Skip to main content
CVE-2014-3123 LOW POC PATCH Monitor

Cross-site scripting (XSS) vulnerability in admin/manage-images.php in the NextCellent Gallery plugin before 1.19.18 for WordPress allows remote authenticated users with the NextGEN Upload images,. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress PHP Nextcellent Gallery
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2013-6372 LOW POC PATCH Monitor

The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.

Jenkins Authentication Bypass Subversion Plugin
NVD GitHub
CVSS 2.0
2.1
EPSS
0.1%
CVE-2012-5477 LOW Monitor

The smart proxy in Foreman before 1.1 uses a umask set to 0, which allows local users to modify files created by the daemon via unspecified vectors. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Foreman
NVD
CVSS 2.0
3.6
EPSS
0.1%
CVE-2014-0134 LOW PATCH Monitor

The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Compute
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-3424 LOW Monitor

lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file. Rated low severity (CVSS 3.3). No vendor patch available.

Information Disclosure Mageia Emacs
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2014-3423 LOW Monitor

lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file. Rated low severity (CVSS 3.3). No vendor patch available.

Information Disclosure Mageia Emacs
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2014-3422 LOW Monitor

lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/. Rated low severity (CVSS 3.3). No vendor patch available.

Information Disclosure Emacs Mageia
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2014-3421 LOW Monitor

lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file. Rated low severity (CVSS 3.3). No vendor patch available.

Information Disclosure Mageia Emacs
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2014-1934 LOW PATCH Monitor

tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file. Rated low severity (CVSS 3.3).

Python Information Disclosure Eyed3 Opensuse
NVD
CVSS 2.0
3.3
EPSS
0.0%
CVE-2013-3571 LOW Monitor

socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Socat
NVD
CVSS 2.0
2.6
EPSS
0.5%
CVE-2014-0595 LOW Monitor

/opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2 does not properly manage a certain array, which allows local users to obtain the S. Rated low severity (CVSS 2.6). No vendor patch available.

Buffer Overflow Open Enterprise Server
NVD
CVSS 2.0
2.6
EPSS
0.1%
CVE-2014-0056 LOW PATCH Monitor

The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Neutron Ubuntu Linux
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2014-3426 LOW Monitor

NCSA Mosaic 2.1 through 2.7b5 allows local users to cause a denial of service ("remote control" outage) by creating a /tmp/Mosaic.pid file for every possible PID. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Ncsa Mosaic
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-3425 LOW Monitor

NCSA Mosaic 2.0 and earlier allows local users to cause a denial of service ("remote control" outage) by creating a /tmp/xmosaic.pid file for every possible PID. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Ncsa Mosaic
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-0345 LOW Monitor

varnish 3.0.3 uses world-readable permissions for the /var/log/varnish/ directory and the log files in the directory, which allows local users to obtain sensitive information by reading the files. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Varnish Cache
NVD
CVSS 2.0
2.1
EPSS
0.0%
CVE-2014-0135 LOW PATCH Monitor

Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses world-readable permissions for default_values.yaml, which allows local users to obtain passwords and other sensitive information by. Rated low severity (CVSS 1.9).

Privilege Escalation Kafo
NVD
CVSS 2.0
1.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy