2014 CVEs

9002 CVEs published in 2014. 275 critical, 481 high. Browse by vendor, severity, or with PoCs.

Top CVEs published in 2014
CVESeverityScorePublishedSummary
CVE-2014-125112Critical9.82026-03-26Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Plack::Middleware::Session::Cookie versions through 0.21 has a…
CVE-2014-125117Critical9.82025-07-25A stack-based buffer overflow vulnerability in the my_cgi.cgi component of certain D-Link devices, including the DSP-W215 version 1.02, can be exploited via a…
CVE-2014-7210Critical9.82025-06-26pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered that the maintainer scripts of pdns-backen…
CVE-2014-0468Critical9.82025-06-26Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that the users would have uploaded in their raw SCM…
CVE-2014-5470Critical9.82024-06-21Actual Analyzer through 2014-08-29 allows code execution via shell metacharacters because untrusted input is used for part of the input data passed to an eval…
CVE-2014-125106Critical9.82023-06-17Nanopb before 0.3.1 allows size_t overflows in pb_dec_bytes and pb_dec_string.
CVE-2014-125026Critical9.82022-12-27LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input.
CVE-2014-0156Critical9.82022-06-30Awesome spawn contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted inp…
CVE-2014-9320Critical9.82021-08-09SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vect…
CVE-2014-8945Critical9.82020-06-01admin.php?page=projects in Lexiglot through 2014-11-20 allows command injection via username and password fields.
CVE-2014-8941Critical9.82020-06-01Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&from_id= or admin.php?page=history&limit= URI.
CVE-2014-7175Critical9.82020-06-01FarLinX X25 Gateway through 2014-09-25 allows attackers to write arbitrary data to fsUI.xyz via fsSaveUIPersistence.php.
CVE-2014-7173Critical9.82020-06-01FarLinX X25 Gateway through 2014-09-25 allows command injection via shell metacharacters to sysSaveMonitorData.php, fsx25MonProxy.php, syseditdate.php, iframeu…
CVE-2014-1634Critical9.82020-03-09SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO.
CVE-2014-4650Critical9.82020-02-20The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attacke…
CVE-2014-4657Critical9.82020-02-20The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted…
CVE-2014-3484Critical9.82020-02-20Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote a…
CVE-2014-4678Critical9.82020-02-20The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted…
CVE-2014-9614Critical9.82020-02-19The Web Panel in Netsweeper before 4.0.5 has a default password of branding for the branding account, which makes it easier for remote attackers to obtain acce…
CVE-2014-9613Critical9.82020-02-19Multiple SQL injection vulnerabilities in Netsweeper before 2.6.29.10 allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to w…