Skip to main content
CVE-2014-0195 MEDIUM POC PATCH THREAT This Month

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 92.8%.

OpenSSL Denial Of Service RCE Buffer Overflow MariaDB +3
NVD GitHub
CVSS 2.0
6.8
EPSS
92.8%
Threat
5.6
CVE-2014-0224 HIGH POC PATCH THREAT Act Now

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 89.7%.

Information Disclosure OpenSSL Jboss Enterprise Application Platform Jboss Enterprise Web Platform Jboss Enterprise Web Server +12
NVD
CVSS 3.1
7.4
EPSS
89.7%
Threat
5.7
CVE-2014-3470 MEDIUM PATCH This Month

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 91.4%.

OpenSSL Denial Of Service Null Pointer Dereference Storage Fedora +8
NVD
CVSS 2.0
4.3
EPSS
91.4%
CVE-2014-0221 MEDIUM PATCH This Month

The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 82.1%.

Denial Of Service OpenSSL Storage Fedora Enterprise Linux +7
NVD
CVSS 2.0
4.3
EPSS
82.1%
CVE-2014-3976 MEDIUM POC THREAT This Month

Buffer overflow in A10 Networks Advanced Core Operating System (ACOS) before 2.7.0-p6 and 2.7.1 before 2.7.1-P1_55 allows remote attackers to cause a denial of service (crash) and possibly execute. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 33.5%.

Denial Of Service RCE Buffer Overflow Advanced Core Operating System
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
33.5%
CVE-2014-3912 CRITICAL PATCH Act Now

Stack-based buffer overflow in the FindConfigChildeKeyList method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control in Samsung iPOLiS Device Manager before 1.8.7 allows remote. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 12.3%.

RCE Samsung Buffer Overflow Ipolis Device Manager
NVD
CVSS 2.0
9.3
EPSS
12.3%
CVE-2014-3975 MEDIUM POC THREAT This Month

Absolute path traversal vulnerability in filemanager.php in AuraCMS 3.0 allows remote attackers to list a directory via a full pathname in the viewdir parameter. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.7%.

Path Traversal PHP Auracms
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
13.7%
CVE-2014-3973 HIGH POC PATCH This Week

Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.3.21 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Frontaccounting
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2013-3739 MEDIUM POC THREAT This Month

Directory traversal vulnerability in editor.php in Network Weathermap 0.97c and earlier allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.2%.

Path Traversal PHP Network Weathermap
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
10.2%
CVE-2013-0733 CRITICAL Act Now

Untrusted search path vulnerability in Corel PaintShop Pro X5 and X6 16.0.0.113, 15.2.0.2, and earlier allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

RCE Paintshop Pro X5 Paintshop Pro X6
NVD
CVSS 2.0
9.3
EPSS
7.4%
CVE-2013-2618 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in editor.php in Network Weathermap before 0.97b allows remote attackers to inject arbitrary web script or HTML via the map_title parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Network Weathermap
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
8.7%
CVE-2014-3468 HIGH PATCH Act Now

The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.7%.

Buffer Overflow Gnutls Libtasn1 Virtualization Debian Linux +11
NVD
CVSS 2.0
7.5
EPSS
10.7%
CVE-2014-3974 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in filemanager.php in AuraCMS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the viewdir parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Auracms
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
4.7%
CVE-2012-4728 MEDIUM POC This Month

The (1) QProGetNotebookWindowHandle and (2) Ordinal132 functions in QPW160.dll in Corel Quattro Pro X6 Standard Edition 16.0.0.388 and earlier allows remote attackers to cause a denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Quattro Pro X6
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2014-2577 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Transform Content Center in Bottomline Technologies Transform Foundation Server before 4.3.1 Patch 8 and 5.x before 5.2 Patch 7 allow remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Transform Foundation Server
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-4860 HIGH This Week

Radio Thermostat CT80 And CT50 with firmware 1.4.64 and earlier does not restrict access to the API, which allows remote attackers to change the operation mode, wifi connection settings, temperature. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ct50 Firmware Ct50 Ct80 Firmware Ct80
NVD
CVSS 2.0
8.3
EPSS
0.4%
CVE-2014-3878 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the web client interface in Ipswitch IMail Server 12.3 and 12.4, possibly before 12.4.1.15, allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Imail Server
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-2130 MEDIUM POC PATCH This Month

ZNC 1.0 allows remote authenticated users to cause a denial of service (NULL pointer reference and crash) via a crafted request to the (1) editnetwork, (2) editchan, (3) addchan, or (4) delchan page. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Znc
NVD GitHub
CVSS 2.0
4.0
EPSS
1.1%
CVE-2014-1997 HIGH This Week

The ATEN CN8000 remote-access unit with firmware 1.6.154 and earlier allows remote attackers to cause a denial of service via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cn8000 Firmware Cn8000
NVD
CVSS 2.0
7.8
EPSS
0.7%
CVE-2014-2051 HIGH PATCH This Week

ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to conduct an LDAP injection attack via unspecified vectors, as demonstrated using a "login query.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Owncloud Server
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2014-3969 HIGH PATCH This Week

Xen 4.4.x, when running on an ARM system, does not properly check write permissions on virtual addresses, which allows local guest administrators to gain privileges via unspecified vectors. Rated high severity (CVSS 7.4).

Privilege Escalation Xen
NVD
CVSS 2.0
7.4
EPSS
0.2%
CVE-2014-2345 HIGH This Week

COPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11 through 7.11 SP0 build 10238 and zenon DNP3 Process Gateway (DNP3 outstation) 7.11 SP0 build 10238 and earlier allow remote attackers to. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Zenon Dnp3 Ng Driver Zenon Dnp3 Process Gateway
NVD
CVSS 2.0
7.1
EPSS
0.9%
CVE-2014-3469 MEDIUM PATCH This Month

The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Null Pointer Dereference Gnutls Libtasn1 Virtualization +11
NVD
CVSS 2.0
5.0
EPSS
8.7%
CVE-2014-3467 MEDIUM PATCH This Month

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Buffer Overflow Gnutls Libtasn1 Virtualization +12
NVD
CVSS 2.0
5.0
EPSS
6.8%
CVE-2014-3968 MEDIUM PATCH This Month

The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Xen Opensuse
NVD
CVSS 2.0
5.5
EPSS
0.4%
CVE-2014-3967 MEDIUM PATCH This Month

The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Xen Opensuse
NVD
CVSS 2.0
5.5
EPSS
0.3%
CVE-2013-0302 MEDIUM This Month

Unspecified vulnerability in ownCloud Server before 4.0.12 allows remote attackers to obtain sensitive information via unspecified vectors related to "inclusion of the Amazon SDK testing suite.". Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Owncloud Owncloud Server
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-1998 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Nippon Institute of Agroinformatics SOY CMS 1.4.0c and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Soy Cms
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-0304 MEDIUM This Month

ownCloud Server before 4.5.7 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to /apps/calendar/export.php. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF PHP Privilege Escalation Owncloud Owncloud Server
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-2346 MEDIUM This Month

COPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11 through 7.11 SP0 build 10238 and zenon DNP3 Process Gateway (DNP3 outstation) 7.11 SP0 build 10238 and earlier allow physically proximate. Rated medium severity (CVSS 4.0). No vendor patch available.

Denial Of Service Zenon Dnp3 Ng Driver Zenon Dnp3 Process Gateway
NVD
CVSS 2.0
4.0
EPSS
0.1%
CVE-2014-3940 MEDIUM This Month

The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing. Rated medium severity (CVSS 4.0). No vendor patch available.

Denial Of Service Race Condition Linux Buffer Overflow Enterprise Linux +2
NVD
CVSS 2.0
4.0
EPSS
0.0%
CVE-2014-3917 LOW Monitor

kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel. Rated low severity (CVSS 3.3). No vendor patch available.

Denial Of Service Linux Information Disclosure Linux Enterprise Desktop Enterprise Linux +2
NVD
CVSS 2.0
3.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy