Total
11613 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8824 | 1 Apple | 1 Mac Os X | 2026-06-17 | 10.0 HIGH | N/A |
| The kernel in Apple OS X before 10.10.2 does not properly validate IODataQueue object metadata fields, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2014-8789 | 1 Gleamtech | 1 Filevista | 2026-06-17 | 6.5 MEDIUM | N/A |
| GleamTech FileVista before 6.1 allows remote authenticated users to create arbitrary files and possibly execute arbitrary code via a crafted path in a zip archive, which is not properly handled during extraction. | |||||
| CVE-2014-8755 | 1 Panasonic | 1 Network Camera View | 2026-06-17 | 6.8 MEDIUM | N/A |
| Panasonic Network Camera View 3 and 4 allows remote attackers to execute arbitrary code via a crafted page, which triggers an invalid pointer dereference, related to "the ability to nullify an arbitrary address in memory." | |||||
| CVE-2014-8705 | 1 Wondercms | 1 Wondercms | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| PHP remote file inclusion vulnerability in editInplace.php in Wonder CMS 2014 allows remote attackers to execute arbitrary PHP code via a URL in the hook parameter. | |||||
| CVE-2014-8680 | 1 Isc | 1 Bind | 2026-06-17 | 5.4 MEDIUM | N/A |
| The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure and named exit) via vectors related to (1) the lack of GeoIP databases for both IPv4 and IPv6, or (2) IPv6 support with certain options. | |||||
| CVE-2014-8603 | 1 Xcloner | 1 Xcloner | 2026-06-17 | 6.5 MEDIUM | N/A |
| cloner.functions.php in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to execute arbitrary code via shell metacharacters in the (1) file name when creating a backup or vectors related to the (2) $_CONFIG[tarpath], (3) $exclude, (4) $_CONFIG['tarcompress'], (5) $_CONFIG['filename'], (6) $_CONFIG['exfile_tar'], (7) $_CONFIG[sqldump], (8) $_CONFIG['mysql_host'], (9) $_CONFIG['mysql_pass'], (10) $_CONFIG['mysql_user'], (11) $database_name, or (12) $sqlfile variable. | |||||
| CVE-2014-8594 | 3 Debian, Opensuse, Xen | 3 Debian Linux, Opensuse, Xen | 2026-06-17 | 5.4 MEDIUM | N/A |
| The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer dereference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging (HAP). | |||||
| CVE-2014-8572 | 1 Huawei | 25 Ac6605, Ac6605 Firmware, Acu and 22 more | 2026-06-17 | 7.8 HIGH | 7.5 HIGH |
| Huawei AC6605 with software V200R001C00; AC6605 with software V200R002C00; ACU with software V200R001C00; ACU with software V200R002C00; S2300, S3300, S2700, S3700 with software V100R006C05 and earlier versions; S5300, S5700, S6300, S6700 with software V100R006, V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions; S7700, S9300, S9300E, S9700 with software V100R006, V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions could allow remote attackers to send a special SSH packet to the VRP device to cause a denial of service. | |||||
| CVE-2014-8544 | 2 Canonical, Ffmpeg | 2 Ubuntu Linux, Ffmpeg | 2026-06-17 | 7.5 HIGH | N/A |
| libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data. | |||||
| CVE-2014-8543 | 2 Canonical, Ffmpeg | 2 Ubuntu Linux, Ffmpeg | 2026-06-17 | 7.5 HIGH | N/A |
| libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MM video data. | |||||
| CVE-2014-8510 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2026-06-17 | 4.0 MEDIUM | N/A |
| The AdminUI in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) before 6.0 HF build 1244 allows remote authenticated users to read arbitrary files via vectors related to configuration input when saving filters. | |||||
| CVE-2014-8479 | 1 Siemens | 9 Scalance X-300, Scalance X-300 Series Firmware, Scalance X-300eec and 6 more | 2026-06-17 | 6.8 MEDIUM | N/A |
| The FTP server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote authenticated users to cause a denial of service (reboot) via crafted FTP packets. | |||||
| CVE-2014-8420 | 1 Sonicwall | 3 Analyzer, Global Management System, Uma Em5000 | 2026-06-17 | 9.0 HIGH | N/A |
| The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2014-8416 | 1 Digium | 1 Asterisk | 2026-06-17 | 5.0 MEDIUM | N/A |
| Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the res_pjsip_refer module, allows remote attackers to cause a denial of service (crash) via an in-dialog INVITE with Replaces message, which triggers the channel to be hung up. | |||||
| CVE-2014-8415 | 1 Digium | 1 Asterisk | 2026-06-17 | 5.0 MEDIUM | N/A |
| Race condition in the chan_pjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a cancel request for a SIP session with a queued action to (1) answer a session or (2) send ringing. | |||||
| CVE-2014-8336 | 1 Wp-dbmanager Project | 1 Wp-dbmanager | 2026-06-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| The "Sql Run Query" panel in WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by use of LOAD_FILE in an INSERT statement. | |||||
| CVE-2014-8324 | 1 Aircrack-ng | 1 Aircrack-ng | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| network.c in Aircrack-ng before 1.2 Beta 3 allows remote attackers to cause a denial of service (segmentation fault) via a response with a crafted length parameter. | |||||
| CVE-2014-8323 | 1 Aircrack-ng | 1 Aircrack-ng | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| buddy-ng.c in Aircrack-ng before 1.2 Beta 3 allows remote attackers to cause a denial of service (segmentation fault) via a response with a crafted length parameter. | |||||
| CVE-2014-8310 | 1 Sap | 1 Businessobjects | 2026-06-17 | 7.1 HIGH | N/A |
| The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message. | |||||
| CVE-2014-8179 | 2 Docker, Opensuse | 3 Cs Engine, Docker, Opensuse | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation. | |||||
