Skip to main content
CVE-2014-7205 CRITICAL POC PATCH THREAT Act Now

Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 84.2%.

RCE Node.js Code Injection Bassmaster
NVD GitHub Exploit-DB
CVSS 2.0
10.0
EPSS
84.2%
Threat
6.0
CVE-2014-5308 CRITICAL POC THREAT Emergency

Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the (1) name parameter in a Search action to. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 17.0%.

PHP SQLi Testlink
NVD Exploit-DB
CVSS 2.0
9.0
EPSS
17.0%
CVE-2014-7981 HIGH POC THREAT Act Now

SQL injection vulnerability in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 14.3%.

SQLi Joomla
NVD
CVSS 2.0
7.5
EPSS
14.3%
CVE-2014-6394 HIGH POC PATCH This Week

visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Node.js Fedora Xcode Node Js
NVD GitHub
CVSS 2.0
7.5
EPSS
4.8%
CVE-2014-5300 MEDIUM POC THREAT This Month

Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 allows remote attackers to bypass the signature check, impersonate arbitrary users, and execute commands via a message without a signature. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.3%.

Authentication Bypass Moab
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
15.3%
CVE-2014-3188 CRITICAL Act Now

Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Google Code Injection Chrome Os Chrome +4
NVD
CVSS 2.0
10.0
EPSS
3.4%
CVE-2014-7185 MEDIUM POC This Month

Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Mac Os X
NVD
CVSS 2.0
6.4
EPSS
1.1%
CVE-2014-5376 MEDIUM POC This Month

Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0, when a pre-generated key is used, does not validate that the requesting user matches the actor in the message, which allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Moab
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-5375 MEDIUM POC This Month

The server in Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 does not properly validate the message owner matches the submitting user, which allows remote authenticated users to impersonate. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Moab
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-3200 HIGH This Week

Multiple unspecified vulnerabilities in Google Chrome before 38.0.2125.101 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +2
NVD
CVSS 2.0
7.5
EPSS
2.0%
CVE-2014-3192 HIGH This Week

Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Enterprise Linux Desktop Supplementary +8
NVD
CVSS 2.0
7.5
EPSS
1.7%
CVE-2014-3193 HIGH This Week

The SessionService::GetLastSession function in browser/sessions/session_service.cc in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service (use-after-free) or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Enterprise Linux Desktop Supplementary +4
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2014-3191 HIGH This Week

Use-after-free vulnerability in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +4
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2014-3190 HIGH This Week

Use-after-free vulnerability in the Event::currentTarget function in core/events/Event.cpp in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +4
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2014-3189 HIGH This Week

The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium component in Google Chrome before 38.0.2125.101 does not properly validate image-data dimensions, which allows remote attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Buffer Overflow Google Chrome +4
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2014-3194 HIGH This Week

Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service or possibly have unspecified other impact via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Enterprise Linux Desktop Supplementary +4
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2014-3196 HIGH This Week

base/memory/shared_memory_win.cc in Google Chrome before 38.0.2125.101 on Windows does not properly implement read-only restrictions on shared memory, which allows attackers to bypass a sandbox. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Google Microsoft Chrome
NVD
CVSS 2.0
7.5
EPSS
0.2%
CVE-2014-7984 HIGH This Week

Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Joomla
NVD
CVSS 2.0
7.5
EPSS
0.2%
CVE-2014-7299 HIGH This Week

Unspecified vulnerability in administrative interfaces in ArubaOS 6.3.1.11, 6.3.1.11-FIPS, 6.4.2.1, and 6.4.2.1-FIPS on Aruba controllers allows remote attackers to bypass authentication, and obtain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Aruba Arubaos
NVD
CVSS 2.0
7.5
EPSS
0.2%
CVE-2014-7967 HIGH This Week

Multiple unspecified vulnerabilities in Google V8 before 3.28.71.15, as used in Google Chrome before 38.0.2125.101, allow attackers to cause a denial of service or possibly have other impact via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome V8
NVD
CVSS 2.0
7.5
EPSS
0.1%
CVE-2014-6632 HIGH This Week

Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Joomla
NVD
CVSS 2.0
7.5
EPSS
0.1%
CVE-2014-7296 MEDIUM This Month

The default configuration in the accessibility engine in SpagoBI 5.0.0 does not set FEATURE_SECURE_PROCESSING, which allows remote authenticated users to execute arbitrary Java code via a crafted XSL. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Java RCE Code Injection Spagobi
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2014-3187 MEDIUM This Month

Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

XSS Apple Google Chrome Iphone Os
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2014-7273 MEDIUM This Month

The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Getmail
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-7231 LOW POC PATCH Monitor

The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands,. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Cinder Nova Trove Openstack
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2014-7275 MEDIUM This Month

The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Getmail
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-7274 MEDIUM This Month

The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Getmail
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-3199 MEDIUM This Month

The wrap function in bindings/core/v8/custom/V8EventCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 38.0.2125.101, has an erroneous fallback outcome for wrapper-selection. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary Enterprise Linux Server Supplementary Eus +2
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-3198 MEDIUM This Month

The Instance::HandleInputEvent function in pdf/instance.cc in the PDFium component in Google Chrome before 38.0.2125.101 interprets a certain -1 value as an index instead of a no-visible-page error. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Chrome Enterprise Linux Desktop Supplementary +3
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-3195 MEDIUM This Month

Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of uninitialized memory and does not properly concatenate arrays of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +2
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-3197 MEDIUM This Month

The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Privilege Escalation Google Chrome Enterprise Linux Desktop Supplementary +3
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-7229 MEDIUM This Month

Unspecified vulnerability in Joomla!. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Joomla
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2014-7203 MEDIUM This Month

libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Zeromq
NVD GitHub
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-7202 MEDIUM This Month

stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Zeromq
NVD GitHub
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-7983 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in com_contact in Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Joomla
NVD
CVSS 2.0
4.3
EPSS
0.0%
CVE-2014-6631 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in com_media in Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Joomla
NVD
CVSS 2.0
4.3
EPSS
0.0%
CVE-2014-7982 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Joomla
NVD
CVSS 2.0
4.3
EPSS
0.0%
CVE-2014-3641 MEDIUM PATCH This Month

The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Cinder
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-7980 LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in template.php in Zen theme 7.x-3.x before 7.x-3.3 and 7.x-5.x before 7.x-5.5 for Drupal allow remote authenticated users with the "administer. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS PHP Zen
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-7979 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the SimpleCorp theme 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Simplecorp
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-7978 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the BlueMasters theme 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Bluemasters
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-7230 LOW Monitor

The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cinder Nova Trove Openstack +1
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy