Skip to main content
CVE-2014-9190 CRITICAL Act Now

Stack-based buffer overflow in Schneider Electric Wonderware InTouch Access Anywhere Server 10.6 and 11.0 allows remote attackers to execute arbitrary code via a request for a filename that does not. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric Stack Overflow Buffer Overflow RCE Wonderware Intouch Access Anywhere Server
NVD
CVSS 2.0
10.0
EPSS
6.4%
CVE-2014-9495 HIGH This Week

Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Mac Os X Libpng
NVD
CVSS 3.1
8.8
EPSS
3.5%
CVE-2014-6158 CRITICAL PATCH Act Now

Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before 1.0.0.4 iFix 10, 1.1 before 1.1.0.5, and 2.0 before 2.0.0.1 and Workload Deployer. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal RCE IBM Pureapplication System Workload Deployer
NVD
CVSS 2.0
9.0
EPSS
2.4%
CVE-2014-6199 MEDIUM This Month

The HTTP Server Adapter in IBM Sterling B2B Integrator 5.1 and 5.2.x and Sterling File Gateway 2.1 and 2.2 allows remote attackers to cause a denial of service (connection-slot exhaustion) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Sterling B2b Integrator Sterling File Gateway
NVD
CVSS 2.0
5.0
EPSS
1.9%
CVE-2015-0562 MEDIUM This Month

Multiple use-after-free vulnerabilities in epan/dissectors/packet-dec-dnart.c in the DEC DNA Routing Protocol dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Wireshark
NVD
CVSS 2.0
5.0
EPSS
1.2%
CVE-2015-0582 MEDIUM This Month

The High Availability (HA) subsystem in Cisco NX-OS on MDS 9000 devices allows remote attackers to cause a denial of service via crafted traffic, aka Bug ID CSCuo09129. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Nx Os
NVD
CVSS 2.0
5.0
EPSS
1.1%
CVE-2015-0563 MEDIUM This Month

epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Opensuse Wireshark
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2014-8020 MEDIUM This Month

Cisco Unified Communication Domain Manager Platform Software allows remote attackers to cause a denial of service (CPU consumption, and performance degradation or service outage) via a flood of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Unified Communications Domain Manager
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2015-0564 MEDIUM This Month

Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Wireshark Linux Solaris +2
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-8036 MEDIUM This Month

The outlookpa component in Cisco WebEx Meetings Server does not properly validate API input, which allows remote attackers to modify a meeting's invite list via a crafted URL, aka Bug ID CSCuj40254. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings Server
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-8035 MEDIUM This Month

The web framework in Cisco WebEx Meetings Server produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings Server
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-0561 MEDIUM This Month

asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Wireshark Opensuse Solaris
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-0560 MEDIUM This Month

The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Wireshark Opensuse
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-0559 MEDIUM This Month

Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Opensuse Wireshark
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-6212 MEDIUM PATCH This Month

The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

IBM XXE Emptoris Sourcing Portfolio Emptoris Program Management Emptoris Contract Management +1
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-3096 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management before 6.0.5.5a allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Curam Social Program Management
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-9191 LOW Monitor

The CodeWrights HART Device Type Manager (DTM) library in Emerson HART DTM before 1.4.181 allows physically proximate attackers to cause a denial of service (DTM outage and FDT Frame application. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Hart Device Type Manager
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy