CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2014(Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1151 CVE-2014-0529 119 Exec Code Overflow 2014-05-14 2015-10-23
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.
1152 CVE-2014-0528 399 Exec Code 2014-05-14 2014-05-14
10.0
None Remote Low Not required Complete Complete Complete
Double free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.
1153 CVE-2014-0527 399 Exec Code 2014-05-14 2014-05-14
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.
1154 CVE-2014-0526 119 DoS Exec Code Overflow Mem. Corr. 2014-05-14 2014-05-14
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0522, CVE-2014-0523, and CVE-2014-0524.
1155 CVE-2014-0525 264 Exec Code 2014-05-14 2014-05-14
10.0
None Remote Low Not required Complete Complete Complete
The API in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X does not prevent access to unmapped memory, which allows attackers to execute arbitrary code via unspecified API calls.
1156 CVE-2014-0524 119 DoS Exec Code Overflow Mem. Corr. 2014-05-14 2014-05-14
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0522, CVE-2014-0523, and CVE-2014-0526.
1157 CVE-2014-0523 119 DoS Exec Code Overflow Mem. Corr. 2014-05-14 2016-12-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0522, CVE-2014-0524, and CVE-2014-0526.
1158 CVE-2014-0522 119 DoS Exec Code Overflow Mem. Corr. 2014-05-14 2014-05-14
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0523, CVE-2014-0524, and CVE-2014-0526.
1159 CVE-2014-0515 119 Exec Code Overflow 2014-04-29 2018-12-13
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in April 2014.
1160 CVE-2014-0514 264 2 Exec Code 2014-04-15 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related issue to CVE-2012-6636.
1161 CVE-2014-0513 119 Exec Code Overflow 2014-05-14 2014-05-14
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Adobe Illustrator CS6 before 16.0.5 and 16.2.x before 16.2.2 allows remote attackers to execute arbitrary code via unspecified vectors.
1162 CVE-2014-0511 119 Exec Code Overflow 2014-03-27 2014-05-16
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Reader 11.0.06 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.
1163 CVE-2014-0510 119 Exec Code Overflow Bypass 2014-03-27 2014-06-21
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Flash Player 12.0.0.77 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Zeguang Zhao and Liang Chen during a Pwn2Own competition at CanSecWest 2014.
1164 CVE-2014-0507 119 Exec Code Overflow 2014-04-08 2017-12-16
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows attackers to execute arbitrary code via unspecified vectors.
1165 CVE-2014-0506 399 Exec Code Bypass 2014-03-27 2017-12-16
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows remote attackers to execute arbitrary code, and possibly bypass an Internet Explorer sandbox protection mechanism, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.
1166 CVE-2014-0505 119 DoS Exec Code Overflow Mem. Corr. 2014-03-14 2014-03-14
10.0
None Remote Low Not required Complete Complete Complete
Adobe Shockwave Player before 12.1.0.150 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
1167 CVE-2014-0502 399 Exec Code 2014-02-21 2018-12-13
10.0
None Remote Low Not required Complete Complete Complete
Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014.
1168 CVE-2014-0501 119 DoS Exec Code Overflow Mem. Corr. 2014-02-12 2018-01-03
10.0
None Remote Low Not required Complete Complete Complete
Adobe Shockwave Player before 12.0.9.149 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0500.
1169 CVE-2014-0500 119 DoS Exec Code Overflow Mem. Corr. 2014-02-12 2018-01-03
10.0
None Remote Low Not required Complete Complete Complete
Adobe Shockwave Player before 12.0.9.149 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0501.
1170 CVE-2014-0498 119 Exec Code Overflow 2014-02-21 2018-12-13
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows attackers to execute arbitrary code via unspecified vectors.
1171 CVE-2014-0497 189 1 Exec Code 2014-02-05 2018-12-13
10.0
None Remote Low Not required Complete Complete Complete
Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.
1172 CVE-2014-0496 399 Exec Code 2014-01-15 2018-12-13
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
1173 CVE-2014-0495 119 DoS Exec Code Overflow Mem. Corr. 2014-01-15 2018-12-13
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0493.
1174 CVE-2014-0494 119 DoS Exec Code Overflow Mem. Corr. 2014-01-23 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Adobe Digital Editions 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
1175 CVE-2014-0493 119 DoS Exec Code Overflow Mem. Corr. 2014-01-15 2018-12-13
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0495.
1176 CVE-2014-0490 20 Exec Code 2014-11-03 2020-01-08
7.5
None Remote Low Not required Partial Partial Partial
The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package.
1177 CVE-2014-0489 20 Exec Code 2014-11-03 2020-01-08
7.5
None Remote Low Not required Partial Partial Partial
APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package.
1178 CVE-2014-0485 94 Exec Code 2014-09-02 2014-09-03
7.5
None Remote Low Not required Partial Partial Partial
S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/.
1179 CVE-2014-0479 94 Exec Code 2014-08-06 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
reportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 allows remote attackers to execute arbitrary commands via vectors related to compare_versions and reportbug/checkversions.py.
1180 CVE-2014-0476 20 Exec Code 2014-10-25 2017-09-19
3.7
None Local High Not required Partial Partial Partial
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.
1181 CVE-2014-0469 119 Exec Code Overflow 2014-05-05 2014-05-31
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in a certain Debian patch for xbuffy before 3.3.bl.3.dfsg-9 allows remote attackers to execute arbitrary code via the subject of an email, possibly related to indent subject lines.
1182 CVE-2014-0466 Exec Code 2014-04-03 2017-12-16
6.8
None Remote Medium Not required Partial Partial Partial
The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file.
1183 CVE-2014-0359 78 Exec Code 2014-04-15 2014-04-15
9.0
None Remote Low ??? Complete Complete Complete
Xangati XSR before 11 and XNR before 7 allows remote attackers to execute arbitrary commands via shell metacharacters in a gui_input_test.pl params parameter to servlet/Installer.
1184 CVE-2014-0356 78 Exec Code 2014-04-15 2014-04-15
7.9
None Local Network Medium Not required Complete Complete Complete
The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to execute arbitrary code via shell metacharacters in input to the (1) detectWeather, (2) set_language, (3) SystemCommand, or (4) NTPSyncWithHost function in management.c, or a (5) SET COUNTRY, (6) SET WLAN SSID, (7) SET WLAN CHANNEL, (8) SET WLAN STATUS, or (9) SET WLAN COUNTRY udps command.
1185 CVE-2014-0355 119 Exec Code Overflow 2014-04-15 2014-04-15
7.9
None Local Network Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows on the ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allow man-in-the-middle attackers to execute arbitrary code via (1) a long temp attribute in a yweather:condition element in a forecastrss file that is processed by the checkWeather function; the (2) WeatherCity or (3) WeatherDegree variable to the detectWeather function; unspecified input to the (4) UpnpAddRunRLQoS, (5) UpnpDeleteRunRLQoS, or (6) UpnpDeletePortCheckType function; or (7) the SET COUNTRY udps command.
1186 CVE-2014-0349 Exec Code 2014-04-12 2014-04-14
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in J2k-Codec allow remote attackers to execute arbitrary code via a crafted JPEG 2000 file.
1187 CVE-2014-0342 Exec Code 2014-04-15 2014-04-15
7.5
None Remote Low Not required Partial Partial Partial
Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2) .php# extension, and then accessing it via unspecified vectors.
1188 CVE-2014-0328 Exec Code 2014-08-15 2014-08-15
9.3
None Remote Medium Not required Complete Complete Complete
The thraneLINK protocol implementation on Cobham devices does not verify firmware signatures, which allows attackers to execute arbitrary code by leveraging physical access or terminal access to send an SNMP request and a TFTP response.
1189 CVE-2014-0327 Exec Code 2014-08-17 2014-08-28
9.3
None Remote Medium Not required Complete Complete Complete
The Terminal Upgrade Tool in the Pilot Below Deck Equipment (BDE) and OpenPort implementations on Iridium satellite terminals allows remote attackers to execute arbitrary code by uploading new firmware to TCP port 54321.
1190 CVE-2014-0325 DoS Exec Code Mem. Corr. 2014-07-03 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site that triggers improper processing of CElement objects, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1751 and CVE-2014-1755. NOTE: MS14-018 originally had a typo of CVE-2014-0235 for this.
1191 CVE-2014-0324 119 DoS Exec Code Overflow Mem. Corr. 2014-03-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0297, CVE-2014-0308, and CVE-2014-0312.
1192 CVE-2014-0322 416 2 Exec Code 2014-02-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the wild in January and February 2014.
1193 CVE-2014-0321 119 DoS Exec Code Overflow Mem. Corr. 2014-03-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0313.
1194 CVE-2014-0314 119 DoS Exec Code Overflow Mem. Corr. 2014-03-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
1195 CVE-2014-0313 119 DoS Exec Code Overflow Mem. Corr. 2014-03-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0321.
1196 CVE-2014-0312 119 DoS Exec Code Overflow Mem. Corr. 2014-03-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0297, CVE-2014-0308, and CVE-2014-0324.
1197 CVE-2014-0311 119 DoS Exec Code Overflow Mem. Corr. 2014-03-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0299 and CVE-2014-0305.
1198 CVE-2014-0310 119 DoS Exec Code Overflow Mem. Corr. 2014-05-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1815.
1199 CVE-2014-0309 119 DoS Exec Code Overflow Mem. Corr. 2014-03-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
1200 CVE-2014-0308 119 DoS Exec Code Overflow Mem. Corr. 2014-03-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0297, CVE-2014-0312, and CVE-2014-0324.
Total number of vulnerabilities : 1572   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 (This Page)25 26 27 28 29 30 31 32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.