Skip to main content
CVE-2014-7911 HIGH Act Now

luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Epss exploitation probability 82.2% and no vendor patch available.

Deserialization Google Java RCE Privilege Escalation +1
NVD
CVSS 2.0
7.2
EPSS
82.2%
CVE-2014-3583 MEDIUM This Month

The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 41.8% and no vendor patch available.

Denial Of Service Buffer Overflow Apache Mac Os X Os X Server +3
NVD
CVSS 2.0
5.0
EPSS
41.8%
CVE-2014-8967 MEDIUM This Month

Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted HTML document in conjunction with a Cascading Style Sheets (CSS) token. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 29.9% and no vendor patch available.

RCE Microsoft Internet Explorer
NVD
CVSS 2.0
6.8
EPSS
29.9%
CVE-2014-6052 HIGH POC PATCH This Week

The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Denial Of Service Libvncserver Solaris Debian Linux +1
NVD GitHub
CVSS 2.0
7.5
EPSS
5.2%
CVE-2014-6053 MEDIUM PATCH This Month

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 36.9%.

Denial Of Service Libvncserver Ubuntu Linux Debian Linux
NVD GitHub
CVSS 2.0
5.0
EPSS
36.9%
CVE-2014-1569 HIGH POC This Week

The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla RCE Network Security Services
NVD
CVSS 2.0
7.5
EPSS
3.6%
CVE-2014-8507 HIGH POC This Week

Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Google Android
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
3.4%
CVE-2014-8609 HIGH POC This Week

The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Java Privilege Escalation Google Android
NVD
CVSS 2.0
7.2
EPSS
0.5%
CVE-2014-6261 CRITICAL Act Now

Zenoss Core through 5 Beta 3 does not properly implement the Check For Updates feature, which allows remote attackers to execute arbitrary code by (1) spoofing the callhome server or (2) deploying a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

RCE Code Injection Zenoss Core
NVD
CVSS 2.0
9.3
EPSS
3.0%
CVE-2014-9249 HIGH This Week

The default configuration of Zenoss Core before 5 allows remote attackers to read or modify database information by connecting to unspecified open ports, aka ZEN-15408. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Zenoss Core
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2014-6256 HIGH This Week

Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions and place files in a directory with public (1) read or (2) execute access via a move action, aka ZEN-15386. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Zenoss Core
NVD
CVSS 2.0
7.5
EPSS
0.2%
CVE-2014-8610 LOW POC Monitor

AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit. Rated low severity (CVSS 3.3). Public exploit code available and no vendor patch available.

Privilege Escalation Google Android
NVD GitHub
CVSS 2.0
3.3
EPSS
0.1%
CVE-2014-9385 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Zenoss Core through 5 Beta 3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger arbitrary code. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF RCE Zenoss Core
NVD
CVSS 2.0
6.8
EPSS
0.9%
CVE-2014-9386 MEDIUM This Month

Zenoss Core before 4.2.5 SP161 sets an infinite lifetime for the session ID cookie, which makes it easier for remote attackers to hijack sessions by leveraging an unattended workstation, aka. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Zenoss Core
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2014-6260 MEDIUM This Month

Zenoss Core through 5 Beta 3 does not require a password for modifying the pager command string, which allows remote attackers to execute arbitrary commands or cause a denial of service (paging. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Denial Of Service Zenoss Core
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2014-6253 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to hijack the authentication of arbitrary users, aka ZEN-12653. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Zenoss Core
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-6255 MEDIUM This Month

Open redirect vulnerability in the login form in Zenoss Core before 4.2.5 SP161 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the came_from. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Zenoss Core
NVD
CVSS 2.0
6.4
EPSS
0.5%
CVE-2014-6259 MEDIUM This Month

Zenoss Core through 5 Beta 3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Zenoss Core
NVD
CVSS 2.0
5.0
EPSS
1.5%
CVE-2014-6258 MEDIUM This Month

An unspecified endpoint in Zenoss Core through 5 Beta 3 allows remote attackers to cause a denial of service (CPU consumption) by triggering an arbitrary regular-expression match attempt, aka. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Zenoss Core
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-9248 MEDIUM This Month

Zenoss Core through 5 Beta 3 does not require complex passwords, which makes it easier for remote attackers to obtain access via a brute-force attack, aka ZEN-15406. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zenoss Core
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-6257 MEDIUM This Month

Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions by using a web-endpoint URL to invoke an object helper method, aka ZEN-15407. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Zenoss Core
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-9250 MEDIUM This Month

Zenoss Core through 5 Beta 3 does not include the HTTPOnly flag in a Set-Cookie header for the authentication cookie, which makes it easier for remote attackers to obtain credential information via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zenoss Core
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-9245 MEDIUM This Month

Zenoss Core through 5 Beta 3 allows remote attackers to obtain sensitive information by attempting a product-rename action with an invalid new name and then reading a stack trace, as demonstrated by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zenoss Core
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-9251 MEDIUM This Month

Zenoss Core through 5 Beta 3 uses a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack on hash values in the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zenoss Core
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-6254 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to inject arbitrary web script or HTML via an attribute in a (1) device name, (2) device. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Zenoss Core
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2014-9247 MEDIUM This Month

Zenoss Core through 5 Beta 3 allows remote authenticated users to obtain sensitive (1) user account, (2) e-mail address, and (3) role information by visiting the ZenUsers (aka User Manager) page, aka. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zenoss Core
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-9252 LOW Monitor

Zenoss Core through 5 Beta 3 stores cleartext passwords in the session database, which might allow local users to obtain sensitive information by reading database entries, aka ZEN-15416. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Zenoss Core
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy