Skip to main content
CVE-2014-1903 HIGH POC THREAT Act Now

admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 84.5%.

PHP Privilege Escalation Freepbx
NVD GitHub Exploit-DB
CVSS 2.0
7.5
EPSS
84.5%
Threat
5.5
CVE-2014-1861 CRITICAL Act Now

The client in Jetro COCKPIT Secure Browsing (JCSB) 4.3.1 and 4.3.3 does not validate the FileName element in an RDP_FILE_TRANSFER document, which allows remote JCSB servers to execute arbitrary. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Jetro Cockpit Secure Browsing
NVD
CVSS 2.0
9.3
EPSS
0.3%
CVE-2014-1943 MEDIUM This Month

Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 21.5% and no vendor patch available.

Denial Of Service Fine Free File PHP Ubuntu Linux Debian Linux
NVD GitHub
CVSS 2.0
5.0
EPSS
21.5%
CVE-2013-7226 MEDIUM This Month

Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 10.3% and no vendor patch available.

PHP Buffer Overflow Denial Of Service
NVD GitHub
CVSS 2.0
6.8
EPSS
10.3%
CVE-2014-2019 MEDIUM POC This Month

The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apple Iphone Os
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2013-7327 MEDIUM This Month

The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

PHP Denial Of Service Ubuntu Linux
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2013-7328 MEDIUM This Month

Multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allow remote attackers to cause a denial of service (application crash) or obtain sensitive. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

PHP Denial Of Service
NVD
CVSS 2.0
5.8
EPSS
0.7%
CVE-2013-6396 MEDIUM PATCH This Month

The OpenStack Python client library for Swift (python-swiftclient) 1.0 through 1.9.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Python Information Disclosure Swift
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2014-0625 MEDIUM This Month

The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Bsafe Ssl J Rsa Bsafe Ssl J
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-2020 MEDIUM PATCH This Month

ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

PHP Information Disclosure
NVD GitHub
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-0627 MEDIUM This Month

The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Bsafe Ssl J Rsa Bsafe Ssl J
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-0626 MEDIUM This Month

The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Bsafe Ssl J Rsa Bsafe Ssl J
NVD
CVSS 2.0
5.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy