Skip to main content
CVE-2014-7141 MEDIUM PATCH This Month

The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 77.3%.

Denial Of Service Buffer Overflow Squid
NVD
CVSS 2.0
6.4
EPSS
77.3%
CVE-2014-7142 MEDIUM This Month

The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 64.2% and no vendor patch available.

Denial Of Service Solaris Ubuntu Linux Squid
NVD
CVSS 2.0
6.4
EPSS
64.2%
CVE-2014-9101 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall 1.7.0 (build 7907 and 7906) and SkaDate Lite 2.0 (build 7651) allow remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF Skadate Lite Oxwall
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
2.8%
CVE-2014-9104 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and earlier allow remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Openvpn Access Server
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-9099 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF WordPress PHP Whydowork Adsense
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-9102 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in the Kunena component before 3.0.6 for Joomla!. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Kunena
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2014-9094 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Video Gallery
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
7.2%
CVE-2014-9103 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Kunena component before 3.0.6 for Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Kunena
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-9100 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the idcode parameter in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Whydowork Adsense
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-2037 MEDIUM This Month

Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Openswan
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-8005 MEDIUM This Month

Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (process reload) by establishing. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Race Condition Apple Denial Of Service Cisco Ios Xr
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-8552 MEDIUM This Month

The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Siemens Simatic Pcs 7 Simatic Pcs7 Simatic Tiaportal +1
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2014-6196 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Web Experience Factory (WEF) 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework (WDF) and Lotus Widget Factory (LWF), allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Web Experience Factory
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-6610 MEDIUM PATCH This Month

Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Certified Asterisk Asterisk
NVD
CVSS 2.0
4.0
EPSS
1.5%
CVE-2014-6609 MEDIUM PATCH This Month

The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Asterisk
NVD
CVSS 2.0
4.0
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy