Skip to main content
CVE-2014-5417 HIGH This Week

Cross-site scripting (XSS) vulnerability in Meinberg NTP Server firmware on LANTIME M-Series devices 6.15.019 and earlier allows remote attackers to inject arbitrary web script or HTML via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ntp Server Firmware Lantime M100 Lantime M200 Lantime M300 +4
NVD GitHub
CVSS 2.0
7.5
EPSS
2.6%
CVE-2014-8542 HIGH This Week

libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Ffmpeg Ubuntu Linux Debian Linux
NVD
CVSS 2.0
7.5
EPSS
1.8%
CVE-2014-8543 HIGH This Week

libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Ubuntu Linux Ffmpeg
NVD
CVSS 2.0
7.5
EPSS
1.6%
CVE-2014-8544 HIGH This Week

libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Ffmpeg Ubuntu Linux
NVD
CVSS 2.0
7.5
EPSS
1.2%
CVE-2014-8546 HIGH This Week

Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Ffmpeg
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2014-8545 HIGH This Week

libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black format without verifying that the bits-per-pixel value is 1, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Ffmpeg
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2014-8547 HIGH This Week

libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Ubuntu Linux Ffmpeg
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2014-5408 HIGH This Week

Cross-site scripting (XSS) vulnerability in the login script in the Wind Farm Portal on Nordex Control 2 (NC2) SCADA devices 15 and earlier allows remote attackers to inject arbitrary web script or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nordex Control 2 Scada
NVD GitHub
CVSS 2.0
7.5
EPSS
0.9%
CVE-2014-8548 HIGH This Week

Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Ffmpeg Ubuntu Linux
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2014-8541 HIGH This Week

libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Ubuntu Linux Ffmpeg
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2014-2374 HIGH PATCH This Week

The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Axm Net Acuvim Ii
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2014-2373 HIGH PATCH This Week

The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Axm Net Acuvim Ii
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2014-8549 HIGH This Week

libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the number of channels to at most 2, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Ffmpeg
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-8622 LOW POC PATCH Monitor

Cross-site scripting (XSS) vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress PHP Compfight
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2014-8326 LOW POC PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Phpmyadmin Opensuse
NVD GitHub
CVSS 2.0
3.5
EPSS
0.3%
CVE-2014-3710 MEDIUM PATCH This Month

The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service PHP Buffer Overflow Debian Linux Ubuntu Linux
NVD GitHub
CVSS 2.0
5.0
EPSS
8.1%
CVE-2014-4834 MEDIUM This Month

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Denial Of Service Websphere Commerce
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2014-4810 MEDIUM PATCH This Month

IBM Cognos Mobile 10.1.1 before FP3 IF1, 10.2.0 before FP2 IF1, and 10.2.1 before FP4 IF1 preserves a session between the Cognos Mobile server and the Cognos Business Intelligence server after a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM Privilege Escalation Cognos Mobile
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4769 MEDIUM This Month

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 allows remote authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Websphere Commerce
NVD
CVSS 2.0
4.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy