Skip to main content
CVE-2014-4927 HIGH POC THREAT Act Now

Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 17.5%.

Denial Of Service Netgear D-Link Buffer Overflow Micro Httpd +4
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
17.5%
CVE-2014-4736 HIGH POC This Week

SQL injection vulnerability in E2 before 2.4 (2845) allows remote attackers to execute arbitrary SQL commands via the note-id parameter to @actions/comment-process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi E2
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.7%
CVE-2014-0607 CRITICAL Act Now

Unrestricted file upload vulnerability in Attachmate Verastream Process Designer (VPD) before R6 SP1 Hotfix 1 allows remote attackers to execute arbitrary code by uploading and launching an. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Verastream Process Designer
NVD
CVSS 2.0
10.0
EPSS
6.8%
CVE-2014-3110 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities on Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Honeywell Falcon Xlweb Linux Controller Falcon Xlweb Xlwebexe
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
2.4%
CVE-2014-5024 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and UMA before 7.2 SP1 allows remote attackers to inject arbitrary web script or HTML via the node_id. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Sonicwall Dell Analyzer Global Management System +1
NVD
CVSS 2.0
4.3
EPSS
1.4%
CVE-2014-2362 HIGH This Week

OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Sensor Wireless I O Module Wio Dh2 Wireless Gateway
NVD
CVSS 2.0
7.8
EPSS
1.1%
CVE-2014-2717 HIGH This Week

Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to bypass authentication and obtain. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Honeywell Authentication Bypass Falcon Xlweb Linux Controller Falcon Xlweb Xlwebexe
NVD
CVSS 2.0
7.6
EPSS
0.4%
CVE-2014-2361 HIGH This Week

OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Sensor Wireless I O Module Wio Dh2 Wireless Gateway
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2014-1419 MEDIUM This Month

Race condition in the power policy functions in policy-funcs in acpi-support before 0.142 allows local users to gain privileges via unspecified vectors. Rated medium severity (CVSS 6.9). No vendor patch available.

Race Condition Information Disclosure Acpi Support Ubuntu Linux
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2014-4686 MEDIUM This Month

The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Siemens Simatic Pcs7 Wincc
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-3322 MEDIUM This Month

Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of IP packets, which allows remote attackers to cause a denial of service (chip and card hangs) via. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xr Asr 9000 Rsp440 Router +6
NVD
CVSS 2.0
6.1
EPSS
0.6%
CVE-2014-4684 MEDIUM This Month

The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Siemens Simatic Pcs7 Wincc
NVD
CVSS 2.0
6.0
EPSS
0.4%
CVE-2014-2360 MEDIUM This Month

OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Sensor Wireless I O Module Wio Dh2 Wireless Gateway
NVD
CVSS 2.0
5.0
EPSS
2.2%
CVE-2014-5015 MEDIUM PATCH This Month

bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Bozohttpd Netbsd
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-4682 MEDIUM This Month

The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Siemens Simatic Pcs7 Wincc
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-4683 MEDIUM This Month

The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Siemens Simatic Pcs7 Wincc
NVD
CVSS 2.0
4.9
EPSS
0.2%
CVE-2014-4910 MEDIUM This Month

Directory traversal vulnerability in tools/backlight_helper.c in X.Org xf86-video-intel 2.99.911 allows remote attackers to create or overwrite arbitrary files via a .. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Intel Xf86 Video Intel
NVD
CVSS 2.0
4.6
EPSS
0.3%
CVE-2014-2369 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to hijack the. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Ns Series System Program Firmware Ns10 Hmi Terminal Ns12 Hmi Terminal Ns15 Hmi Terminal +2
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-4685 MEDIUM This Month

Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Siemens Simatic Pcs7 Wincc
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-2968 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web interface on the Huawei E355 CH1E355SM modem with software 21.157.37.01.910 and Web UI 11.001.08.00.03 allows remote attackers to inject arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Huawei E355 Web Ui E355 Firmware E355
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-2370 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to inject arbitrary web. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ns Series System Program Firmware Ns10 Hmi Terminal Ns12 Hmi Terminal Ns15 Hmi Terminal +2
NVD
CVSS 2.0
4.0
EPSS
0.6%
CVE-2014-2971 LOW Monitor

Cross-site scripting (XSS) vulnerability in AddStdLetter.jsp in MicroPact iComplaints before 8.0.2.1.8.8014 allows remote authenticated users to inject arbitrary web script or HTML via the. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Icomplaints
NVD
CVSS 2.0
3.5
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy