Skip to main content
CVE-2014-0322 HIGH POC KEV PATCH THREAT Act Now

Internet Explorer 9 and 10 contain a use-after-free vulnerability in CMarkup object handling exploitable via crafted JavaScript, used in 'Operation SnowMan' watering hole attacks targeting US military and defense in early 2014.

RCE Microsoft Use After Free Memory Corruption
NVD Exploit-DB VulDB
CVSS 3.1
8.8
EPSS
93.2%
Threat
9.6
CVE-2013-5014 HIGH POC THREAT Act Now

The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 86.2%.

XXE Endpoint Protection Manager Protection Center
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
86.2%
Threat
5.6
CVE-2013-5015 MEDIUM POC THREAT This Month

SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 64.5%.

SQLi Endpoint Protection Manager Protection Center
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
64.5%
Threat
4.7
CVE-2013-6441 HIGH POC PATCH This Week

The lxc-sshd template (templates/lxc-sshd.in) in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Lxc
NVD GitHub
CVSS 2.0
7.2
EPSS
0.0%
CVE-2014-1680 MEDIUM POC This Month

Untrusted search path vulnerability in Bandisoft Bandizip before 3.10 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

Information Disclosure Bandizip
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2013-5400 CRITICAL Act Now

An unspecified servlet in IBM Platform Symphony Developer Edition (DE) 5.2 and 6.1.x through 6.1.1 has hardcoded credentials, which allows remote attackers to bypass authentication and obtain "local. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Platform Symphony
NVD
CVSS 2.0
10.0
EPSS
2.4%
CVE-2013-6492 MEDIUM POC This Month

The Piranha Configuration Tool in Piranha 0.8.6 does not properly restrict access to webpages, which allows remote attackers to bypass authentication and read or modify the LVS configuration via an. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Piranha
NVD Exploit-DB
CVSS 2.0
5.8
EPSS
2.7%
CVE-2014-1219 MEDIUM POC This Month

CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure 2E Web Option
NVD Exploit-DB
CVSS 2.0
5.1
EPSS
6.1%
CVE-2014-0032 MEDIUM PATCH This Month

The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 27.1%.

Denial Of Service Apache Subversion
NVD
CVSS 2.0
4.3
EPSS
27.1%
CVE-2013-5351 HIGH This Week

Heap-based buffer overflow in IrfanView before 4.37 allows remote attackers to execute arbitrary code via the LZW code stream in a GIF file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Irfanview
NVD
CVSS 2.0
7.5
EPSS
5.5%
CVE-2013-6742 HIGH This Week

The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Sametime
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2014-1921 HIGH PATCH This Week

parcimonie before 0.8.1, when using a large keyring, sleeps for the same amount of time between fetches, which allows attackers to correlate key fetches via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Race Condition Parcimonie
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2013-3983 HIGH This Week

The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not validate URLs in Cookie headers before using them in redirects, which has unspecified impact and remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Sametime
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2012-6149 LOW POC PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

Red Hat XSS Satellite Satellite 5 Managed Db Spacewalk Java
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2013-2829 HIGH This Week

MatrikonOPC SCADA DNP3 OPC Server 1.2.2.0 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed DNP3 packet. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Scada Dnp3 Opc Server
NVD
CVSS 2.0
7.1
EPSS
0.5%
CVE-2013-3988 MEDIUM This Month

The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Sametime
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2014-0813 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to hijack the authentication of arbitrary users for requests that modify settings. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Phpmyfaq
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-6722 MEDIUM This Month

Unrestricted file upload vulnerability in the Registration/Edit My Profile portlet in IBM WebSphere Portal 7.x before 7.0.0.2 CF27 and 8.x through 8.0.0.1 CF09 allows remote attackers to cause a. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service File Upload IBM Websphere Portal
NVD
CVSS 2.0
5.8
EPSS
0.5%
CVE-2012-1100 MEDIUM This Month

Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Authentication Bypass Jboss Operations Network
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2012-0052 MEDIUM This Month

Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 does not check the JON agent key, which allows remote attackers to spoof the identity of arbitrary agents via the registered. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Information Disclosure Jboss Operations Network
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2012-0062 MEDIUM This Month

Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent registration request without a security token. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Authentication Bypass Jboss Operations Network
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-6728 MEDIUM This Month

The charting component in IBM WebSphere Dashboard Framework (WDF) 6.1.5 and 7.0.1 allows remote attackers to view or delete image files by leveraging incorrect security constraints for a temporary. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation IBM Websphere Dashboard Framework
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2014-1963 MEDIUM This Month

Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allows remote attackers to cause a denial of service via unknown attack vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SAP Netweaver
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2013-6440 MEDIUM PATCH This Month

The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure XXE Java Opensaml
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-1962 MEDIUM This Month

Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure XXE SAP Customer Relationship Management
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-1960 MEDIUM This Month

The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Netweaver Netweaver Solution Manager
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-1961 MEDIUM This Month

Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain sensitive path information via unknown attack vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Netweaver
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-1467 MEDIUM This Month

BlackBerry Enterprise Service 10 before 10.2.1, Universal Device Service 6, Enterprise Server Express for Domino through 5.0.4, Enterprise Server Express for Exchange through 5.0.4, Enterprise Server. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Blackberry Enterprise Service Blackberry Universal Device Service Enterprise Server +1
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-3978 MEDIUM This Month

The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not send the appropriate HTTP response headers to prevent unwanted caching by a web browser, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Sametime
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-1253 MEDIUM This Month

AppleMNT.sys in Apple Boot Camp 5 before 5.1 allows local users to cause a denial of service (kernel memory corruption) or possibly have unspecified other impact via a malformed header in a Portable. Rated medium severity (CVSS 4.7). No vendor patch available.

Buffer Overflow Denial Of Service Apple Boot Camp
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2014-0332 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and SonicWALL UMA E5000 before 7.1 SP2 might allow remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Dell Sonicwall XSS Global Management System Analyzer
NVD
CVSS 2.0
4.3
EPSS
1.8%
CVE-2014-1950 MEDIUM This Month

Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xc_cpumap_alloc function,. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-0814 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Phpmyfaq
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-7326 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in vTiger CRM 5.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) return_url parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Vtiger Crm
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-4415 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) whereCriteria. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Red Hat XSS Satellite Satellite 5 Managed Db Spacewalk Java +2
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-1965 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

SAP Microsoft XSS Netweaver
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-1964 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component in SAP NetWeaver allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

SAP Microsoft XSS Netweaver Netweaver Exchange Infrastructure Bc Xi
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4499 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Bean module 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via the bean title. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Bean
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-7032 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the web based operator client in LiveZilla before 5.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name of an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Livezilla
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-0855 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in IBM Connections Portlets 4.x before 4.5.1 FP1 for IBM WebSphere Portal 7.0.0.2 and 8.0.0.1 allow remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Connections Portlets
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-1871 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in account/EditAddress.do in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary web script or HTML via the type. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Red Hat XSS Satellite
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2013-6743 LOW Monitor

Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Sametime
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-1948 LOW PATCH Monitor

OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and. Rated low severity (CVSS 2.6).

Authentication Bypass Image Registry And Delivery Service Glance
NVD
CVSS 2.0
2.6
EPSS
0.1%
CVE-2014-0018 LOW Monitor

Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.0 and JBoss WildFly Application Server, when run under a security manager, do not properly restrict access to the Modular Service Container. Rated low severity (CVSS 1.9). No vendor patch available.

Red Hat Privilege Escalation Jboss Enterprise Application Platform Jboss Wildfly Application Server
NVD
CVSS 2.0
1.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy