Total
5624 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-8636 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-12 | N/A |
| The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors. | ||||
| CVE-2014-8551 | 1 Siemens | 4 Simatic Pcs7, Simatic Pcs 7, Simatic Tiaportal and 1 more | 2025-04-12 | N/A |
| The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via crafted packets. | ||||
| CVE-2014-8456 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2025-04-12 | N/A |
| Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158. | ||||
| CVE-2012-6143 | 1 Ingy | 1 Spoon | 2025-04-12 | N/A |
| Spoon::Cookie in the Spoon module 0.24 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized. | ||||
| CVE-2014-8447 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2025-04-12 | N/A |
| Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158. | ||||
| CVE-2014-8445 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2025-04-12 | N/A |
| Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158. | ||||
| CVE-2014-8350 | 1 Smarty | 1 Smarty | 2025-04-12 | N/A |
| Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template. | ||||
| CVE-2014-8313 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors. | ||||
| CVE-2014-8459 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2025-04-12 | N/A |
| Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8461, and CVE-2014-9158. | ||||
| CVE-2014-7296 | 1 Eng | 1 Spagobi | 2025-04-12 | N/A |
| The default configuration in the accessibility engine in SpagoBI 5.0.0 does not set FEATURE_SECURE_PROCESSING, which allows remote authenticated users to execute arbitrary Java code via a crafted XSL document. | ||||
| CVE-2014-7260 | 1 Ultrapop | 1 I-httpd | 2025-04-12 | N/A |
| The Server Side Includes (SSI) implementation in the File Upload BBS component in ULTRAPOP.JP i-HTTPD allows remote attackers to execute arbitrary commands by uploading files containing commands in SSI directives. | ||||
| CVE-2014-7226 | 1 Rejetto | 1 Http File Server | 2025-04-12 | N/A |
| The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and earlier allows remote attackers to execute arbitrary code by uploading a file with certain invalid UTF-8 byte sequences that are interpreted as executable macro symbols. | ||||
| CVE-2014-7205 | 1 Bassmaster Project | 1 Bassmaster | 2025-04-12 | N/A |
| Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute arbitrary Javascript code via unspecified vectors. | ||||
| CVE-2014-7192 | 1 Joyent | 1 Node.js | 2025-04-12 | N/A |
| Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote attackers to execute arbitrary code via a crafted file. | ||||
| CVE-2014-3188 | 2 Google, Redhat | 7 Chrome, Chrome Os, Enterprise Linux Desktop Supplementary and 4 more | 2025-04-12 | N/A |
| Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors involving JSON data, related to improper parsing of an escaped index by ParseJsonObject in json-parser.h. | ||||
| CVE-2014-5340 | 2 Check Mk Project, Redhat | 2 Check Mk, Storage | 2025-04-12 | N/A |
| The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to an automation URL. | ||||
| CVE-2014-6446 | 1 Infusionsoft Gravity Forms Project | 1 Infusionsoft Gravity Forms | 2025-04-12 | N/A |
| The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/code_generator.php. | ||||
| CVE-2014-6433 | 1 Gopro | 2 Gopro Hero, Gopro Hero Firmware | 2025-04-12 | N/A |
| gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary files via a the (1) a1 or (2) a2 parameter in a start action. | ||||
| CVE-2014-6389 | 1 Phpcompta | 1 Phpcompta\/noalyss | 2025-04-12 | N/A |
| backup.php in PHPCompta/NOALYSS before 6.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the d parameter. | ||||
| CVE-2014-8998 | 1 X7chat | 1 X7 Chat | 2025-04-12 | N/A |
| lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch. | ||||