Skip to main content
CVE-2014-7285 MEDIUM POC THREAT This Month

The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 74.0%.

Command Injection PHP Web Gateway
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
74.0%
Threat
5.0
CVE-2014-9322 HIGH POC PATCH This Week

arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Linux Linux Kernel Enterprise Linux Eus Ubuntu Linux +3
NVD Exploit-DB GitHub
CVSS 3.1
7.8
EPSS
5.2%
CVE-2014-9387 CRITICAL Act Now

SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Businessobjects
NVD
CVSS 2.0
10.0
EPSS
5.8%
CVE-2014-4626 CRITICAL Act Now

EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Documentum Content Server
NVD
CVSS 2.0
9.0
EPSS
1.2%
CVE-2014-8117 MEDIUM PATCH This Month

softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 16.5%.

Denial Of Service File Freebsd Mageia Ubuntu Linux
NVD GitHub
CVSS 2.0
5.0
EPSS
16.5%
CVE-2014-8116 MEDIUM PATCH This Month

The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.9%.

Denial Of Service File Freebsd Mageia Ubuntu Linux
NVD GitHub
CVSS 2.0
5.0
EPSS
15.9%
CVE-2014-5437 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allow remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

XSS CSRF PHP Touchstone Tg862G Ct Firmware
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-4844 MEDIUM This Month

The import/export functionality in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 allows remote authenticated users to bypass intended access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Business Process Manager
NVD
CVSS 2.0
6.5
EPSS
0.2%
CVE-2013-7402 MEDIUM This Month

Multiple unspecified vulnerabilities in request.c in c-icap 0.2.x allow remote attackers to cause a denial of service (crash) via a crafted ICAP request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service C Icap
NVD
CVSS 2.0
5.0
EPSS
1.4%
CVE-2014-7880 MEDIUM PATCH This Month

Multiple unspecified vulnerabilities in the POP implementation in HP OpenVMS TCP/IP 5.7 before ECO5 allow remote attackers to cause a denial of service via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

HP Denial Of Service Tcp Ip Services Openvms
NVD
CVSS 2.0
5.0
EPSS
1.3%
CVE-2014-8553 MEDIUM This Month

The mci_account_get_array_by_id function in api/soap/mc_account_api.php in MantisBT before 1.2.18 allows remote attackers to obtain sensitive information via a (1) mc_project_get_users, (2). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Mantisbt
NVD GitHub
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-9388 MEDIUM This Month

bug_report.php in MantisBT before 1.2.18 allows remote attackers to assign arbitrary issues via the handler_id parameter. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Authentication Bypass Mantisbt
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-9253 MEDIUM PATCH This Month

The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers to execute arbitrary web script or HTML by uploading an SWF. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Dokuwiki Mageia
NVD GitHub
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-8006 MEDIUM This Month

The Disaster Recovery (DRA) feature on the Cisco ISB8320-E High-Definition IP-Only DVR allows remote attackers to bypass authentication by establishing a TELNET session during a recovery boot, aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Authentication Bypass Isb8320 E High Definition Ip Only Dvr
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-6182 MEDIUM PATCH This Month

Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Business Process Manager
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2014-5438 LOW Monitor

Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allows remote authenticated users to inject arbitrary web script or HTML. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Touchstone Tg862G Ct Firmware
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-8133 LOW Monitor

arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Linux Linux Kernel
NVD GitHub
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-7170 LOW Monitor

Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service. Rated low severity (CVSS 1.9). No vendor patch available.

Race Condition Information Disclosure Puppet Server
NVD
CVSS 2.0
1.9
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy