Skip to main content
CVE-2014-0511 CRITICAL Act Now

Heap-based buffer overflow in Adobe Reader 11.0.06 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 24.7% and no vendor patch available.

Adobe Buffer Overflow RCE Acrobat Reader
NVD VulDB
CVSS 2.0
10.0
EPSS
24.7%
CVE-2014-0506 CRITICAL Act Now

Use-after-free vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 19.9% and no vendor patch available.

Adobe Google RCE Microsoft Flash Player
NVD VulDB
CVSS 2.0
10.0
EPSS
19.9%
CVE-2014-0510 CRITICAL Act Now

Heap-based buffer overflow in Adobe Flash Player 12.0.0.77 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 18.9% and no vendor patch available.

Adobe Buffer Overflow RCE Flash Player
NVD VulDB
CVSS 2.0
10.0
EPSS
18.9%
CVE-2013-3481 CRITICAL PATCH Act Now

Stack-based buffer overflow in Artweaver Plus and Free before 3.1.5 allows remote attackers to execute arbitrary code via a crafted JPG image file. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 18.8%.

RCE Buffer Overflow Artweaver Free Artweaver Plus
NVD VulDB
CVSS 2.0
9.3
EPSS
18.8%
CVE-2013-0732 CRITICAL Act Now

Heap-based buffer overflow in PDFCore8.dll in Nuance PDF Reader before 8.1 allows remote attackers to execute arbitrary code via crafted font table directory values in a TTF file, related to naming. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 12.9% and no vendor patch available.

RCE Buffer Overflow Pdf Reader
NVD VulDB
CVSS 2.0
9.3
EPSS
12.9%
CVE-2014-2653 MEDIUM POC This Month

The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSH Information Disclosure
NVD VulDB
CVSS 3.1
6.5
EPSS
2.9%
CVE-2013-7346 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in Symphony CMS before 2.3.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF SQLi Symphony
NVD Exploit-DB VulDB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-2559 MEDIUM POC PATCH This Month

SQL injection vulnerability in Symphony CMS before 2.3.2 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter to system/authors/. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

CSRF SQLi Symphony
NVD GitHub Exploit-DB VulDB
CVSS 2.0
6.5
EPSS
1.2%
CVE-2014-0512 CRITICAL Act Now

Adobe Reader 11.0.06 allows attackers to bypass a PDF sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Privilege Escalation Acrobat Reader
NVD VulDB
CVSS 2.0
10.0
EPSS
2.8%
CVE-2014-2326 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Fedora Opensuse Cacti +1
NVD VulDB
CVSS 2.0
4.3
EPSS
1.3%
CVE-2014-0089 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in app/views/common/500.html.erb in Foreman 1.4.x before 1.4.2 allows remote authenticated users to inject arbitrary web script or HTML via the bookmark name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Foreman
NVD VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-2106 HIGH This Week

Cisco IOS 15.3M before 15.3(3)M2 and IOS XE 3.10.xS before 3.10.2S allow remote attackers to cause a denial of service (device reload) via crafted SIP messages, aka Bug ID CSCug45898. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS Ios Xe
NVD VulDB
CVSS 2.0
7.8
EPSS
1.7%
CVE-2014-2109 HIGH This Week

The TCP Input module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted TCP. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD VulDB
CVSS 2.0
7.8
EPSS
1.1%
CVE-2014-2113 HIGH This Week

Cisco IOS 15.1 through 15.3 and IOS XE 3.3 and 3.5 before 3.5.2E; 3.7 before 3.7.5S; and 3.8, 3.9, and 3.10 before 3.10.2S allow remote attackers to cause a denial of service (I/O memory consumption. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS Ios Xe
NVD VulDB
CVSS 2.0
7.8
EPSS
1.1%
CVE-2014-2108 HIGH This Week

Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.2 through 3.7 before 3.7.5S and 3.8 through 3.10 before 3.10.1S allow remote attackers to cause a denial of service (device reload) via a malformed. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS Ios Xe
NVD VulDB
CVSS 2.0
7.8
EPSS
1.1%
CVE-2014-2112 HIGH This Week

The SSL VPN (aka WebVPN) feature in Cisco IOS 15.1 through 15.4 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP requests, aka Bug ID CSCuf51357. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD VulDB
CVSS 2.0
7.8
EPSS
0.4%
CVE-2014-2111 HIGH This Week

The Application Layer Gateway (ALG) module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted DNS. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD VulDB
CVSS 2.0
7.1
EPSS
0.8%
CVE-2014-2107 HIGH This Week

Cisco IOS 12.2 and 15.0 through 15.3, when used with the Kailash FPGA before 2.6 on RSP720-3C-10GE and RSP720-3CXL-10GE devices, allows remote attackers to cause a denial of service (route switch. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD VulDB
CVSS 2.0
7.1
EPSS
0.4%
CVE-2014-2118 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in dashboard-related HTML documents in Cisco Prime Security Manager (aka PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Prime Security Manager
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-0623 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Self-Service Console in EMC RSA Authentication Manager 7.1 before SP4 P32 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Rsa Authentication Manager
NVD VulDB
CVSS 2.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy