Skip to main content
CVE-2014-2888 HIGH POC PATCH This Week

lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the module name in a JSON request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Sfpagent
NVD VulDB
CVSS 2.0
7.5
EPSS
0.7%
CVE-2014-2855 HIGH Act Now

The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.2% and no vendor patch available.

Denial Of Service Rsync
NVD VulDB
CVSS 2.0
7.8
EPSS
17.2%
CVE-2014-2709 HIGH PATCH This Week

lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

PHP Information Disclosure Cacti Debian Linux
NVD VulDB
CVSS 2.0
7.5
EPSS
1.9%
CVE-2014-2894 HIGH This Week

Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qemu
NVD VulDB
CVSS 2.0
7.2
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy