Skip to main content
CVE-2014-2734 MEDIUM POC This Month

The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure OpenSSL Ruby
NVD GitHub VulDB
CVSS 2.0
5.8
EPSS
5.8%
CVE-2014-2601 HIGH PATCH This Week

The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic from a CVE-2014-0160. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

HP Denial Of Service Integrated Lights Out 2 Firmware
NVD VulDB
CVSS 2.0
7.8
EPSS
3.5%
CVE-2014-2907 MEDIUM POC This Month

The srtp_add_address function in epan/dissectors/packet-rtp.c in the RTP dissector in Wireshark 1.10.x before 1.10.7 does not properly update SRTP conversation data, which allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark
NVD VulDB
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-2736 HIGH This Week

Multiple SQL injection vulnerabilities in MODX Revolution before 2.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) session ID (PHPSESSID) to index.php or remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Modx Revolution
NVD VulDB
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-0188 HIGH This Week

The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Authentication Bypass Openshift
NVD VulDB
CVSS 2.0
7.5
EPSS
0.4%
CVE-2012-5723 MEDIUM This Month

Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Cisco Denial Of Service Ios Xe Asr 1001 Asr 1002 +6
NVD VulDB
CVSS 2.0
6.1
EPSS
0.2%
CVE-2014-2915 MEDIUM This Month

Xen 4.4.x, when running on ARM systems, does not properly restrict access to hardware features, which allows local guest users to cause a denial of service (host or guest crash) via unspecified. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Xen
NVD VulDB
CVSS 2.0
5.5
EPSS
0.1%
CVE-2012-3946 MEDIUM This Month

Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Privilege Escalation Cisco iOS
NVD VulDB
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-6738 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Smartcloud Analytics Log Analysis
NVD VulDB
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-2392 MEDIUM This Month

The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD VulDB
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-2391 MEDIUM This Month

The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD VulDB
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-2393 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Open Xchange Appsuite
NVD VulDB
CVSS 2.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy