Skip to main content
CVE-2014-1814 HIGH PATCH This Week

The Windows Installer in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Privilege Escalation Microsoft Windows 7 Windows 8 Windows 8 1 +6
NVD
CVSS 2.0
7.2
EPSS
2.5%
CVE-2014-5202 LOW POC PATCH Monitor

Cross-site scripting (XSS) vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress PHP Compfight
NVD
CVSS 2.0
3.5
EPSS
0.1%
CVE-2014-1819 HIGH PATCH This Week

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Privilege Escalation Microsoft Windows 7 Windows 8 Windows 8 1 +6
NVD
CVSS 2.0
7.2
EPSS
1.5%
CVE-2014-4062 MEDIUM This Month

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, and 3.5.1 does not properly implement the ASLR protection mechanism, which allows remote attackers to obtain sensitive address information via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 15.0% and no vendor patch available.

Privilege Escalation Microsoft Net Framework
NVD
CVSS 2.0
4.3
EPSS
15.0%
CVE-2014-3072 HIGH PATCH This Week

Unspecified vulnerability in the Automation Server in IBM Security AppScan Source 8 through 8.0.0.2, 8.5 through 8.5.0.1, 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, and 9.0 through 9.0.0.1 allows. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

IBM Information Disclosure Security Appscan Source
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2014-3337 MEDIUM This Month

The SIP implementation in Cisco Unified Communications Manager (CM) 8.6(.2) and earlier allows remote authenticated users to cause a denial of service (process crash) via a crafted SIP message that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Unified Communications Domain Manager
NVD
CVSS 2.0
6.8
EPSS
1.8%
CVE-2014-5199 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the WordPress File Upload plugin (wp-file-upload) before 2.4.2 for WordPress allows remote attackers to hijack the authentication of administrators. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF WordPress File Upload Wordpress File Upload
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-3339 MEDIUM This Month

Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Unified Communications Domain Manager Unified Presence Server
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2014-4760 MEDIUM PATCH This Month

Open redirect vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 before 8.0.0.1 CF13, and 8.5.0 before CF01 allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

IBM Open Redirect Websphere Portal
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2014-4064 MEDIUM PATCH This Month

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Microsoft Windows 7 Windows 8 Windows 8 1 +6
NVD
CVSS 2.0
4.9
EPSS
2.4%
CVE-2014-4746 MEDIUM PATCH This Month

IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF13 and 8.5.0 through CF01 provides different error codes for firewall-traversal requests depending on whether the intranet host exists, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Websphere Portal
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-7395 MEDIUM This Month

ZOLL Defibrillator / Monitor X Series has a default (1) supervisor password and (2) service password, which allows physically proximate attackers to modify device configuration and cause a denial of. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Monitor Defibrillator
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-2631 MEDIUM This Month

Unspecified vulnerability in HP Application Lifecycle Management (aka Quality Center) 11.5x and 12.0x allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2138. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure Application Lifecycle Management
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-3899 MEDIUM This Month

Gretech GOM Player 2.2.51.5149 and earlier allows remote attackers to cause a denial of service (launch outage) via a crafted image file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Gom Player
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2014-3251 MEDIUM This Month

The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which. Rated medium severity (CVSS 4.4). No vendor patch available.

Race Condition Authentication Bypass Puppet Enterprise Mcollective
NVD
CVSS 2.0
4.4
EPSS
0.0%
CVE-2014-5198 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.3 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Splunk
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-4751 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM Security Access Manager for Mobile 8.0.0.0, 8.0.0.1, and 8.0.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Security Access Manager For Mobile
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-0953 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, and 8.0.0 before 8.0.0.1 CF12 allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Websphere Portal
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-5197 MEDIUM PATCH This Month

Directory traversal vulnerability in (1) Splunk Web or the (2) Splunkd HTTP Server in Splunk Enterprise 6.1.x before 6.1.3 allows remote authenticated users to read arbitrary files via a .. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Splunk
NVD
CVSS 2.0
4.0
EPSS
0.5%
CVE-2014-2629 MEDIUM This Month

HP NonStop Safeguard Security Software G, H06.03 through H06.28.01, and J06.03 through J06.17.01 does not properly evaluate the DISKFILE-PATTERN ACL of a program object file, which allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Privilege Escalation Nonstop Safeguard Security
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-2628 MEDIUM This Month

Unspecified vulnerability in HP Enterprise Maps 1 allows remote authenticated users to obtain sensitive information via unknown vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Enterprise Maps
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-5433 MEDIUM PATCH This Month

The Data Growth Solution for JD Edwards EnterpriseOne in IBM InfoSphere Optim 3.0 through 9.1 has hardcoded database credentials, which allows remote authenticated users to obtain sensitive. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Infosphere Optim Data Growth Solution For Siebel Crm
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-3031 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in IBM Tivoli Business Service Manager 4.2.0 before 4.2.0.0 IF12 and 4.2.1 before 4.2.1.3 IF9 allows remote authenticated users to inject arbitrary web script. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Tivoli Business Service Manager
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-3102 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF28 and 8.0.0 before 8.0.0.1 CF13 allows remote authenticated users to inject arbitrary web script or HTML via. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Websphere Portal
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-3069 LOW PATCH Monitor

Multiple CRLF injection vulnerabilities in the Universal Access component in IBM Curam Social Program Management (SPM) 6.0.5.5, when WebSphere Application Server is not used, allow remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM Code Injection Curam Social Program Management
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-4757 LOW PATCH Monitor

The Outlook Extension in IBM Content Collector 4.0.0.x before 4.0.0.0-ICC-OE-IF004 allows local users to bypass the intended Reviewer privilege requirement and read e-mail messages from an arbitrary. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

IBM Privilege Escalation Microsoft Content Collector
NVD
CVSS 2.0
2.1
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy