Skip to main content
CVE-2012-3404 MEDIUM POC This Month

The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Glibc Enterprise Virtualization Ubuntu Linux Enterprise Linux
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2013-4736 HIGH PATCH This Week

Multiple integer overflows in the JPEG engine drivers in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Linux Google Qualcomm Android Msm
NVD
CVSS 2.0
7.8
EPSS
0.5%
CVE-2012-3406 MEDIUM This Month

The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Denial Of Service RCE Glibc Enterprise Virtualization +2
NVD
CVSS 2.0
6.8
EPSS
0.9%
CVE-2014-1213 MEDIUM This Month

Sophos Anti-Virus engine (SAVi) before 3.50.1, as used in VDL 4.97G 9.7.x before 9.7.9, 10.0.x before 10.0.11, and 10.3.x before 10.3.1 does not set an ACL for certain global and session objects,. Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Scanning Engine Sophos Anti Virus
NVD
CVSS 2.0
5.6
EPSS
0.1%
CVE-2013-2055 MEDIUM This Month

Unspecified vulnerability in Apache Wicket 1.4.x before 1.4.23, 1.5.x before 1.5.11, and 6.x before 6.8.0 allows remote attackers to obtain sensitive information via vectors that cause raw HTML. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Wicket
NVD
CVSS 2.0
5.0
EPSS
1.6%
CVE-2012-3405 MEDIUM This Month

The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Glibc Enterprise Virtualization Ubuntu Linux Enterprise Linux
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2012-2328 MEDIUM This Month

internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Instrumentation for Manageability (SBLIM) Common Information Model (CIM) Client (aka sblim-cim-client2) before 2.1.12 computes hash. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Java Standards Based Linux Common Information Model Client Opensuse
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2012-0064 MEDIUM This Month

xkeyboard-config before 2.5 in X.Org before 7.6 enables certain XKB debugging functions by default, which allows physically proximate attackers to bypass an X screen lock via keyboard combinations. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation X Org X11 Xkeyboard Config
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2013-2214 MEDIUM This Month

status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not properly restrict access to certain users that are a contact for a service, which allows remote authenticated users to obtain. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Nagios
NVD
CVSS 2.0
4.0
EPSS
2.7%
CVE-2014-1930 MEDIUM This Month

Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to (1) AppSelfService.aspx and (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Cyber Recruiter
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2014-1876 MEDIUM This Month

The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not. Rated medium severity (CVSS 4.4). No vendor patch available.

Java Oracle Information Disclosure Openjdk
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2013-6024 MEDIUM This Month

The Edge Client components in F5 BIG-IP APM 10.x, 11.x, 12.x, 13.x, and 14.x, BIG-IP Edge Gateway 10.x and 11.x, and FirePass 7.0.0 allow attackers to obtain sensitive information from process memory. Rated medium severity (CVSS 4.4). No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Edge Gateway Firepass
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2014-1931 MEDIUM This Month

The user login page in Visibility Software Cyber Recruiter before 8.1.00 generates different responses for invalid password-retrieval attempts depending on which data elements are incorrect, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Cyber Recruiter
NVD
CVSS 2.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy