Skip to main content
CVE-2014-7284 MEDIUM POC PATCH This Month

The net_get_random_once implementation in net/core/utils.c in the Linux kernel 3.13.x and 3.14.x before 3.14.5 on certain Intel processors does not perform the intended slow-path operation to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Intel Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 2.0
6.4
EPSS
1.0%
CVE-2014-7297 CRITICAL PATCH Act Now

Unspecified vulnerability in the folder framework in the Enfold theme before 3.0.1 for WordPress has unknown impact and attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

WordPress Information Disclosure Enfold
NVD
CVSS 2.0
10.0
EPSS
1.5%
CVE-2014-7970 MEDIUM POC PATCH This Month

The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Linux Suse Linux Enterprise Server Linux Kernel Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2014-7283 MEDIUM POC PATCH This Month

The xfs_da3_fixhashpath function in fs/xfs/xfs_da_btree.c in the xfs implementation in the Linux kernel before 3.14.2 does not properly compare btree hash values, which allows local users to cause a. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel Mrg Realtime
NVD GitHub
CVSS 2.0
4.9
EPSS
0.0%
CVE-2014-8086 MEDIUM POC PATCH This Month

Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a. Rated medium severity (CVSS 4.7). Public exploit code available.

Denial Of Service Race Condition Linux Linux Kernel Suse Linux Enterprise Server
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2014-7975 MEDIUM PATCH This Month

The do_umount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAP_SYS_ADMIN capability for do_remount_sb calls that change the root filesystem to read-only, which. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2014-1572 MEDIUM PATCH This Month

The confirm_create_account function in the account-creation feature in token.cgi in Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Fedora Bugzilla
NVD
CVSS 2.0
5.0
EPSS
1.1%
CVE-2014-3091 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.1.x and 7.2.x allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Qradar Security Information And Event Manager
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-1573 MEDIUM PATCH This Month

Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not ensure that a scalar context is used for certain CGI parameters,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Fedora Bugzilla
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2014-8747 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Drupal Commons module 7.x-3.x before 7.x-3.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to content. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Commons
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-1571 MEDIUM PATCH This Month

Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Bugzilla Fedora
NVD
CVSS 2.0
4.0
EPSS
0.5%
CVE-2014-8745 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.15 for Drupal allows remote authenticated users with the "administer taxonomy". Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Custom Search Module
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2014-8744 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Nivo Slider module 7.x-2.x before 7.x-1.11 for Drupal allows remote authenticated users with the "administer nivo slider" permission to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Nivo Slider
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-8748 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Google Doubleclick for Publishers (DFP) module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer dfp" permission. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Google Doubleclick For Publishers
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-8746 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Skeleton theme 7.x-1.2 through 7.x-1.3 before 7.x-1.4, for Drupal allows remote authenticated users with the "administer themes" permission to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Skeleton Theme
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-8743 LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Maestro
NVD
CVSS 2.0
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy