Skip to main content
CVE-2014-3670 MEDIUM POC THREAT This Month

The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 35.1%.

Denial Of Service RCE PHP Buffer Overflow
NVD
CVSS 2.0
6.8
EPSS
35.1%
CVE-2014-3668 MEDIUM POC This Month

Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service PHP Buffer Overflow
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-8531 MEDIUM This Month

The TLS/SSL Server in McAfee Network Data Loss Prevention (NDLP) before 9.3 uses weak cipher algorithms, which makes it easier for remote authenticated users to execute arbitrary code via unspecified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Network Data Loss Prevention
NVD
CVSS 2.0
6.5
EPSS
4.3%
CVE-2014-8523 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to hijack the authentication of unspecified victims via unknown. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Network Data Loss Prevention
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-3694 MEDIUM PATCH This Month

The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure OpenSSL Opensuse Ubuntu Linux Debian Linux +1
NVD
CVSS 2.0
6.4
EPSS
1.3%
CVE-2014-3697 MEDIUM PATCH This Month

Absolute path traversal vulnerability in the untar_block function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal Microsoft Pidgin
NVD
CVSS 2.0
6.4
EPSS
1.0%
CVE-2014-4839 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in birtviewer.query in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS CSRF Tririga Application Platform
NVD
CVSS 2.0
6.0
EPSS
0.1%
CVE-2014-8538 MEDIUM This Month

The Hijab Modern (aka com.Aisyaidea.HijabModern) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Hijab Modern
NVD
CVSS 2.0
5.4
EPSS
0.2%
CVE-2014-3696 MEDIUM PATCH This Month

nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Pidgin
NVD
CVSS 2.0
5.0
EPSS
2.1%
CVE-2014-3695 MEDIUM PATCH This Month

markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a large length value in an emoticon response. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Pidgin
NVD
CVSS 2.0
5.0
EPSS
2.1%
CVE-2014-3698 MEDIUM PATCH This Month

The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Pidgin
NVD
CVSS 2.0
5.0
EPSS
1.3%
CVE-2014-6149 MEDIUM This Month

Directory traversal vulnerability in BIRT-viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal IBM Tivoli Application Dependency Discovery Manager
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-8525 MEDIUM This Month

McAfee Network Data Loss Prevention (NDLP) before 9.3 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Network Data Loss Prevention
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-8520 MEDIUM This Month

McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to obtain sensitive information via vectors related to open network ports. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Network Data Loss Prevention
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-8524 MEDIUM This Month

McAfee Network Data Loss Prevention (NDLP) before 9.3 does not disable the autocomplete setting for the password and other fields, which allows remote attackers to obtain sensitive information via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Network Data Loss Prevention
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-8535 MEDIUM This Month

McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to bypass intended restriction on unspecified functionality via unknown vectors. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Network Data Loss Prevention
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-3051 MEDIUM PATCH This Month

The Internet Service Monitor (ISM) agent in IBM Tivoli Composite Application Manager (ITCAM) for Transactions 7.1 and 7.2 before 7.2.0.3 IF28, 7.3 before 7.3.0.1 IF30, and 7.4 before 7.4.0.0 IF18. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM Information Disclosure Tivoli Composite Application Manager For Transactions
NVD
CVSS 2.0
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy