Skip to main content
CVE-2014-9505 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in the School Administration module 7.x-1.x before 7.x-1.8 for Drupal allows remote authenticated users with permission to create or edit a class node to. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS School Administration
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-9585 LOW POC Monitor

The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linux Authentication Bypass Linux Kernel Enterprise Linux Aus Enterprise Linux Desktop +16
NVD
CVSS 2.0
2.1
EPSS
0.0%
CVE-2014-9499 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Godwin's Law module before 7.x-1.1 for Drupal, when using the dblog module, allows remote authenticated users to inject arbitrary web script or HTML. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Godwin S Law
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-9498 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Webform Invitation module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.4 for Drupal allows remote authenticated users with the Webform: Create new. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Webform Invitation
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-9501 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Poll Chart Block module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a poll node. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Poll Chart Block
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-9269 LOW Monitor

Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 through 1.2.x before 1.2.18, when Extended project browser is enabled, allows remote attackers to inject arbitrary web. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Mantisbt Debian Linux
NVD GitHub
CVSS 2.0
2.6
EPSS
0.4%
CVE-2014-9584 LOW PATCH Monitor

The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Enterprise Linux Aus Enterprise Linux Desktop +15
NVD GitHub
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy