Skip to main content
CVE-2014-2976 MEDIUM POC THREAT This Month

Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 14.7%.

Path Traversal Sixview Manager
NVD Exploit-DB VulDB
CVSS 2.0
5.0
EPSS
14.7%
CVE-2014-2888 HIGH POC PATCH This Week

lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the module name in a JSON request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Sfpagent
NVD VulDB
CVSS 2.0
7.5
EPSS
0.7%
CVE-2014-2855 HIGH Act Now

The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.2% and no vendor patch available.

Denial Of Service Rsync
NVD VulDB
CVSS 2.0
7.8
EPSS
17.2%
CVE-2014-1295 MEDIUM POC This Month

Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Apple Authentication Bypass Iphone Os Mac Os X Tvos
NVD VulDB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-0474 CRITICAL PATCH Act Now

The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Python Information Disclosure Ubuntu Linux Django
NVD VulDB
CVSS 2.0
10.0
EPSS
4.0%
CVE-2014-1318 CRITICAL Act Now

The Intel Graphics Driver in Apple OS X through 10.9.2 does not properly validate a certain pointer, which allows attackers to execute arbitrary code via a crafted application. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple RCE Intel Mac Os X
NVD VulDB
CVSS 2.0
10.0
EPSS
1.3%
CVE-2014-1314 CRITICAL Act Now

WindowServer in Apple OS X through 10.9.2 does not prevent session creation by a sandboxed application, which allows attackers to bypass the sandbox protection mechanism and execute arbitrary code. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Privilege Escalation RCE Mac Os X
NVD VulDB
CVSS 2.0
10.0
EPSS
0.7%
CVE-2014-1322 MEDIUM POC This Month

The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Information Disclosure Mac Os X
NVD Exploit-DB VulDB
CVSS 2.0
4.9
EPSS
0.2%
CVE-2014-1648 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Messaging Gateway
NVD VulDB
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-2709 HIGH PATCH This Week

lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

PHP Information Disclosure Cacti Debian Linux
NVD VulDB
CVSS 2.0
7.5
EPSS
1.9%
CVE-2014-2894 HIGH This Week

Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qemu
NVD VulDB
CVSS 2.0
7.2
EPSS
0.1%
CVE-2014-1315 MEDIUM This Month

Format string vulnerability in CoreServicesUIAgent in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple RCE Mac Os X
NVD VulDB
CVSS 2.0
6.8
EPSS
1.3%
CVE-2014-1319 MEDIUM This Month

Buffer overflow in ImageIO in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Mac Os X
NVD VulDB
CVSS 2.0
6.8
EPSS
1.2%
CVE-2014-2327 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cacti Debian Linux Opensuse
NVD VulDB
CVSS 2.0
6.8
EPSS
0.4%
CVE-2012-5422 MEDIUM This Month

Unspecified vulnerability in Cisco IOS before 15.3(2)T on AS5400 devices allows remote authenticated users to cause a denial of service (spurious errors) via unknown vectors, aka Bug ID CSCub61009. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS As5400 Universal Gateway +3
NVD VulDB
CVSS 2.0
6.8
EPSS
0.4%
CVE-2012-5017 MEDIUM This Month

Cisco IOS before 15.1(1)SY1 allows remote authenticated users to cause a denial of service (device reload) by establishing a VPN session and then sending malformed IKEv2 packets, aka Bug ID. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS Asr 1001 +6
NVD VulDB
CVSS 2.0
6.8
EPSS
0.4%
CVE-2012-5036 MEDIUM This Month

Cisco IOS before 12.2(50)SY1 allows remote authenticated users to cause a denial of service (memory consumption) via a sequence of VTY management sessions (aka exec sessions), aka Bug ID CSCtn43662. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD VulDB
CVSS 2.0
6.8
EPSS
0.4%
CVE-2014-2328 MEDIUM PATCH This Month

lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

PHP Information Disclosure Cacti Fedora Opensuse +1
NVD VulDB
CVSS 2.0
6.5
EPSS
1.1%
CVE-2012-5032 MEDIUM This Month

The Flex-VPN load-balancing feature in the ipsec-ikev2 implementation in Cisco IOS before 15.1(1)SY3 does not require authentication, which allows remote attackers to trigger the forwarding of VPN. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Authentication Bypass iOS
NVD VulDB
CVSS 2.0
6.4
EPSS
0.5%
CVE-2014-0472 MEDIUM PATCH This Month

The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Python Code Injection Django Ubuntu Linux
NVD VulDB
CVSS 2.0
5.1
EPSS
6.9%
CVE-2012-5014 MEDIUM This Month

Cisco IOS before 15.1(2)SY allows remote authenticated users to cause a denial of service (device crash) by establishing an SSH session from a client and then placing this client into a (1) slow or. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD VulDB
CVSS 2.0
6.3
EPSS
0.3%
CVE-2012-1366 MEDIUM This Month

Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS Asr 1001 +8
NVD VulDB
CVSS 2.0
6.1
EPSS
0.2%
CVE-2012-3062 MEDIUM This Month

Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a. Rated medium severity (CVSS 5.7). No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD VulDB
CVSS 2.0
5.7
EPSS
0.2%
CVE-2012-5044 MEDIUM This Month

Cisco IOS before 15.3(1)T, when media flow-around is not used, allows remote attackers to cause a denial of service (media loops and stack memory corruption) via VoIP traffic, aka Bug ID CSCub45809. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Cisco Buffer Overflow iOS
NVD VulDB
CVSS 2.0
5.4
EPSS
0.4%
CVE-2012-1317 MEDIUM This Month

The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Cisco Buffer Overflow iOS
NVD VulDB
CVSS 2.0
5.4
EPSS
0.4%
CVE-2014-0892 MEDIUM This Month

IBM Notes and Domino 8.5.x before 8.5.3 FP6 IF3 and 9.x before 9.0.1 FP1 on 32-bit Linux platforms use incorrect gcc options, which makes it easier for remote attackers to execute arbitrary code by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM RCE Information Disclosure Lotus Domino Lotus Notes
NVD VulDB
CVSS 2.0
5.0
EPSS
1.3%
CVE-2014-2154 MEDIUM This Month

Memory leak in the SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to cause a denial of service (memory consumption and instability) via crafted SIP. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software
NVD VulDB
CVSS 2.0
5.0
EPSS
0.9%
CVE-2012-0360 MEDIUM This Month

Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD VulDB
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-1316 MEDIUM This Month

Heimdal, as used in Apple OS X through 10.9.2, allows remote attackers to cause a denial of service (abort and daemon exit) via ASN.1 data encountered in the Kerberos 5 protocol. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Denial Of Service Mac Os X
NVD VulDB
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-2983 MEDIUM PATCH This Month

Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Drupal Debian Linux
NVD VulDB
CVSS 2.0
5.0
EPSS
0.4%
CVE-2012-4658 MEDIUM This Month

The ios-authproxy implementation in Cisco IOS before 15.1(1)SY3 allows remote attackers to cause a denial of service (webauth and HTTP service outage) via vectors that trigger incorrectly terminated. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Authentication Bypass iOS
NVD VulDB
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-0473 MEDIUM PATCH This Month

The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

CSRF Python Privilege Escalation Django Ubuntu Linux
NVD VulDB
CVSS 2.0
5.0
EPSS
0.3%
CVE-2012-4638 MEDIUM This Month

Cisco IOS before 15.1(1)SY allows local users to cause a denial of service (device reload) by establishing an outbound SSH session, aka Bug ID CSCto00318. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD VulDB
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-1320 MEDIUM This Month

IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X Iphone Os Tvos
NVD VulDB
CVSS 2.0
4.9
EPSS
0.1%
CVE-2012-5037 MEDIUM This Month

The ACL implementation in Cisco IOS before 15.1(1)SY on Catalyst 6500 and 7600 devices allows local users to cause a denial of service (device reload) via a "no object-group" command followed by an. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Denial Of Service Cisco iOS +2
NVD VulDB
CVSS 2.0
4.6
EPSS
0.1%
CVE-2012-5039 MEDIUM This Month

The BGP Router process in Cisco IOS before 12.2(50)SY1 allows remote attackers to cause a denial of service (memory consumption) via vectors involving BGP path attributes, aka Bug ID CSCsw63003. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-4651 MEDIUM This Month

Cisco IOS before 15.3(2)T, when scansafe is enabled, allows remote attackers to cause a denial of service (latency) via SYN packets that are not accompanied by SYN-ACK packets from the Scan Safe. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-3918 MEDIUM This Month

Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Denial Of Service iOS Catalyst 2900 +2
NVD VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-2554 MEDIUM This Month

OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Opensuse Otrs
NVD VulDB
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-1296 MEDIUM This Month

CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Privilege Escalation Iphone Os Mac Os X Mac Os X Server +1
NVD VulDB
CVSS 2.0
4.3
EPSS
0.2%
CVE-2012-5427 MEDIUM This Month

Cisco IOS Unified Border Element (CUBE) in Cisco IOS before 15.3(2)T allows remote authenticated users to cause a denial of service (input queue wedge) via a crafted series of RTCP packets, aka Bug. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD VulDB
CVSS 2.0
4.0
EPSS
0.4%
CVE-2014-1321 LOW Monitor

Power Management in Apple OS X 10.9.x through 10.9.2 allows physically proximate attackers to bypass an intended transition into the locked-screen state by touching (1) a key or (2) the trackpad. Rated low severity (CVSS 3.3). No vendor patch available.

Apple Privilege Escalation Mac Os X
NVD VulDB
CVSS 2.0
3.3
EPSS
0.1%
CVE-2014-1647 LOW Monitor

Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Buffer Overflow Pgp Desktop Encryption Desktop
NVD VulDB
CVSS 2.0
2.6
EPSS
0.3%
CVE-2014-1646 LOW Monitor

Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform memory copies, which allows remote attackers to cause a denial of. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Buffer Overflow Encryption Desktop Pgp Desktop
NVD VulDB
CVSS 2.0
2.6
EPSS
0.3%
CVE-2014-2893 LOW Monitor

The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary. Rated low severity (CVSS 1.9). No vendor patch available.

Information Disclosure Opensuse Clang
NVD VulDB
CVSS 2.0
1.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy