Skip to main content
CVE-2014-2013 HIGH POC THREAT Act Now

Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 34.5%.

Buffer Overflow RCE Mupdf
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
34.5%
Threat
4.0
CVE-2014-1884 HIGH POC This Week

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Adobe Apache Microsoft Cordova +1
NVD
CVSS 2.0
7.5
EPSS
2.0%
CVE-2014-1881 HIGH POC PATCH This Week

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Adobe Apache Cordova Phonegap
NVD
CVSS 2.0
7.5
EPSS
1.9%
CVE-2014-1883 HIGH POC PATCH This Week

Adobe PhoneGap before 2.6.0 on Android uses the shouldOverrideUrlLoading callback instead of the proper shouldInterceptRequest callback, which allows remote attackers to bypass intended. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Adobe Google Phonegap
NVD GitHub
CVSS 2.0
7.5
EPSS
1.3%
CVE-2012-6637 HIGH POC PATCH This Week

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier do not anchor the end of domain-name regular expressions, which allows remote attackers to bypass a whitelist protection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Adobe Apache Authentication Bypass Cordova Phonegap
NVD
CVSS 2.0
7.5
EPSS
1.3%
CVE-2014-2211 HIGH POC This Week

SQL injection vulnerability in portal/addtoapplication.php in POSH (aka Posh portal or Portaneo) 3.0 before 3.3.0 allows remote attackers to execute arbitrary SQL commands via the rssurl parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Posh
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.3%
CVE-2014-1882 HIGH This Week

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Adobe Apache Phonegap Cordova
NVD
CVSS 2.0
7.5
EPSS
7.7%
CVE-2014-1939 HIGH This Week

java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Google Apple Code Injection RCE +2
NVD
CVSS 2.0
7.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy