Skip to main content
CVE-2014-2347 HIGH POC This Week

Amtelco miSecureMessages (aka MSM) 6.2 does not properly manage sessions, which allows remote authenticated users to obtain sensitive information via a modified message request. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Misecuremessages
NVD Exploit-DB
CVSS 2.0
7.0
EPSS
7.9%
CVE-2014-0185 HIGH POC PATCH This Week

sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available.

PHP Privilege Escalation
NVD GitHub VulDB
CVSS 2.0
7.2
EPSS
0.1%
CVE-2014-0198 MEDIUM PATCH This Month

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 33.0%.

OpenSSL Denial Of Service Null Pointer Dereference MariaDB Fedora +6
NVD VulDB
CVSS 2.0
4.3
EPSS
33.0%
CVE-2014-2558 MEDIUM POC PATCH This Month

The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a \' (backslash quote) in the setting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE WordPress PHP Code Injection File Gallery
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2014-3202 MEDIUM POC This Month

Unity before 7.2.1 does not properly handle entry activation, which allows physically proximate attackers to bypass the lock screen by holding the ENTER key, which triggers the process to crash. Rated medium severity (CVSS 4.4). Public exploit code available and no vendor patch available.

Privilege Escalation Unity
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2014-3204 MEDIUM POC This Month

Unity before 7.2.1, as used in Ubuntu 14.04, does not properly handle keyboard shortcuts, which allows physically proximate attackers to bypass the lock screen and execute arbitrary commands, as. Rated medium severity (CVSS 4.4). Public exploit code available and no vendor patch available.

Privilege Escalation Ubuntu Unity Ubuntu Linux
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2014-3203 MEDIUM POC This Month

Unity before 7.2.1, as used in Ubuntu 14.04, does not properly restrict access to the Dash when the lock screen is active, which allows physically proximate attackers to bypass the lock screen and. Rated medium severity (CVSS 4.4). Public exploit code available and no vendor patch available.

Privilege Escalation Ubuntu Unity Ubuntu Linux
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2014-1736 HIGH This Week

Integer overflow in api.cc in Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allows remote attackers to cause a denial of service or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Google Microsoft Chrome
NVD VulDB
CVSS 2.0
7.5
EPSS
2.3%
CVE-2013-7354 MEDIUM This Month

Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Libpng
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2013-7353 MEDIUM This Month

Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Libpng
NVD VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2014-0193 MEDIUM PATCH This Month

WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Netty
NVD GitHub
CVSS 2.0
5.0
EPSS
4.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy