Skip to main content
CVE-2014-0224 HIGH POC PATCH THREAT Act Now

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 89.7%.

Information Disclosure OpenSSL Jboss Enterprise Application Platform Jboss Enterprise Web Platform Jboss Enterprise Web Server +12
NVD
CVSS 3.1
7.4
EPSS
89.7%
Threat
5.7
CVE-2014-3973 HIGH POC PATCH This Week

Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.3.21 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Frontaccounting
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-3468 HIGH PATCH Act Now

The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.7%.

Buffer Overflow Gnutls Libtasn1 Virtualization Debian Linux +11
NVD
CVSS 2.0
7.5
EPSS
10.7%
CVE-2013-4860 HIGH This Week

Radio Thermostat CT80 And CT50 with firmware 1.4.64 and earlier does not restrict access to the API, which allows remote attackers to change the operation mode, wifi connection settings, temperature. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ct50 Firmware Ct50 Ct80 Firmware Ct80
NVD
CVSS 2.0
8.3
EPSS
0.4%
CVE-2014-1997 HIGH This Week

The ATEN CN8000 remote-access unit with firmware 1.6.154 and earlier allows remote attackers to cause a denial of service via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cn8000 Firmware Cn8000
NVD
CVSS 2.0
7.8
EPSS
0.7%
CVE-2014-2051 HIGH PATCH This Week

ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to conduct an LDAP injection attack via unspecified vectors, as demonstrated using a "login query.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Owncloud Server
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2014-3969 HIGH PATCH This Week

Xen 4.4.x, when running on an ARM system, does not properly check write permissions on virtual addresses, which allows local guest administrators to gain privileges via unspecified vectors. Rated high severity (CVSS 7.4).

Privilege Escalation Xen
NVD
CVSS 2.0
7.4
EPSS
0.2%
CVE-2014-2345 HIGH This Week

COPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11 through 7.11 SP0 build 10238 and zenon DNP3 Process Gateway (DNP3 outstation) 7.11 SP0 build 10238 and earlier allow remote attackers to. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Zenon Dnp3 Ng Driver Zenon Dnp3 Process Gateway
NVD
CVSS 2.0
7.1
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy