2014 CVE Vulnerabilities
9,002 CVEs published in 2014.
| CVE ID | Severity | CVSS | EPSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2014-2914 | CRITICAL | 9.8 | 3.2% | Jan 28, 2020 | fish (aka fish-shell) 2.0.0 before 2.1.1 does not restrict access to the configuration service (aka fish_config), which ... |
| CVE-2014-2898 | CRITICAL | 9.8 | 2.8% | Jan 28, 2020 | wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact via multiple calls to the CyaSSL_read fun... |
| CVE-2014-2897 | CRITICAL | 9.8 | 2.8% | Jan 28, 2020 | The SSL 3 HMAC functionality in wolfSSL CyaSSL 2.5.0 before 2.9.4 does not check the padding length when verification fa... |
| CVE-2014-2896 | CRITICAL | 9.8 | 2.8% | Jan 28, 2020 | The DoAlert function in the (1) TLS and (2) DTLS implementations in wolfSSL CyaSSL before 2.9.4 allows remote attackers ... |
| CVE-2014-3445 | CRITICAL | 9.8 | 5.3% | Jan 28, 2020 | backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows ... |
| CVE-2014-8563 | CRITICAL | 9.8 | 2.5% | Jan 27, 2020 | Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS. |
| CVE-2014-8741 | CRITICAL | 9.8 | 77.2% | Jan 27, 2020 | Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allo... |
| CVE-2014-4172 | CRITICAL | 9.8 | 6.1% | Jan 24, 2020 | A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasi... |
| CVE-2014-1925 | CRITICAL | 9.8 | 2.0% | Jan 24, 2020 | SQL injection vulnerability in the MARC framework import/export function (admin/import_export_framework.pl) in Koha befo... |
| CVE-2014-1924 | CRITICAL | 9.8 | 2.0% | Jan 24, 2020 | The MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.1... |
| CVE-2014-5007 | CRITICAL | 9.8 | 37.3% | Jan 17, 2020 | Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop ... |
| CVE-2014-5381 | CRITICAL | 9.8 | 7.1% | Jan 13, 2020 | Grand MA 300 allows a brute-force attack on the PIN. |
| CVE-2014-5093 | CRITICAL | 9.8 | 3.8% | Jan 10, 2020 | Status2k does not remove the install directory allowing credential reset. |
| CVE-2014-5081 | CRITICAL | 9.8 | 10.5% | Jan 10, 2020 | sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus prior to 3.2 allow authentication bypass |
| CVE-2014-4984 | CRITICAL | 9.8 | 3.0% | Jan 10, 2020 | Déjà Vu Crescendo Sales CRM has remote SQL Injection |
| CVE-2014-4982 | CRITICAL | 9.8 | 4.6% | Jan 10, 2020 | LPAR2RRD ≤ 4.53 and ≤ 3.5 has arbitrary command injection on the application server. |
| CVE-2014-3449 | CRITICAL | 9.8 | 2.7% | Jan 9, 2020 | BSS Continuity CMS 4.2.22640.0 has an Authentication Bypass vulnerability |
| CVE-2014-3448 | CRITICAL | 9.8 | 4.0% | Jan 9, 2020 | BSS Continuity CMS 4.2.22640.0 has a Remote Code Execution vulnerability due to unauthenticated file upload |
| CVE-2014-2651 | CRITICAL | 9.8 | 1.7% | Jan 9, 2020 | Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the default mode of the Wo... |
| CVE-2014-2650 | CRITICAL | 9.8 | 2.6% | Jan 9, 2020 | Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerability in the web bas... |
| CVE-2014-2072 | CRITICAL | 9.8 | 7.4% | Jan 8, 2020 | Dassault Systemes Catia V5-6R2013: Stack Buffer Overflow due to inadequate boundary checks |
| CVE-2014-1860 | CRITICAL | 9.8 | 3.6% | Jan 8, 2020 | Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities |
| CVE-2014-1409 | CRITICAL | 9.1 | 4.0% | Jan 8, 2020 | MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 have an authentication bypass vulnerability due ... |
| CVE-2014-1598 | CRITICAL | 9.8 | 1.5% | Jan 8, 2020 | centurystar 7.12 ActiveX Control has a Stack Buffer Overflow |
| CVE-2014-8673 | CRITICAL | 9.8 | 11.9% | Jan 7, 2020 | Multiple SQL vulnerabilities exist in planning.php, user_list.php, projets.php, user_groupes.php, and groupe_list.php in... |
Check if your code is affected by 2014 CVEs
Strix scans your code and infrastructure for known vulnerabilities automatically.
Scan your code now