Skip to main content
CVE-2014-1267 MEDIUM This Month

The Configuration Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 does not properly evaluate the expiration date of a mobile configuration profile, which allows attackers to bypass. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Authentication Bypass Tvos Iphone Os
NVD VulDB
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-0467 MEDIUM This Month

Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Mutt Opensuse
NVD VulDB
CVSS 2.0
5.0
EPSS
1.8%
CVE-2014-2265 MEDIUM PATCH This Month

Rock Lobster Contact Form 7 before 3.7.2 allows remote attackers to bypass the CAPTCHA protection mechanism and submit arbitrary form data by omitting the _wpcf7_captcha_challenge_captcha-719. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Contact Form 7
NVD VulDB
CVSS 2.0
5.0
EPSS
1.4%
CVE-2013-4846 MEDIUM PATCH This Month

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.3 allows remote attackers to obtain sensitive information via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

HP Information Disclosure System Management Homepage
NVD VulDB
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-1286 MEDIUM This Month

SpringBoard Lock Screen in Apple iOS before 7.1 allows remote attackers to cause a denial of service (lock-screen hang) by leveraging a state-management error. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Denial Of Service Iphone Os
NVD VulDB
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-1939 MEDIUM PATCH This Month

The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.7.7, and 1.8.x before 1.8.5, as used in ownCloud, when running on Windows, does not properly check path separators in the base path,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft Sabredav Owncloud Server
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-1276 MEDIUM This Month

IOKit HID Event in Apple iOS before 7.1 allows attackers to conduct user-action monitoring attacks against arbitrary apps via a crafted app that accesses an IOKit framework interface. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Privilege Escalation Iphone Os
NVD VulDB
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-2049 MEDIUM PATCH This Month

The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Owncloud Server Owncloud
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-2086 MEDIUM PATCH This Month

The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

CSRF Information Disclosure Owncloud Server
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-0694 MEDIUM This Month

Intelligent Automation for Cloud (IAC) in Cisco Cloud Portal 9.4.1 and earlier includes a cryptographic key in binary files, which makes it easier for remote attackers to obtain cleartext data from. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Cloud Portal
NVD VulDB
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-2319 MEDIUM This Month

The Encrypt Files feature in ConeXware PowerArchiver before 14.02.05 uses legacy ZIP encryption even if the AES 256-bit selection is chosen, which makes it easier for context-dependent attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Powerarchiver
NVD VulDB
CVSS 2.0
5.0
EPSS
0.1%
CVE-2013-2089 MEDIUM PATCH This Month

Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable.

RCE PHP Owncloud Owncloud Server
NVD
CVSS 2.0
4.6
EPSS
0.4%
CVE-2013-6476 MEDIUM PATCH This Month

The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same. Rated medium severity (CVSS 4.4).

Privilege Escalation Ubuntu Linux Debian Linux Fedora Cups Filters
NVD VulDB
CVSS 2.0
4.4
EPSS
0.3%
CVE-2013-6209 MEDIUM This Month

Unspecified vulnerability in rpc.lockd in the NFS subsystem in HP HP-UX B.11.11 and B.11.23 allows remote attackers to cause a denial of service via unknown vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP Denial Of Service Hp Ux
NVD VulDB
CVSS 2.0
4.3
EPSS
0.5%
CVE-2012-0891 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Puppet Dashboard Puppet Enterprise
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-0298 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted iCalendar file to the calendar. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Owncloud Server
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-6205 MEDIUM This Month

Unspecified vulnerability in HP Rapid Deployment Pack (RDP) and Insight Control Server Deployment allows local users to obtain sensitive information, modify data, or cause a denial of service via. Rated medium severity (CVSS 4.1). No vendor patch available.

HP Denial Of Service Insight Control Server Deployment Rapid Deployment Pack
NVD VulDB
CVSS 2.0
4.1
EPSS
0.0%
CVE-2013-2085 MEDIUM PATCH This Month

Directory traversal vulnerability in apps/files_trashbin/index.php in ownCloud Server before 5.0.6 allows remote authenticated users to access arbitrary files via a .. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Owncloud
NVD VulDB
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-2043 MEDIUM PATCH This Month

apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before 5.0.6 does not properly check the ownership of a calendar, which allows remote authenticated users to download arbitrary. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

PHP Privilege Escalation Owncloud Owncloud Server
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-1963 MEDIUM This Month

The contacts application in ownCloud before 4.5.10 and 5.x before 5.0.5 does not properly check the ownership of contacts, which allows remote authenticated users to download arbitrary contacts via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Owncloud Owncloud Server
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2012-5158 MEDIUM This Month

Puppet Enterprise (PE) before 2.6.1 does not properly invalidate sessions when the session secret has changed, which allows remote authenticated users to retain access via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Puppet Enterprise Puppet
NVD VulDB
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-2039 MEDIUM PATCH This Month

Directory traversal vulnerability in lib/files/view.php in ownCloud before 4.0.15, 4.5.x 4.5.11, and 5.x before 5.0.6 allows remote authenticated users to access arbitrary files via unspecified. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Owncloud Owncloud Server
NVD
CVSS 2.0
4.0
EPSS
0.1%
CVE-2013-0307 LOW Monitor

Cross-site scripting (XSS) vulnerability in settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allows remote administrators to inject arbitrary web script or HTML via the group input field. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Owncloud Owncloud Server
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2014-2291 LOW Monitor

Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Juniper XSS Ivanti Ive Os
NVD VulDB
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-2150 LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Owncloud Server Owncloud
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-2149 LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.16 and 5.x before 5.0.7 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Owncloud Owncloud Server
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-2042 LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS PHP Owncloud Owncloud Server
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-2041 LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tag parameter to. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS PHP Owncloud Server
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-2040 LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Owncloud Owncloud Server
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-0297 LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1). Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Owncloud Server Owncloud
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-1851 LOW Monitor

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.13 and 4.5.x before 4.5.8, when the user_migrate application is enabled, allows remote authenticated users to import. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

PHP Information Disclosure Owncloud Owncloud Server
NVD VulDB
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-1822 LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.8 allow remote authenticated users with administrator privileges to inject arbitrary web script or HTML via the (1). Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Owncloud Server
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2014-1274 LOW Monitor

FaceTime in Apple iOS before 7.1 allows physically proximate attackers to obtain sensitive FaceTime contact information by using the lock screen for an invalid FaceTime call. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD VulDB
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-2047 LOW PATCH Monitor

The login page (aka index.php) in ownCloud before 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate attackers to guess the. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

PHP Privilege Escalation Owncloud Owncloud Server
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-1279 LOW Monitor

Apple TV before 6.1 does not properly restrict logging, which allows local users to obtain sensitive information by reading log data. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Tvos
NVD VulDB
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-0017 LOW PATCH Monitor

The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared. Rated low severity (CVSS 1.9).

Information Disclosure OpenSSL Libssh
NVD VulDB
CVSS 2.0
1.9
EPSS
0.1%
CVE-2014-1281 LOW Monitor

Photos Backend in Apple iOS before 7.1 does not properly manage the asset-library cache during deletions, which allows physically proximate attackers to obtain sensitive photo data by launching the. Rated low severity (CVSS 1.9). No vendor patch available.

Apple Privilege Escalation Iphone Os
NVD VulDB
CVSS 2.0
1.9
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy