Skip to main content
CVE-2014-4114 HIGH POC KEV PATCH THREAT Act Now

Windows OLE improperly handles objects in Office documents, allowing remote code execution through crafted OLE objects. Known as the 'Sandworm' attack vector, exploited by Russian APT groups from June through October 2014.

Microsoft RCE
NVD Exploit-DB VulDB
CVSS 3.1
7.8
EPSS
92.1%
Threat
9.3
CVE-2014-4113 HIGH POC KEV PATCH THREAT Act Now

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Information Disclosure Microsoft
NVD Exploit-DB GitHub VulDB
CVSS 3.1
7.8
EPSS
82.4%
Threat
7.0
CVE-2014-4123 HIGH KEV PATCH THREAT Act Now

Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," as exploited in the wild in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 53.6%.

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
8.8
EPSS
53.6%
Threat
4.9
CVE-2014-4148 HIGH KEV PATCH THREAT Act Now

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 49.7%.

Code Injection Microsoft RCE
NVD VulDB
CVSS 3.1
8.8
EPSS
49.7%
Threat
4.8
CVE-2014-1575 HIGH POC This Week

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mozilla Buffer Overflow RCE Privilege Escalation +1
NVD
CVSS 2.0
7.5
EPSS
2.0%
CVE-2014-8295 HIGH POC This Week

SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote attackers to execute arbitrary SQL commands via the jobid parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bacula Web
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
0.9%
CVE-2014-2022 HIGH POC This Week

SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP SQLi Vbulletin
NVD GitHub Exploit-DB
CVSS 2.0
7.1
EPSS
1.1%
CVE-2014-6493 HIGH PATCH This Week

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
7.6
EPSS
9.7%
CVE-2014-4288 HIGH PATCH This Week

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
7.6
EPSS
6.9%
CVE-2014-1576 HIGH This Week

Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow RCE Thunderbird Firefox
NVD
CVSS 2.0
7.5
EPSS
4.7%
CVE-2014-6508 HIGH PATCH This Week

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via vectors related to iSCSI Data Mover (IDM). Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Sunos
NVD
CVSS 2.0
7.8
EPSS
0.8%
CVE-2014-1581 HIGH This Week

Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Thunderbird Firefox
NVD
CVSS 2.0
7.5
EPSS
2.3%
CVE-2014-6500 HIGH PATCH This Week

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris Junos Space MariaDB +1
NVD
CVSS 2.0
7.5
EPSS
2.3%
CVE-2014-6491 HIGH PATCH This Week

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL Junos Space MariaDB +1
NVD
CVSS 2.0
7.5
EPSS
2.3%
CVE-2014-6492 HIGH PATCH This Week

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable.

Mozilla Information Disclosure Java Oracle Jdk +2
NVD
CVSS 2.0
7.6
EPSS
1.7%
CVE-2014-1578 HIGH This Week

The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to cause a denial of service (out-of-bounds write and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow RCE Firefox +1
NVD
CVSS 2.0
7.5
EPSS
1.6%
CVE-2014-1574 HIGH This Week

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allow remote attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Firefox +1
NVD
CVSS 2.0
7.5
EPSS
1.6%
CVE-2014-4278 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle E Business Suite
NVD
CVSS 2.0
7.5
EPSS
1.2%
CVE-2014-4276 HIGH PATCH This Week

Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Common Internet File System (CIFS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Sunos
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2014-8294 HIGH This Week

Multiple SQL injection vulnerabilities in Voice Of Web AllMyGuests 0.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) allmyphp_cookie cookie to admin.php or the (2) Username. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Voice Of Web Allmyguests
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2014-4115 HIGH This Week

fastfat.sys (aka the FASTFAT driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly allocate memory, which allows physically. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Denial Of Service Microsoft Windows Server 2003 Windows Server 2008 +1
NVD
CVSS 2.0
7.2
EPSS
0.7%
CVE-2014-6473 HIGH PATCH This Week

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Zone Framework. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Information Disclosure Oracle Sunos
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2014-4282 HIGH PATCH This Week

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel/X86. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Information Disclosure Oracle Sunos
NVD
CVSS 2.0
7.2
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy