Skip to main content
CVE-2014-0196 MEDIUM POC KEV PATCH THREAT Act Now

The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Denial Of Service Buffer Overflow Race Condition Linux
NVD Exploit-DB GitHub VulDB
CVSS 3.1
5.5
EPSS
48.6%
Threat
5.6
CVE-2014-0130 HIGH KEV PATCH THREAT Act Now

Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 45.4%.

Path Traversal
NVD VulDB
CVSS 3.1
7.5
EPSS
45.4%
Threat
4.4
CVE-2014-2913 HIGH POC THREAT Act Now

Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 18.6%.

Information Disclosure Remote Plugin Executor Opensuse
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
18.6%
CVE-2014-2181 MEDIUM This Month

Cisco Adaptive Security Appliance (ASA) Software allows remote authenticated users to read files by sending a crafted URL to the HTTP server, as demonstrated by reading the running configuration, aka. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Appliance Software
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-2190 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Broadcast Access Center for Telco and Wireless (aka BAC-TW) allows remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Broadband Access Center Telco Wireless Software
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-3124 MEDIUM PATCH This Month

The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

RCE Privilege Escalation Denial Of Service Xen
NVD
CVSS 2.0
6.7
EPSS
0.5%
CVE-2014-2891 MEDIUM This Month

strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Strongswan
NVD
CVSS 2.0
5.0
EPSS
1.6%
CVE-2014-0685 MEDIUM This Month

Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware allows remote attackers to bypass ACL deny statements via crafted (1) IGMPv2 or (2) IGMPv3 packets, aka Bug ID CSCug61691. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation VMware Cisco Nexus 1000V Intercloud
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-0684 MEDIUM This Month

Cisco NX-OS 6.2(2) on Nexus 7000 switches allows local users to cause a denial of service via crafted sed input, aka Bug ID CSCui56136. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Cisco Denial Of Service Nx Os Nexus 7000 Nexus 7000 10 Slot +2
NVD
CVSS 2.0
4.6
EPSS
0.2%
CVE-2014-0911 MEDIUM This Month

inetd in IBM WebSphere MQ 7.1.x before 7.1.0.5 and 7.5.x before 7.5.0.4 allows remote attackers to cause a denial of service (disk or CPU consumption) via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Denial Of Service Websphere Mq
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-2191 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Broadcast Access Center for Telco and Wireless (aka BAC-TW) allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Broadband Access Center Telco Wireless Software
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-6726 LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities in WebProcess.srv in IBM TRIRIGA Application Platform 3.2.x and 3.3.x before 3.3.1.2 allow remote authenticated users to inject arbitrary web. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Tririga Application Platform
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-7336 LOW PATCH Monitor

The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a. Rated low severity (CVSS 1.9).

Denial Of Service Libvirt Opensuse
NVD
CVSS 2.0
1.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy