Skip to main content
CVE-2014-3110 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities on Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Honeywell Falcon Xlweb Linux Controller Falcon Xlweb Xlwebexe
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
2.4%
CVE-2014-5024 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and UMA before 7.2 SP1 allows remote attackers to inject arbitrary web script or HTML via the node_id. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Sonicwall Dell Analyzer Global Management System +1
NVD
CVSS 2.0
4.3
EPSS
1.4%
CVE-2014-1419 MEDIUM This Month

Race condition in the power policy functions in policy-funcs in acpi-support before 0.142 allows local users to gain privileges via unspecified vectors. Rated medium severity (CVSS 6.9). No vendor patch available.

Race Condition Information Disclosure Acpi Support Ubuntu Linux
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2014-4686 MEDIUM This Month

The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Siemens Simatic Pcs7 Wincc
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-3322 MEDIUM This Month

Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of IP packets, which allows remote attackers to cause a denial of service (chip and card hangs) via. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xr Asr 9000 Rsp440 Router +6
NVD
CVSS 2.0
6.1
EPSS
0.6%
CVE-2014-4684 MEDIUM This Month

The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Siemens Simatic Pcs7 Wincc
NVD
CVSS 2.0
6.0
EPSS
0.4%
CVE-2014-2360 MEDIUM This Month

OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Sensor Wireless I O Module Wio Dh2 Wireless Gateway
NVD
CVSS 2.0
5.0
EPSS
2.2%
CVE-2014-5015 MEDIUM PATCH This Month

bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Bozohttpd Netbsd
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-4682 MEDIUM This Month

The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Siemens Simatic Pcs7 Wincc
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-4683 MEDIUM This Month

The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Siemens Simatic Pcs7 Wincc
NVD
CVSS 2.0
4.9
EPSS
0.2%
CVE-2014-4910 MEDIUM This Month

Directory traversal vulnerability in tools/backlight_helper.c in X.Org xf86-video-intel 2.99.911 allows remote attackers to create or overwrite arbitrary files via a .. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Intel Xf86 Video Intel
NVD
CVSS 2.0
4.6
EPSS
0.3%
CVE-2014-2369 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to hijack the. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Ns Series System Program Firmware Ns10 Hmi Terminal Ns12 Hmi Terminal Ns15 Hmi Terminal +2
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-4685 MEDIUM This Month

Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Siemens Simatic Pcs7 Wincc
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-2968 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web interface on the Huawei E355 CH1E355SM modem with software 21.157.37.01.910 and Web UI 11.001.08.00.03 allows remote attackers to inject arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Huawei E355 Web Ui E355 Firmware E355
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-2370 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to inject arbitrary web. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ns Series System Program Firmware Ns10 Hmi Terminal Ns12 Hmi Terminal Ns15 Hmi Terminal +2
NVD
CVSS 2.0
4.0
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy