Skip to main content
CVE-2014-0002 HIGH POC PATCH THREAT Act Now

The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 28.7%.

XXE Privilege Escalation Apache Camel
NVD VulDB
CVSS 2.0
7.5
EPSS
28.7%
CVE-2014-0003 HIGH POC PATCH THREAT Act Now

The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 23.0%.

Privilege Escalation Java Apache Camel
NVD VulDB
CVSS 2.0
7.5
EPSS
23.0%
CVE-2014-0879 CRITICAL PATCH Act Now

Stack-based buffer overflow in the Taskmaster Capture ActiveX control in IBM Datacap Taskmaster Capture 8.0.1, and 8.1 before FP2, allows remote attackers to execute arbitrary code via unspecified. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 22.9%.

IBM RCE Buffer Overflow Datacap Taskmaster Capture
NVD VulDB
CVSS 2.0
9.3
EPSS
22.9%
CVE-2014-2497 MEDIUM POC PATCH THREAT This Month

The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 12.1%.

Denial Of Service PHP Null Pointer Dereference Ubuntu Linux Linux Enterprise Server +9
NVD VulDB
CVSS 2.0
4.3
EPSS
12.1%
CVE-2014-2119 HIGH This Week

The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Privilege Escalation RCE Ironport Asyncos Content Security Management Appliance +1
NVD VulDB
CVSS 2.0
8.5
EPSS
1.4%
CVE-2014-2124 HIGH This Week

Cisco IOS 15.1(2)SY3 and earlier, when used with Supervisor Engine 2T (aka Sup2T) on Catalyst 6500 devices, allows remote attackers to cause a denial of service (device crash) via crafted multicast. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Denial Of Service iOS Catalyst 6500
NVD VulDB
CVSS 2.0
7.1
EPSS
1.5%
CVE-2014-0829 MEDIUM PATCH This Month

Multiple buffer overflows in IBM Rational ClearCase 7.x before 7.1.2.13, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.3 allow remote authenticated users to obtain privileged access via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Buffer Overflow Rational Clearcase
NVD VulDB
CVSS 2.0
6.5
EPSS
0.5%
CVE-2013-5401 MEDIUM This Month

The command-port listener in IBM WebSphere MQ Internet Pass-Thru (MQIPT) 2.x before 2.1.0.1 allows remote attackers to cause a denial of service (remote-administration outage) via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Websphere Mq Internet Pass Thru
NVD VulDB
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-2276 MEDIUM This Month

The FileUploadController servlet in EMC Connectrix Manager Converged Network Edition (CMCNE) before 12.1.5 does not properly restrict additions to the Connectrix Manager repository, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Connectrix Manager
NVD VulDB
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-6401 MEDIUM This Month

Jansson, possibly 2.4 and earlier, does not restrict the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Jansson
NVD GitHub VulDB
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-0708 MEDIUM This Month

WebEx Meeting Center in Cisco WebEx Business Suite does not properly compose URLs for HTTP GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meeting Center
NVD VulDB
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-7340 MEDIUM This Month

VideoLAN VLC Media Player before 2.0.7 allows remote attackers to cause a denial of service (memory consumption) via a crafted playlist file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Vlc Media Player
NVD VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-2567 MEDIUM This Month

The OpenConnectionTask::handleStateHelper function in Imap/Tasks/OpenConnectionTask.cpp in Trojita before 0.4.1 allows man-in-the-middle attackers to trigger use of cleartext for saving a message. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Trojita
NVD GitHub VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-6729 LOW Monitor

Cross-site scripting (XSS) vulnerability in IBM QuickFile 1.0.0.0 before iFix 4 and 1.1.0.1 before iFix 3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Quickfile
NVD VulDB
CVSS 2.0
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy