Skip to main content
CVE-2014-1708 CRITICAL Act Now

The boot implementation in Google Chrome OS before 33.0.1750.152 does not properly consider file persistence, which allows remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Google Chrome Os Chrome
NVD VulDB
CVSS 2.0
10.0
EPSS
2.9%
CVE-2014-1704 CRITICAL Act Now

Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18, as used in Google Chrome before 33.0.1750.149, allow attackers to cause a denial of service or possibly have other impact via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome V8
NVD VulDB
CVSS 2.0
10.0
EPSS
1.5%
CVE-2014-0895 HIGH Act Now

Buffer overflow in the vsflex8l ActiveX control in IBM SPSS SamplePower 3.0.1 before FP1 3.0.1-IM-S3SAMPC-WIN32-FP001-IF02 allows remote attackers to execute arbitrary code via a crafted ComboList. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 12.8% and no vendor patch available.

IBM RCE Buffer Overflow Spss Samplepower
NVD VulDB
CVSS 2.0
7.5
EPSS
12.8%
CVE-2014-0338 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the firewall policy management pages in WatchGuard Fireware XTM before 11.8.3 allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Watchguard Fireware
NVD VulDB
CVSS 2.0
4.3
EPSS
3.3%
CVE-2014-0339 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in view.cgi in Webmin before 1.680 allows remote attackers to inject arbitrary web script or HTML via the search parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Webmin
NVD VulDB
CVSS 2.0
4.3
EPSS
1.9%
CVE-2013-6210 HIGH This Week

Unspecified vulnerability in HP Unified Functional Testing before 12.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1932. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Unified Functional Testing
NVD VulDB
CVSS 2.0
7.5
EPSS
5.0%
CVE-2014-2251 HIGH PATCH This Week

The random-number generator on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable.

Information Disclosure Siemens Simatic S7 1500 Cpu Firmware
NVD VulDB
CVSS 2.0
8.3
EPSS
0.9%
CVE-2014-2259 HIGH PATCH This Week

Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTPS packets. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Siemens Simatic S7 1500 Cpu Firmware
NVD VulDB
CVSS 2.0
7.8
EPSS
1.6%
CVE-2014-2255 HIGH PATCH This Week

Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Siemens Simatic S7 1500 Cpu Firmware
NVD VulDB
CVSS 2.0
7.8
EPSS
1.6%
CVE-2014-1705 HIGH This Week

Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service (memory corruption) or possibly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Google Buffer Overflow Microsoft +3
NVD VulDB
CVSS 2.0
7.5
EPSS
3.0%
CVE-2014-2257 HIGH PATCH This Week

Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Siemens Simatic S7 1500 Cpu Firmware
NVD VulDB
CVSS 2.0
7.8
EPSS
0.9%
CVE-2014-1713 HIGH This Week

Use-after-free vulnerability in the AttributeSetter function in bindings/templates/attributes.cpp in the bindings in Blink, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Google Microsoft +1
NVD VulDB
CVSS 2.0
7.5
EPSS
2.0%
CVE-2014-1700 HIGH This Week

Use-after-free vulnerability in modules/speech/SpeechSynthesis.cpp in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause a denial of service or possibly have. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome
NVD VulDB
CVSS 2.0
7.5
EPSS
1.4%
CVE-2014-1702 HIGH This Week

Use-after-free vulnerability in the DatabaseThread::cleanupDatabaseThread function in modules/webdatabase/DatabaseThread.cpp in the web database implementation in Blink, as used in Google Chrome. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome
NVD VulDB
CVSS 2.0
7.5
EPSS
1.3%
CVE-2014-1714 HIGH This Week

The ScopedClipboardWriter::WritePickledData function in ui/base/clipboard/scoped_clipboard_writer.cc in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows does. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Microsoft Chrome
NVD VulDB
CVSS 2.0
7.5
EPSS
1.0%
CVE-2014-1710 HIGH This Week

The AsyncPixelTransfersCompletedQuery::End function in gpu/command_buffer/service/query_manager.cc in Google Chrome, as used in Google Chrome OS before 33.0.1750.152, does not check whether a certain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Chrome Os Chrome
NVD VulDB
CVSS 2.0
7.5
EPSS
0.7%
CVE-2014-1703 HIGH This Week

Use-after-free vulnerability in the WebSocketDispatcherHost::SendOrDrop function in content/browser/renderer_host/websocket_dispatcher_host.cc in the Web Sockets implementation in Google Chrome. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome
NVD VulDB
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-1711 HIGH This Week

The GPU driver in the kernel in Google Chrome OS before 33.0.1750.152 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Chrome Os Chrome
NVD VulDB
CVSS 2.0
7.5
EPSS
0.3%
CVE-2014-1715 HIGH This Week

Directory traversal vulnerability in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows has unspecified impact and attack vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Google Microsoft Chrome
NVD VulDB
CVSS 2.0
7.5
EPSS
0.2%
CVE-2014-1706 HIGH This Week

crosh in Google Chrome OS before 33.0.1750.152 allows attackers to inject commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Code Injection Chrome Os Chrome
NVD VulDB
CVSS 2.0
7.5
EPSS
0.1%
CVE-2014-1707 HIGH This Week

Directory traversal vulnerability in CrosDisks in Google Chrome OS before 33.0.1750.152 has unspecified impact and attack vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Google Chrome Os Chrome
NVD VulDB
CVSS 2.0
7.5
EPSS
0.1%
CVE-2013-6208 HIGH This Week

Unspecified vulnerability in HP Smart Update Manager 5.3.5 before build 70 on Linux allows local users to gain privileges via unknown vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure Smart Update Manager
NVD VulDB
CVSS 2.0
7.2
EPSS
0.1%
CVE-2013-4057 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the XML Pack in IBM InfoSphere Information Server 8.5.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allows remote attackers to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

IBM CSRF Infosphere Information Server
NVD VulDB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-0873 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Data Stewardship, (2) Business Admin, and (3) Product interfaces in IBM InfoSphere Master Data Management (MDM) Server 8.5 before. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

IBM CSRF Infosphere Master Data Management Server
NVD VulDB
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-4058 MEDIUM This Month

Multiple SQL injection vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote authenticated users to execute arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SQLi Infosphere Information Server
NVD VulDB
CVSS 2.0
6.5
EPSS
0.5%
CVE-2014-2253 MEDIUM PATCH This Month

Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted Profinet packets. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Denial Of Service Siemens Simatic S7 1500 Cpu Firmware
NVD VulDB
CVSS 2.0
6.1
EPSS
0.2%
CVE-2014-2247 MEDIUM PATCH This Month

The integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to inject headers via unspecified vectors. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Code Injection Siemens Simatic S7 1500 Cpu Firmware
NVD VulDB
CVSS 2.0
5.8
EPSS
0.7%
CVE-2014-2249 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 and SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allows remote. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

CSRF Siemens Simatic S7 1500 Cpu Firmware
NVD VulDB
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-2248 MEDIUM PATCH This Month

Open redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to redirect users to arbitrary web sites and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Open Redirect Siemens Simatic S7 1500 Cpu Firmware
NVD VulDB
CVSS 2.0
4.3
EPSS
0.7%
CVE-2014-2246 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Siemens Simatic S7 1500 Cpu Firmware
NVD VulDB
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-4059 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Infosphere Information Server
NVD VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-1701 MEDIUM This Month

The GenerateFunction function in bindings/scripts/code_generator_v8.pm in Blink, as used in Google Chrome before 33.0.1750.149, does not implement a certain cross-origin restriction for the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Google Chrome
NVD VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-0850 LOW Monitor

Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Reference Data Management (RDM) Hub 10.1 and 11.0 before 11.0.0.0-MDM-IF008 allows remote authenticated users to. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Infosphere Master Data Management Reference Data Management Hub
NVD VulDB
CVSS 2.0
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy