Skip to main content
CVE-2014-0325 CRITICAL Emergency

Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site that triggers. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 35.9% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Internet Explorer
NVD
CVSS 2.0
9.3
EPSS
35.9%
CVE-2014-3538 MEDIUM POC PATCH THREAT This Month

file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 21.0%.

Denial Of Service File PHP Debian Linux
NVD GitHub
CVSS 2.0
5.0
EPSS
21.0%
CVE-2014-0247 CRITICAL Act Now

LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fedora Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Workstation +3
NVD
CVSS 2.0
10.0
EPSS
6.6%
CVE-2014-4718 MEDIUM POC PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Lunar CMS before 3.3-3 allow remote attackers to hijack the authentication of administrators for requests that (1) add Super users via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

XSS CSRF PHP Lunar Cms
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
2.0%
CVE-2014-4717 MEDIUM POC PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

XSS CSRF WordPress PHP Simple Share Buttons Adder
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-4716 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in Thomson TWG87OUIR allows remote attackers to hijack the authentication of unspecified victims for requests that change passwords via the Password. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Twg87Ouir
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-3920 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in Kanboard before 1.0.6 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a save. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Kanboard
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-3857 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in Kerio Control Statistics in Kerio Control (formerly WinRoute Firewall) before 8.3.2 allow remote authenticated users to execute arbitrary SQL commands via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Control
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
1.6%
CVE-2014-0477 MEDIUM POC PATCH This Month

The parse function in Email::Address module before 1.905 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via an empty. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Fedora
NVD GitHub
CVSS 2.0
5.0
EPSS
1.4%
CVE-2014-4608 HIGH PATCH This Week

Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Linux Buffer Overflow Linux Kernel +4
NVD GitHub
CVSS 3.1
7.3
EPSS
8.6%
CVE-2014-4719 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the login panel (svn/login/) in User-Friendly SVN (aka USVN) before 1.0.7 allows remote attackers to inject arbitrary web script or HTML via the username. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS User Friendly Svn
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4195 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the article_id parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Zerocms
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4667 MEDIUM PATCH This Month

The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 14.1%.

Denial Of Service Linux Linux Kernel Linux Enterprise Desktop Linux Enterprise Real Time Extension +3
NVD GitHub
CVSS 2.0
5.0
EPSS
14.1%
CVE-2014-4672 HIGH PATCH This Week

The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE PHP Code Injection Yiiframework
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2014-4611 MEDIUM This Month

Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4_uncompress function in lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.1% and no vendor patch available.

Denial Of Service Linux Buffer Overflow Linux Kernel
NVD GitHub
CVSS 2.0
5.0
EPSS
10.1%
CVE-2014-4168 MEDIUM This Month

(1) iodined.c and (2) user.c in iodine before 0.7.0 allows remote attackers to bypass authentication by continuing execution after an error has been triggering. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Iodine
NVD GitHub
CVSS 2.0
5.0
EPSS
1.0%
CVE-2014-4715 MEDIUM This Month

Yann Collet LZ4 before r119, when used on certain 32-bit platforms that allocate memory beyond 0x80000000, does not properly detect integer overflows, which allows context-dependent attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Lz4
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-4655 MEDIUM PATCH This Month

The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Denial Of Service Linux Linux Kernel Linux Enterprise Server +1
NVD GitHub
CVSS 2.0
4.9
EPSS
0.0%
CVE-2014-4656 MEDIUM PATCH This Month

Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Integer Overflow Denial Of Service Linux Linux Kernel Linux Enterprise Server +7
NVD GitHub
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-4654 MEDIUM PATCH This Month

The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands,. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Linux Use After Free Linux Kernel +2
NVD GitHub
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-4653 MEDIUM PATCH This Month

sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Linux Use After Free Linux Kernel +2
NVD GitHub
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-2965 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in auth-settings-x.php in SpamTitan before 6.04 allows remote attackers to inject arbitrary web script or HTML via the sortdir parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Spamtitan
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2014-3497 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Swift
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-4002 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the (1) drp_action parameter to cdef.php, (2) data_input.php, (3). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS PHP Opensuse Cacti
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-3149 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.3.x and 3.4.x through 3.4.6, as downloaded before 20140424, or IP.Nexus 1.5.x through 1.5.9, as. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Invision Power Board Ip Nexus
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-4652 LOW PATCH Monitor

Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users. Rated low severity (CVSS 1.9).

Information Disclosure Race Condition Linux Linux Kernel Linux Enterprise Server +4
NVD GitHub
CVSS 2.0
1.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy