Skip to main content
CVE-2012-4988 CRITICAL POC THREAT Emergency

Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 34.9%.

RCE Buffer Overflow Xnview
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
34.9%
Threat
4.4
CVE-2014-3515 HIGH PATCH Act Now

The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 48.7%.

RCE PHP Debian Linux
NVD
CVSS 2.0
7.5
EPSS
48.7%
CVE-2014-3478 MEDIUM POC PATCH THREAT This Month

Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 25.3%.

Denial Of Service PHP Buffer Overflow File
NVD GitHub
CVSS 3.1
6.5
EPSS
25.3%
CVE-2014-4671 MEDIUM POC PATCH THREAT This Month

Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 35.8%.

Adobe CSRF Google Microsoft Flash Player +2
NVD
CVSS 2.0
4.3
EPSS
35.8%
CVE-2014-4741 HIGH POC This Week

SQL injection vulnerability in demo/ads.php in Artifectx xClassified 1.2 allows remote attackers to execute arbitrary SQL commands via the catid parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Xclassified
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.5%
CVE-2014-4194 HIGH POC This Week

SQL injection vulnerability in zero_transact_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter in a Submit Comment action. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Zerocms
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.9%
CVE-2014-4699 MEDIUM POC PATCH This Month

The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows. Rated medium severity (CVSS 6.9). Public exploit code available.

Canonical Race Condition Denial Of Service Intel Linux +3
NVD Exploit-DB GitHub
CVSS 2.0
6.9
EPSS
1.1%
CVE-2014-4742 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in system/class_link.php in the System module (module_system) in Kajona before 4.5 allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Kajona
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-4744 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Osticket
NVD GitHub VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-4743 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in (1) search_ajax.tpl and (2) search_ajax_small.tpl in templates/default/tpl/module_search/ in the Search module (module_search) in Kajona before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Kajona
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-0207 MEDIUM PATCH This Month

The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service PHP Buffer Overflow File Linux +2
NVD GitHub
CVSS 3.1
6.5
EPSS
9.2%
CVE-2014-3480 MEDIUM PATCH This Month

The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service PHP File Debian Linux Opensuse +1
NVD GitHub
CVSS 3.1
6.5
EPSS
8.1%
CVE-2014-0539 HIGH This Week

Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Privilege Escalation Google Microsoft Adobe Air +2
NVD
CVSS 2.0
7.5
EPSS
2.0%
CVE-2014-0537 HIGH This Week

Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Privilege Escalation Google Microsoft Adobe Air Sdk +2
NVD
CVSS 2.0
7.5
EPSS
2.0%
CVE-2014-3479 MEDIUM PATCH This Month

The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 14.8%.

Denial Of Service PHP File Debian Linux Opensuse +1
NVD GitHub
CVSS 2.0
4.3
EPSS
14.8%
CVE-2014-3487 MEDIUM PATCH This Month

The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 14.5%.

Denial Of Service PHP File Debian Linux Opensuse +1
NVD GitHub
CVSS 2.0
4.3
EPSS
14.5%
CVE-2014-3891 MEDIUM This Month

Buffer overflow in RimArts Becky!. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow Becky Internet Mail
NVD
CVSS 2.0
6.8
EPSS
1.6%
CVE-2014-3312 MEDIUM This Month

The debug console interface on Cisco Small Business SPA300 and SPA500 phones does not properly perform authentication, which allows local users to execute arbitrary debug-shell commands, or read or. Rated medium severity (CVSS 6.9). No vendor patch available.

Cisco Authentication Bypass Spa 301 1 Line Ip Phone Spa 303 3 Line Ip Phone Spa 501G 8 Line Ip Phone +13
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2014-3309 MEDIUM This Month

The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Privilege Escalation Cisco iOS Ios Xe
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-3313 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web user interface on Cisco Small Business SPA300 and SPA500 phones allows remote attackers to inject arbitrary web script or HTML via a crafted URL,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Spa 301 1 Line Ip Phone Spa 303 3 Line Ip Phone Spa 501G 8 Line Ip Phone +13
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-4022 LOW Monitor

The alloc_domain_struct function in arch/arm/domain.c in Xen 4.4.x, when running on an ARM platform, does not properly initialize the structure containing the grant table pages for a domain, which. Rated low severity (CVSS 2.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xen
NVD
CVSS 2.0
2.7
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy