Skip to main content
CVE-2013-1904 MEDIUM POC PATCH This Month

Absolute path traversal vulnerability in steps/mail/sendmail.inc in Roundcube Webmail before 0.7.3 and 0.8.x before 0.8.6 allows remote attackers to read arbitrary files via a full pathname in the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Path Traversal Webmail
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-0039 MEDIUM POC PATCH This Month

Untrusted search path vulnerability in fwsnort before 1.6.4, when not running as root, allows local users to execute arbitrary code via a Trojan horse fwsnort.conf in the current working directory. Rated medium severity (CVSS 4.4). Public exploit code available.

RCE Fwsnort
NVD GitHub
CVSS 2.0
4.4
EPSS
0.1%
CVE-2012-5524 MEDIUM POC This Month

The _ssl_verify_callback function in tls_nb.py in Gajim before 0.15.3 does not properly verify SSL certificates, which allows remote attackers to conduct man-in-the-middle (MITM) attacks and spoof. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Gajim
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-0045 HIGH This Week

The needSamples method in AudioOutputSpeech.cpp in the client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots, Mumble for iOS 1.1 through 1.2.2, and MumbleKit before commit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apple RCE Mumble Mumblekit
NVD
CVSS 2.0
7.5
EPSS
2.7%
CVE-2014-0044 MEDIUM This Month

The opus_packet_get_samples_per_frame function in client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots allows remote attackers to cause a denial of service (crash) via a crafted length prefix. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Mumble
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-1916 MEDIUM This Month

The (1) opus_packet_get_nb_frames and (2) opus_packet_get_samples_per_frame functions in the client in MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d and Mumble for iOS 1.1 through. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apple Mumble Mumblekit
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-1869 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Openshift Zeroclipboard
NVD GitHub
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-2191 MEDIUM PATCH This Month

python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Python Information Disclosure Python Bugzilla Fedora Opensuse
NVD
CVSS 2.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy