Skip to main content
CVE-2014-4199 MEDIUM POC This Month

vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp. Rated medium severity (CVSS 6.3). Public exploit code available and no vendor patch available.

Information Disclosure VMware Tools Vm Support Workstation
NVD
CVSS 2.0
6.3
EPSS
0.0%
CVE-2014-4619 CRITICAL Act Now

EMC RSA Identity Management and Governance (IMG) 6.5.x before 6.5.1 P11, 6.5.2 before P02HF01, and 6.8.x before 6.8.1 P07, when Novell Identity Manager (aka NovellIM) is used, allows remote attackers. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Rsa Identity Management And Governance
NVD
CVSS 2.0
9.3
EPSS
1.6%
CVE-2014-4200 MEDIUM POC This Month

vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Privilege Escalation VMware Tools Vm Support Workstation
NVD
CVSS 2.0
4.7
EPSS
0.0%
CVE-2014-2380 HIGH This Week

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows remote attackers to obtain sensitive information by reading a credential file. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure Wonderware Information Server
NVD GitHub
CVSS 2.0
7.8
EPSS
0.1%
CVE-2014-5397 HIGH This Week

Cross-site scripting (XSS) vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to inject arbitrary web script or HTML via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Schneider Electric Wonderware Information Server
NVD GitHub
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-5399 HIGH This Week

SQL injection vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric SQLi Wonderware Information Server
NVD GitHub
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-0761 HIGH This Week

The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Epaq 9410 Substation Gateway
NVD
CVSS 2.0
7.1
EPSS
0.5%
CVE-2014-3347 MEDIUM This Month

Cisco IOS 15.1(4)M2 on Cisco 1800 ISR devices, when the ISDN Basic Rate Interface is enabled, allows remote attackers to cause a denial of service (device hang) by leveraging knowledge of the ISDN. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Denial Of Service iOS 1801 Integrated Service Router +6
NVD
CVSS 2.0
5.4
EPSS
0.4%
CVE-2014-3345 MEDIUM This Month

The web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 does not properly check authorization for administrative web pages, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Transport Gateway Installation Software
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-0762 MEDIUM This Month

The CG Automation Software DNP3 driver, used in the ePAQ-9410 Substation Gateway products, does not validate input correctly. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Epaq 9410 Substation Gateway
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2014-3344 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 allow remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Transport Gateway Installation Software
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-5398 LOW Monitor

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML external entity declaration. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Schneider Electric XXE Denial Of Service Wonderware Information Server
NVD GitHub
CVSS 2.0
2.1
EPSS
0.3%
CVE-2014-2381 LOW Monitor

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure Wonderware Information Server
NVD GitHub
CVSS 2.0
2.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy