Skip to main content
CVE-2014-7816 MEDIUM POC PATCH THREAT This Month

Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 55.2%.

Path Traversal Microsoft Undertow
NVD
CVSS 2.0
5.0
EPSS
55.2%
Threat
4.2
CVE-2014-9050 MEDIUM POC PATCH This Month

Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.98.5 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Clamav
NVD GitHub
CVSS 2.0
5.0
EPSS
6.9%
CVE-2014-9087 HIGH PATCH This Week

Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Integer Overflow Denial Of Service Buffer Overflow Mageia Debian Linux +3
NVD
CVSS 2.0
7.5
EPSS
6.9%
CVE-2014-9152 HIGH This Week

The _user_resource_create function in the Services module 7.x-3.x before 7.x-3.10 for Drupal uses a password of 1 when creating new user accounts, which makes it easier for remote attackers to guess. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Services
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-9151 HIGH This Week

The Services module 7.x-3.x before 7.x-3.10 for Drupal does not properly limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Services
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-5268 MEDIUM PATCH This Month

The Fasttoggle module 7.x-1.3 and 7.x-1.4 for Drupal allows remote attackers to block or unblock an account via a crafted user status link. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Privilege Escalation Fasttoggle
NVD
CVSS 2.0
5.8
EPSS
0.4%
CVE-2014-2232 MEDIUM This Month

Absolute path traversal vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Mapsuite
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-8749 MEDIUM PATCH This Month

Server-side request forgery (SSRF) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

WordPress PHP SSRF Bulletproof Security
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-2233 MEDIUM This Month

Server-side request forgery (SSRF) vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to trigger requests to intranet servers via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Mapsuite
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-8867 MEDIUM PATCH This Month

The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity.

Denial Of Service Enterprise Linux Enterprise Linux Desktop Xen Debian Linux +1
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-8866 MEDIUM PATCH This Month

The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via. Rated medium severity (CVSS 4.7).

Denial Of Service Debian Linux Xen Opensuse
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2014-5237 MEDIUM This Month

Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

SSRF App Suite
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-7291 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in api_events.php in Springshare LibCal 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) m or (2) cid parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Libcal
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-9153 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Services module 7.x-3.x before 7.x-3.10 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the callback parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Services
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-9155 MEDIUM PATCH This Month

Directory traversal vulnerability in the Avatar Uploader module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta6 for Drupal allows remote authenticated users to read arbitrary files via a .. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Avatar Uploader
NVD
CVSS 2.0
4.0
EPSS
0.7%
CVE-2014-9154 MEDIUM PATCH This Month

The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or (2) modified nodes or (3) their fields, which allows remote authenticated users to obtain node. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Notify
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-9156 MEDIUM This Month

The FileField module 6.x-3.x before 6.x-3.13 for Drupal does not properly check permissions to view files, which allows remote authenticated users with permission to create or edit content to read. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Filefield
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-6497 LOW PATCH Monitor

clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Denial Of Service Clamav
NVD
CVSS 2.0
2.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy