Skip to main content
CVE-2014-9676 MEDIUM POC This Month

The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service ("invalid. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Denial Of Service Ffmpeg
NVD
CVSS 2.0
6.8
EPSS
1.6%
CVE-2014-9682 CRITICAL PATCH Act Now

The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Node.js Dns Sync
NVD GitHub
CVSS 2.0
10.0
EPSS
1.0%
CVE-2015-0889 HIGH This Week

KENT-WEB Joyful Note before 5.3 allows remote attackers to delete files or write to files, and consequently execute arbitrary code, via vectors involving an article. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Joyful Note
NVD
CVSS 2.0
7.5
EPSS
2.1%
CVE-2015-0887 HIGH This Week

npppd in the PPP Access Concentrator (PPPAC) on SEIL SEIL/x86 Fuji routers 1.00 through 3.30, SEIL/X1 routers 3.50 through 4.70, SEIL/X2 routers 3.50 through 4.70, and SEIL/B1 routers 3.50 through. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Seil X86 Fuji Firmware Seil X2 Firmware Seil X1 Firmware Seil B1 Firmware +1
NVD
CVSS 2.0
7.1
EPSS
0.5%
CVE-2015-0884 MEDIUM This Month

Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack for Windows before 9.10.32(T) and Service Station before 2.2.14 allows local users to gain privileges via a Trojan horse. Rated medium severity (CVSS 6.9). No vendor patch available.

Information Disclosure Microsoft Bluetooth Stack Service Station
NVD
CVSS 2.0
6.9
EPSS
0.4%
CVE-2015-0888 MEDIUM PATCH This Month

KENT-WEB Clip Board before 4.1 allows remote attackers to delete arbitrary files via unspecified vectors. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Clip Board
NVD
CVSS 2.0
6.4
EPSS
0.7%
CVE-2015-0886 MEDIUM PATCH This Month

Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Integer Overflow Buffer Overflow Jbcrypt Fedora bcrypt
NVD
CVSS 2.0
5.0
EPSS
2.5%
CVE-2015-0885 MEDIUM This Month

checkpw 1.02 and earlier allows remote attackers to cause a denial of service (infinite loop) via a -- (dash dash) in a username. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Debian Linux Checkpw
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2015-0655 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Unified Web Interaction Manager in Cisco Unified Web and E-Mail Interaction Manager allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Unified Web And E Mail Interaction Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy