Skip to main content
CVE-2014-1691 HIGH POC PATCH THREAT Act Now

The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 81.3%.

RCE PHP Code Injection Horde Application Framework
NVD GitHub Exploit-DB VulDB
CVSS 2.0
7.5
EPSS
81.3%
Threat
5.4
CVE-2014-0050 HIGH POC PATCH THREAT Act Now

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 92.7%.

Tomcat Denial Of Service Java Privilege Escalation Apache +2
NVD Exploit-DB VulDB
CVSS 2.0
7.5
EPSS
92.7%
Threat
5.8
CVE-2013-0662 CRITICAL POC THREAT Emergency

Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 50.6%.

Schneider Electric Memory Corruption Buffer Overflow RCE Concept +11
NVD Exploit-DB VulDB
CVSS 2.0
9.3
EPSS
50.6%
Threat
4.9
CVE-2013-7349 HIGH POC This Week

Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter to news/send.php, (2) thread_id parameter to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Gnew
NVD Exploit-DB VulDB
CVSS 2.0
7.5
EPSS
7.9%
CVE-2013-2278 CRITICAL PATCH Act Now

Unspecified vulnerability in War FTP Daemon (warftpd) 1.82, when running as a Windows service, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Microsoft Warftpd
NVD VulDB
CVSS 2.0
10.0
EPSS
8.9%
CVE-2013-5640 HIGH POC This Week

Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) answer_id or (2) question_id parameter to polls/vote.php, (3) story_id. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Gnew
NVD Exploit-DB VulDB
CVSS 2.0
7.5
EPSS
1.2%
CVE-2013-7350 CRITICAL Act Now

Multiple unspecified vulnerabilities in Check Point Security Gateway 80 R71.x before R71.45 (730159141) and R75.20.x before R75.20.4 and 600 and 1100 appliances R75.20.x before R75.20.42 have unknown. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Checkpoint Information Disclosure Security Gateway
NVD VulDB
CVSS 2.0
10.0
EPSS
0.3%
CVE-2014-0632 CRITICAL Act Now

Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote authenticated users to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal RCE Vplex Geosynchrony
NVD VulDB
CVSS 2.0
9.0
EPSS
2.3%
CVE-2014-2212 MEDIUM POC This Month

The remember me feature in portal/scr_authentif.php in POSH (aka Posh portal or Portaneo) 3.0, 3.2.1, 3.3.0, and earlier stores the username and MD5 digest of the password in cleartext in a cookie,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Posh
NVD VulDB
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-0633 HIGH This Week

The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an. Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Vplex Geosynchrony
NVD VulDB
CVSS 2.0
7.7
EPSS
0.3%
CVE-2014-2034 HIGH This Week

Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to create arbitrary user accounts via unknown vectors related to "an unauthenticated execution path.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nexus
NVD VulDB
CVSS 2.0
7.5
EPSS
1.0%
CVE-2014-0635 HIGH This Week

Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Vplex Geosynchrony
NVD VulDB
CVSS 2.0
7.5
EPSS
0.3%
CVE-2014-2672 HIGH PATCH This Week

Race condition in the ath_tx_aggr_sleep function in drivers/net/wireless/ath/ath9k/xmit.c in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via a. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

Denial Of Service Race Condition Linux Linux Kernel
NVD GitHub VulDB
CVSS 2.0
7.1
EPSS
0.7%
CVE-2014-0634 MEDIUM This Month

EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Vplex Geosynchrony
NVD VulDB
CVSS 2.0
6.0
EPSS
0.4%
CVE-2014-1895 MEDIUM PATCH This Month

Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a. Rated medium severity (CVSS 5.8).

Denial Of Service Python Xen
NVD VulDB
CVSS 2.0
5.8
EPSS
0.1%
CVE-2014-1894 MEDIUM PATCH This Month

Multiple integer overflows in unspecified suboperations in the flask hypercall in Xen 3.2.x and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via. Rated medium severity (CVSS 5.2).

Denial Of Service Python Xen
NVD VulDB
CVSS 2.0
5.2
EPSS
0.3%
CVE-2014-1893 MEDIUM PATCH This Month

Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETBOOL suboperations in the flask hypercall in Xen 4.1.x, 3.3.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause. Rated medium severity (CVSS 5.2).

Denial Of Service Python Xen
NVD VulDB
CVSS 2.0
5.2
EPSS
0.3%
CVE-2014-1892 MEDIUM PATCH This Month

Xen 3.3 through 4.1, when XSM is enabled, allows local users to cause a denial of service via vectors related to a "large memory allocation," a different vulnerability than CVE-2014-1891,. Rated medium severity (CVSS 5.2). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Xen
NVD VulDB
CVSS 2.0
5.2
EPSS
0.3%
CVE-2014-1891 MEDIUM PATCH This Month

Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and. Rated medium severity (CVSS 5.2).

Denial Of Service Python Xen
NVD VulDB
CVSS 2.0
5.2
EPSS
0.3%
CVE-2014-2590 MEDIUM This Month

The web management interface in Siemens RuggedCom ROS before 3.11, ROS 3.11 before 3.11.5 for RS950G, ROS 3.12, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (interface. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Siemens Authentication Bypass Ruggedcom Rugged Operating System
NVD VulDB
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-2237 MEDIUM PATCH This Month

The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Keystone
NVD VulDB
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-1896 MEDIUM PATCH This Month

The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4.2.x, 4.3.x, and 4.4-RC series allows local guests to cause a denial of service or possibly gain privileges via crafted xenstore. Rated medium severity (CVSS 4.9).

Denial Of Service Xen
NVD VulDB
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-2678 MEDIUM PATCH This Month

The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have. Rated medium severity (CVSS 4.7).

Denial Of Service Linux Null Pointer Dereference Linux Kernel Fedora
NVD VulDB
CVSS 2.0
4.7
EPSS
0.1%
CVE-2014-2673 MEDIUM PATCH This Month

The arch_dup_task_struct function in the Transactional Memory (TM) implementation in arch/powerpc/kernel/process.c in the Linux kernel before 3.13.7 on the powerpc platform does not properly interact. Rated medium severity (CVSS 4.7).

Denial Of Service Linux Linux Kernel
NVD GitHub VulDB
CVSS 2.0
4.7
EPSS
0.0%
CVE-2013-7348 MEDIUM This Month

Double free vulnerability in the ioctx_alloc function in fs/aio.c in the Linux kernel before 3.12.4 allows local users to cause a denial of service (system crash) or possibly have unspecified other. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel
NVD GitHub VulDB
CVSS 2.0
4.6
EPSS
0.1%
CVE-2013-1869 MEDIUM PATCH This Month

CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Red Hat Java Satellite Spacewalk Java
NVD VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-0032 LOW Monitor

Red Hat JBoss Operations Network (JON) before 3.0.1 uses 0777 permissions for the root directory when installing a remote client, which allows local users to read or modify subdirectories and files. Rated low severity (CVSS 3.7). No vendor patch available.

Red Hat Privilege Escalation Jboss Operations Network
NVD VulDB
CVSS 2.0
3.7
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy