Skip to main content
CVE-2014-1266 HIGH POC THREAT Act Now

The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 17.9%.

Information Disclosure Apple Microsoft Iphone Os Mac Os X +1
NVD
CVSS 3.1
7.4
EPSS
17.9%
CVE-2013-6952 CRITICAL Act Now

The Belkin WeMo Home Automation firmware before 3949 has a hardcoded GPG key, which makes it easier for remote attackers to spoof firmware updates and execute arbitrary code via crafted signed data. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Wemo Home Automation Firmware
NVD
CVSS 2.0
10.0
EPSS
5.7%
CVE-2014-0721 CRITICAL Act Now

The Cisco Unified SIP Phone 3905 with firmware before 9.4(1) allows remote attackers to obtain root access via a session on the test interface on TCP port 7870, aka Bug ID CSCuh75574. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Unified Sip Phone 3905
NVD
CVSS 2.0
10.0
EPSS
1.1%
CVE-2013-6949 CRITICAL Act Now

The Belkin WeMo Home Automation firmware before 3949 does not properly use the STUN and TURN protocols, which allows remote attackers to hijack connections and possibly have unspecified other impact. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Wemo Home Automation Firmware
NVD
CVSS 2.0
9.3
EPSS
0.6%
CVE-2014-0709 CRITICAL Act Now

Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Authentication Bypass Ucs Director
NVD
CVSS 2.0
9.3
EPSS
0.5%
CVE-2013-6948 HIGH This Week

The peerAddresses API in the Belkin WeMo Home Automation firmware before 3949 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection XXE RCE Wemo Home Automation Firmware
NVD
CVSS 2.0
7.8
EPSS
0.5%
CVE-2013-6950 HIGH This Week

The Belkin WeMo Home Automation firmware before 3949 does not use SSL for the distribution feed, which allows man-in-the-middle attackers to install arbitrary firmware by spoofing a distribution. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Wemo Home Automation Firmware
NVD
CVSS 2.0
7.8
EPSS
0.5%
CVE-2014-0719 HIGH This Week

The control-plane access-list implementation in Cisco IPS Software before 7.1(8p2)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (MainApp process outage) via crafted. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Cisco Ips Sensor Software
NVD
CVSS 2.0
7.8
EPSS
0.2%
CVE-2014-0818 HIGH This Week

Untrusted search path vulnerability in Autodesk AutoCAD before 2014 allows local users to gain privileges and execute arbitrary VBScript code via a Trojan horse FAS file in the FAS file search path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Autocad
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2014-0720 HIGH This Week

Cisco IPS Software 7.1 before 7.1(8)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (Analysis Engine process outage) via a flood of jumbo frames, aka Bug ID CSCuh94944. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Ips Sensor Software
NVD
CVSS 2.0
7.1
EPSS
0.4%
CVE-2014-0718 HIGH This Week

The produce-verbose-alert feature in Cisco IPS Software 7.1 before 7.1(8)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (Analysis Engine process outage) via. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Ips Sensor Software
NVD
CVSS 2.0
7.1
EPSS
0.4%
CVE-2014-0710 HIGH This Week

Race condition in the cut-through proxy feature in Cisco Firewall Services Module (FWSM) Software 3.x before 3.2(28) and 4.x before 4.1(15) allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Race Condition Cisco Firewall Services Module Software
NVD
CVSS 2.0
7.1
EPSS
0.3%
CVE-2013-6951 HIGH This Week

The Belkin WeMo Home Automation firmware before 3949 does not maintain a set of Certification Authority public keys, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Wemo Home Automation Firmware
NVD
CVSS 2.0
7.1
EPSS
0.3%
CVE-2014-0730 MEDIUM This Month

Cisco Unified Computing System (UCS) Central Software 1.1 and earlier allows local users to gain privileges via a CLI copy command in a local-mgmt context, aka Bug ID CSCul53128. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cisco Unified Computing System Central Software
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-0854 MEDIUM This Month

The server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote authenticated users to read. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation XXE IBM Cognos Business Intelligence
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-0731 MEDIUM This Month

The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and read Java class files via a direct request,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Java Cisco Unified Communications Manager
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-0819 MEDIUM This Month

Untrusted search path vulnerability in Autodesk AutoCAD before 2014 allows local users to gain privileges via a Trojan horse DLL in the current working directory. Rated medium severity (CVSS 4.4). No vendor patch available.

Information Disclosure Autocad
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2014-0811 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Blackboard Vista/CE 8.0 SP6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Vista Ce
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-6732 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Cognos Business Intelligence
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-0737 MEDIUM This Month

The Cisco Unified IP Phone 7960G 9.2(1) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Authentication Bypass Unified Ip Phone 7960G
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-0739 MEDIUM This Month

Race condition in the Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass sec_db authentication and provide certain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Appliance Software
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-0738 MEDIUM This Month

The Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Appliance Software
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2014-0861 LOW Monitor

Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Cognos Business Intelligence
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-6734 LOW Monitor

IBM WebSphere eXtreme Scale Client 7.1 through 8.6.0.4 does not properly isolate the cached data of different users, which allows remote authenticated users to obtain sensitive information in. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation IBM Websphere Extreme Scale Client
NVD
CVSS 2.0
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy