Skip to main content
CVE-2014-7884 CRITICAL POC THREAT Emergency

Multiple unspecified vulnerabilities in HP ArcSight Logger before 6.0P1 have unknown impact and remote authenticated attack vectors. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 23.2%.

HP Information Disclosure Arcsight Logger
NVD Exploit-DB
CVSS 2.0
9.0
EPSS
23.2%
Threat
4.0
CVE-2014-7885 CRITICAL Act Now

Multiple unspecified vulnerabilities in HP ArcSight Enterprise Security Manager (ESM) before 6.8c have unknown impact and remote attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Arcsight Enterprise Security Manager
NVD
CVSS 2.0
10.0
EPSS
0.7%
CVE-2015-0979 CRITICAL Act Now

Heap-based buffer overflow in the SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to execute arbitrary code via a crafted packet. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Buffer Overflow Bacnet Opc Server
NVD
CVSS 2.0
9.0
EPSS
1.9%
CVE-2015-0980 CRITICAL Act Now

Format string vulnerability in BACnOPCServer.exe in the SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to execute arbitrary code via format string. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Bacnet Opc Server
NVD
CVSS 2.0
9.0
EPSS
1.6%
CVE-2015-0982 HIGH PATCH This Week

Buffer overflow in an unspecified DLL in Schneider Electric Pelco DS-NVs before 7.8.90 allows remote attackers to execute arbitrary code via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Schneider Electric Buffer Overflow RCE Pelco Ds Nv
NVD
CVSS 2.0
7.5
EPSS
6.0%
CVE-2015-0981 HIGH This Week

The SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to bypass authentication and read or write to arbitrary database fields via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Bacnet Opc Server
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2015-0660 HIGH This Week

Cisco Virtual TelePresence Server Software does not properly restrict use of the serial port, which allows local users to execute arbitrary OS commands as root by leveraging vSphere controller. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Telepresence Server Software
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2015-0978 MEDIUM This Month

Multiple untrusted search path vulnerabilities in (1) EQATEC.Analytics.Monitor.Win32_vc100.dll and (2) EQATEC.Analytics.Monitor.Win32_vc100-x64.dll in Elipse E3 4.5.232 through 4.6.161 allow local. Rated medium severity (CVSS 6.9). No vendor patch available.

Information Disclosure E3
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2014-9207 MEDIUM This Month

Untrusted search path vulnerability in CmnView.exe in CIMON CmnView 2.14.0.1 and 3.x before UltimateAccess 3.02 allows local users to gain privileges via a Trojan horse DLL in the current working. Rated medium severity (CVSS 6.9). No vendor patch available.

Information Disclosure Cmnview Ultimateaccess
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2014-9206 MEDIUM This Month

Stack-based buffer overflow in Device Type Manager (DTM) 3.1.6 and earlier for Schneider Electric Invensys SRD Control Valve Positioner devices 960 and 991 allows local users to gain privileges via a. Rated medium severity (CVSS 6.9). No vendor patch available.

Schneider Electric Buffer Overflow Device Type Manager
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2014-5409 MEDIUM This Month

The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Hydran M2
NVD GitHub
CVSS 2.0
6.4
EPSS
2.3%
CVE-2015-2107 MEDIUM This Month

HP Operations Manager i Management Pack 1.x before 1.01 for SAP allows local users to execute OS commands by leveraging SAP administrative privileges. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

HP SAP Authentication Bypass Operations Manager I Management Pack
NVD
CVSS 2.0
6.8
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy