Skip to main content
CVE-2014-0496 HIGH KEV THREAT Act Now

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 74.7%.

Memory Corruption RCE Adobe Microsoft Use After Free
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
74.7%
Threat
5.5
CVE-2013-2827 HIGH POC PATCH THREAT Act Now

An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 60.5%.

Code Injection RCE Kingalarm Event Kinggraphic Kingscada
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
60.5%
Threat
4.8
CVE-2013-5880 MEDIUM POC THREAT This Month

Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 12.2.0, 12.2.1, and 12.2.2 allows remote attackers to affect confidentiality via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 82.4%.

Information Disclosure Oracle Supply Chain Products Suite
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
82.4%
Threat
5.0
CVE-2013-5877 MEDIUM POC THREAT This Month

Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.0, and 12.2.1 allows remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 78.9%.

Information Disclosure Oracle Supply Chain Products Suite Supply Chain Products Suite Sql Server
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
78.9%
Threat
4.9
CVE-2013-5795 MEDIUM POC THREAT This Month

Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.1, 12.2.2, and 12.2.3 allows remote attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 76.0%.

Information Disclosure Oracle Supply Chain Products Suite Supply Chain Products Suite Sql Server
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
76.0%
Threat
4.8
CVE-2013-7108 MEDIUM POC THREAT This Month

Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 48.6%.

Denial Of Service Nagios Icinga
NVD Exploit-DB
CVSS 2.0
5.5
EPSS
48.6%
Threat
4.1
CVE-2014-1201 CRITICAL POC THREAT Emergency

Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2 LH330 series with firmware 11.17.38-33_1D97A, and Edge3 LH340 series. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 23.2%.

Buffer Overflow Denial Of Service RCE Edge Lh310 Firmware Edge +5
NVD GitHub Exploit-DB
CVSS 2.0
10.0
EPSS
23.2%
Threat
4.2
CVE-2014-0260 CRITICAL Emergency

Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office Compatibility Pack SP3; Word Viewer; SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 37.2% and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft RCE Office Compatibility Pack +5
NVD
CVSS 2.0
9.3
EPSS
37.2%
CVE-2014-0258 CRITICAL Emergency

Microsoft Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 33.4% and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft RCE Office Compatibility Pack +2
NVD
CVSS 2.0
9.3
EPSS
33.4%
CVE-2014-0379 MEDIUM POC THREAT This Month

Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0.x, 7.3.1.x, 12.2.0, 12.2.1, and 12.2.2 allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 36.1%.

Information Disclosure Oracle Supply Chain Products Suite Supply Chain Products Suite Sql Server
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
36.1%
CVE-2014-0259 CRITICAL Emergency

Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 30.3% and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft RCE Office Compatibility Pack +1
NVD
CVSS 2.0
9.3
EPSS
30.3%
CVE-2014-0372 MEDIUM POC THREAT This Month

Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.1, and 12.2.2 allows remote authenticated. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 20.5%.

Information Disclosure Oracle Supply Chain Products Suite Supply Chain Products Suite Sql Server
NVD Exploit-DB
CVSS 2.0
5.5
EPSS
20.5%
CVE-2013-5907 CRITICAL Act Now

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 16.6% and no vendor patch available.

Denial Of Service Java Oracle RCE Jdk +2
NVD
CVSS 2.0
10.0
EPSS
16.6%
CVE-2014-0493 CRITICAL Act Now

Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 12.6% and no vendor patch available.

Denial Of Service Buffer Overflow Adobe Microsoft RCE +1
NVD
CVSS 2.0
10.0
EPSS
12.6%
CVE-2014-1206 HIGH POC This Week

SQL injection vulnerability in the password reset page in Open Web Analytics (OWA) before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owa_email_address parameter in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Open Web Analytics
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.6%
CVE-2014-0428 CRITICAL Act Now

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jdk Jre
NVD
CVSS 2.0
10.0
EPSS
8.1%
CVE-2014-0422 CRITICAL Act Now

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jdk Jre
NVD
CVSS 2.0
10.0
EPSS
8.1%
CVE-2014-0417 CRITICAL Act Now

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JavaFX 2.2.45; and Java SE Embedded 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure Jdk Jre +1
NVD
CVSS 2.0
9.3
EPSS
9.2%
CVE-2014-0415 CRITICAL Act Now

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
10.0
EPSS
5.4%
CVE-2014-0410 CRITICAL Act Now

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
10.0
EPSS
5.4%
CVE-2014-0495 CRITICAL Act Now

Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Adobe Microsoft RCE +1
NVD
CVSS 2.0
10.0
EPSS
4.9%
CVE-2013-5893 CRITICAL Act Now

Unspecified vulnerability in Oracle Java SE 7u45 and Java SE Embedded 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure Jdk Jre
NVD
CVSS 2.0
9.3
EPSS
7.0%
CVE-2014-0492 CRITICAL PATCH Act Now

Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Adobe Microsoft Flash Player Adobe Air Sdk +1
NVD
CVSS 2.0
10.0
EPSS
3.2%
CVE-2013-5889 CRITICAL Act Now

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
9.3
EPSS
6.0%
CVE-2014-0491 CRITICAL PATCH Act Now

Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Adobe Microsoft Flash Player Adobe Air Sdk +1
NVD
CVSS 2.0
10.0
EPSS
2.2%
CVE-2014-0408 CRITICAL Act Now

Unspecified vulnerability in Oracle Java SE 7u45, when running on OS X, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure Jre
NVD
CVSS 2.0
9.3
EPSS
4.3%
CVE-2013-2820 CRITICAL Act Now

The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to reprogram the firmware via a replay attack using UDP ports 17336 and 17388. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Raven X Ev Do Firmware Airlink Mp At T Airlink Mp At T Wifi Airlink Mp Bell +15
NVD
CVSS 2.0
10.0
EPSS
0.0%
CVE-2014-0385 CRITICAL Act Now

Unspecified vulnerability in Oracle Java SE 7u45, when installing on OS X, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure Jdk Jre
NVD
CVSS 2.0
9.3
EPSS
1.6%
CVE-2013-2819 CRITICAL Act Now

The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to install Trojan horse firmware by leveraging cleartext credentials in a crafted (1). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Raven X Ev Do Firmware Airlink Mp At T Airlink Mp At T Wifi Airlink Mp Bell +15
NVD
CVSS 2.0
9.3
EPSS
0.0%
CVE-2014-0387 HIGH This Week

Unspecified vulnerability in Oracle Java SE 6u65 and Java SE 7u45, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Oracle Information Disclosure Java Jdk +1
NVD
CVSS 2.0
7.6
EPSS
6.0%
CVE-2014-0424 HIGH This Week

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
7.5
EPSS
5.1%
CVE-2013-5878 HIGH This Week

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jdk Jre
NVD
CVSS 2.0
7.5
EPSS
4.5%
CVE-2014-0373 HIGH This Week

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
7.5
EPSS
3.3%
CVE-2013-5785 HIGH This Week

Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.6, 11.1.1.7, and 11.1.2.1 allows remote attackers to affect confidentiality, integrity, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Fusion Middleware
NVD
CVSS 2.0
7.5
EPSS
1.5%
CVE-2014-1466 HIGH This Week

SQL injection vulnerability in CSP MySQL User Manager 2.3 allows remote attackers to execute arbitrary SQL commands via the login field of the login page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Csp Mysql User Manager
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-0262 HIGH This Week

win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Server 2008 R2 SP1 does not properly consider thread-owned objects during the processing of window handles, which allows local. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Windows 7
NVD
CVSS 2.0
7.2
EPSS
1.6%
CVE-2013-3830 HIGH This Week

Unspecified vulnerability in the Hyperion Strategic Finance component in Oracle Hyperion 11.1.2.1 and 11.1.2.2 allows remote authenticated users to affect confidentiality, integrity, and availability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Hyperion Interactive Reporting
NVD
CVSS 2.0
7.1
EPSS
0.9%
CVE-2014-0617 HIGH This Week

Juniper Junos 10.4S before 10.4S15, 10.4R before 10.4R16, 11.4 before 11.4R9, and 12.1R before 12.1R7 on SRX Series service gateways allows remote attackers to cause a denial of service (flowd crash). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Juniper Junos Srx100 Srx110 +10
NVD
CVSS 2.0
7.1
EPSS
0.8%
CVE-2014-0613 HIGH This Week

The XNM command processor in Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 2.0
7.1
EPSS
0.6%
CVE-2014-0616 HIGH This Week

Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Juniper Race Condition Junos
NVD
CVSS 2.0
7.1
EPSS
0.6%
CVE-2014-0615 HIGH This Week

Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Juniper Junos
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2013-5879 MEDIUM This Month

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Fusion Middleware
NVD
CVSS 2.0
6.8
EPSS
1.6%
CVE-2013-5882 MEDIUM PATCH This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedures. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2013-5860 MEDIUM PATCH This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2013-5870 MEDIUM This Month

Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure Enterprise Linux Desktop Supplementary Enterprise Linux Hpc Node Supplementary +7
NVD
CVSS 2.0
6.8
EPSS
1.0%
CVE-2013-5904 MEDIUM This Month

Unspecified vulnerability in Oracle Java SE 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure Jre Enterprise Linux Desktop Supplementary +6
NVD
CVSS 2.0
6.8
EPSS
1.0%
CVE-2013-7205 MEDIUM This Month

Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Nagios
NVD
CVSS 2.0
6.4
EPSS
2.4%
CVE-2013-7106 MEDIUM This Month

Multiple stack-based buffer overflows in Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to cause a denial of service (crash) and possibly execute. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Icinga
NVD
CVSS 2.0
6.5
EPSS
1.7%
CVE-2013-7107 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in cmd.cgi in Icinga 1.8.5, 1.9.4, 1.10.2, and earlier allows remote attackers to hijack the authentication of users for unspecified commands via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Icinga
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-0261 MEDIUM This Month

Microsoft Dynamics AX 4.0 SP2, 2009 SP1, 2012, and 2012 R2 allows remote authenticated users to cause a denial of service (instance outage) via crafted data to an Application Object Server (AOS). Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.3% and no vendor patch available.

Denial Of Service Microsoft Dynamics Ax
NVD
CVSS 2.0
4.0
EPSS
13.3%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy