Skip to main content
CVE-2014-4122 MEDIUM This Month

Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 omits the ASLR protection mechanism, which allows remote attackers to obtain potentially sensitive information about memory addresses by leveraging. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 41.1% and no vendor patch available.

Privilege Escalation Microsoft Net Framework
NVD
CVSS 2.0
4.3
EPSS
41.1%
CVE-2014-6312 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the Login Widget With Shortcode (login-sidebar-widget) plugin before 3.2.1 for WordPress allows remote attackers to hijack the authentication of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF WordPress PHP Login Widget With Shortcode
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
1.9%
CVE-2014-4124 MEDIUM This Month

Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Microsoft Internet Explorer
NVD
CVSS 2.0
6.8
EPSS
8.4%
CVE-2014-6506 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
6.8
EPSS
7.7%
CVE-2014-4075 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attackers to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 18.6% and no vendor patch available.

XSS Microsoft Asp Net Model View Controller
NVD
CVSS 2.0
4.3
EPSS
18.6%
CVE-2014-4140 MEDIUM This Month

Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability.". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 15.1% and no vendor patch available.

Privilege Escalation Microsoft Internet Explorer
NVD
CVSS 2.0
4.3
EPSS
15.1%
CVE-2014-6469 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MariaDB MySQL Solaris +4
NVD
CVSS 2.0
6.8
EPSS
1.0%
CVE-2014-6533 MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1 and 6.2 allows remote attackers to affect confidentiality, integrity, and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Oracle Supply Chain Products Suite
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2014-2576 MEDIUM This Month

plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Claws Mail Opensuse
NVD
CVSS 2.0
6.8
EPSS
0.7%
CVE-2014-6458 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Rated medium severity (CVSS 6.9).

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
6.9
EPSS
0.2%
CVE-2014-6466 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors. Rated medium severity (CVSS 6.9).

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2014-6499 MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect confidentiality,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Oracle Fusion Middleware
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2014-6529 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hermon HCA PCIe driver. Rated medium severity (CVSS 6.8).

Information Disclosure Oracle Sunos
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2014-6468 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-0570 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Adobe CSRF Coldfusion
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-6470 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Archive Utility. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.

Information Disclosure Oracle Sunos
NVD
CVSS 2.0
6.8
EPSS
0.0%
CVE-2014-8750 MEDIUM This Month

Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Race Condition VMware Nova
NVD
CVSS 2.0
6.5
EPSS
0.9%
CVE-2014-1577 MEDIUM This Month

The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow Firefox Thunderbird
NVD
CVSS 2.0
6.4
EPSS
1.3%
CVE-2014-6555 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MariaDB MySQL Linux Enterprise Desktop +3
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2014-6530 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris MySQL MariaDB +4
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2014-6537 MEDIUM PATCH This Month

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Database Server
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2014-6553 MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5 and 11.1.1.7 allows remote attackers to affect confidentiality and integrity via unknown vectors. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Fusion Middleware
NVD
CVSS 2.0
6.4
EPSS
0.4%
CVE-2014-6465 MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle Communications Session Border Controller component in Oracle Communications Applications SCX640m5 allows remote authenticated users to affect availability via. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle Communications Applications
NVD
CVSS 2.0
6.3
EPSS
0.3%
CVE-2014-6457 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. Epss exploitation probability 10.6%.

Information Disclosure Java Oracle Jrockit Jdk +1
NVD
CVSS 2.0
4.0
EPSS
10.6%
CVE-2014-6483 MEDIUM PATCH This Month

Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.6 allows remote authenticated users to affect confidentiality, integrity, and availability via. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Information Disclosure Oracle Database Server
NVD
CVSS 2.0
6.0
EPSS
0.4%
CVE-2014-3593 MEDIUM This Month

Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

RCE Python Code Injection Luci
NVD
CVSS 2.0
6.0
EPSS
0.3%
CVE-2014-6476 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
5.0
EPSS
4.6%
CVE-2014-6535 MEDIUM PATCH This Month

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52, 8.53, and 8.54 allows remote attackers to affect confidentiality and integrity via. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Information Disclosure Oracle Peoplesoft Products
NVD
CVSS 2.0
5.8
EPSS
0.4%
CVE-2014-6489 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and availability via vectors related to SERVER:SP. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL MariaDB
NVD
CVSS 2.0
5.5
EPSS
0.7%
CVE-2014-6519 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 7u67 and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Hotspot. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
5.0
EPSS
3.1%
CVE-2014-6515 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
5.0
EPSS
3.1%
CVE-2014-6517 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and Jrockit R27.8.3 and R28.3.3 allows remote attackers to affect confidentiality via vectors related to JAXP. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Jrockit Jdk +1
NVD
CVSS 2.0
5.0
EPSS
2.8%
CVE-2014-6554 MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.2.1 and 11.1.2.2 allows remote authenticated users to affect confidentiality and integrity via. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Fusion Middleware
NVD
CVSS 2.0
5.5
EPSS
0.2%
CVE-2014-6511 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
5.0
EPSS
2.6%
CVE-2014-6504 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, and 7u67, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Hotspot. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
5.0
EPSS
2.3%
CVE-2014-6952 MEDIUM This Month

The Manga Facts (aka app.mangafacts.ar) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Manga Facts
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6951 MEDIUM This Month

The OneFile Ignite (aka uk.co.onefile.ignite) application 1.19 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Onefile Ignite
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6950 MEDIUM This Month

The Mt. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Mt Airy News
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6949 MEDIUM This Month

The Akne Ernahrung (aka com.rareartifact.akneernahrung72010074) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Akne Ernahrung
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6948 MEDIUM This Month

The TH3 professional Al Mohtarif (aka com.th3professional.almohtarif) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Th3 Professional Al Mohtarif
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6947 MEDIUM This Month

The Archie Comics (aka com.iversecomics.archie.android) application 1.07 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Archie Comics
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6946 MEDIUM This Month

The Re:kyu (aka com.appzone619) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Re
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6945 MEDIUM This Month

The Neeku Naaku Dash Dash (aka com.dakshaa.nndd) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Neeku Naaku Dash Dash
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6944 MEDIUM This Month

The mitfahrgelegenheit.at (aka com.carpooling.android.at) application 2.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Mitfahrgelegenheit At
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6943 MEDIUM This Month

The Konigsleiten (aka com.knigsleiten) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Konigsleiten
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6942 MEDIUM This Month

The Alisha Marie (Unofficial) (aka com.automon.ay.alisha.marie) application 1.4.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Alisha Marie
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6459 MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Virtualization
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-1583 MEDIUM This Month

The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls, which allows remote attackers to bypass the Same Origin Policy via crafted API. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-6490 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via vectors related to SMB server user component. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Sunos
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-2476 MEDIUM PATCH This Month

Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Virtualization
NVD
CVSS 2.0
5.0
EPSS
0.7%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy