Skip to main content
CVE-2014-3524 CRITICAL Act Now

Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 10.7% and no vendor patch available.

Command Injection Apache Openoffice Libreoffice
NVD
CVSS 2.0
9.3
EPSS
10.7%
CVE-2014-2527 MEDIUM POC PATCH This Month

kcleanup.cpp in KDirStat 2.7.0 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a " (double quote) character in the directory. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Kdirstat Opensuse
NVD
CVSS 2.0
6.8
EPSS
1.0%
CVE-2014-2528 MEDIUM POC PATCH This Month

kcleanup.cpp in KDirStat 2.7.3 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a ' (single quote) character in the directory. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Kdirstat Opensuse
NVD
CVSS 2.0
6.8
EPSS
0.9%
CVE-2014-5336 MEDIUM POC PATCH This Month

Monkey HTTP Server before 1.5.3, when the File Descriptor Table (FDT) is enabled and custom error messages are set, allows remote attackers to cause a denial of service (file descriptor consumption). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Monkey
NVD GitHub
CVSS 2.0
4.3
EPSS
1.1%
CVE-2014-0483 LOW POC PATCH Monitor

The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

Python Privilege Escalation Opensuse Django
NVD GitHub
CVSS 2.0
3.5
EPSS
0.4%
CVE-2014-5307 HIGH This Week

Heap-based buffer overflow in the PavTPK.sys kernel mode driver of Panda Security 2014 products before hft131306s24_r1 allows local users to gain privileges via a crafted argument to a 0x222008 IOCTL. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Panda Av Pro 2014 Panda Global Protection 2014 Panda Internet Security 2014 pandas
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2014-5035 MEDIUM This Month

The Netconf (TCP) service in OpenDaylight 1.0 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference in an XML-RPC message,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

XXE Opendaylight
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2014-5263 MEDIUM PATCH This Month

vmstate_xhci_event in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not terminate the list with the VMSTATE_END_OF_LIST macro, which allows attackers to cause a denial of service (out-of-bounds access,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Qemu
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2014-3061 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS CSRF Emptoris Spend Analysis
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-3907 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.11 for WordPress allows remote attackers to hijack the authentication of arbitrary. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF WordPress Mailpoet Newsletters
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-3041 MEDIUM This Month

SQL injection vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2 allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SQLi Emptoris Contract Management
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2014-0482 MEDIUM PATCH This Month

The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Python Authentication Bypass Opensuse Django
NVD
CVSS 2.0
6.0
EPSS
0.7%
CVE-2014-3040 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS CSRF Emptoris Spend Analysis Emptoris Sourcing Portfolio +1
NVD
CVSS 2.0
6.0
EPSS
0.2%
CVE-2014-0480 MEDIUM PATCH This Month

The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Python Information Disclosure Opensuse Django
NVD
CVSS 2.0
5.8
EPSS
0.6%
CVE-2014-4790 MEDIUM PATCH This Month

IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

IBM Privilege Escalation Emptoris Spend Analysis Emptoris Sourcing Portfolio
NVD
CVSS 2.0
4.9
EPSS
0.2%
CVE-2014-3335 MEDIUM This Month

Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of packets with multicast destination MAC addresses, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 4.6). No vendor patch available.

Apple Cisco Denial Of Service Ios Xr Asr 9000 Rsp440 Router +6
NVD
CVSS 2.0
4.6
EPSS
0.5%
CVE-2014-0481 MEDIUM PATCH This Month

The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Python File Upload Opensuse Django +1
NVD
CVSS 2.0
4.3
EPSS
1.1%
CVE-2014-3035 LOW Monitor

Cross-site scripting (XSS) vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Emptoris Spend Analysis
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-3034 LOW Monitor

Cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Emptoris Contract Management
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-3033 LOW Monitor

Cross-site scripting (XSS) vulnerability in IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Emptoris Sourcing Portfolio
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-6335 LOW Monitor

The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and. Rated low severity (CVSS 3.3). No vendor patch available.

IBM HP Authentication Bypass Tivoli Storage Manager
NVD
CVSS 2.0
3.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy