Medium · CVSS 6.8
The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file.
Published Apr 3, 2015 · Updated Nov 3, 2025
Critical · CVSS 9
Hospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.
Published Apr 3, 2015 · Updated Nov 3, 2025
Medium · CVSS 6.8
Hospira MedNet before 6.1 uses hardcoded cryptographic keys for protection of data transmission from infusion pumps, which allows remote attackers to obtain sensitive information by sniffing the network.
Published Apr 3, 2015 · Updated Nov 3, 2025
High · CVSS 7.5
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
Published Apr 7, 2014 · Updated Oct 22, 2025
Critical · CVSS 9.8 · CISA KEV
Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests.
Published Apr 25, 2014 · Updated Oct 22, 2025
Critical · CVSS 9.8 · CISA KEV
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014. NOTE: this issue originally emphasized VGX.DLL, but Microsoft clarified that "VGX.DLL does not contain the vulnerable code leveraged in this exploit. Disabling VGX.DLL is an exploit-specific workaround that provides an immediate, effective workaround to help block known attacks."
Published Apr 27, 2014 · Updated Oct 22, 2025
Medium · CVSS 5
Multiple buffer overflows in the OPC Automation 2.0 Server Object ActiveX control in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 3.5 and earlier, TLXCDSTOFS33 3.5 and earlier, TLXCDLUOFS33 3.5 and earlier, TLXCDLTOFS33 3.5 and earlier, and TLXCDLFOFS33 3.5 and earlier allow remote attackers to cause a denial of service via long arguments to unspecified functions.
Published Apr 4, 2014 · Updated Sep 25, 2025
Critical · CVSS 10
Stack-based buffer overflow in WellinTech KingSCADA before 3.1.2.13 allows remote attackers to execute arbitrary code via a crafted packet.
Published Apr 12, 2014 · Updated Sep 25, 2025
Medium · CVSS 4.3
TCPUploader module listens on Port 10651/TCP for incoming connections.
Exploitation of this vulnerability could allow a remote unauthenticated
user access to release OS version information. While this is a minor
vulnerability, it represents a method for further network
reconnaissance.
Published Apr 19, 2014 · Updated Sep 24, 2025
High · CVSS 8.3
The Modbus slave/outstation driver in the OPC Drivers 1.0.20 and earlier in IOServer OPC Server allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted packet.
Published Apr 11, 2014 · Updated Sep 24, 2025
Medium · CVSS 5
The BWOCXRUN.BwocxrunCtrl.1 control contains a method named
OpenUrlToBufferTimeout. This method takes a URL as a parameter and
returns its contents to the caller in JavaScript. The URLs are accessed
in the security context of the current browser session. The control does
not perform any URL validation and allows file:// URLs that access the
local disk.
The method can be used to open a URL (including file URLs) and read
the URLs through JavaScript. This method could also be used to reach any
arbitrary URL to which the browser has access.
Published Apr 12, 2014 · Updated Sep 19, 2025
High · CVSS 7.5
The BWOCXRUN.BwocxrunCtrl.1 control contains a method named
“CreateProcess.” This method contains validation to ensure an attacker
cannot run arbitrary command lines. After validation, the values
supplied in the HTML are passed to the Windows CreateProcessA API.
The validation can be bypassed allowing for running arbitrary command
lines. The command line can specify running remote files (example: UNC
command line).
A function exists at offset 100019B0 of bwocxrun.ocx. Inside this
function, there are 3 calls to strstr to check the contents of the user
specified command line. If “\setup.exe,” “\bwvbprt.exe,” or
“\bwvbprtl.exe” are contained in the command line (strstr returns
nonzero value), the command line passes validation and is then passed to
CreateProcessA.
Published Apr 12, 2014 · Updated Sep 19, 2025
High · CVSS 7.5
The BWOCXRUN.BwocxrunCtrl.1 control contains a method named
“OpenUrlToBuffer.” This method takes a URL as a parameter and returns
its contents to the caller in JavaScript. The URLs are accessed in the
security context of the current browser session. The control does not
perform any URL validation and allows “file://” URLs that access the
local disk.
The method can be used to open a URL (including file URLs) and read
file URLs through JavaScript. This method could also be used to reach
any arbitrary URL to which the browser has access.
Published Apr 12, 2014 · Updated Sep 19, 2025
High · CVSS 7.5
By providing an overly long string to the UserName parameter, an
attacker may be able to overflow the static stack buffer. The attacker
may then execute code on the target device remotely.
Published Apr 12, 2014 · Updated Sep 19, 2025
High · CVSS 7.5
An attacker may pass an overly long value from the AccessCode2 argument
to the control to overflow the static stack buffer. The attacker may
then remotely execute arbitrary code.
Published Apr 12, 2014 · Updated Sep 19, 2025
High · CVSS 7.5
An attacker may exploit this vulnerability by passing an overly long
value from the AccessCode argument to the control. This will overflow
the static stack buffer. The attacker may then execute code on the
target device remotely.
Published Apr 12, 2014 · Updated Sep 19, 2025
High · CVSS 7.5
An attacker can exploit this vulnerability by copying an overly long
NodeName2 argument into a statically sized buffer on the stack to
overflow the static stack buffer. An attacker may use this vulnerability
to remotely execute arbitrary code.
Published Apr 12, 2014 · Updated Sep 19, 2025
High · CVSS 7.5
To exploit this vulnerability, the attacker sends data from the GotoCmd
argument to control. If the value of the argument is overly long, the
static stack buffer can be overflowed. This will allow the attacker to
execute arbitrary code remotely.
Published Apr 12, 2014 · Updated Sep 19, 2025
High · CVSS 7.5
By providing an overly long string to the NodeName parameter, an
attacker may be able to overflow the static stack buffer. The attacker
may then execute code on the target device remotely.
Published Apr 12, 2014 · Updated Sep 19, 2025
High · CVSS 7.5
An attacker using SQL injection may use arguments to construct queries
without proper sanitization. The DBVisitor.dll is exposed through SOAP
interfaces, and the exposed functions are vulnerable to SOAP injection.
This may allow unexpected SQL action and access to records in the table
of the software database or execution of arbitrary code.
Published Apr 12, 2014 · Updated Sep 19, 2025
Critical · CVSS 9.3
The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1
Modular Controller with CoDeSys and SoftMotion provide an undocumented
access method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service (application
crash) via unspecified vectors.
Published Apr 25, 2014 · Updated Jul 2, 2025
Critical · CVSS 9.3
The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001.
Published Apr 25, 2014 · Updated Jul 2, 2025
Unknown · CVSS Not scored
The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program.
Published Apr 27, 2014 · Updated Feb 13, 2025
Medium · CVSS 5
A vulnerability was found in Dart http_server up to 0.9.5 and classified as problematic. Affected by this issue is the function VirtualDirectory of the file lib/src/virtual_directory.dart of the component Directory Listing Handler. The manipulation of the argument request.uri.path leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.9.6 is able to address this issue. The name of the patch is 27c1cbd8125bb0369e675eb72e48218496e48ffb. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225356.
Published Apr 10, 2023 · Updated Feb 7, 2025
Medium · CVSS 4
A vulnerability classified as problematic was found in phpMiniAdmin up to 1.8.120510. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.9.140405 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-225001 was assigned to this vulnerability.
Published Apr 6, 2023 · Updated Nov 22, 2024
Unknown · CVSS Not scored
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9558, QCA9880, QCA9886, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 625, SD 808, SD 810, SD 820, and SDX20, while processing firmware image signature, the internal buffer may overflow if the firmware signature size is large.
Published Apr 18, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 435, SD 617, SD 625, and Snapdragon_High_Med_2016, binary Calibration files under data/misc/audio have 777 permissions.
Published Apr 18, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, there could be leakage of protected contents if HLOS doesn't request for security restoration for OCMEM xPU's.
Published Apr 18, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to bypass intended access restrictions via a direct request.
Published Apr 15, 2014 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Incomplete blacklist vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string, as demonstrated by bypassing a protection mechanism that removes only the "alert" string.
Published Apr 15, 2014 · Updated Sep 17, 2024
Unknown · CVSS Not scored
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, and SD 800, while reading PlayReady rights string information from command buffer (which is sent from non-secure side), if length of rights string is very large, a buffer over read occurs, exposing TZ App memory to non-secure side.
Published Apr 18, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 808, and SD 810, use after free vulnerability when the PDN throttle info block is freed without clearing the corresponding active timer.
Published Apr 18, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not require authentication for access to log files, which allows remote attackers to obtain sensitive server information by using a predictable name in a request for a file.
Published Apr 15, 2014 · Updated Sep 17, 2024
Unknown · CVSS Not scored
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, when writing the Full Disk Encryption key to crypto engine, information leak could occur.
Published Apr 18, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A race condition in the wmi_malware_scan.nbin plugin before 201402262215 for Nessus 5.2.1 allows local users to gain privileges by replacing the dissolvable agent executable in the Windows temp directory with a Trojan horse program.
Published Apr 11, 2014 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple directory traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a filename parameter containing directory traversal sequences.
Published Apr 15, 2014 · Updated Sep 17, 2024
Unknown · CVSS Not scored
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, and SD 450, lack of input validation could lead to an out of bound array access.
Published Apr 18, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 450, SD 625, SD 650/52, SD 808, and SD 810, lack of input validation in PRDiagMaintenanceHandler can leads to buffer over read.
Published Apr 18, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 400, SD 450, SD 410/12, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, and SDX20, lack of input validation on BT HCI commands processing allows privilege escalation.
Published Apr 18, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py.
Published Apr 27, 2014 · Updated Sep 17, 2024
Unknown · CVSS Not scored
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, SD 400, and SD 800, TOCTOU condition may result in bypassing error condition checks, leading to undefined behavior.
Published Apr 18, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to obtain sensitive information via requests to unspecified URIs, as demonstrated by pathname, SQL server, e-mail address, and IP address information.
Published Apr 15, 2014 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple absolute path traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a full pathname in a parameter.
Published Apr 15, 2014 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Erlang Solutions MongooseIM through 1.3.1 rev. 2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack.
Published Apr 11, 2014 · Updated Sep 17, 2024
Unknown · CVSS Not scored
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625 and SD 800, a fuse is not correctly blown on a secure device.
Published Apr 18, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, LocationService is being exported, which is a way for a service to expose its methods to other services. This makes it possible for any other services to import LocationService and call into the exposed method for bringing up a data connection.
Published Apr 18, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, a buffer over-read can occur in a DRM API.
Published Apr 18, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, SD 400, and SD 800, calling qsee_app_entry_return() without first calling qsee_app_entry() will cause the stack to be restored to an older state resulting in a return to an unexpected location.
Published Apr 18, 2018 · Updated Sep 17, 2024
Unknown · CVSS Not scored
OpenAFS before 1.6.7 delays the listen thread when an RXS_CheckResponse fails, which allows remote attackers to cause a denial of service (performance degradation) via an invalid packet.
Published Apr 14, 2014 · Updated Sep 17, 2024
Unknown · CVSS Not scored
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to modify the flow of execution of ColdFusion code by using an HTTP GET request to set a ColdFusion variable.
Published Apr 15, 2014 · Updated Sep 17, 2024