Skip to main content
CVE-2014-1516 MEDIUM POC This Month

The saltProfileName function in base/GeckoProfileDirectories.java in Mozilla Firefox through 28.0.1 on Android relies on Android's weak approach to seeding the Math.random function, which makes it. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Mozilla Privilege Escalation Google Firefox
NVD VulDB
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-6211 HIGH This Week

Unspecified vulnerability in HP StoreOnce Virtual Storage Appliance (VSA) before 3.7.2, StoreOnce 26xx and 4210 iSCSI Backup System before 3.9.0, StoreOnce 4210 FC Backup System before 3.9.0, and. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable. No vendor patch available.

HP Denial Of Service Storeonce 2610 Iscsi Backup System Storeonce 2620 Iscsi Backup System Storeonce 4210 Fc Backup System +5
NVD VulDB
CVSS 2.0
7.8
EPSS
0.5%
CVE-2014-1644 HIGH PATCH This Week

The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Liveupdate Administrator
NVD VulDB
CVSS 2.0
7.5
EPSS
0.9%
CVE-2014-0880 HIGH This Week

IBM SAN Volume Controller; Storwize V3500, V3700, V5000, and V7000; and Flex System V7000 with software 6.3 and 6.4 before 6.4.1.8, and 7.1 and 7.2 before 7.2.0.3, allow remote attackers to obtain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Storwize V7000 Software Storwize V7000 Flex System V7000 Software +9
NVD VulDB
CVSS 2.0
7.5
EPSS
0.6%
CVE-2014-1645 HIGH PATCH This Week

SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Liveupdate Administrator
NVD VulDB
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-0344 MEDIUM This Month

Properties.do in ZOHO ManageEngine OpStor before build 8500 does not properly check privilege levels, which allows remote authenticated users to obtain Admin access by using the name parameter in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho Privilege Escalation Manageengine Opstor
NVD VulDB
CVSS 2.0
6.5
EPSS
1.3%
CVE-2014-2131 MEDIUM This Month

The packet driver in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a series of (1) Virtual Switching Systems (VSS) or (2) Bidirectional Forwarding Detection (BFD). Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD VulDB
CVSS 2.0
6.1
EPSS
0.2%
CVE-2014-2670 LOW Monitor

Cross-site scripting (XSS) vulnerability in Properties.do in ZOHO ManageEngine OpStor before build 8500 allows remote authenticated users to inject arbitrary web script or HTML via the name. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Zoho XSS Manageengine Opstor
NVD VulDB
CVSS 2.0
3.5
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy