Skip to main content
CVE-2014-8270 MEDIUM POC THREAT This Month

BMC Track-It!. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 65.7%.

RCE Privilege Escalation Track It
NVD
CVSS 2.0
5.0
EPSS
65.7%
Threat
4.5
CVE-2014-9374 MEDIUM PATCH This Month

Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 45.8%.

Denial Of Service Certified Asterisk Asterisk
NVD
CVSS 2.0
5.0
EPSS
45.8%
CVE-2014-8956 HIGH POC This Week

Stack-based buffer overflow in the K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) before 12.8.0.119, as used in multiple K7 Computing products, allows local users to execute. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow K7Av Sentry Device Driver
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2014-7136 HIGH POC This Week

Heap-based buffer overflow in the K7FWFilt.sys kernel mode driver (aka K7Firewall Packet Driver) before 14.0.1.16, as used in multiple K7 Computing products, allows local users to execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow K7Firewall Packet Driver
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2014-9365 MEDIUM POC This Month

The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Python Information Disclosure Mac Os X
NVD
CVSS 2.0
5.8
EPSS
2.8%
CVE-2014-6316 MEDIUM POC This Month

core/string_api.php in MantisBT before 1.2.18 does not properly categorize URLs when running under the web root, which allows remote attackers to conduct open redirect and phishing attacks via a. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Open Redirect Mantisbt
NVD GitHub
CVSS 2.0
5.8
EPSS
0.6%
CVE-2014-8608 MEDIUM POC This Month

The K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) before 12.8.0.119, as used in multiple K7 Computing products, allows local users to cause a denial of service (NULL pointer. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service K7Av Sentry Device Driver
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-6407 HIGH PATCH This Week

Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Docker RCE
NVD
CVSS 2.0
7.5
EPSS
5.9%
CVE-2014-7840 HIGH This Week

The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Qemu Enterprise Linux Desktop Enterprise Linux Eus Enterprise Linux Server +3
NVD
CVSS 2.0
7.5
EPSS
2.5%
CVE-2014-4323 HIGH This Week

The mdp_lut_hw_update function in drivers/video/msm/mdp.c in the MDP display driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Google Linux Linux Kernel
NVD
CVSS 2.0
7.5
EPSS
2.4%
CVE-2014-7260 HIGH This Week

The Server Side Includes (SSI) implementation in the File Upload BBS component in ULTRAPOP.JP i-HTTPD allows remote attackers to execute arbitrary commands by uploading files containing commands in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection File Upload I Httpd
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2014-8134 LOW POC PATCH Monitor

The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Linux Authentication Bypass Linux Kernel Ubuntu Linux Evergreen +2
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2014-8515 MEDIUM This Month

The web interface in BitTorrent allows remote attackers to execute arbitrary commands by leveraging knowledge of the pairing values and a crafted request to port 10000. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Bittorrent
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2014-8489 MEDIUM This Month

Open redirect vulnerability in startSSO.ping in the SP Endpoints in Ping Identity PingFederate 6.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Pingfederate
NVD
CVSS 2.0
6.4
EPSS
0.3%
CVE-2014-2516 MEDIUM This Month

Open redirect vulnerability in EMC RSA Authentication Manager 8.x before 8.1 Patch 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Open Redirect Rsa Authentication Manager
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2014-7250 MEDIUM This Month

The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Bsd Freebsd Netbsd Openbsd
NVD
CVSS 2.0
5.0
EPSS
3.7%
CVE-2014-6408 MEDIUM PATCH This Month

Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Docker Privilege Escalation
NVD
CVSS 2.0
5.0
EPSS
1.6%
CVE-2014-8124 MEDIUM PATCH This Month

OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Horizon Fedora Opensuse Solaris
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2013-4399 MEDIUM PATCH This Month

The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Libvirt
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2014-7261 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted string that is improperly rendered during construction of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS I Httpd
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-7262 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Omake BBS component in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted string. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS I Httpd
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-7265 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in LinPHA allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Linpha
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4633 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Rsa Archer Egrc
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4628 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in EMC Isilon InsightIQ 2.x and 3.x before 3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Isilon Insightiq
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4815 MEDIUM This Month

Session fixation vulnerability in IBM Rational Lifecycle Integration Adapter for Windchill 1.x before 1.0.1 allows remote attackers to hijack web sessions via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Ibm Rational Lifecycle Integration Adapter For Windchill
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-7263 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP header, a different vulnerability than CVE-2014-7261. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS I Httpd
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-6209 MEDIUM This Month

IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Microsoft Db2
NVD
CVSS 2.0
4.0
EPSS
1.4%
CVE-2014-6210 MEDIUM This Month

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Microsoft Db2 Db2 Connect
NVD
CVSS 2.0
4.0
EPSS
1.3%
CVE-2014-6138 MEDIUM This Month

The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to bypass intended grid-data access restrictions via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Datapower Xc10 Appliance Firmware
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-6145 LOW Monitor

Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence 10.1 before IF10, 10.1.1 before IF9, 10.2 before IF11, 10.2.1 before IF8, and 10.2.1.1 before IF7 allows. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Cognos Business Intelligence
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-6381 LOW Monitor

Juniper WLC devices with WLAN Software releases 8.0.x before 8.0.4, 9.0.x before 9.0.2.11, 9.0.3.x before 9.0.3.5, and 9.1.x before 9.1.1, when "Proxy ARP" or "No Broadcast" features are enabled in a. Rated low severity (CVSS 2.9). No vendor patch available.

Juniper Denial Of Service Smartpass Mobile System Software Ringmaster
NVD
CVSS 2.0
2.9
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy