Skip to main content
CVE-2014-7819 MEDIUM PATCH This Month

Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Sprockets
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-6300 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS CSRF Opensuse Phpmyadmin
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-7818 MEDIUM PATCH This Month

Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Rails Ruby On Rails Opensuse
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-6097 MEDIUM PATCH This Month

IBM DB2 9.7 before FP10 and 9.8 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Microsoft Db2
NVD
CVSS 2.0
4.0
EPSS
0.6%
CVE-2014-6159 LOW Monitor

IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and 10.5 through FP4 on Linux, UNIX, and Windows, when immediate AUTO_REVAL is enabled, allows remote authenticated users to cause a denial. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Denial Of Service Microsoft Db2
NVD
CVSS 2.0
3.5
EPSS
1.1%
CVE-2014-6161 LOW Monitor

Cross-site scripting (XSS) vulnerability in IBM Tivoli Netcool/Impact 6.1.1 before 6.1.1.1-TIV-NCI-IF0001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Tivoli Netcool Impact
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-6146 LOW Monitor

IBM Sterling B2B Integrator 5.2.x through 5.2.4, when the Connect:Direct Server Adapter is configured, does not properly process the logging configuration, which allows local users to obtain. Rated low severity (CVSS 1.9). No vendor patch available.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 2.0
1.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy