Skip to main content
CVE-2013-2143 MEDIUM POC THREAT This Month

The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 61.5%.

Red Hat Information Disclosure Network Satellite Katello
NVD Exploit-DB VulDB
CVSS 2.0
6.5
EPSS
61.5%
Threat
4.6
CVE-2014-2880 MEDIUM POC THREAT This Month

Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.4%.

Open Redirect Oracle Identity Manager
NVD Exploit-DB VulDB
CVSS 2.0
5.8
EPSS
11.4%
CVE-2014-2879 MEDIUM POC THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 15.1%.

XSS Sonicwall Dell Email Security Appliance
NVD Exploit-DB VulDB
CVSS 2.0
4.3
EPSS
15.1%
CVE-2014-0984 MEDIUM POC This Month

The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation SAP Router
NVD Exploit-DB VulDB
CVSS 2.0
4.3
EPSS
9.0%
CVE-2014-1932 MEDIUM POC PATCH This Month

The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library. Rated medium severity (CVSS 4.4). Public exploit code available.

Python Information Disclosure Pillow Python Imaging Library
NVD GitHub VulDB
CVSS 2.0
4.4
EPSS
0.1%
CVE-2014-0054 MEDIUM PATCH This Month

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF XXE Denial Of Service Java Spring Framework
NVD VulDB
CVSS 2.0
6.8
EPSS
2.5%
CVE-2014-0036 MEDIUM PATCH This Month

The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Rbovirt
NVD VulDB
CVSS 2.0
6.8
EPSS
0.7%
CVE-2014-0111 MEDIUM PATCH This Month

Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Java RCE Code Injection Apache Syncope
NVD VulDB
CVSS 2.0
6.5
EPSS
1.4%
CVE-2014-0071 MEDIUM This Month

PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Openstack
NVD VulDB
CVSS 2.0
6.4
EPSS
0.1%
CVE-2014-2310 MEDIUM This Month

The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Net Snmp
NVD VulDB
CVSS 2.0
5.0
EPSS
1.1%
CVE-2014-2469 MEDIUM This Month

Unspecified vulnerability in lighttpd in Oracle Solaris 11.1 allows attackers to cause a denial of service via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Sunos
NVD VulDB
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-0645 MEDIUM This Month

EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File Management Appliance (FMA) 7.x store DES password hashes for the root, super, and admin accounts, which makes it easier for. Rated medium severity (CVSS 4.7). No vendor patch available.

Authentication Bypass Cloud Tiering Appliance Software Cloud Tiering Appliance File Management Appliance Software File Management Appliance
NVD GitHub VulDB
CVSS 2.0
4.7
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy