2.0.0.0.294-2 allows remote authenticated users to execute arbitrary commands with root privileges via an unspecified URL, aka Bug ID CSCum71308.
22 CVE-2014-0622 264 Bypass 2014-02-06 2018-01-03
9.0
None Remote Low ??? Complete Complete Complete
The web service in EMC Documentum Foundation Services (DFS) 6.5 through 6.7 before 6.7 SP1 P22, 6.7 SP2 before P08, 7.0 before P12, and 7.1 before P01 does not properly implement content uploading, which allows remote authenticated users to bypass intended content access restrictions via unspecified vectors.
23 CVE-2014-0502 399 Exec Code 2014-02-21 2018-12-13
10.0
None Remote Low Not required Complete Complete Complete
Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014.
24 CVE-2014-0501 119 DoS Exec Code Overflow Mem. Corr. 2014-02-12 2018-01-03
10.0
None Remote Low Not required Complete Complete Complete
Adobe Shockwave Player before 12.0.9.149 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0500.
25 CVE-2014-0500 119 DoS Exec Code Overflow Mem. Corr. 2014-02-12 2018-01-03
10.0
None Remote Low Not required Complete Complete Complete
Adobe Shockwave Player before 12.0.9.149 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0501.
26 CVE-2014-0498 119 Exec Code Overflow 2014-02-21 2018-12-13
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows attackers to execute arbitrary code via unspecified vectors.
27 CVE-2014-0497 189 1 Exec Code 2014-02-05 2018-12-13
10.0
None Remote Low Not required Complete Complete Complete
Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.
28 CVE-2014-0329 255 2014-02-04 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password.
29 CVE-2014-0322 416 2 Exec Code 2014-02-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the wild in January and February 2014.
30 CVE-2014-0294 94 Exec Code 2014-02-12 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Microsoft Forefront Protection 2010 for Exchange Server does not properly parse e-mail content, which might allow remote attackers to execute arbitrary code via a crafted message, aka "RCE Vulnerability."
31 CVE-2014-0290 119 DoS Exec Code Overflow Mem. Corr. 2014-02-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0267 and CVE-2014-0289.
32 CVE-2014-0289 119 DoS Exec Code Overflow Mem. Corr. 2014-02-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0267 and CVE-2014-0290.
33 CVE-2014-0288 119 DoS Exec Code Overflow Mem. Corr. 2014-02-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0270, CVE-2014-0273, and CVE-2014-0274.
34 CVE-2014-0287 119 DoS Exec Code Overflow Mem. Corr. 2014-02-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0281.
35 CVE-2014-0286 119 DoS Exec Code Overflow Mem. Corr. 2014-02-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0275 and CVE-2014-0285.
36 CVE-2014-0285 119 DoS Exec Code Overflow Mem. Corr. 2014-02-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0275 and CVE-2014-0286.
37 CVE-2014-0284 119 DoS Exec Code Overflow Mem. Corr. 2014-02-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
38 CVE-2014-0283 119 DoS Exec Code Overflow Mem. Corr. 2014-02-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
39 CVE-2014-0281 119 DoS Exec Code Overflow Mem. Corr. 2014-02-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0287.
40 CVE-2014-0280 119 DoS Exec Code Overflow Mem. Corr. 2014-02-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
41 CVE-2014-0279 119 DoS Exec Code Overflow Mem. Corr. 2014-02-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0277 and CVE-2014-0278.
42 CVE-2014-0278 119 DoS Exec Code Overflow Mem. Corr. 2014-02-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0277 and CVE-2014-0279.
43 CVE-2014-0277 119 DoS Exec Code Overflow Mem. Corr. 2014-02-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0278 and CVE-2014-0279.
44 CVE-2014-0276 119 DoS Exec Code Overflow Mem. Corr. 2014-02-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
45 CVE-2014-0275 119 DoS Exec Code Overflow Mem. Corr. 2014-02-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0285 and CVE-2014-0286.
46 CVE-2014-0274 119 DoS Exec Code Overflow Mem. Corr. 2014-02-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0270, CVE-2014-0273, and CVE-2014-0288.
47 CVE-2014-0273 119 DoS Exec Code Overflow Mem. Corr. 2014-02-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0270, CVE-2014-0274, and CVE-2014-0288.
48 CVE-2014-0272 119 DoS Exec Code Overflow Mem. Corr. 2014-02-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
49 CVE-2014-0271 119 DoS Exec Code Overflow Mem. Corr. 2014-02-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
The VBScript engine in Microsoft Internet Explorer 6 through 11, and VBScript 5.6 through 5.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability."
50 CVE-2014-0270 119 DoS Exec Code Overflow Mem. Corr. 2014-02-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0273, CVE-2014-0274, and CVE-2014-0288.
Total number of vulnerabilities : 72   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.