Skip to main content
CVE-2014-5266 MEDIUM POC THREAT This Month

The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 76.3%.

Denial Of Service WordPress Drupal Debian Linux
NVD
CVSS 2.0
5.0
EPSS
76.3%
Threat
4.8
CVE-2014-5207 MEDIUM POC PATCH This Month

fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows. Rated medium severity (CVSS 6.2). Public exploit code available.

Denial Of Service Privilege Escalation Linux Linux Kernel Ubuntu Linux
NVD Exploit-DB GitHub
CVSS 2.0
6.2
EPSS
0.2%
CVE-2014-2388 MEDIUM POC This Month

The Storage and Access service in BlackBerry OS 10.x before 10.2.1.1925 on Q5, Q10, Z10, and Z30 devices does not enforce the password requirement for SMB filesystem access, which allows. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Blackberry Os Q10 Q5 Z10 +1
NVD
CVSS 2.0
6.1
EPSS
0.3%
CVE-2014-5203 HIGH PATCH This Week

wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x before 3.9.2 might allow remote attackers to execute arbitrary code via crafted serialized data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE WordPress PHP
NVD
CVSS 2.0
7.5
EPSS
6.9%
CVE-2014-5206 HIGH PATCH This Week

The do_remount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of a bind mount, which allows local users to bypass an. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Linux Linux Kernel Ubuntu Linux
NVD GitHub
CVSS 2.0
7.2
EPSS
0.0%
CVE-2014-5204 MEDIUM PATCH This Month

wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF WordPress PHP Debian Linux
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-5205 MEDIUM PATCH This Month

wp-includes/pluggable.php in WordPress before 3.9.2 does not use delimiters during concatenation of action values and uid values in CSRF tokens, which makes it easier for remote attackers to bypass a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF WordPress PHP
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-5265 MEDIUM PATCH This Month

The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations without considering recursion during entity expansion,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service WordPress Drupal Debian Linux
NVD
CVSS 2.0
5.0
EPSS
7.0%
CVE-2014-1469 MEDIUM PATCH This Month

BlackBerry Enterprise Server 5.x before 5.0.4 MR7 and Enterprise Service 10.x before 10.2.2 log cleartext credentials during exception handling, which allows local users to obtain sensitive. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity.

Information Disclosure Blackberry Enterprise Service Enterprise Server Enterprise Server Express
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-5240 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS WordPress PHP Debian Linux
NVD
CVSS 2.0
2.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy