Skip to main content
CVE-2014-5160 MEDIUM This Month

Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 30.0% and no vendor patch available.

Path Traversal HP Data Protector
NVD
CVSS 2.0
6.4
EPSS
30.0%
CVE-2014-5045 MEDIUM POC PATCH This Month

The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a. Rated medium severity (CVSS 6.2). Public exploit code available.

Denial Of Service Linux Linux Kernel Enterprise Linux Eus Enterprise Linux Server Aus +1
NVD GitHub
CVSS 2.0
6.2
EPSS
0.0%
CVE-2014-5077 HIGH PATCH Act Now

The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Epss exploitation probability 12.8%.

Denial Of Service Linux Null Pointer Dereference Microsoft Linux Kernel +7
NVD GitHub
CVSS 2.0
7.1
EPSS
12.8%
CVE-2014-5163 MEDIUM POC This Month

The APN decode functionality in (1) epan/dissectors/packet-gtp.c and (2) epan/dissectors/packet-gsm_a_gm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Wireshark
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-5165 MEDIUM POC This Month

The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.10.x before 1.10.9 does not properly validate padding values, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Wireshark
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-5164 MEDIUM POC This Month

The rlc_decode_li function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.10.x before 1.10.9 initializes a certain structure member only after this member is used, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Wireshark
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-3534 HIGH PATCH This Week

arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Linux Linux Kernel Debian Linux
NVD GitHub
CVSS 2.0
7.2
EPSS
0.1%
CVE-2014-0972 HIGH This Week

The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly prevent write access to. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Privilege Escalation Linux Google Android Msm
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2014-3302 MEDIUM This Month

user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Cisco PHP Information Disclosure Webex Meetings Server
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2014-2627 MEDIUM This Month

Unspecified vulnerability in HP NonStop NetBatch G06.14 through G06.32.01, H06 through H06.28, and J06 through J06.17.01 allows remote authenticated users to gain privileges for NetBatch job. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure Nonstop Netbatch
NVD
CVSS 2.0
5.2
EPSS
0.2%
CVE-2014-5162 MEDIUM This Month

The read_new_line function in wiretap/catapult_dct2000.c in the Catapult DCT2000 dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' and '\r' characters, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Wireshark
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-5161 MEDIUM This Month

The dissect_log function in plugins/irda/packet-irda.c in the IrDA dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' characters, which allows remote attackers to cause a denial. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Wireshark
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-3009 LOW Monitor

The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 through 11.0 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 does. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Infosphere Master Data Management Server For Product Information Management Infosphere Master Data Management
NVD
CVSS 2.0
3.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy