Skip to main content
CVE-2014-3977 MEDIUM POC This Month

libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

IBM Information Disclosure Vios Aix
NVD Exploit-DB
CVSS 2.0
6.9
EPSS
0.2%
CVE-2014-2507 HIGH This Week

EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Documentum Content Server
NVD
CVSS 2.0
8.5
EPSS
1.7%
CVE-2014-2506 HIGH This Week

EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to obtain super-user privileges for system-object creation,. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Documentum Content Server
NVD
CVSS 2.0
8.5
EPSS
1.0%
CVE-2014-2508 HIGH This Week

EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Documentum Content Server
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2014-0929 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Profiles component in IBM Connections through 3.0.1.1 CR3 allows remote authenticated users to hijack the authentication of arbitrary users for. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

IBM CSRF Connections
NVD
CVSS 2.0
6.0
EPSS
0.1%
CVE-2014-0961 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity Manager (ITIM) 5.0 before 5.0.0.15 and 5.1 before 5.1.0.15 and IBM Security Identity Manager (ISIM) 6.0 before 6.0.0.2 allows. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS CSRF Security Identity Manager Tivoli Identity Manager
NVD
CVSS 2.0
6.0
EPSS
0.1%
CVE-2014-3048 MEDIUM This Month

Unspecified vulnerability on the IBM System Storage Virtualization Engine TS7700 allows local users to gain privileges by leveraging the TSSC service-user role to enter a crafted SSH command. Rated medium severity (CVSS 6.0). No vendor patch available.

IBM Information Disclosure System Storage Virtualization Engine Ts7700 Firmware System Storage Virtualization Engine Ts7700
NVD
CVSS 2.0
6.0
EPSS
0.0%
CVE-2014-3291 MEDIUM This Month

Cisco Wireless LAN Controller (WLC) devices allow remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a zero value in Cisco Discovery Protocol packet data. Rated medium severity (CVSS 5.7). No vendor patch available.

Cisco Denial Of Service Wireless Lan Controller
NVD
CVSS 2.0
5.7
EPSS
0.5%
CVE-2014-3286 MEDIUM This Month

The web framework in Cisco WebEx Meeting Server does not properly restrict the content of reply messages, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug IDs. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Webex Meetings Server
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-3281 MEDIUM This Month

The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to obtain potentially sensitive user. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Unified Communications Domain Manager
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-3278 MEDIUM This Month

The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to enumerate accounts by visiting an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Unified Communications Domain Manager
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-0936 MEDIUM This Month

IBM Security AppScan Source 8.0 through 9.0, when the publish-assessment permission is not properly restricted for the configured database server, transmits cleartext assessment data, which allows. Rated medium severity (CVSS 4.3). No vendor patch available.

IBM Privilege Escalation Security Appscan Source
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-3036 MEDIUM This Month

Unspecified vulnerability in IBM API Management 3.0.0.0, when basic authentication is used for APIs, allows remote attackers to bypass intended restrictions on topology access, and obtain sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Api Management
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-3038 LOW Monitor

IBM SPSS Modeler 16.0 before 16.0.0.1 on UNIX does not properly drop group privileges, which allows local users to bypass intended file-access restrictions by leveraging (1) gid 0 or (2) root's group. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

IBM Privilege Escalation Spss Modeler
NVD
CVSS 2.0
3.6
EPSS
0.1%
CVE-2014-3981 LOW PATCH Monitor

acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file. Rated low severity (CVSS 3.3).

PHP Information Disclosure
NVD
CVSS 2.0
3.3
EPSS
0.3%
CVE-2014-3986 LOW Monitor

include/tests_webservers in Lynis before 1.5.5 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.*.unsorted file with an easily determined name. Rated low severity (CVSS 3.3). No vendor patch available.

Information Disclosure Lynis
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2014-3982 LOW PATCH Monitor

include/tests_webservers in Lynis before 1.5.5 on AIX allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.##### file. Rated low severity (CVSS 3.3).

Information Disclosure Lynis
NVD
CVSS 2.0
3.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy