Skip to main content
CVE-2014-8636 HIGH POC THREAT Act Now

The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 83.6%.

RCE Mozilla Google Code Injection Firefox +2
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
83.6%
Threat
5.5
CVE-2014-8634 HIGH This Week

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Firefox +3
NVD
CVSS 2.0
7.5
EPSS
1.7%
CVE-2014-8635 HIGH This Week

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Seamonkey +1
NVD
CVSS 2.0
7.5
EPSS
1.6%
CVE-2014-8641 HIGH This Week

Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Seamonkey Firefox Firefox Esr
NVD
CVSS 2.0
7.5
EPSS
1.5%
CVE-2014-8643 HIGH This Week

Mozilla Firefox before 35.0 on Windows allows remote attackers to bypass the Gecko Media Plugin (GMP) sandbox protection mechanism by leveraging access to the GMP process, as demonstrated by the. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Privilege Escalation Microsoft Opensuse Firefox
NVD
CVSS 2.0
7.1
EPSS
1.3%
CVE-2014-8639 MEDIUM This Month

Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Seamonkey Firefox Firefox Esr +1
NVD
CVSS 2.0
6.8
EPSS
1.8%
CVE-2014-8638 MEDIUM This Month

The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Mozilla Firefox Firefox Esr Thunderbird +1
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2015-0578 MEDIUM This Month

Cisco Adaptive Security Appliance (ASA) Software, when a DHCPv6 relay is configured, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets on the local. Rated medium severity (CVSS 5.7). No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software
NVD
CVSS 2.0
5.7
EPSS
0.6%
CVE-2014-8640 MEDIUM This Month

The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Race Condition Mozilla Denial Of Service Firefox Opensuse +1
NVD
CVSS 2.0
5.0
EPSS
1.5%
CVE-2015-0579 MEDIUM This Month

Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway allow remote attackers to cause a denial of service (memory and CPU consumption, and partial outage) via crafted SIP packets,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Telepresence Video Communication Server
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2014-8637 MEDIUM This Month

Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly initialize memory for BMP images, which allows remote attackers to obtain sensitive information from process memory via a crafted. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Seamonkey Firefox
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-3314 MEDIUM This Month

Cisco AnyConnect on Android and OS X does not properly verify the host type, which allows remote attackers to spoof authentication forms and possibly capture credentials via unspecified vectors, aka. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Google Information Disclosure Anyconnect Secure Mobility Client
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-0583 MEDIUM This Month

Cisco WebEx Meeting Center does not properly restrict the content of URLs, which allows remote attackers to obtain sensitive information via vectors related to file: URIs, aka Bug ID CSCus18281. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meeting Center
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-8642 MEDIUM This Month

Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder, which makes it easier for remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Seamonkey Opensuse Firefox
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2015-0577 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the IronPort Spam Quarantine (ISQ) page in Cisco AsyncOS, as used on the Cisco Email Security Appliance (ESA) and Content Security Management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Asyncos
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-5231 LOW Monitor

The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to extract the password from storage via unspecified vectors. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Siemens Simatic Wincc Sm Rtclient
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-5233 LOW Monitor

The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to discover Sm@rtServer credentials by leveraging an error in the credential-processing mechanism. Rated low severity (CVSS 1.9). No vendor patch available.

Apple Information Disclosure Siemens Simatic Wincc Sm Rtclient
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2014-5232 LOW Monitor

The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows local users to bypass an intended application-password requirement by leveraging the running of the app in the background state. Rated low severity (CVSS 1.9). No vendor patch available.

Apple Privilege Escalation Siemens Simatic Wincc Sm Rtclient
NVD
CVSS 2.0
1.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy