Skip to main content
CVE-2014-8598 MEDIUM POC PATCH THREAT This Month

The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 67.4%.

RCE PHP Mantisbt
NVD Exploit-DB GitHub
CVSS 2.0
6.4
EPSS
67.4%
Threat
4.8
CVE-2014-7992 MEDIUM POC THREAT This Month

The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 60.8%.

Apple Cisco Information Disclosure iOS
NVD
CVSS 2.0
5.0
EPSS
60.8%
Threat
4.3
CVE-2014-7829 MEDIUM POC PATCH This Month

Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Opensuse Rails Ruby On Rails
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-4459 MEDIUM This Month

Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple RCE Safari Mac Os X Iphone Os +2
NVD
CVSS 2.0
6.8
EPSS
3.8%
CVE-2014-7996 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Integrated Management Controller in Cisco Unified Computing System allows remote attackers to hijack the authentication. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Unified Computing System
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-4462 MEDIUM This Month

WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple RCE Buffer Overflow Iphone Os +1
NVD
CVSS 2.0
5.8
EPSS
1.6%
CVE-2014-4452 MEDIUM PATCH This Month

WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 5.4).

Denial Of Service Apple RCE Buffer Overflow Tvos +3
NVD
CVSS 2.0
5.4
EPSS
1.4%
CVE-2014-3613 MEDIUM PATCH This Month

cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Curl Libcurl Mac Os X
NVD
CVSS 2.0
5.0
EPSS
1.8%
CVE-2014-3620 MEDIUM PATCH This Month

cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Curl Libcurl Mac Os X
NVD
CVSS 2.0
5.0
EPSS
1.3%
CVE-2014-4453 MEDIUM This Month

Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os Mac Os X
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-6098 MEDIUM This Month

IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to discover cleartext passwords via a crafted request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Security Identity Manager
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-6095 MEDIUM This Month

Directory traversal vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal IBM Security Identity Manager
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-4458 MEDIUM This Month

The "System Profiler About This Mac" component in Apple OS X before 10.10.1 includes extraneous cookie data in system-model requests, which might allow remote attackers to obtain sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-8475 MEDIUM This Month

FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos support, uses incorrect library ordering when linking sshd, which causes symbols to be resolved incorrectly and allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service SSH Freebsd
NVD
CVSS 2.0
4.3
EPSS
1.3%
CVE-2014-6107 MEDIUM This Month

IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Security Identity Manager
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2014-6105 MEDIUM This Month

IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to conduct clickjacking attacks via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Security Identity Manager
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2014-6096 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Security Identity Manager
NVD
CVSS 2.0
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy