Skip to main content
CVE-2014-9222 CRITICAL POC THREAT Emergency

AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 86.4%.

Buffer Overflow Huawei Rompager
NVD
CVSS 2.0
10.0
EPSS
86.4%
Threat
6.1
CVE-2014-8137 MEDIUM This Month

Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 31.5% and no vendor patch available.

RCE Denial Of Service Jasper Enterprise Linux
NVD
CVSS 2.0
6.8
EPSS
31.5%
CVE-2014-4322 HIGH POC PATCH This Week

drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Google Linux Buffer Overflow +2
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
3.5%
CVE-2014-9223 CRITICAL Act Now

Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Huawei Rompager
NVD
CVSS 2.0
10.0
EPSS
7.5%
CVE-2014-8810 MEDIUM POC This Month

SQL injection vulnerability in ajax/mail_functions.php in the WP Symposium plugin before 14.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tray parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Wp Symposium
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
3.4%
CVE-2014-9414 MEDIUM POC This Month

The W3 Total Cache plugin before 0.9.4.1 for WordPress does not properly handle empty nonces, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF WordPress PHP W3 Total Cache
NVD GitHub
CVSS 2.0
6.8
EPSS
0.4%
CVE-2014-9413 MEDIUM POC PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the IP Ban (simple-ip-ban) plugin 1.2.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

XSS CSRF WordPress PHP Ip Ban
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-9334 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Bird Feeder plugin 1.2.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF WordPress PHP Bird Feeder
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-8138 HIGH This Week

Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Enterprise Linux Jasper
NVD
CVSS 2.0
7.5
EPSS
5.9%
CVE-2014-9416 MEDIUM POC This Month

Multiple untrusted search path vulnerabilities in Huawei eSpace Desktop before V200R003C00 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1). Rated medium severity (CVSS 4.4). Public exploit code available and no vendor patch available.

RCE Huawei Espace Desktop
NVD Exploit-DB
CVSS 2.0
4.4
EPSS
0.1%
CVE-2014-8809 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the WP Symposium plugin before 14.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Wp Symposium
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-7999 HIGH This Week

Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote authenticated users to install arbitrary firmware by leveraging unspecified HTTP handler access on the local network,. Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Meraki Mr Firmware Meraki Mr Meraki Ms Firmware +3
NVD
CVSS 2.0
7.7
EPSS
0.2%
CVE-2014-7995 HIGH This Week

Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow physically proximate attackers to obtain shell access by opening a device's case and connecting a cable to a serial port, aka. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Meraki Mx Firmware Meraki Mx Meraki Ms Firmware +3
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2014-3569 MEDIUM This Month

The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service OpenSSL
NVD
CVSS 2.0
5.0
EPSS
7.6%
CVE-2014-9418 LOW POC Monitor

The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei eSpace Desktop before V200R001C03 allows local users to cause a denial of service (memory overflow) via unspecified vectors. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Huawei Espace Desktop
NVD Exploit-DB
CVSS 2.0
2.1
EPSS
0.2%
CVE-2014-9417 LOW POC Monitor

The Meeting component in Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted image. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Huawei Espace Desktop
NVD Exploit-DB
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-6187 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x before 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

IBM CSRF Websphere Service Registry And Repository
NVD
CVSS 2.0
6.0
EPSS
0.3%
CVE-2014-9415 LOW POC PATCH Monitor

Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted QES file. Rated low severity (CVSS 1.9). Public exploit code available.

Denial Of Service Huawei Espace Desktop
NVD Exploit-DB
CVSS 2.0
1.9
EPSS
0.1%
CVE-2014-7994 MEDIUM This Month

Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to execute arbitrary commands by leveraging knowledge of a cross-device secret and a per-device secret, and. Rated medium severity (CVSS 5.4). No vendor patch available.

Cisco Information Disclosure Meraki Mr Firmware Meraki Mr Meraki Mx Firmware +3
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-6153 MEDIUM This Month

The Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 does not set the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Websphere Service Registry And Repository
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-6179 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.0.x before 8.0.0.2 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Websphere Service Registry And Repository
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-6186 MEDIUM This Month

IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.1 allows remote authenticated users to bypass intended. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Websphere Service Registry And Repository
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-6155 MEDIUM This Month

Multiple directory traversal vulnerabilities in the ServiceRegistry UI in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal IBM Websphere Service Registry And Repository
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-6177 MEDIUM This Month

IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.3 does not perform access-control checks for depth-0 retrieve operations, which allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Websphere Service Registry And Repository
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-6181 MEDIUM This Month

IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 does not perform access-control checks for contained objects, which allows remote authenticated users to obtain sensitive. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Websphere Service Registry And Repository
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-6132 LOW Monitor

Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3 through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3,. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Websphere Service Registry And Repository
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2014-6188 LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.2. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Websphere Service Registry And Repository
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2014-6180 LOW Monitor

Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.1 allows remote authenticated users to. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Websphere Service Registry And Repository
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-6178 LOW Monitor

Cross-site scripting (XSS) vulnerability in the widgets in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.0.x before 8.0.0.3 allows remote authenticated users to. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Websphere Service Registry And Repository
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-7993 LOW Monitor

Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to obtain sensitive credential information by leveraging unspecified HTTP handler access on the local. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Meraki Mx Firmware Meraki Mr Firmware Meraki Ms Firmware
NVD
CVSS 2.0
3.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy