Skip to main content
CVE-2014-6140 CRITICAL POC Act Now

IBM Tivoli Endpoint Manager Mobile Device Management (MDM) before 9.0.60100 uses the same secret HMAC token across different customers' installations, which allows remote attackers to execute. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

IBM Apple RCE Tivoli Endpoint Manager Mobile Device Management
NVD
CVSS 2.0
9.3
EPSS
9.3%
CVE-2014-4629 CRITICAL Act Now

EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19 allows remote authenticated users to read or delete arbitrary files via unspecified vectors related to an insecure direct. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Documentum Content Server
NVD
CVSS 2.0
9.0
EPSS
0.7%
CVE-2014-8651 HIGH This Week

The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and plasma-desktop before 5.1.1 allows local users to gain privileges via a crafted ntpUtility (ntp utility name) argument. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Plasma Desktop Kde Workspace
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2014-9117 MEDIUM This Month

MantisBT before 1.2.18 uses the public_key parameter value as the key to the CAPTCHA answer, which allows remote attackers to bypass the CAPTCHA protection mechanism by leveraging knowledge of a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mantisbt
NVD GitHub
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-5429 MEDIUM This Month

DNP Master Driver 3.02 and earlier in Elipse SCADA 2.29 build 141 and earlier, E3 1.0 through 4.6, and Elipse Power 1.0 through 4.6 allows remote attackers to cause a denial of service (CPU. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SCADA Power E3
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-9278 MEDIUM This Month

The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat SSH Authentication Bypass Openssh
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2014-7251 LOW Monitor

XML external entity (XXE) vulnerability in the WebHMI server in Yokogawa Electric Corporation FAST/TOOLS before R9.05-SP2 allows local users to cause a denial of service (CPU or network traffic. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service XXE Fast Tools
NVD
CVSS 2.0
3.2
EPSS
0.1%
CVE-2014-3099 LOW Monitor

Unspecified vulnerability in the Security component in IBM Systems Director 6.3.0 through 6.3.5 allows local users to obtain sensitive information via unknown vectors. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Systems Director
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy