Skip to main content
CVE-2014-4618 HIGH This Week

EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to gain privileges via a user-created system object. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Documentum Content Server
NVD
CVSS 2.0
8.5
EPSS
1.0%
CVE-2014-2515 HIGH This Week

EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod,. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Documentum D2
NVD
CVSS 2.0
8.5
EPSS
1.0%
CVE-2014-5382 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Schrack Technik microControl with firmware 1.7.0 (937) allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Technik Microcontrol Firmware Technik Microcontrol
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-3514 HIGH PATCH This Week

activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Rails
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2014-4929 MEDIUM This Month

Directory traversal vulnerability in the routing component in ownCloud Server before 5.0.17 and 6.0.x before 6.0.4 allows remote attackers to include and execute arbitrary local files via a .. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal PHP Owncloud Server Owncloud
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2014-2518 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Documentum WDK before 6.7SP1 P28 and 6.7SP2 before P15 allow remote attackers to hijack the authentication of arbitrary users. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Digital Assets Manager Documentum Administrator Documentum Capital Projects Documentum Records Manager +5
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-0641 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Rsa Archer Egrc
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-2517 MEDIUM This Month

Unspecified vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to gain privileges via unknown vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rsa Archer Egrc
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2014-2521 MEDIUM This Month

EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to read sensitive object metadata via an RPC command. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Documentum Content Server
NVD
CVSS 2.0
6.3
EPSS
0.4%
CVE-2014-2520 MEDIUM This Month

EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Oracle Documentum Content Server
NVD
CVSS 2.0
6.3
EPSS
0.4%
CVE-2014-2505 MEDIUM This Month

EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors. Rated medium severity (CVSS 5.4). No vendor patch available.

RCE Rsa Archer Egrc
NVD
CVSS 2.0
5.4
EPSS
0.3%
CVE-2014-3331 MEDIUM This Month

The Session Manager component in Packet Data Network Gateway (aka PGW) in Cisco ASR 5000 Series Software 11.0, 12.0, 12.1, 12.2, 14.0, 15.0, 16.x through 16.1.2, and 17.0 allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Denial Of Service Asr 5000 Series Software
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-2511 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Digital Assets Manager Documentum Administrator Documentum Capital Projects Documentum Webtop +4
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-4749 MEDIUM This Month

IBM PowerVC 1.2.0 before FixPack3 does not properly use the known_hosts file, which allows man-in-the-middle attackers to spoof SSH servers via an arbitrary server key. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Privilege Escalation Powervc
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-3340 MEDIUM This Month

Directory traversal vulnerability in an unspecified PHP script in the server in Cisco WebEx MeetMeNow allows remote authenticated users to read arbitrary files via a crafted request, aka Bug ID. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cisco PHP Webex Meetmenow
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-0640 MEDIUM This Month

EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Rsa Archer Egrc
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-2524 LOW PATCH Monitor

The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file. Rated low severity (CVSS 3.3).

Information Disclosure Mageia Readline Opensuse Fedora
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2014-4750 LOW Monitor

IBM PowerVC Express Edition 1.2.0 before FixPack3 establishes an FTP session for transferring files to a managed IVM, which allows remote attackers to discover credentials by sniffing the network. Rated low severity (CVSS 2.9). No vendor patch available.

IBM Information Disclosure Powervc
NVD
CVSS 2.0
2.9
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy