Skip to main content
CVE-2014-8270 MEDIUM POC THREAT This Month

BMC Track-It!. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 65.7%.

RCE Privilege Escalation Track It
NVD
CVSS 2.0
5.0
EPSS
65.7%
Threat
4.5
CVE-2014-9374 MEDIUM PATCH This Month

Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 45.8%.

Denial Of Service Certified Asterisk Asterisk
NVD
CVSS 2.0
5.0
EPSS
45.8%
CVE-2014-9365 MEDIUM POC This Month

The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Python Information Disclosure Mac Os X
NVD
CVSS 2.0
5.8
EPSS
2.8%
CVE-2014-6316 MEDIUM POC This Month

core/string_api.php in MantisBT before 1.2.18 does not properly categorize URLs when running under the web root, which allows remote attackers to conduct open redirect and phishing attacks via a. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Open Redirect Mantisbt
NVD GitHub
CVSS 2.0
5.8
EPSS
0.6%
CVE-2014-8608 MEDIUM POC This Month

The K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) before 12.8.0.119, as used in multiple K7 Computing products, allows local users to cause a denial of service (NULL pointer. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service K7Av Sentry Device Driver
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-8515 MEDIUM This Month

The web interface in BitTorrent allows remote attackers to execute arbitrary commands by leveraging knowledge of the pairing values and a crafted request to port 10000. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Bittorrent
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2014-8489 MEDIUM This Month

Open redirect vulnerability in startSSO.ping in the SP Endpoints in Ping Identity PingFederate 6.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Pingfederate
NVD
CVSS 2.0
6.4
EPSS
0.3%
CVE-2014-2516 MEDIUM This Month

Open redirect vulnerability in EMC RSA Authentication Manager 8.x before 8.1 Patch 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Open Redirect Rsa Authentication Manager
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2014-7250 MEDIUM This Month

The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Bsd Freebsd Netbsd Openbsd
NVD
CVSS 2.0
5.0
EPSS
3.7%
CVE-2014-6408 MEDIUM PATCH This Month

Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Docker Privilege Escalation
NVD
CVSS 2.0
5.0
EPSS
1.6%
CVE-2014-8124 MEDIUM PATCH This Month

OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Horizon Fedora Opensuse Solaris
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2013-4399 MEDIUM PATCH This Month

The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Libvirt
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2014-7261 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted string that is improperly rendered during construction of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS I Httpd
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-7262 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Omake BBS component in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted string. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS I Httpd
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-7265 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in LinPHA allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Linpha
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4633 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Rsa Archer Egrc
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4628 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in EMC Isilon InsightIQ 2.x and 3.x before 3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Isilon Insightiq
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4815 MEDIUM This Month

Session fixation vulnerability in IBM Rational Lifecycle Integration Adapter for Windchill 1.x before 1.0.1 allows remote attackers to hijack web sessions via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Ibm Rational Lifecycle Integration Adapter For Windchill
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-7263 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP header, a different vulnerability than CVE-2014-7261. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS I Httpd
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-6209 MEDIUM This Month

IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Microsoft Db2
NVD
CVSS 2.0
4.0
EPSS
1.4%
CVE-2014-6210 MEDIUM This Month

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Microsoft Db2 Db2 Connect
NVD
CVSS 2.0
4.0
EPSS
1.3%
CVE-2014-6138 MEDIUM This Month

The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to bypass intended grid-data access restrictions via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Datapower Xc10 Appliance Firmware
NVD
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy