Skip to main content
CVE-2014-2212 MEDIUM POC This Month

The remember me feature in portal/scr_authentif.php in POSH (aka Posh portal or Portaneo) 3.0, 3.2.1, 3.3.0, and earlier stores the username and MD5 digest of the password in cleartext in a cookie,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Posh
NVD VulDB
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-0634 MEDIUM This Month

EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Vplex Geosynchrony
NVD VulDB
CVSS 2.0
6.0
EPSS
0.4%
CVE-2014-1895 MEDIUM PATCH This Month

Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a. Rated medium severity (CVSS 5.8).

Denial Of Service Python Xen
NVD VulDB
CVSS 2.0
5.8
EPSS
0.1%
CVE-2014-1894 MEDIUM PATCH This Month

Multiple integer overflows in unspecified suboperations in the flask hypercall in Xen 3.2.x and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via. Rated medium severity (CVSS 5.2).

Denial Of Service Python Xen
NVD VulDB
CVSS 2.0
5.2
EPSS
0.3%
CVE-2014-1893 MEDIUM PATCH This Month

Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETBOOL suboperations in the flask hypercall in Xen 4.1.x, 3.3.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause. Rated medium severity (CVSS 5.2).

Denial Of Service Python Xen
NVD VulDB
CVSS 2.0
5.2
EPSS
0.3%
CVE-2014-1892 MEDIUM PATCH This Month

Xen 3.3 through 4.1, when XSM is enabled, allows local users to cause a denial of service via vectors related to a "large memory allocation," a different vulnerability than CVE-2014-1891,. Rated medium severity (CVSS 5.2). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Xen
NVD VulDB
CVSS 2.0
5.2
EPSS
0.3%
CVE-2014-1891 MEDIUM PATCH This Month

Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and. Rated medium severity (CVSS 5.2).

Denial Of Service Python Xen
NVD VulDB
CVSS 2.0
5.2
EPSS
0.3%
CVE-2014-2590 MEDIUM This Month

The web management interface in Siemens RuggedCom ROS before 3.11, ROS 3.11 before 3.11.5 for RS950G, ROS 3.12, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (interface. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Siemens Authentication Bypass Ruggedcom Rugged Operating System
NVD VulDB
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-2237 MEDIUM PATCH This Month

The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Keystone
NVD VulDB
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-1896 MEDIUM PATCH This Month

The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4.2.x, 4.3.x, and 4.4-RC series allows local guests to cause a denial of service or possibly gain privileges via crafted xenstore. Rated medium severity (CVSS 4.9).

Denial Of Service Xen
NVD VulDB
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-2678 MEDIUM PATCH This Month

The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have. Rated medium severity (CVSS 4.7).

Denial Of Service Linux Null Pointer Dereference Linux Kernel Fedora
NVD VulDB
CVSS 2.0
4.7
EPSS
0.1%
CVE-2014-2673 MEDIUM PATCH This Month

The arch_dup_task_struct function in the Transactional Memory (TM) implementation in arch/powerpc/kernel/process.c in the Linux kernel before 3.13.7 on the powerpc platform does not properly interact. Rated medium severity (CVSS 4.7).

Denial Of Service Linux Linux Kernel
NVD GitHub VulDB
CVSS 2.0
4.7
EPSS
0.0%
CVE-2013-7348 MEDIUM This Month

Double free vulnerability in the ioctx_alloc function in fs/aio.c in the Linux kernel before 3.12.4 allows local users to cause a denial of service (system crash) or possibly have unspecified other. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel
NVD GitHub VulDB
CVSS 2.0
4.6
EPSS
0.1%
CVE-2013-1869 MEDIUM PATCH This Month

CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Red Hat Java Satellite Spacewalk Java
NVD VulDB
CVSS 2.0
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy