Skip to main content
CVE-2013-6429 MEDIUM PATCH This Month

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 38.7%.

CSRF Denial Of Service Java XXE Spring Framework
NVD
CVSS 2.0
6.8
EPSS
38.7%
CVE-2013-7247 MEDIUM POC THREAT This Month

cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 17.2%.

Privilege Escalation Ts 550 Evo Firmware Ts 550 Evo
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
17.2%
CVE-2014-1664 MEDIUM POC This Month

The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Information Disclosure Google Gotomeeting
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
7.9%
CVE-2014-1671 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in Dell KACE K1000 5.4.76847 and possibly earlier allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the macAddress. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Dell SQLi Kace K1000 Systems Management Appliance Software Kace K1000 Systems Management Virtual Appliance +3
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
0.3%
CVE-2014-0794 MEDIUM POC This Month

SQL injection vulnerability in the JV Comment (com_jvcomment) component before 3.0.3 for Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP SQLi XSS Com Jvcomment
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.0%
CVE-2013-7296 MEDIUM This Month

The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Poppler
NVD
CVSS 2.0
5.0
EPSS
2.5%
CVE-2013-7298 MEDIUM This Month

query_params.cpp in cxxtools before 2.2.1 allows remote attackers to cause a denial of service (infinite recursion and crash) via an HTTP query that contains %% (double percent) characters. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cxxtools
NVD
CVSS 2.0
5.0
EPSS
1.2%
CVE-2013-6466 MEDIUM This Month

Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Openswan
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2013-6467 MEDIUM This Month

Libreswan 3.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Libreswan
NVD VulDB
CVSS 2.0
5.0
EPSS
0.9%
CVE-2014-1626 MEDIUM This Month

XML External Entity (XXE) vulnerability in MARC::File::XML module before 1.0.2 for Perl, as used in Evergreen, Koha, perl4lib, and possibly other products, allows context-dependent attackers to read. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation XXE Marc Xml
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-7299 MEDIUM PATCH This Month

framework/common/messageheaderparser.cpp in Tntnet before 2.2.1 allows remote attackers to obtain sensitive information via a header that ends in \n instead of \r\n, which prevents a null terminator. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Tntnet
NVD GitHub
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-0022 MEDIUM This Month

The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows remote attackers to bypass the RMP. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Yum
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-1673 MEDIUM This Month

Check Point Session Authentication Agent allows remote attackers to obtain sensitive information (user credentials) via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Session Authentication Agent
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-1642 MEDIUM This Month

The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest. Rated medium severity (CVSS 4.4). No vendor patch available.

Buffer Overflow Denial Of Service RCE Xen
NVD
CVSS 2.0
4.4
EPSS
0.2%
CVE-2014-1607 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the EventCalendar module for Drupal 7.14 allows remote attackers to inject arbitrary web script or HTML via the year parameter to eventcalander/. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Drupal
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-7143 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 allows remote attackers to inject arbitrary web script or HTML via the title in a mail filter rule. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-7142 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified oAuth API functions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-7141 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to crafted "<%". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-6853 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in clickstream.js in Y!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Microsoft XSS Toolbar
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-7140 MEDIUM This Month

XML External Entity (XXE) vulnerability in the CalDAV interface in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote authenticated users to read portions of arbitrary files via vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal XXE Open Xchange Appsuite
NVD
CVSS 2.0
4.0
EPSS
0.5%
CVE-2014-1672 MEDIUM This Month

Check Point R75.47 Security Gateway and Management Server does not properly enforce Anti-Spoofing when the routing table is modified and the "Get - Interfaces with Topology" action is performed,. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Management Server Security Gateway
NVD
CVSS 2.0
4.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy