Skip to main content
CVE-2014-0226 MEDIUM POC PATCH THREAT This Month

Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 75.4%.

Race Condition Denial Of Service Buffer Overflow RCE Apache +6
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
75.4%
Threat
5.1
CVE-2014-0117 MEDIUM PATCH This Month

The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 57.0%.

Denial Of Service Apache Http Server Mac Os X Apache HTTP Server
NVD
CVSS 2.0
4.3
EPSS
57.0%
CVE-2014-0231 MEDIUM PATCH This Month

The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 44.2%.

Denial Of Service Apache Http Server Apache HTTP Server
NVD
CVSS 2.0
5.0
EPSS
44.2%
CVE-2014-0118 MEDIUM PATCH This Month

The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 41.3%.

Denial Of Service Apache Http Server Debian Linux Jboss Enterprise Application Platform +1
NVD
CVSS 2.0
4.3
EPSS
41.3%
CVE-2014-3523 MEDIUM PATCH This Month

Memory leak in the winnt_accept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 35.2%.

Apache Denial Of Service Microsoft Http Server Apache HTTP Server
NVD
CVSS 2.0
5.0
EPSS
35.2%
CVE-2014-1987 CRITICAL Act Now

The CGI component in Cybozu Garoon 3.1.0 through 3.7 SP3 allows remote attackers to execute arbitrary commands via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Garoon
NVD
CVSS 2.0
10.0
EPSS
4.4%
CVE-2013-4352 MEDIUM This Month

The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 24.4% and no vendor patch available.

Denial Of Service Apache Http Server Apache HTTP Server
NVD
CVSS 2.0
4.3
EPSS
24.4%
CVE-2014-1999 HIGH This Week

The auto-format feature in the Request_Curl class in FuelPHP 1.1 through 1.7.1 allows remote attackers to execute arbitrary code via a crafted response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Fuelphp
NVD
CVSS 2.0
7.5
EPSS
2.0%
CVE-2014-4341 MEDIUM PATCH This Month

MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 14.5%.

Denial Of Service Information Disclosure Buffer Overflow Kerberos 5 Enterprise Linux Desktop +8
NVD GitHub
CVSS 2.0
5.0
EPSS
14.5%
CVE-2014-1996 HIGH This Week

Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Privilege Escalation Denial Of Service Garoon
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2014-3161 HIGH This Week

The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayer_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly interact with redirects, which. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Google Chrome
NVD
CVSS 2.0
7.5
EPSS
0.2%
CVE-2014-3160 MEDIUM This Month

The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Google Debian Linux Chrome
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2014-4342 MEDIUM PATCH This Month

MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Debian Linux Kerberos Kerberos 5 +4
NVD GitHub
CVSS 2.0
5.0
EPSS
8.1%
CVE-2014-3159 MEDIUM This Month

The WebContentsDelegateAndroid::OpenURLFromTab function in components/web_contents_delegate_android/web_contents_delegate_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2014-3162 MEDIUM This Month

Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.125 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Debian Linux Chrome
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-1973 MEDIUM This Month

Directory traversal vulnerability in the NextApp File Explorer application before 2.1.0.3 for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Google File Explorer
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-3892 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Nexa Meridian before 2014 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Meridian
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3894 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in PHP Kobo Multifunctional MailForm Free 2014/1/28 and earlier allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Multifunctional Mailform Free
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-3885 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Webmin
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-3884 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Usermin before 1.600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Usermin
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-1993 MEDIUM This Month

The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to bypass intended access restrictions via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Garoon
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-4987 MEDIUM This Month

server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Privilege Escalation Opensuse Phpmyadmin
NVD GitHub
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-4986 LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Phpmyadmin
NVD GitHub
CVSS 2.0
3.5
EPSS
0.3%
CVE-2014-4955 LOW Monitor

Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Phpmyadmin
NVD GitHub
CVSS 2.0
3.5
EPSS
0.3%
CVE-2014-4954 LOW Monitor

Cross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Phpmyadmin
NVD GitHub
CVSS 2.0
3.5
EPSS
0.3%
CVE-2014-1995 LOW Monitor

Cross-site scripting (XSS) vulnerability in the Map search functionality in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Garoon
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-1994 LOW Monitor

Cross-site scripting (XSS) vulnerability in the Notices portlet in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Garoon
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-1992 LOW Monitor

Cross-site scripting (XSS) vulnerability in the Messages functionality in Cybozu Garoon 3.1.x, 3.5.x, and 3.7.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Garoon
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-3886 LOW Monitor

Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when referrer checking is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

XSS Webmin
NVD
CVSS 2.0
2.6
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy