Skip to main content
CVE-2014-4072 MEDIUM This Month

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly use a hash table for request data, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 39.6% and no vendor patch available.

Denial Of Service Microsoft Net Framework
NVD
CVSS 2.0
5.0
EPSS
39.6%
CVE-2014-4071 MEDIUM This Month

The Server in Microsoft Lync Server 2013 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon hang) via a crafted request, aka "Lync Denial of Service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 31.1% and no vendor patch available.

Denial Of Service Microsoft Lync Server
NVD
CVSS 2.0
5.0
EPSS
31.1%
CVE-2014-4068 MEDIUM This Month

The Response Group Service in Microsoft Lync Server 2010 and 2013 and the Core Components in Lync Server 2013 do not properly handle exceptions, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 31.1% and no vendor patch available.

Denial Of Service Microsoft Lync Server
NVD
CVSS 2.0
5.0
EPSS
31.1%
CVE-2014-4865 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in gui/password-wadmin.apl in CacheGuard OS 5.7.7 allows remote attackers to hijack the authentication of arbitrary users. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Cacheguardos
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-4070 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Lync XSS. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 18.3% and no vendor patch available.

XSS Information Disclosure Microsoft Lync Server
NVD
CVSS 2.0
4.3
EPSS
18.3%
CVE-2014-4789 MEDIUM PATCH This Month

Session fixation vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote attackers to hijack. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

IBM Information Disclosure Session Fixation Initiate Master Data Service
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2014-4783 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

IBM XSS CSRF Initiate Master Data Service
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-3037 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in IBM Configuration Management Application (aka VVC) in IBM Rational Engineering Lifecycle Manager before 4.0.7 and 5.x before 5.0.1, Rational. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

IBM XSS CSRF Rational Rhapsody Design Manager Rational Engineering Lifecycle Manager +1
NVD
CVSS 2.0
6.0
EPSS
0.1%
CVE-2014-4785 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

IBM XSS CSRF Initiate Master Data Service
NVD
CVSS 2.0
6.0
EPSS
0.1%
CVE-2014-5862 MEDIUM This Month

The ecalendar2 (aka cn.etouch.ecalendar2) application 4.5.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Ecalendar2
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5861 MEDIUM This Month

The BoyAhoy - Gay Chat (aka com.boyahoy.android) application 4.3.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Boyahoy Gay Chat
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5859 MEDIUM This Month

The Star Girl: Colors of Spring (aka com.animoca.google.starGirlSpring) application 3.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Java Star Girl
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5858 MEDIUM This Month

The Candy Blast (aka com.appgame7.candyblast) application 1.1.001 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Candy Blast
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5857 MEDIUM This Month

The White & Yellow Pages (aka com.avantar.wny) application 5.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure White Yellow Pages
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-0351 MEDIUM This Month

The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.x before 5.0.8 on FortiGate devices does not prevent use of anonymous ciphersuites, which makes it easier for. Rated medium severity (CVSS 5.4). No vendor patch available.

Information Disclosure Fortinet Fortios
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5860 MEDIUM This Month

The Slide Show Creator (aka com.amem) application 4.4.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Slide Show Creator
NVD
CVSS 2.0
5.4
EPSS
0.0%
CVE-2014-3348 MEDIUM This Month

The SSH module in the Integrated Management Controller (IMC) before 2.3.1 in Cisco Unified Computing System on E-Series blade servers allows remote attackers to cause a denial of service (IMC hang). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Integrated Management Controller Unified Computing System E140D Unified Computing System E140Dp +5
NVD
CVSS 2.0
5.0
EPSS
1.6%
CVE-2014-0909 MEDIUM PATCH This Month

The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4.4 does not set the secure flag for the session cookie in an https session, which makes it easier. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Rational License Key Server
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-4788 MEDIUM PATCH This Month

IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not have an off autocomplete attribute for authentication. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Initiate Master Data Service
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-4786 MEDIUM PATCH This Month

IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not properly restrict use of FRAME elements, which allows. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

IBM Privilege Escalation Initiate Master Data Service
NVD
CVSS 2.0
4.9
EPSS
0.2%
CVE-2014-3343 MEDIUM This Month

Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (DHCPv6 daemon crash) via a malformed DHCPv6 packet, aka Bug ID CSCuo59052. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Cisco Denial Of Service Ios Xr
NVD
CVSS 2.0
4.3
EPSS
1.3%
CVE-2014-4784 MEDIUM PATCH This Month

IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not properly restrict use of FRAME elements, which allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM Privilege Escalation Initiate Master Data Service
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-6074 MEDIUM PATCH This Month

IBM UrbanCode Deploy 6.1.0.2 before IF1 allows remote authenticated users to read keystore secret keys via a direct request to a UI page. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Urbancode Deploy
NVD
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy