Skip to main content
CVE-2014-0226 MEDIUM POC PATCH THREAT This Month

Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 75.4%.

Race Condition Denial Of Service Buffer Overflow RCE Apache +6
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
75.4%
Threat
5.1
CVE-2014-0117 MEDIUM PATCH This Month

The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 57.0%.

Denial Of Service Apache Http Server Mac Os X Apache HTTP Server
NVD
CVSS 2.0
4.3
EPSS
57.0%
CVE-2014-0231 MEDIUM PATCH This Month

The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 44.2%.

Denial Of Service Apache Http Server Apache HTTP Server
NVD
CVSS 2.0
5.0
EPSS
44.2%
CVE-2014-0118 MEDIUM PATCH This Month

The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 41.3%.

Denial Of Service Apache Http Server Debian Linux Jboss Enterprise Application Platform +1
NVD
CVSS 2.0
4.3
EPSS
41.3%
CVE-2014-3523 MEDIUM PATCH This Month

Memory leak in the winnt_accept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 35.2%.

Apache Denial Of Service Microsoft Http Server Apache HTTP Server
NVD
CVSS 2.0
5.0
EPSS
35.2%
CVE-2013-4352 MEDIUM This Month

The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 24.4% and no vendor patch available.

Denial Of Service Apache Http Server Apache HTTP Server
NVD
CVSS 2.0
4.3
EPSS
24.4%
CVE-2014-4341 MEDIUM PATCH This Month

MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 14.5%.

Denial Of Service Information Disclosure Buffer Overflow Kerberos 5 Enterprise Linux Desktop +8
NVD GitHub
CVSS 2.0
5.0
EPSS
14.5%
CVE-2014-3160 MEDIUM This Month

The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Google Debian Linux Chrome
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2014-4342 MEDIUM PATCH This Month

MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Debian Linux Kerberos Kerberos 5 +4
NVD GitHub
CVSS 2.0
5.0
EPSS
8.1%
CVE-2014-3159 MEDIUM This Month

The WebContentsDelegateAndroid::OpenURLFromTab function in components/web_contents_delegate_android/web_contents_delegate_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2014-3162 MEDIUM This Month

Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.125 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Debian Linux Chrome
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-1973 MEDIUM This Month

Directory traversal vulnerability in the NextApp File Explorer application before 2.1.0.3 for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Google File Explorer
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-3892 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Nexa Meridian before 2014 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Meridian
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3894 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in PHP Kobo Multifunctional MailForm Free 2014/1/28 and earlier allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Multifunctional Mailform Free
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-3885 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Webmin
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-3884 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Usermin before 1.600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Usermin
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-1993 MEDIUM This Month

The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to bypass intended access restrictions via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Garoon
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-4987 MEDIUM This Month

server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Privilege Escalation Opensuse Phpmyadmin
NVD GitHub
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy