Vulnerabilities (CVE)

Filtered by CWE-94
Total 6503 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-4152 1 Alienvault 1 Open Source Security Information Management 2026-06-17 10.0 HIGH N/A
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbitrary code via a crafted remote_task request, related to injecting an ssh public key.
CVE-2014-4151 1 Alienvault 1 Open Source Security Information Management 2026-06-17 10.0 HIGH N/A
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted set_file request.
CVE-2014-4148 1 Microsoft 9 Windows 7, Windows 8, Windows 8.1 and 6 more 2026-06-17 9.3 HIGH 8.8 HIGH
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted TrueType font, as exploited in the wild in October 2014, aka "TrueType Font Parsing Remote Code Execution Vulnerability."
CVE-2014-4118 1 Microsoft 9 Windows 7, Windows 8, Windows 8.1 and 6 more 2026-06-17 9.3 HIGH N/A
XML Core Services (aka MSXML) 3.0 in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (system-state corruption) via crafted XML content, aka "MSXML Remote Code Execution Vulnerability."
CVE-2014-4043 2 Gnu, Opensuse 2 Glibc, Opensuse 2026-06-17 7.5 HIGH N/A
The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.
CVE-2014-4000 1 Cacti 1 Cacti 2026-06-17 6.5 MEDIUM 8.8 HIGH
Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()).
CVE-2014-3947 1 Alex Kellner 1 Powermail 2026-06-17 7.5 HIGH N/A
Unrestricted file upload vulnerability in the powermail extension before 1.6.11 and 2.x before 2.0.14 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with a crafted extension, then accessing it via unspecified vectors.
CVE-2014-3942 1 Typo3 1 Typo3 2026-06-17 6.0 MEDIUM N/A
The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object.
CVE-2014-3927 1 Mrlg4php Project 1 Mrlg4php 2026-06-17 7.5 HIGH 9.8 CRITICAL
mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to execute arbitrary shell code.
CVE-2014-3915 1 Rocketsoftware 1 Rocket Servergraph 2026-06-17 10.0 HIGH N/A
The userRequest servlet in the Admin Center for Tivoli Storage Manager in Rocket Servergraph allows remote attackers to execute arbitrary commands via a (1) auth, (2) auth_session, (3) auth_simple, (4) add, (5) add_flat, (6) remove, (7) set_pwd, (8) add_permissions, (9) revoke_permissions, (10) runAsync, or (11) tsmRequest command.
CVE-2014-3911 1 Samsung 1 Ipolis Device Manager 2026-06-17 9.3 HIGH N/A
Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unspecified values to the (1) Start, (2) ChangeControlLocalName, (3) DeleteDeviceProfile, (4) FrameAdvanceReader, or other unknown method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control.
CVE-2014-3910 1 Emurasoft 1 Emftp 2026-06-17 4.4 MEDIUM N/A
Emurasoft EmFTP allows local users to gain privileges via a Trojan horse executable file that is launched during an attempt to read a similarly named file that lacks a filename extension.
CVE-2014-3829 1 Merethis 2 Centreon, Centreon Enterprise Server 2026-06-17 10.0 HIGH N/A
displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable.
CVE-2014-3805 1 Alienvault 1 Open Source Security Information Management 2026-06-17 10.0 HIGH N/A
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) get_license, (2) get_log_line, or (3) update_system/upgrade_pro_web request, a different vulnerability than CVE-2014-3804.
CVE-2014-3804 1 Alienvault 1 Open Source Security Information Management 2026-06-17 10.0 HIGH N/A
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) update_system_info_debian_package, (2) ossec_task, (3) set_ossim_setup admin_ip, (4) sync_rserver, or (5) set_ossim_setup framework_ip request, a different vulnerability than CVE-2014-3805.
CVE-2014-3789 1 Cogentdatahub 1 Cogent Datahub 2026-06-17 7.5 HIGH N/A
GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors.
CVE-2014-3666 2 Jenkins, Redhat 2 Jenkins, Openshift 2026-06-17 7.5 HIGH N/A
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel.
CVE-2014-3593 1 Scientificlinux 1 Luci 2026-06-17 6.0 MEDIUM N/A
Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration.
CVE-2014-3582 1 Apache 1 Ambari 2026-06-17 7.5 HIGH 9.8 CRITICAL
In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster.
CVE-2014-3560 3 Canonical, Redhat, Samba 3 Ubuntu Linux, Enterprise Linux, Samba 2026-06-17 7.9 HIGH N/A
NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h.