Skip to main content
CVE-2014-1774 CRITICAL POC THREAT Emergency

Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 26.5%.

Denial Of Service Code Injection Buffer Overflow Microsoft RCE +1
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
26.5%
Threat
4.2
CVE-2014-2777 HIGH POC THREAT Act Now

Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary web script with increased privileges via unspecified vectors, aka "Internet Explorer Elevation of Privilege. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 34.0%.

RCE Code Injection Microsoft Internet Explorer
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
34.0%
Threat
4.0
CVE-2014-1817 CRITICAL PATCH Act Now

usp10.dll in Uniscribe (aka the Unicode Script Processor) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 44.4%.

Denial Of Service RCE Buffer Overflow Microsoft Windows 7 +8
NVD
CVSS 2.0
9.3
EPSS
44.4%
CVE-2014-1818 CRITICAL PATCH Act Now

GDI+ in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 42.4%.

RCE Microsoft Windows 7 Windows 8 Windows 8 1 +6
NVD
CVSS 2.0
9.3
EPSS
42.4%
CVE-2014-2778 CRITICAL Emergency

Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted embedded font in a (1) .doc. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 40.4% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Office Compatibility Pack +1
NVD
CVSS 2.0
9.3
EPSS
40.4%
CVE-2014-1777 MEDIUM POC THREAT This Month

Microsoft Internet Explorer 10 and 11 allows remote attackers to read local files on the client via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability.". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 36.3%.

Information Disclosure Microsoft Internet Explorer
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
36.3%
CVE-2014-1778 MEDIUM POC THREAT This Month

Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary web script with increased privileges via unspecified vectors, aka "Internet Explorer Elevation of Privilege. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 22.7%.

Privilege Escalation Microsoft Internet Explorer
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
22.7%
CVE-2014-4034 HIGH POC THREAT Act Now

SQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.2%.

PHP SQLi Zerocms
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
12.2%
CVE-2014-1771 MEDIUM POC THREAT This Month

SChannel in Microsoft Internet Explorer 6 through 11 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 13.4%.

Information Disclosure Microsoft Internet Explorer
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
13.4%
CVE-2014-2977 CRITICAL Act Now

Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Opensuse Linux Enterprise Desktop +4
NVD
CVSS 2.0
10.0
EPSS
9.6%
CVE-2014-1811 MEDIUM PATCH This Month

The TCP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 33.4%.

Denial Of Service Microsoft Windows 7 Windows 8 Windows 8 1 +5
NVD
CVSS 2.0
5.0
EPSS
33.4%
CVE-2014-2978 CRITICAL Act Now

The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Directfb Opensuse +4
NVD
CVSS 2.0
10.0
EPSS
8.1%
CVE-2014-0296 MEDIUM PATCH This Month

The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly encrypt sessions, which makes it easier for. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. Epss exploitation probability 29.9%.

Information Disclosure Microsoft Windows 7 Windows 8 Windows 8 1 +1
NVD
CVSS 2.0
5.1
EPSS
29.9%
CVE-2014-3911 CRITICAL PATCH Act Now

Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unspecified values to the (1) Start, (2) ChangeControlLocalName, (3) DeleteDeviceProfile, (4). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Samsung Code Injection Ipolis Device Manager
NVD
CVSS 2.0
9.3
EPSS
8.4%
CVE-2014-3915 CRITICAL Act Now

The userRequest servlet in the Admin Center for Tivoli Storage Manager in Rocket Servergraph allows remote attackers to execute arbitrary commands via a (1) auth, (2) auth_session, (3) auth_simple,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Rocket Servergraph
NVD
CVSS 2.0
10.0
EPSS
4.6%
CVE-2014-0536 CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK &. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +3
NVD
CVSS 2.0
10.0
EPSS
4.2%
CVE-2014-3850 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the Member Approval plugin 131109 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF WordPress PHP Member Approval
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-1537 CRITICAL Act Now

Use-after-free vulnerability in the mozilla::dom::workers::WorkerPrivateParent function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Firefox
NVD
CVSS 2.0
10.0
EPSS
3.3%
CVE-2014-1533 CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allow remote attackers to cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Firefox +1
NVD
CVSS 2.0
10.0
EPSS
3.2%
CVE-2014-1545 CRITICAL Act Now

Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Netscape Portable Runtime
NVD
CVSS 2.0
10.0
EPSS
2.9%
CVE-2014-1538 CRITICAL Act Now

Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Firefox +2
NVD
CVSS 2.0
10.0
EPSS
2.7%
CVE-2014-1534 CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow RCE Firefox
NVD
CVSS 2.0
10.0
EPSS
2.7%
CVE-2014-1541 CRITICAL Act Now

Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Thunderbird +2
NVD
CVSS 2.0
10.0
EPSS
2.0%
CVE-2014-1536 CRITICAL Act Now

The PropertyProvider::FindJustificationRange function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Firefox
NVD
CVSS 2.0
10.0
EPSS
1.4%
CVE-2014-1823 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2010 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 28.4% and no vendor patch available.

XSS Microsoft Lync Server
NVD
CVSS 2.0
4.3
EPSS
28.4%
CVE-2014-3781 MEDIUM POC This Month

The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote attackers to bypass authentication via an empty password in an XML-RPC request. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Dotclear
NVD
CVSS 2.0
5.8
EPSS
0.4%
CVE-2014-1540 CRITICAL Act Now

Use-after-free vulnerability in the nsEventListenerManager::CompileEventHandlerInternal function in the Event Listener Manager in Mozilla Firefox before 30.0 allows remote attackers to execute. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Firefox
NVD
CVSS 2.0
9.3
EPSS
1.0%
CVE-2014-3004 MEDIUM POC PATCH This Month

The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XML document. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XXE Castor Opensuse
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
3.6%
CVE-2014-4035 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in booking_details.php in Best Soft Inc. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Advance Hotel Booking System
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
2.9%
CVE-2014-4033 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in libraries/includes/personal/profile.php in Epignosis eFront 3.6.14.4 allows remote attackers to inject arbitrary web script or HTML via the surname. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Efront
NVD Exploit-DB GitHub
CVSS 2.0
4.3
EPSS
2.2%
CVE-2014-0535 HIGH PATCH This Week

Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK &. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Adobe Privilege Escalation Microsoft Adobe Air Sdk Adobe Air +1
NVD
CVSS 2.0
7.5
EPSS
6.1%
CVE-2014-4037 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor before 2.6.11 and earlier allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Fckeditor
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-4032 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in apps/app_comment/form_comment.php in Fiyo CMS 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the Nama field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Fiyo Cms
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-4036 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in modules/system/admin.php in ImpressCMS 1.3.6.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a listimg action. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Impresscms
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-1543 HIGH This Week

Multiple heap-based buffer overflows in the navigator.getGamepads function in the Gamepad API in Mozilla Firefox before 30.0 allow remote attackers to execute arbitrary code by using non-contiguous. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow RCE Firefox
NVD
CVSS 2.0
7.5
EPSS
3.4%
CVE-2014-3157 HIGH This Week

Heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer function in media/filters/ffmpeg_video_decoder.cc in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Chrome
NVD
CVSS 2.0
7.5
EPSS
2.9%
CVE-2014-3156 HIGH This Week

Buffer overflow in the clipboard implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Chrome
NVD
CVSS 2.0
7.5
EPSS
2.7%
CVE-2014-0534 HIGH PATCH This Week

Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK &. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Adobe Privilege Escalation Microsoft Flash Player Adobe Air +1
NVD
CVSS 2.0
7.5
EPSS
2.4%
CVE-2014-3154 HIGH This Week

Use-after-free vulnerability in the ChildThread::Shutdown function in content/child/child_thread.cc in the filesystem API in Google Chrome before 35.0.1916.153 allows remote attackers to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome
NVD
CVSS 2.0
7.5
EPSS
1.9%
CVE-2014-1542 MEDIUM This Month

Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Buffer Overflow RCE Opensuse Firefox +1
NVD
CVSS 2.0
6.8
EPSS
4.7%
CVE-2014-3970 LOW POC Monitor

The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an. Rated low severity (CVSS 2.9). Public exploit code available and no vendor patch available.

Denial Of Service Pulseaudio
NVD
CVSS 2.0
2.9
EPSS
0.5%
CVE-2014-1816 MEDIUM This Month

Microsoft XML Core Services (aka MSXML) 3.0 and 6.0 does not properly restrict the information transmitted by Internet Explorer during a download action, which allows remote attackers to discover (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 10.9% and no vendor patch available.

Privilege Escalation Microsoft Xml Core Services
NVD
CVSS 2.0
4.3
EPSS
10.9%
CVE-2014-3782 MEDIUM This Month

Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear before 2.6.3 allow remote authenticated users to execute arbitrary PHP code by. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

RCE PHP Dotclear
NVD
CVSS 2.0
6.0
EPSS
0.8%
CVE-2014-3155 MEDIUM This Month

net/spdy/spdy_write_queue.cc in the SPDY implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging incorrect queue. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Chrome
NVD
CVSS 2.0
5.0
EPSS
2.3%
CVE-2014-1539 MEDIUM This Month

Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Thunderbird
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-0532 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Adobe Microsoft Adobe Air Sdk Adobe Air +1
NVD
CVSS 2.0
4.3
EPSS
3.6%
CVE-2014-3980 MEDIUM This Month

libfep 0.0.5 before 0.1.0 does not properly use UNIX domain sockets in the abstract namespace, which allows local users to gain privileges via unspecified vectors. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Libfep
NVD GitHub
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-0533 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Adobe Microsoft Flash Player Adobe Air Sdk +1
NVD
CVSS 2.0
4.3
EPSS
1.0%
CVE-2014-0531 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Adobe Microsoft Adobe Air Flash Player +1
NVD
CVSS 2.0
4.3
EPSS
1.0%
CVE-2014-0249 LOW Monitor

The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access. Rated low severity (CVSS 3.3). No vendor patch available.

Privilege Escalation Sssd Enterprise Linux
NVD
CVSS 2.0
3.3
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy