Skip to main content
CVE-2014-8420 CRITICAL POC THREAT Emergency

The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 73.8%.

Sonicwall RCE Dell Analyzer Global Management System +1
NVD
CVSS 2.0
9.0
EPSS
73.8%
Threat
5.5
CVE-2014-8439 HIGH KEV THREAT Act Now

Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 27.1%.

Buffer Overflow Denial Of Service RCE Adobe Microsoft
NVD VulDB
CVSS 3.1
8.8
EPSS
27.1%
Threat
4.1
CVE-2014-9034 MEDIUM POC PATCH THREAT This Month

wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 72.5%.

Denial Of Service WordPress PHP
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
72.5%
Threat
4.7
CVE-2014-8558 MEDIUM POC This Month

JExperts Channel Platform 5.0.33_CCB allows remote authenticated users to bypass access restrictions via crafted action and key parameters. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Channel Platform
NVD
CVSS 2.0
6.5
EPSS
0.2%
CVE-2014-8368 CRITICAL Act Now

The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain privileges and execute arbitrary commands via unspecified vectors. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Aruba Airwave
NVD
CVSS 2.0
9.0
EPSS
1.4%
CVE-2014-8001 HIGH PATCH This Week

Buffer overflow in decode.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Cisco Buffer Overflow RCE Openh264
NVD GitHub
CVSS 2.0
7.5
EPSS
3.0%
CVE-2014-8002 HIGH PATCH This Week

Use-after-free vulnerability in decode_slice.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Cisco Buffer Overflow RCE Openh264
NVD GitHub
CVSS 2.0
7.5
EPSS
2.1%
CVE-2014-8678 HIGH This Week

The ConfigSaveServlet servlet in ManageEngine OpUtils before build 71024 allows remote attackers to "disclose" files via a crafted filename, related to "saveFile.". Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho Information Disclosure Oputils
NVD
CVSS 2.0
7.8
EPSS
0.4%
CVE-2014-8367 HIGH This Week

SQL injection vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) 6.2.x, 6.3.x before 6.3.6, and 6.4.x before 6.4.2 allows remote attackers to execute arbitrary SQL commands via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Aruba Clearpass Policy Manager
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2014-9037 MEDIUM PATCH This Month

WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

WordPress PHP Information Disclosure Mageia Debian Linux
NVD
CVSS 2.0
6.8
EPSS
2.6%
CVE-2014-1421 HIGH This Week

mountall 1.54, as used in Ubuntu 14.10, does not properly handle the umask when using the mount utility, which allows local users to bypass intended access restrictions via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ubuntu Ubuntu Linux
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2014-9033 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in wp-login.php in WordPress 3.7.4, 3.8.4, 3.9.2, and 4.0 allows remote attackers to hijack the authentication of arbitrary users for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF WordPress PHP
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2014-7839 MEDIUM PATCH This Month

DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

XXE Resteasy
NVD
CVSS 2.0
6.4
EPSS
1.3%
CVE-2014-9038 MEDIUM PATCH This Month

wp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to conduct server-side request forgery (SSRF) attacks by referring. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

WordPress PHP SSRF
NVD
CVSS 2.0
6.4
EPSS
1.2%
CVE-2014-8004 MEDIUM This Month

Cisco IOS XR allows remote attackers to cause a denial of service (LISP process reload) by establishing many LISP TCP sessions, aka Bug ID CSCuq90378. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xr
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2014-9039 MEDIUM PATCH This Month

wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

WordPress PHP Information Disclosure Debian Linux Mageia
NVD
CVSS 2.0
4.3
EPSS
1.7%
CVE-2014-9031 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS WordPress
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-9036 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS WordPress Debian Linux
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-9035 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Press This in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS WordPress Debian Linux
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-9032 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the media-playlists feature in WordPress before 3.9.x before 3.9.3 and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS WordPress
NVD
CVSS 2.0
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy