Skip to main content
CVE-2014-9195 CRITICAL POC THREAT Emergency

Phoenix Contact ProConOs and MultiProg do not require authentication, which allows remote attackers to execute arbitrary commands via protocol-compliant traffic. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 82.5%.

Authentication Bypass Multiprog Proconos Eclr
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
82.5%
Threat
6.0
CVE-2014-5419 CRITICAL Act Now

GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier use the same RSA private key. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Multilink Ml3100 Firmware Multilink Ml3100 Multilink Ml3000 Firmware Multilink Ml3000 +10
NVD GitHub
CVSS 2.0
10.0
EPSS
1.4%
CVE-2014-9199 CRITICAL Act Now

The Clorius Controls Java web client before 01.00.0009g allows remote attackers to discover credentials by sniffing the network for cleartext-equivalent traffic. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Java Web Client
NVD
CVSS 2.0
10.0
EPSS
0.7%
CVE-2014-8143 HIGH PATCH This Week

Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.

Privilege Escalation Samba
NVD
CVSS 2.0
8.5
EPSS
4.9%
CVE-2015-0924 HIGH This Week

Ceragon FibeAir IP-10 bridges have a default password for the root account, which makes it easier for remote attackers to obtain access via a (1) HTTP, (2) SSH, (3) TELNET, or (4) CLI session. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fiberair Ip 10C Fiberair Ip 10E Fiberair Ip 10G
NVD
CVSS 2.0
7.8
EPSS
0.9%
CVE-2014-3018 HIGH This Week

IBM BladeCenter SAS Connectivity Module (aka NSSM) and SAS RAID Module (aka RSSM) before 1.3.3.006 allow remote attackers to cause a denial of service (reboot) via a flood of IP packets. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Sas Raid Module Firmware Sas Connectivity Module Firmware
NVD
CVSS 2.0
7.8
EPSS
0.7%
CVE-2014-2355 MEDIUM This Month

The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file. Rated medium severity (CVSS 6.6). No vendor patch available.

Buffer Overflow Intelligent Platforms Proficy Hmi Scada Cimplicity
NVD
CVSS 2.0
6.6
EPSS
0.1%
CVE-2014-9194 MEDIUM This Month

Arbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service 1094B Gps Substation Clock
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2014-5418 MEDIUM This Month

GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier allow remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Multilink Ml810 Firmware Multilink Ml810 Multilink Ml1600 Firmware Multilink Ml1600 +10
NVD GitHub
CVSS 2.0
5.0
EPSS
2.0%
CVE-2015-0590 MEDIUM This Month

Cisco WebEx Meeting Center allows remote attackers to activate disabled meeting attributes, and consequently obtain sensitive information, by providing crafted parameters during a meeting-join. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meeting Center
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-3019 MEDIUM PATCH This Month

IBM BladeCenter SAS Connectivity Module (aka NSSM) and SAS RAID Module (aka RSSM) before 1.3.3.006 allow remote attackers to obtain blade and storage-pool access via a TELNET session. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Sas Raid Module Firmware Sas Connectivity Module Firmware
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-6197 MEDIUM PATCH This Month

IBM Security Network Protection 5.1.x and 5.2.x before 5.2.0.0 FP5 and 5.3.x before 5.3.0.0 FP1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM Information Disclosure Security Network Protection Xgs Firmware
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-3032 LOW Monitor

Cross-site scripting (XSS) vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIbus 7.3.0 before 7.3.0.6, 7.3.1 before 7.3.1.7, and 7.4.0 before 7.4.0.3 allows remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Tivoli Netcool Omnibus
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-4835 LOW Monitor

IBM ServerGuide before 9.63, UpdateXpress System Packs Installer (UXSPI) before 9.63, and ToolsCenter Suite before 9.63 place credentials in logs, which allows local users to obtain sensitive. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Serverguide Toolscenter Suite Updatexpress System Packs Installer
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy