Skip to main content
CVE-2014-5458 HIGH POC This Week

SQL injection vulnerability in sqrl_verify.php in php-sqrl allows remote attackers to execute arbitrary SQL commands via the message parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Php Sqrl
NVD GitHub
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-5453 HIGH POC This Week

Ubisoft Uplay PC before 4.6.1.3217 use weak permissions (Everyone: Full Control) for the program installation directory (%PROGRAMFILES%\Ubisoft Game Launcher), which allows local users to gain. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Uplay Pc
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
1.1%
CVE-2014-5335 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in innovaphone PBX 10.00 sr11 and earlier allow remote attackers to hijack the authentication of administrators for requests that modify. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Innovaphone Pbx
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.6%
CVE-2014-5455 MEDIUM POC This Month

Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft
NVD Exploit-DB GitHub VulDB
CVSS 3.1
5.3
EPSS
0.5%
CVE-2014-2216 HIGH This Week

The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.0.0 before 5.0.8 on FortiGate devices allows remote attackers to cause a denial of service and possibly execute arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Denial Of Service Fortinet Fortios
NVD
CVSS 2.0
7.5
EPSS
5.8%
CVE-2014-0973 HIGH PATCH This Week

The image_verify function in platform/msm_shared/image_verify.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Qualcomm Google Authentication Bypass Little Kernel Bootloader
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2014-4325 HIGH PATCH This Week

The cmd_boot function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Qualcomm Google Authentication Bypass Little Kernel Bootloader
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2014-5454 MEDIUM This Month

Unrestricted file upload vulnerability in the image upload module in SAS Visual Analytics 6.4M1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

RCE File Upload Visual Analytics
NVD
CVSS 2.0
6.0
EPSS
1.4%
CVE-2014-3589 MEDIUM PATCH This Month

PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Python Python Imaging Pillow Opensuse
NVD GitHub
CVSS 2.0
5.0
EPSS
1.4%
CVE-2014-5253 MEDIUM PATCH This Month

OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Authentication Bypass Keystone Ubuntu Linux
NVD
CVSS 2.0
4.9
EPSS
0.3%
CVE-2014-5251 MEDIUM PATCH This Month

The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Authentication Bypass Keystone Ubuntu Linux
NVD
CVSS 2.0
4.9
EPSS
0.3%
CVE-2014-5252 MEDIUM PATCH This Month

The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Authentication Bypass Keystone Ubuntu Linux
NVD
CVSS 2.0
4.9
EPSS
0.3%
CVE-2014-5356 MEDIUM PATCH This Month

OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Privilege Escalation Image Registry And Delivery Service Glance Ubuntu Linux
NVD
CVSS 2.0
4.0
EPSS
0.8%
CVE-2014-5456 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Social Stats module before 7.x-1.5 for Drupal allows remote authenticated users with the "[Content Type]: Create new content" permission to inject. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Social Stats
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2014-5457 LOW Monitor

QNAP TS-469U with firmware 4.0.7 Build 20140410, TS-459U, TS-EC1679U-RP, and SS-839 use world-readable permissions for /etc/config/shadow, which allows local users to obtain usernames and hashed. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Qnap Privilege Escalation Ts 469U Firmware Ts 469U Ts Ec1679U Rp Firmware +5
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-0974 LOW PATCH Monitor

The boot_linux_from_mmc function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other. Rated low severity (CVSS 1.9).

Qualcomm Privilege Escalation Google Little Kernel Bootloader
NVD
CVSS 2.0
1.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy