Skip to main content
CVE-2014-0553 CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe Google RCE Microsoft Adobe Air Sdk +4
NVD
CVSS 2.0
10.0
EPSS
1.6%
CVE-2014-4070 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Lync XSS. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 18.3% and no vendor patch available.

XSS Information Disclosure Microsoft Lync Server
NVD
CVSS 2.0
4.3
EPSS
18.3%
CVE-2014-3178 HIGH This Week

Use-after-free vulnerability in core/dom/Node.cpp in Blink, as used in Google Chrome before 37.0.2062.120, allows remote attackers to cause a denial of service or possibly have unspecified other. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome
NVD
CVSS 2.0
7.5
EPSS
1.5%
CVE-2014-0548 HIGH PATCH This Week

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Adobe Privilege Escalation Google Microsoft Adobe Air +2
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2014-3179 HIGH This Week

Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.120 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-4074 HIGH PATCH This Week

The Task Scheduler in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via an application that schedules a crafted. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Privilege Escalation Microsoft Windows 8 Windows 8 1 Windows Rt +2
NVD
CVSS 2.0
7.2
EPSS
1.7%
CVE-2014-4789 MEDIUM PATCH This Month

Session fixation vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote attackers to hijack. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

IBM Information Disclosure Session Fixation Initiate Master Data Service
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2014-4783 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

IBM XSS CSRF Initiate Master Data Service
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-3037 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in IBM Configuration Management Application (aka VVC) in IBM Rational Engineering Lifecycle Manager before 4.0.7 and 5.x before 5.0.1, Rational. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

IBM XSS CSRF Rational Rhapsody Design Manager Rational Engineering Lifecycle Manager +1
NVD
CVSS 2.0
6.0
EPSS
0.1%
CVE-2014-4785 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

IBM XSS CSRF Initiate Master Data Service
NVD
CVSS 2.0
6.0
EPSS
0.1%
CVE-2014-5862 MEDIUM This Month

The ecalendar2 (aka cn.etouch.ecalendar2) application 4.5.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Ecalendar2
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5861 MEDIUM This Month

The BoyAhoy - Gay Chat (aka com.boyahoy.android) application 4.3.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Boyahoy Gay Chat
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5859 MEDIUM This Month

The Star Girl: Colors of Spring (aka com.animoca.google.starGirlSpring) application 3.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Java Star Girl
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5858 MEDIUM This Month

The Candy Blast (aka com.appgame7.candyblast) application 1.1.001 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Candy Blast
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5857 MEDIUM This Month

The White & Yellow Pages (aka com.avantar.wny) application 5.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure White Yellow Pages
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-0351 MEDIUM This Month

The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.x before 5.0.8 on FortiGate devices does not prevent use of anonymous ciphersuites, which makes it easier for. Rated medium severity (CVSS 5.4). No vendor patch available.

Information Disclosure Fortinet Fortios
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5860 MEDIUM This Month

The Slide Show Creator (aka com.amem) application 4.4.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Slide Show Creator
NVD
CVSS 2.0
5.4
EPSS
0.0%
CVE-2014-3348 MEDIUM This Month

The SSH module in the Integrated Management Controller (IMC) before 2.3.1 in Cisco Unified Computing System on E-Series blade servers allows remote attackers to cause a denial of service (IMC hang). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Integrated Management Controller Unified Computing System E140D Unified Computing System E140Dp +5
NVD
CVSS 2.0
5.0
EPSS
1.6%
CVE-2014-0909 MEDIUM PATCH This Month

The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4.4 does not set the secure flag for the session cookie in an https session, which makes it easier. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Rational License Key Server
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-4788 MEDIUM PATCH This Month

IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not have an off autocomplete attribute for authentication. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Initiate Master Data Service
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-4786 MEDIUM PATCH This Month

IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not properly restrict use of FRAME elements, which allows. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

IBM Privilege Escalation Initiate Master Data Service
NVD
CVSS 2.0
4.9
EPSS
0.2%
CVE-2014-3343 MEDIUM This Month

Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (DHCPv6 daemon crash) via a malformed DHCPv6 packet, aka Bug ID CSCuo59052. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Denial Of Service Ios Xr
NVD
CVSS 2.0
4.3
EPSS
1.3%
CVE-2014-4784 MEDIUM PATCH This Month

IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not properly restrict use of FRAME elements, which allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM Privilege Escalation Initiate Master Data Service
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-6074 MEDIUM PATCH This Month

IBM UrbanCode Deploy 6.1.0.2 before IF1 allows remote authenticated users to read keystore secret keys via a direct request to a UI page. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Urbancode Deploy
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-4756 LOW PATCH Monitor

The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4.4 allows remote authenticated users to hijack sessions via unspecified vectors. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM Information Disclosure Rational License Key Server
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2014-4787 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Initiate Master Data Service
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-5313 LOW Monitor

Cross-site scripting (XSS) vulnerability in the management page in Six Apart Movable Type before 5.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Movabletype
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-4864 LOW Monitor

The NETGEAR ProSafe Plus Configuration Utility creates configuration backup files containing cleartext passwords, which might allow remote attackers to obtain sensitive information by reading a file. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Netgear Authentication Bypass Prosafe Firmware
NVD
CVSS 2.0
3.3
EPSS
0.2%
CVE-2014-3079 LOW PATCH Monitor

The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4.4 allows remote authenticated users to bypass authorization checks and visit unspecified URLs with. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

IBM Privilege Escalation Rational License Key Server
NVD
CVSS 2.0
2.1
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy