Skip to main content
CVE-2014-2120 MEDIUM KEV THREAT This Month

Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via an unspecified. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 63.9%.

Cisco XSS
NVD VulDB
CVSS 3.1
6.1
EPSS
63.9%
Threat
4.6
CVE-2014-2339 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in bbs/ajax.autosave.php in GNUboard 5.x and possibly earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) subject or (2). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Gnuboard
NVD Exploit-DB VulDB
CVSS 2.0
6.5
EPSS
0.3%
CVE-2014-1496 MEDIUM POC This Month

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Privilege Escalation Firefox Seamonkey Thunderbird +3
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2013-5952 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Freichat (com_freichat) component, possibly 9.4 and earlier, for Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Com Freichat
NVD VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-5955 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in manage.php in the PBBooking (com_pbbooking) component 2.4 for Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Com Pbbooking
NVD VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-1979 MEDIUM This Month

The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Java RCE Google Code Injection Spmode Mail Android
NVD VulDB
CVSS 2.0
6.8
EPSS
0.5%
CVE-2014-1502 MEDIUM This Month

The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Authentication Bypass Opensuse Linux Enterprise Desktop Linux Enterprise Server +4
NVD VulDB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-1506 MEDIUM This Month

Directory traversal vulnerability in Android Crash Reporter in Mozilla Firefox before 28.0 on Android allows attackers to trigger the transmission of local files to arbitrary servers, or cause a. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Mozilla Google Denial Of Service Firefox +1
NVD VulDB
CVSS 2.0
6.4
EPSS
1.5%
CVE-2014-1501 MEDIUM This Month

Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open Link in New Tab" menu selection. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Privilege Escalation Google Solaris Firefox +3
NVD VulDB
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-1500 MEDIUM This Month

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Opensuse Solaris Firefox +4
NVD VulDB
CVSS 2.0
5.0
EPSS
2.3%
CVE-2014-2122 MEDIUM This Month

Memory leak in the GUI in the Impact server in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, aka Bug ID. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Hosted Collaboration Solution
NVD VulDB
CVSS 2.0
5.0
EPSS
1.0%
CVE-2014-2121 MEDIUM This Month

The Java-based software in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (closing of TCP ports) via unspecified vectors, aka Bug IDs CSCug77633,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Hosted Collaboration Solution
NVD VulDB
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-1498 MEDIUM This Month

The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jwt Attack Mozilla Denial Of Service Linux Enterprise Desktop Linux Enterprise Server +5
NVD VulDB
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-1499 MEDIUM This Month

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Linux Enterprise Desktop Linux Enterprise Server Linux Enterprise Software Development Kit +4
NVD VulDB
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-5953 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in tmpl/layout_editevent.php in the Multi Calendar (com_multicalendar) component 4.0.2, and possibly 4.8.5 and earlier, for Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Com Multicalendar
NVD VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-1978 MEDIUM This Month

The application link interface in the NTT DOCOMO sp mode mail application 6100 through 6300 for Android 4.0.x and 6130 through 6700 for Android 4.1 through 4.4 writes message content to the SD card. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Google Spmode Mail Android
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-1977 MEDIUM This Month

The NTT DOCOMO sp mode mail application 6300 and earlier for Android 4.0.x and 6700 and earlier for Android 4.1 through 4.4 uses weak permissions for attachments during processing of incoming e-mail. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Google Spmode Mail Android
NVD VulDB
CVSS 2.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy