Skip to main content
CVE-2014-7911 HIGH Act Now

luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Epss exploitation probability 82.2% and no vendor patch available.

Deserialization Google Java RCE Privilege Escalation +1
NVD
CVSS 2.0
7.2
EPSS
82.2%
CVE-2014-6052 HIGH POC PATCH This Week

The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Denial Of Service Libvncserver Solaris Debian Linux +1
NVD GitHub
CVSS 2.0
7.5
EPSS
5.2%
CVE-2014-1569 HIGH POC This Week

The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla RCE Network Security Services
NVD
CVSS 2.0
7.5
EPSS
3.6%
CVE-2014-8507 HIGH POC This Week

Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Google Android
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
3.4%
CVE-2014-8609 HIGH POC This Week

The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Java Privilege Escalation Google Android
NVD
CVSS 2.0
7.2
EPSS
0.5%
CVE-2014-9249 HIGH This Week

The default configuration of Zenoss Core before 5 allows remote attackers to read or modify database information by connecting to unspecified open ports, aka ZEN-15408. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Zenoss Core
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2014-6256 HIGH This Week

Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions and place files in a directory with public (1) read or (2) execute access via a move action, aka ZEN-15386. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Zenoss Core
NVD
CVSS 2.0
7.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy