Skip to main content
CVE-2014-8451 MEDIUM This Month

An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 19.0% and no vendor patch available.

Adobe Information Disclosure Microsoft Acrobat Mac Os X +2
NVD
CVSS 2.0
5.0
EPSS
19.0%
CVE-2014-8448 MEDIUM This Month

An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 19.0% and no vendor patch available.

Adobe Information Disclosure Microsoft Acrobat Mac Os X +2
NVD
CVSS 2.0
5.0
EPSS
19.0%
CVE-2014-9091 MEDIUM POC This Month

Icecast before 2.4.0 does not change the supplementary group privileges when <changeowner> is configured, which allows local users to gain privileges via unspecified vectors. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Icecast
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-8488 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Yourls Fedora
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-7809 MEDIUM PATCH This Month

Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable <s:token/> values, which allows remote attackers to bypass the CSRF protection mechanism. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Apache Struts
NVD
CVSS 2.0
6.8
EPSS
7.5%
CVE-2014-4475 MEDIUM PATCH This Month

WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service Apple RCE Buffer Overflow Safari +3
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2014-4474 MEDIUM PATCH This Month

WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service Apple RCE Buffer Overflow Itunes +3
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2014-4473 MEDIUM PATCH This Month

WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service Apple RCE Buffer Overflow Itunes +3
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2014-4472 MEDIUM PATCH This Month

WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service Apple RCE Buffer Overflow Safari +3
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2014-4471 MEDIUM PATCH This Month

WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service Apple RCE Buffer Overflow Itunes +3
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2014-4470 MEDIUM PATCH This Month

WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service Apple RCE Buffer Overflow Safari +3
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2014-4469 MEDIUM PATCH This Month

WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service Apple RCE Buffer Overflow Itunes +3
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2014-4468 MEDIUM PATCH This Month

WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service Apple RCE Buffer Overflow Iphone Os +3
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2014-8452 MEDIUM This Month

Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XXE Information Disclosure Microsoft Acrobat Reader +3
NVD
CVSS 2.0
5.0
EPSS
9.6%
CVE-2014-8103 MEDIUM PATCH This Month

X.Org Server (aka xserver and xorg-server) 1.15.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service RCE Buffer Overflow X Server
NVD
CVSS 2.0
6.5
EPSS
1.8%
CVE-2014-8099 MEDIUM PATCH This Month

The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service RCE Buffer Overflow X11 X Server +1
NVD
CVSS 2.0
6.5
EPSS
1.3%
CVE-2014-8100 MEDIUM PATCH This Month

The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service RCE Buffer Overflow Xfree86 X Server +1
NVD
CVSS 2.0
6.5
EPSS
1.3%
CVE-2014-8097 MEDIUM PATCH This Month

The DBE extension in X.Org X Window System (aka X11 or X) X11R6.1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service RCE Buffer Overflow X Server X11
NVD
CVSS 2.0
6.5
EPSS
1.3%
CVE-2014-8093 MEDIUM PATCH This Month

Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE Buffer Overflow X11 X Server +1
NVD
CVSS 2.0
6.5
EPSS
1.3%
CVE-2014-8092 MEDIUM PATCH This Month

Multiple integer overflows in X.Org X Window System (aka X11 or X) X11R1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE Buffer Overflow X11 X Server
NVD
CVSS 2.0
6.5
EPSS
1.3%
CVE-2014-8101 MEDIUM PATCH This Month

The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service RCE Buffer Overflow Xfree86 X Server +1
NVD
CVSS 2.0
6.5
EPSS
1.3%
CVE-2014-8102 MEDIUM PATCH This Month

The SProcXFixesSelectSelectionInput function in the XFixes extension in X.Org X Window System (aka X11 or X) X11R6.8.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service RCE Buffer Overflow X Server X11 +1
NVD
CVSS 2.0
6.5
EPSS
1.1%
CVE-2014-8095 MEDIUM PATCH This Month

The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service RCE Buffer Overflow Debian Linux X11 +1
NVD
CVSS 2.0
6.5
EPSS
1.1%
CVE-2014-8094 MEDIUM PATCH This Month

Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserver and xorg-server) 1.7.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Integer Overflow RCE Buffer Overflow Denial Of Service X Server +2
NVD
CVSS 2.0
6.5
EPSS
1.0%
CVE-2014-8096 MEDIUM PATCH This Month

The SProcXCMiscGetXIDList function in the XC-MISC extension in X.Org X Window System (aka X11 or X) X11R6.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service RCE Buffer Overflow X11 X Server +1
NVD
CVSS 2.0
6.5
EPSS
1.0%
CVE-2014-8098 MEDIUM PATCH This Month

The GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service RCE Buffer Overflow Debian Linux X Server +2
NVD
CVSS 2.0
6.5
EPSS
1.0%
CVE-2014-8010 MEDIUM This Month

The web framework in Cisco Unified Communications Domain Manager 8 allows remote authenticated administrators to execute arbitrary OS commands via crafted values, aka Bug ID CSCuq50205. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Unified Communications Domain Manager
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2014-8453 MEDIUM This Month

Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Privilege Escalation Microsoft Acrobat Mac Os X +2
NVD
CVSS 2.0
5.0
EPSS
7.7%
CVE-2014-9360 MEDIUM This Month

XML external entity (XXE) vulnerability in Scalix Web Access 11.4.6.12377 and 12.2.0.14697 allows remote attackers to read arbitrary files and trigger requests to intranet servers via a crafted. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Web Access
NVD
CVSS 2.0
6.4
EPSS
0.4%
CVE-2014-9363 MEDIUM PATCH This Month

Open redirect vulnerability in the path-based meta tag editing form in the Meta tags quick module 7.x-2.x before 7.x-2.8 for Drupal allows remote authenticated users to redirect users to arbitrary. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Open Redirect Meta Tags Quick
NVD
CVSS 2.0
5.5
EPSS
0.1%
CVE-2014-9166 MEDIUM PATCH This Month

Adobe ColdFusion 10 before Update 15 and 11 before Update 3 allows attackers to cause a denial of service (resource consumption) via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe Denial Of Service Coldfusion
NVD
CVSS 2.0
5.0
EPSS
1.4%
CVE-2014-8091 MEDIUM PATCH This Month

X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) before 1.16.3, when using SUN-DES-1 (Secure RPC) authentication credentials, does not check the return value. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service X Server X11
NVD
CVSS 2.0
4.3
EPSS
4.8%
CVE-2014-4465 MEDIUM This Month

WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Authentication Bypass Tvos Iphone Os Safari
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2014-8601 MEDIUM This Month

PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service ("performance degradations") via a large or infinite number of referrals,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Debian Linux Recursor
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-7807 MEDIUM This Month

Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Cloudstack
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-8009 MEDIUM This Month

The Management subsystem in Cisco Unified Computing System 2.1(3f) and earlier allows remote attackers to obtain sensitive information by reading log files, aka Bug ID CSCur99239. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Unified Computing System
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-8730 MEDIUM This Month

The SSL profiles component in F5 BIG-IP LTM, APM, and ASM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, AAM 11.4.0 through 11.5.1, AFM 11.3.0 through 11.5.1, Analytics 11.0.0 through 11.5.1, Edge. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Big Ip Local Traffic Manager Big Ip Access Policy Manager Big Ip Policy Enforcement Manager +11
NVD
CVSS 2.0
4.3
EPSS
3.1%
CVE-2014-9120 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Subrion CMS before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to subrion/search/. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Subrion
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-9364 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Unified Login form in the LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Logintoboggan
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-9361 MEDIUM PATCH This Month

The LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal does not properly unset the authorized user role for certain users, which allows remote attackers with the pre-authorized role to gain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Logintoboggan
NVD
CVSS 2.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy