Skip to main content
CVE-2014-4502 CRITICAL POC PATCH Act Now

Multiple heap-based buffer overflows in the parse_notify function in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 4.1.0 allow remote pool servers to have unspecified impact via a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Bfgminer Sgminer
NVD GitHub
CVSS 2.0
10.0
EPSS
0.5%
CVE-2014-4501 CRITICAL POC PATCH Act Now

Multiple stack-based buffer overflows in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 3.3.0 allow remote pool servers to have unspecified impact via a long URL in a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Sgminer Cgminer Bfgminer
NVD GitHub
CVSS 2.0
10.0
EPSS
0.2%
CVE-2014-3939 CRITICAL Act Now

Heap-based buffer overflow in Autodesk SketchBook Pro before 6.2.6 allows remote attackers to execute arbitrary code via crafted layer bitmap data in a PXD file. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 11.5% and no vendor patch available.

RCE Buffer Overflow Sketchbook Pro
NVD
CVSS 2.0
9.3
EPSS
11.5%
CVE-2014-3938 CRITICAL Act Now

Integer overflow in Autodesk SketchBook Pro before 6.2.6 allows remote attackers to execute arbitrary code via crafted layer mask data in a PSD file, which triggers a heap-based buffer overflow. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 10.5% and no vendor patch available.

RCE Buffer Overflow Sketchbook Pro
NVD
CVSS 2.0
9.3
EPSS
10.5%
CVE-2014-1551 CRITICAL Act Now

Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Microsoft Firefox Firefox Esr +1
NVD
CVSS 2.0
10.0
EPSS
5.4%
CVE-2014-1550 CRITICAL Act Now

Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Firefox +1
NVD
CVSS 2.0
10.0
EPSS
3.8%
CVE-2014-1548 CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Firefox +1
NVD
CVSS 2.0
10.0
EPSS
3.2%
CVE-2014-1547 CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Firefox +2
NVD
CVSS 2.0
10.0
EPSS
2.2%
CVE-2014-1544 CRITICAL Act Now

Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Firefox Firefox Esr Network Security Services +1
NVD
CVSS 2.0
10.0
EPSS
2.0%
CVE-2014-1555 CRITICAL Act Now

Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla RCE Firefox Firefox Esr Thunderbird
NVD
CVSS 2.0
9.3
EPSS
3.4%
CVE-2014-1549 CRITICAL Act Now

The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow RCE Firefox +1
NVD
CVSS 2.0
9.3
EPSS
3.1%
CVE-2014-1557 CRITICAL Act Now

The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

RCE Mozilla Code Injection Solaris Firefox +3
NVD
CVSS 2.0
9.3
EPSS
2.4%
CVE-2014-1556 CRITICAL Act Now

Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

RCE Mozilla Code Injection Firefox Firefox Esr +1
NVD
CVSS 2.0
9.3
EPSS
0.9%
CVE-2014-4980 MEDIUM POC This Month

The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Nessus Web Ui
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-4503 MEDIUM POC PATCH This Month

The parse_notify function in util.c in sgminer before 4.2.2 and cgminer 3.3.0 through 4.0.1 allows man-in-the-middle attackers to cause a denial of service (application exit) via a crafted (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Sgminer Cgminer
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-1561 MEDIUM This Month

Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Privilege Escalation Firefox Solaris
NVD
CVSS 2.0
5.8
EPSS
0.8%
CVE-2014-1552 MEDIUM This Month

Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Privilege Escalation Firefox Thunderbird
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-1560 MEDIUM This Month

Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use ASCII. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Denial Of Service Firefox Thunderbird
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-1559 MEDIUM This Month

Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Denial Of Service Firefox Thunderbird
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-1558 MEDIUM This Month

Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Denial Of Service Firefox Thunderbird
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-3555 MEDIUM This Month

OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Neutron
NVD
CVSS 2.0
4.0
EPSS
0.9%
CVE-2014-3537 LOW Monitor

The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/. Rated low severity (CVSS 1.2). No vendor patch available.

Information Disclosure Cups Ubuntu Linux Fedora
NVD
CVSS 2.0
1.2
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy