Skip to main content
CVE-2014-4877 CRITICAL POC PATCH THREAT Act Now

Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 74.3%.

Path Traversal RCE Wget
NVD GitHub
CVSS 2.0
9.3
EPSS
74.3%
Threat
5.6
CVE-2014-3669 HIGH POC THREAT Act Now

Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 56.0%.

Deserialization RCE PHP Denial Of Service
NVD
CVSS 2.0
7.5
EPSS
56.0%
Threat
4.7
CVE-2014-3670 MEDIUM POC THREAT This Month

The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 35.1%.

Denial Of Service RCE PHP Buffer Overflow
NVD
CVSS 2.0
6.8
EPSS
35.1%
CVE-2014-3668 MEDIUM POC This Month

Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service PHP Buffer Overflow
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-8533 HIGH This Week

McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to execute arbitrary code via vectors related to ICMP redirection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Network Data Loss Prevention
NVD
CVSS 2.0
7.5
EPSS
3.0%
CVE-2014-8530 HIGH This Week

Unspecified vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to obtain sensitive information, affect integrity, or cause a denial of service via unknown. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Network Data Loss Prevention
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2014-8522 HIGH This Week

The MySQL database in McAfee Network Data Loss Prevention (NDLP) before 9.3 does not require a password, which makes it easier for remote attackers to obtain access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Network Data Loss Prevention
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2014-8531 MEDIUM This Month

The TLS/SSL Server in McAfee Network Data Loss Prevention (NDLP) before 9.3 uses weak cipher algorithms, which makes it easier for remote authenticated users to execute arbitrary code via unspecified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Network Data Loss Prevention
NVD
CVSS 2.0
6.5
EPSS
4.3%
CVE-2014-8523 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to hijack the authentication of unspecified victims via unknown. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Network Data Loss Prevention
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-3694 MEDIUM PATCH This Month

The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure OpenSSL Opensuse Ubuntu Linux Debian Linux +1
NVD
CVSS 2.0
6.4
EPSS
1.3%
CVE-2014-3697 MEDIUM PATCH This Month

Absolute path traversal vulnerability in the untar_block function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal Microsoft Pidgin
NVD
CVSS 2.0
6.4
EPSS
1.0%
CVE-2014-4839 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in birtviewer.query in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS CSRF Tririga Application Platform
NVD
CVSS 2.0
6.0
EPSS
0.1%
CVE-2014-8538 MEDIUM This Month

The Hijab Modern (aka com.Aisyaidea.HijabModern) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Hijab Modern
NVD
CVSS 2.0
5.4
EPSS
0.2%
CVE-2014-3696 MEDIUM PATCH This Month

nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Pidgin
NVD
CVSS 2.0
5.0
EPSS
2.1%
CVE-2014-3695 MEDIUM PATCH This Month

markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a large length value in an emoticon response. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Pidgin
NVD
CVSS 2.0
5.0
EPSS
2.1%
CVE-2014-3698 MEDIUM PATCH This Month

The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Pidgin
NVD
CVSS 2.0
5.0
EPSS
1.3%
CVE-2014-6149 MEDIUM This Month

Directory traversal vulnerability in BIRT-viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal IBM Tivoli Application Dependency Discovery Manager
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-8525 MEDIUM This Month

McAfee Network Data Loss Prevention (NDLP) before 9.3 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Network Data Loss Prevention
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-8520 MEDIUM This Month

McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to obtain sensitive information via vectors related to open network ports. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Network Data Loss Prevention
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-8524 MEDIUM This Month

McAfee Network Data Loss Prevention (NDLP) before 9.3 does not disable the autocomplete setting for the password and other fields, which allows remote attackers to obtain sensitive information via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Network Data Loss Prevention
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-8535 MEDIUM This Month

McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to bypass intended restriction on unspecified functionality via unknown vectors. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Network Data Loss Prevention
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-3051 MEDIUM PATCH This Month

The Internet Service Monitor (ISM) agent in IBM Tivoli Composite Application Manager (ITCAM) for Transactions 7.1 and 7.2 before 7.2.0.3 IF28, 7.3 before 7.3.0.1 IF30, and 7.4 before 7.4.0.0 IF18. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM Information Disclosure Tivoli Composite Application Manager For Transactions
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2014-8532 LOW Monitor

Unspecified vulnerability in McAfee Network Data Loss Prevention before (NDLP) before 9.3 allows local users to obtain sensitive information and impact integrity via unknown vectors, related to. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Network Data Loss Prevention
NVD
CVSS 2.0
3.6
EPSS
0.1%
CVE-2014-8527 LOW Monitor

McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local users to obtain sensitive information and affect integrity via vectors related to a "plain text password.". Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Network Data Loss Prevention
NVD
CVSS 2.0
3.6
EPSS
0.1%
CVE-2014-8521 LOW Monitor

Cross-site scripting (XSS) vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS CSRF Network Data Loss Prevention
NVD
CVSS 2.0
3.5
EPSS
0.1%
CVE-2014-8529 LOW Monitor

McAfee Network Data Loss Prevention (NDLP) before 9.3 stores the SSH key in cleartext, which allows local users to obtain sensitive information via unspecified vectors. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Network Data Loss Prevention
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-8528 LOW Monitor

McAfee Network Data Loss Prevention (NDLP) before 9.3 logs session IDs, which allows local users to obtain sensitive information by reading the audit log. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Network Data Loss Prevention
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-8526 LOW Monitor

McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local users to obtain sensitive information by reading a Java stack trace. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Java Network Data Loss Prevention
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-8537 LOW Monitor

McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading the logs. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Network Data Loss Prevention
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-8536 LOW Monitor

McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading unspecified error messages. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Network Data Loss Prevention
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-8519 LOW Monitor

Unspecified vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to read arbitrary files via unknown vectors. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Network Data Loss Prevention
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-8534 LOW Monitor

Unspecified vulnerability in the login form in McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to cause a denial of service via a crafted value in the domain field. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Network Data Loss Prevention
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-8518 LOW PATCH Monitor

The (1) Removable Media and (2) CD and DVD encryption offsite access options (formerly Endpoint Encryption for Removable Media or EERM) in McAfee File and Removable Media Protection (FRP) 4.3.0.x,. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Authentication Bypass Endpoint Encryption For Files And Folders File And Removable Media Protection
NVD
CVSS 2.0
2.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy