Skip to main content
CVE-2014-0322 HIGH POC KEV PATCH THREAT Act Now

Internet Explorer 9 and 10 contain a use-after-free vulnerability in CMarkup object handling exploitable via crafted JavaScript, used in 'Operation SnowMan' watering hole attacks targeting US military and defense in early 2014.

RCE Microsoft Use After Free Memory Corruption
NVD Exploit-DB VulDB
CVSS 3.1
8.8
EPSS
93.2%
Threat
9.6
CVE-2013-5014 HIGH POC THREAT Act Now

The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 86.2%.

XXE Endpoint Protection Manager Protection Center
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
86.2%
Threat
5.6
CVE-2013-6441 HIGH POC PATCH This Week

The lxc-sshd template (templates/lxc-sshd.in) in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Lxc
NVD GitHub
CVSS 2.0
7.2
EPSS
0.0%
CVE-2013-5351 HIGH This Week

Heap-based buffer overflow in IrfanView before 4.37 allows remote attackers to execute arbitrary code via the LZW code stream in a GIF file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Irfanview
NVD
CVSS 2.0
7.5
EPSS
5.5%
CVE-2013-6742 HIGH This Week

The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Sametime
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2014-1921 HIGH PATCH This Week

parcimonie before 0.8.1, when using a large keyring, sleeps for the same amount of time between fetches, which allows attackers to correlate key fetches via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Race Condition Parcimonie
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2013-3983 HIGH This Week

The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not validate URLs in Cookie headers before using them in redirects, which has unspecified impact and remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Sametime
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2013-2829 HIGH This Week

MatrikonOPC SCADA DNP3 OPC Server 1.2.2.0 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed DNP3 packet. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Scada Dnp3 Opc Server
NVD
CVSS 2.0
7.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy