Skip to main content
CVE-2014-2671 MEDIUM POC THREAT This Month

Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted WAV file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 30.9%.

Denial Of Service Buffer Overflow Microsoft Windows Media Player
NVD Exploit-DB VulDB
CVSS 2.0
6.8
EPSS
30.9%
CVE-2014-0983 MEDIUM POC THREAT This Month

Multiple array index errors in programs that are automatically generated by VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before. Rated medium severity (CVSS 6.9). Public exploit code available and EPSS exploitation probability 12.0%.

RCE Google Oracle Vm Virtualbox
NVD Exploit-DB VulDB
CVSS 2.0
6.9
EPSS
12.0%
CVE-2014-1982 CRITICAL POC THREAT Emergency

The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.5%.

Command Injection Img646Bd Firmware Img646Bd At Rg634A Firmware At Rg634A +4
NVD Exploit-DB VulDB
CVSS 2.0
10.0
EPSS
10.5%
CVE-2013-6774 CRITICAL POC Act Now

Untrusted search path vulnerability in the ChainsDD Superuser package 3.1.3 for Android 4.2.x and earlier, CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Supersu Chainsdd Superuser Superuser
NVD VulDB
CVSS 2.0
10.0
EPSS
0.4%
CVE-2013-6775 CRITICAL POC Act Now

The Chainfire SuperSU package before 1.69 for Android allows attackers to gain privileges via the (1) backtick or (2) $() type of shell metacharacters in the -c option to /system/xbin/su. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Google Supersu
NVD VulDB
CVSS 2.0
10.0
EPSS
0.3%
CVE-2013-6769 CRITICAL POC Act Now

The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android allows attackers to gain privileges via shell metacharacters in the -c option to /system/xbin/su. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Superuser
NVD VulDB
CVSS 2.0
10.0
EPSS
0.3%
CVE-2013-6770 HIGH POC This Week

The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation Google Superuser Android
NVD VulDB
CVSS 2.0
7.6
EPSS
0.2%
CVE-2014-0981 MEDIUM POC This Month

VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local. Rated medium severity (CVSS 4.4). Public exploit code available and no vendor patch available.

RCE Google Buffer Overflow Oracle Vm Virtualbox
NVD Exploit-DB VulDB
CVSS 2.0
4.4
EPSS
6.5%
CVE-2013-6768 MEDIUM POC This Month

Untrusted search path vulnerability in the CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier allows attackers to trigger the launch of a Trojan horse app_process. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Google Superuser
NVD VulDB
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-0086 MEDIUM POC PATCH This Month

The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Java Jboss Web Framework Kit Richfaces
NVD GitHub VulDB
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-0064 MEDIUM This Month

Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow PostgreSQL
NVD GitHub VulDB
CVSS 2.0
6.5
EPSS
6.7%
CVE-2014-0063 MEDIUM This Month

Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow PostgreSQL
NVD GitHub VulDB
CVSS 2.0
6.5
EPSS
6.0%
CVE-2014-0065 MEDIUM This Month

Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow PostgreSQL
NVD VulDB
CVSS 2.0
6.5
EPSS
4.1%
CVE-2014-2669 MEDIUM This Month

Multiple integer overflows in contrib/hstore/hstore_io.c in PostgreSQL 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow PostgreSQL
NVD GitHub VulDB
CVSS 2.0
6.5
EPSS
1.2%
CVE-2014-0061 MEDIUM This Month

The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation PostgreSQL
NVD VulDB
CVSS 2.0
6.5
EPSS
0.8%
CVE-2014-0062 MEDIUM This Month

Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Race Condition PostgreSQL
NVD VulDB
CVSS 2.0
4.9
EPSS
0.4%
CVE-2014-0067 MEDIUM This Month

The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation PostgreSQL Mac Os X Mac Os X Server
NVD VulDB
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-0066 MEDIUM This Month

The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service PostgreSQL
NVD VulDB
CVSS 2.0
4.0
EPSS
1.5%
CVE-2014-0060 MEDIUM This Month

PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation PostgreSQL
NVD VulDB
CVSS 2.0
4.0
EPSS
0.5%
CVE-2013-7347 LOW Monitor

Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the __ac session cookie. Rated low severity (CVSS 3.7). No vendor patch available.

Red Hat Privilege Escalation Conga Enterprise Linux
NVD VulDB
CVSS 2.0
3.7
EPSS
0.1%
CVE-2012-3359 LOW Monitor

Luci in Red Hat Conga stores the user's username and password in a Base64 encoded string in the __ac session cookie, which allows attackers to gain privileges by accessing this cookie. Rated low severity (CVSS 3.7). No vendor patch available.

Red Hat Authentication Bypass Conga Enterprise Linux
NVD VulDB
CVSS 2.0
3.7
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy