Skip to main content
CVE-2013-5704 MEDIUM POC PATCH THREAT This Month

The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 64.7%.

Authentication Bypass Apache Http Server Enterprise Linux Desktop Enterprise Linux Eus +12
NVD VulDB
CVSS 2.0
5.0
EPSS
64.7%
Threat
4.4
CVE-2013-5705 MEDIUM POC PATCH This Month

apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Modsecurity Debian Linux
NVD GitHub VulDB
CVSS 2.0
5.0
EPSS
0.8%
CVE-2013-7368 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Gnew 2013.1 allow remote attackers to inject arbitrary web script or HTML via the gnew_template parameter to (1) users/profile.php, (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Gnew
NVD Exploit-DB VulDB
CVSS 2.0
4.3
EPSS
3.8%
CVE-2014-2862 MEDIUM This Month

PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not check authorization in unspecified situations, which allows remote authenticated users to perform actions via unknown vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Commonspot Content Server
NVD VulDB
CVSS 2.0
6.5
EPSS
0.3%
CVE-2014-0138 MEDIUM This Month

The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Curl Libcurl Debian Linux
NVD VulDB
CVSS 2.0
6.4
EPSS
0.7%
CVE-2014-0353 MEDIUM This Month

The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to bypass authentication by using %2F sequences in place of / (slash) characters. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Zyxel Authentication Bypass N300 Netusb Nbg 419N Firmware N300 Netusb Nbg 419N
NVD VulDB
CVSS 2.0
6.1
EPSS
0.1%
CVE-2014-0167 MEDIUM PATCH This Month

The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules,. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Privilege Escalation Compute Icehouse
NVD VulDB
CVSS 2.0
6.0
EPSS
0.4%
CVE-2014-0105 MEDIUM PATCH This Month

The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Python Authentication Bypass Python Keystoneclient
NVD VulDB
CVSS 2.0
6.0
EPSS
0.4%
CVE-2014-0139 MEDIUM This Month

cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate,. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure OpenSSL Curl Libcurl
NVD VulDB
CVSS 2.0
5.8
EPSS
1.2%
CVE-2014-1986 MEDIUM This Month

The Content Provider in the KOKUYO CamiApp application 1.21.1 and earlier for Android allows attackers to bypass intended access restrictions and read database information via a crafted application. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Google Camiapp
NVD VulDB
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-6456 MEDIUM This Month

The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the. Rated medium severity (CVSS 5.8). No vendor patch available.

Denial Of Service Libvirt Fedora
NVD VulDB
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-0642 MEDIUM This Month

EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, 7.0 before P13, and 7.1 before P02 allows remote authenticated users to bypass intended access restrictions and read metadata. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Documentum Content Server
NVD VulDB
CVSS 2.0
5.5
EPSS
0.2%
CVE-2014-0357 MEDIUM This Month

Amtelco miSecureMessages allows remote attackers to read the messages of arbitrary users via an XML request containing a valid license key and a modified contactID value, as demonstrated by a request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Google Authentication Bypass Misecuremessages
NVD VulDB
CVSS 2.0
5.0
EPSS
1.6%
CVE-2014-0053 MEDIUM This Month

The default configuration of the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 before 2.3.6 does not properly restrict access to files in the WEB-INF directory, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Privilege Escalation Grails Resources Grails
NVD VulDB
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-2872 MEDIUM This Month

PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to obtain potentially sensitive information from a directory listing via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Commonspot Content Server
NVD VulDB
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-2871 MEDIUM This Month

PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on an HTTP session for entering credentials on login pages, which allows remote attackers to obtain sensitive information by sniffing the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Commonspot Content Server
NVD VulDB
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-2869 MEDIUM This Month

PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to obtain sensitive information via requests to unspecified URIs, as demonstrated by pathname, SQL server, e-mail. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Commonspot Content Server
NVD VulDB
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-2873 MEDIUM This Month

PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not require authentication for access to log files, which allows remote attackers to obtain sensitive server information by using a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Commonspot Content Server
NVD VulDB
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-2857 MEDIUM This Month

The default configuration of the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 does not properly restrict access to files in the META-INF directory, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Grails Resources Grails
NVD VulDB
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-2870 MEDIUM This Month

The default configuration of PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 uses cleartext for storage of credentials in a database, which makes it easier for context-dependent attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Commonspot Content Server
NVD VulDB
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-2858 MEDIUM This Month

Directory traversal vulnerability in the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 allows remote attackers to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Grails Resources Grails
NVD VulDB
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-2384 MEDIUM This Month

vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player 6.0.1 build 1379776 on Windows might allow local users to cause a denial of service (read access violation and system crash) via. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service VMware Microsoft Player Workstation
NVD VulDB
CVSS 2.0
4.9
EPSS
0.0%
CVE-2014-0924 MEDIUM This Month

IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 does not verify that all of the characters of a password are correct, which makes it easier for remote authenticated users to bypass intended. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. No vendor patch available.

IBM Authentication Bypass Messagesight Jms Client Messagesight
NVD VulDB
CVSS 2.0
4.6
EPSS
0.2%
CVE-2014-0923 MEDIUM This Month

IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (daemon restart) via crafted MQ Telemetry Transport (MQTT) authentication data. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Denial Of Service Messagesight Jms Client Messagesight
NVD VulDB
CVSS 2.0
4.3
EPSS
1.0%
CVE-2014-2580 MEDIUM PATCH This Month

The netback driver in Xen, when using certain Linux versions that do not allow sleeping in softirq context, allows local guest administrators to cause a denial of service ("scheduling while atomic". Rated medium severity (CVSS 4.4).

Denial Of Service Xen
NVD VulDB
CVSS 2.0
4.4
EPSS
0.1%
CVE-2014-0922 MEDIUM This Month

IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (resource consumption) via WebSockets MQ Telemetry Transport (MQTT) data. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Denial Of Service Messagesight Jms Client Messagesight
NVD VulDB
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-0921 MEDIUM This Month

The server in IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (daemon crash and message data loss) via malformed headers during a WebSockets. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Denial Of Service Messagesight Jms Client Messagesight
NVD VulDB
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-2861 MEDIUM This Month

Incomplete blacklist vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string, as. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Commonspot Content Server
NVD VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-0157 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Horizon Opensuse
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-2860 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to inject arbitrary web script or HTML via a crafted HTTP request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Commonspot Content Server
NVD VulDB
CVSS 2.0
4.3
EPSS
0.2%
CVE-2012-0214 MEDIUM This Month

The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Advanced Package Tool
NVD VulDB
CVSS 2.0
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy