Latest CVE Feed
-
10.0
HIGHCVE-2014-4947
Buffer overflow in the HVM graphics console support in Citrix XenServer 6.2 Service Pack 1 and earlier has unspecified impact and attack vectors.... Read more
Affected Products : xenserver- EPSS Score: %0.80
- Published: Jul. 22, 2014
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2014-4497
Integer signedness error in IOBluetoothFamily in the Bluetooth implementation in Apple OS X before 10.10 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (write to kernel memory) via a crafted app.... Read more
- EPSS Score: %1.10
- Published: Jan. 30, 2015
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2014-4393
Buffer overflow in the shader compiler in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GLSL shader.... Read more
- EPSS Score: %6.09
- Published: Sep. 19, 2014
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2014-4376
IOKit in IOAcceleratorFamily in Apple OS X before 10.9.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted API arguments.... Read more
- EPSS Score: %0.96
- Published: Sep. 19, 2014
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2014-4121
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifiers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted r... Read more
Affected Products : .net_framework- EPSS Score: %42.52
- Published: Oct. 15, 2014
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2014-4073
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the ClickOnce installer, which allows remote attackers to gain privileges via vectors involving Internet Explorer, aka ".NET ClickOnce... Read more
Affected Products : .net_framework- EPSS Score: %29.99
- Published: Oct. 15, 2014
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2014-3913
Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers to execute arbitrary code via a request for a non-existent file.... Read more
Affected Products : accessnow_server- EPSS Score: %78.74
- Published: Jun. 04, 2014
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2014-3828
Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.ph... Read more
- EPSS Score: %78.59
- Published: Oct. 23, 2014
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2014-3805
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) get_license, (2) get_log_line, or (3) update_system/upgrade_pro_web request, a different vulnerability than CVE-2014-3804.... Read more
Affected Products : open_source_security_information_management- EPSS Score: %41.18
- Published: Jun. 13, 2014
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2014-3692
The customization template in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 uses a default password for the root account when a password is not specified for a new image, which allows remote attackers to gain privileges.... Read more
Affected Products : cloudforms_3.1_management_engine- EPSS Score: %1.70
- Published: Jan. 16, 2015
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2014-2866
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on client JavaScript code for access restrictions, which allows remote attackers to perform unspecified operations by modifying this code.... Read more
Affected Products : commonspot_content_server- EPSS Score: %1.06
- Published: Apr. 15, 2014
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2014-2864
Multiple directory traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a filename parameter containing directory traversal sequences.... Read more
Affected Products : commonspot_content_server- EPSS Score: %0.65
- Published: Apr. 15, 2014
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2014-2863
Multiple absolute path traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a full pathname in a parameter.... Read more
Affected Products : commonspot_content_server- EPSS Score: %0.90
- Published: Apr. 15, 2014
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2014-2648
Unspecified vulnerability in HP Operations Manager 9.10 and 9.11 on UNIX allows remote attackers to execute arbitrary code via unknown vectors.... Read more
- EPSS Score: %22.35
- Published: Oct. 10, 2014
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2014-1776
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploit... Read more
Affected Products : windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 internet_explorer windows_server_2003 windows_vista windows_xp windows_8 +1 more products- Actively Exploited
- EPSS Score: %78.23
- Published: Apr. 27, 2014
- Modified: May. 29, 2025
-
10.0
HIGHCVE-2014-1381
Thunderbolt in Apple OS X before 10.9.4 does not properly restrict IOThunderBoltController API calls, which allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted call.... Read more
- EPSS Score: %1.33
- Published: Jul. 01, 2014
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2014-1379
Graphics Drivers in Apple OS X before 10.9.4 allows attackers to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a 32-bit executable file for a crafted application.... Read more
- EPSS Score: %0.50
- Published: Jul. 01, 2014
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2014-1318
The Intel Graphics Driver in Apple OS X through 10.9.2 does not properly validate a certain pointer, which allows attackers to execute arbitrary code via a crafted application.... Read more
- EPSS Score: %1.29
- Published: Apr. 23, 2014
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2014-1314
WindowServer in Apple OS X through 10.9.2 does not prevent session creation by a sandboxed application, which allows attackers to bypass the sandbox protection mechanism and execute arbitrary code via a crafted application.... Read more
- EPSS Score: %0.29
- Published: Apr. 23, 2014
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2014-1201
Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2 LH330 series with firmware 11.17.38-33_1D97A, and Edge3 LH340 series with firmware 11.19.85_1FE3A allows remote attackers to... Read more
Affected Products : edge_lh310_firmware edge edge3_lh340_firmware edge3 edge2_lh330_firmware edge2 edge\+_lh320_firmware edge\+- EPSS Score: %24.98
- Published: Jan. 15, 2014
- Modified: Apr. 11, 2025