CVE Daily
← All tags

Tag: Remote Code Execution

All CVEs associated with "Remote Code Execution". Page 259/346 • 41421 CVEs.

Subscribe CVEs: RSS for “Remote Code Execution”  ·  RSS (High+Critical only)

About “Remote Code Execution”

A curated feed of “Remote Code Execution”-related CVEs appears below. We currently track 41421 CVEs for this tag (all time). In the last 365 days, 4753 were published. Average CVSS is 8.3 (all time; 8.2 over 365d), and 86% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-94 - Improper Control of Generation of Code ('Code Injection'), CWE-434 - Unrestricted Upload of File with Dangerous Type, CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection').

In our taxonomy this topic maps to a VERY HIGH impact class. Common exploitation patterns for this weakness can lead to very high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2014-07-24
Medium

CVE-2014-2360

OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage.

CVSS: 5.0 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2014-0607

Unrestricted file upload vulnerability in Attachmate Verastream Process Designer (VPD) before R6 SP1 Hotfix 1 allows remote attackers to execute arbitrary code by uploading and launching an executabl…

CVSS: 10.0 CWE: N/A View on NVD
2014-07-23
Critical

CVE-2014-3939

Heap-based buffer overflow in Autodesk SketchBook Pro before 6.2.6 allows remote attackers to execute arbitrary code via crafted layer bitmap data in a PXD file.

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2014-3938

Integer overflow in Autodesk SketchBook Pro before 6.2.6 allows remote attackers to execute arbitrary code via crafted layer mask data in a PSD file, which triggers a heap-based buffer overflow.

CVSS: 9.3 CWE: CWE-189 View on NVD
Critical

CVE-2014-1557

The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data dur…

CVSS: 9.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Critical

CVE-2014-1556

Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScrip…

CVSS: 9.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Critical

CVE-2014-1555

Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbit…

CVSS: 9.3 CWE: N/A View on NVD
Critical

CVE-2014-1551

Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arb…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2014-1550

Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (hea…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2014-1549

The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2014-1548

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and applic…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2014-1547

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of servic…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2014-1544

Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Th…

CVSS: 10.0 CWE: N/A View on NVD
2014-07-22
Medium

CVE-2014-3518

jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platfor…

CVSS: 6.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2014-07-20
High

CVE-2014-1999

The auto-format feature in the Request_Curl class in FuelPHP 1.1 through 1.7.1 allows remote attackers to execute arbitrary code via a crafted response.

CVSS: 7.5 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2014-1996

Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call.

CVSS: 7.5 CWE: CWE-264 View on NVD
Medium

CVE-2014-0226

Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credent…

CVSS: 6.8 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2014-07-19
High

CVE-2014-2364

Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4)…

CVSS: 7.5 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
2014-07-18
Critical

CVE-2014-3306

The web server on Cisco DPC3010, DPC3212, DPC3825, DPC3925, DPQ3925, EPC3010, EPC3212, EPC3825, and EPC3925 Wireless Residential Gateway products allows remote attackers to execute arbitrary code via…

CVSS: 10.0 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2014-2623

Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors.

CVSS: 10.0 CWE: N/A View on NVD
2014-07-10
High

CVE-2014-3888

Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and ear…

CVSS: 8.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2014-3311

Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted d…

CVSS: 5.1 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2014-07-09
Critical

CVE-2012-4988

Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image fi…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2014-3891

Buffer overflow in RimArts Becky! Internet Mail before 2.68 allows remote POP3 servers to execute arbitrary code via a crafted response.

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2014-3515

The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers…

CVSS: 7.5 CWE: N/A View on NVD
2014-07-08
Critical

CVE-2014-2813

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2014-2809

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2014-2807

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2014-2806

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2014-2804

Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2014-2803

Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2014-2802

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2014-2801

Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrupti…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2014-2800

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2014-2798

Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2014-2797

Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrup…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2014-2795

Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2014-2794

Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2014-2792

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2014-2791

Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulne…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2014-2790

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2014-2789

Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2014-2788

Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2014-2787

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2014-2786

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2014-2785

Microsoft Internet Explorer 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulne…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2014-1824

Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote a…

CVSS: 9.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2014-2514

EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization and does not properly restrict object types, which allow…

CVSS: 8.2 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2014-2513

EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization after creation of an object, which allows remote authent…

CVSS: 8.2 CWE: CWE-20 - Improper Input Validation View on NVD
2014-07-07
Medium

CVE-2014-4646

Buffer overflow in the FPDFBookmark_GetTitle method in Foxit PDF SDK DLL before 3.1.1.5005 allows context-dependent attackers to execute arbitrary code via unspecified vectors.

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2014-0248

org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote at…

CVSS: 6.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Critical

CVE-2014-3113

Multiple buffer overflows in RealNetworks RealPlayer before 17.0.10.8 allow remote attackers to execute arbitrary code via a malformed (1) elst or (2) stsz atom in an MP4 file.

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2014-2969

NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify mem…

CVSS: 8.3 CWE: CWE-255 View on NVD
Critical

CVE-2014-2967

Autodesk VRED Professional 2014 before SR1 SP8 allows remote attackers to execute arbitrary code via Python os library calls in Python API commands to the integrated web server.

CVSS: 10.0 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
Critical

CVE-2014-2617

Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2104.

CVSS: 10.0 CWE: N/A View on NVD
High

CVE-2014-2616

Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2091.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2014-2615

Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2083.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2014-0602

Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in NetIQ Security Manager through 6.5.4 allows remote attackers to execute arbitrary code via unspecified…

CVSS: 7.5 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2014-07-03
Critical

CVE-2014-0325

Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site that triggers i…

CVSS: 9.3 CWE: N/A View on NVD
2014-07-02
Medium

CVE-2014-3100

Stack-based buffer overflow in the encode_key function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key…

CVSS: 5.1 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2014-07-01
Critical

CVE-2013-7388

Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689), allows remote attackers to execute arbitrary code via a crafted RLE4-compressed…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2013-3664

Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2013-3662

Timbre SketchUp (formerly Google SketchUp) before 8 Maintenance 2 allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers a stack-bas…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2014-1382

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (m…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2014-1381

Thunderbolt in Apple OS X before 10.9.4 does not properly restrict IOThunderBoltController API calls, which allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds memo…

CVSS: 10.0 CWE: CWE-264 View on NVD
Critical

CVE-2014-1377

Array index error in IOAcceleratorFamily in Apple OS X before 10.9.4 allows attackers to execute arbitrary code via a crafted application.

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2014-1376

Intel Compute in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenCL API call, which allows attackers to execute arbitrary code via a crafted application.

CVSS: 10.0 CWE: CWE-264 View on NVD
Critical

CVE-2014-1373

Intel Graphics Driver in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenGL API call, which allows attackers to execute arbitrary code via a crafted application.

CVSS: 10.0 CWE: CWE-264 View on NVD
High

CVE-2014-1371

Array index error in Dock in Apple OS X before 10.9.4 allows attackers to execute arbitrary code or cause a denial of service (incorrect function-pointer dereference and application crash) by leverag…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2014-1370

The byte-swapping implementation in copyfile in Apple OS X before 10.9.4 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application cr…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2014-1368

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (m…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2014-1367

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (m…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2014-1366

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (m…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2014-1365

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (m…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2014-1364

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (m…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2014-1363

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (m…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2014-1362

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (m…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2014-1359

Integer underflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.

CVSS: 10.0 CWE: CWE-189 View on NVD
Critical

CVE-2014-1358

Integer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.

CVSS: 10.0 CWE: CWE-189 View on NVD
Critical

CVE-2014-1357

Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that generate…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2014-1356

Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that sends IP…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2014-1354

CoreGraphics in Apple iOS before 7.1.2 does not properly restrict allocation of stack memory for processing of XBM images, which allows remote attackers to execute arbitrary code or cause a denial of…

CVSS: 6.8 CWE: CWE-399 View on NVD
Medium

CVE-2014-1349

Use-after-free vulnerability in Safari in Apple iOS before 7.1.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an invalid URL.

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2014-1340

WebKit, as used in Apple Safari before 6.1.5 and 7.x before 7.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2014-1325

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (m…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2014-06-25
Medium

CVE-2014-4643

Multiple heap-based buffer overflows in the client in Core FTP LE 2.2 build 1798 allow remote FTP servers to cause a denial of service (application crash) and possibly execute arbitrary code via a lo…

CVSS: 5.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2014-06-21
Critical

CVE-2014-3073

Unspecified vulnerability in IBM Security Access Manager (ISAM) for Mobile 8.0 and IBM Security Access Manager for Web 7.0 and 8.0 allows remote attackers to execute arbitrary code via unknown vector…

CVSS: 10.0 CWE: N/A View on NVD
2014-06-20
Critical

CVE-2012-5106

Stack-based buffer overflow in FreeFloat FTP Server 1.0 allows remote authenticated users to execute arbitrary code via a long string in a PUT command.

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2012-0273

Multiple stack-based buffer overflows in MinaliC 2.0.0 allow remote attackers to execute arbitrary code via a (1) session_id cookie in a request to the get_cookie_value function in response.c, (2) di…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2014-06-19
Critical

CVE-2012-2052

Stack-based buffer overflow in the U3D.8BI library plugin in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via a long Collada…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2014-4334

Stack-based buffer overflow in Ubisoft Rayman Legends before 1.3.140380 allows remote attackers to execute arbitrary code via a long string in the "second connection" to TCP port 1001.

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2014-2782

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2014-2611

Directory traversal vulnerability in the fndwar web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code, or obtain sensitive information or…

CVSS: 9.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2014-2610

Directory traversal vulnerability in the Content Acceleration Pack (CAP) web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code by uploadi…

CVSS: 7.1 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Critical

CVE-2014-2609

The Java Glassfish Admin Console in HP Executive Scorecard 9.40 and 9.41 does not require authentication, which allows remote attackers to execute arbitrary code via a session on TCP port 10001, aka…

CVSS: 10.0 CWE: CWE-287 - Improper Authentication View on NVD
2014-06-18
Critical

CVE-2014-4152

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbitrary code via a crafted remote_task request, related to injecting an ssh public key.

CVSS: 10.0 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Critical

CVE-2014-4151

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted set_file request.

CVSS: 10.0 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Medium

CVE-2014-4049

Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary co…

CVSS: 5.1 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2014-4174

wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x before 1.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash)…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2013-6221

Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary file…

CVSS: 10.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Critical

CVE-2011-2592

Heap-based buffer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2014-06-16
Medium

CVE-2010-5111

Multiple buffer overflows in readline.c in Echoping 6.0.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted reply in the (1) TLS_readline o…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2014-2003

JustSystems JUST Online Update, as used in Ichitaro through 2014 and other products, does not properly validate signatures of update modules, which allows remote attackers to spoof modules and execut…

CVSS: 7.6 CWE: CWE-20 - Improper Input Validation View on NVD
2014-06-13
High

CVE-2014-4158

Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a GET request.

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2013-5353

Unrestricted file upload vulnerability in system/controllers/ajax/attachments.php in Sharetronix 3.1.1.3, 3.1.1, and earlier allows remote attackers to execute arbitrary code by uploading a file with…

CVSS: 6.8 CWE: N/A View on NVD
Critical

CVE-2013-4099

Multiple unspecified vulnerabilities in OpenAL32.dll in JOAL 2.0-rc11, as used in JOGAMP, allow context-dependent attackers to execute arbitrary code via a crafted parameter to the (1) alAuxiliaryEff…

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-2013-3843

Stack-based buffer overflow in the mk_request_header_process function in mk_request.c in Monkey HTTP Daemon (monkeyd) before 1.2.1 allows remote attackers to cause a denial of service (crash) and pos…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2013-3663

Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 8 Maintenance 3, allows remote attackers to execute arbitrary code via a crafted RLE8 compressed…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2010-5301

Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a HEAD request.

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2014-06-11
Critical

CVE-2014-3911

Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unspecified values to the (1) Start, (2) ChangeControlLocalName, (3) DeleteDeviceProfile, (4) FrameAdva…

CVSS: 9.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Critical

CVE-2014-2978

The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via th…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2014-2977

Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and…

CVSS: 10.0 CWE: CWE-189 View on NVD
Critical

CVE-2011-3625

Stack-based buffer overflow in the sub_read_line_sami function in subreader.c in MPlayer, as used in SMPlayer 0.6.9, allows remote attackers to cause a denial of service (crash) and possibly execute…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2010-5300

Stack-based buffer overflow in Jzip 1.3 through 2.0.0.132900 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long file name in a zip archive.

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2014-1545

Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and conso…

CVSS: 10.0 CWE: N/A View on NVD
High

CVE-2014-1543

Multiple heap-based buffer overflows in the navigator.getGamepads function in the Gamepad API in Mozilla Firefox before 30.0 allow remote attackers to execute arbitrary code by using non-contiguous a…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2014-1542

Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2014-1541

Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2014-1540

Use-after-free vulnerability in the nsEventListenerManager::CompileEventHandlerInternal function in the Event Listener Manager in Mozilla Firefox before 30.0 allows remote attackers to execute arbitr…

CVSS: 9.3 CWE: N/A View on NVD
Critical

CVE-2014-1538

Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute…

CVSS: 10.0 CWE: N/A View on NVD