Skip to main content
CVE-2014-0192 MEDIUM POC PATCH This Month

Foreman 1.4.0 before 1.5.0 does not properly restrict access to provisioning template previews, which allows remote attackers to obtain sensitive information via the hostname parameter, related to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Foreman
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-6889 MEDIUM POC This Month

GNU Rush 1.7 does not properly drop privileges, which allows local users to read arbitrary files via the --lint option. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Rush
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-0930 MEDIUM POC This Month

The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

IBM Denial Of Service Vios Aix
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2014-2689 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Offiria 2.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to installer/index.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Offria
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-3207 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in wserver.ml in SKS Keyserver before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to pks/lookup/undefined1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Sks Keyserver
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-5916 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in falha.php in the Bradesco Gateway plugin 2.0 for Wordpress, as used in the WP e-Commerce plugin, allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Bradesco Gateway
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3215 MEDIUM This Month

seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved. Rated medium severity (CVSS 6.9). No vendor patch available.

Privilege Escalation Policycoreutils
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2014-0090 MEDIUM This Month

Session fixation vulnerability in Foreman before 1.4.2 allows remote attackers to hijack web sessions via the session id cookie. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Foreman
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2014-3115 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote attackers to hijack the authentication of administrators. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Fortinet Fortiweb
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-0187 MEDIUM This Month

Foreman before 1.1 allows remote authenticated users to gain privileges via a (1) XMLHttpRequest or (2) AJAX request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Foreman
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2014-2602 MEDIUM This Month

Unspecified vulnerability in HP OneView 1.0 and 1.01 allows remote authenticated users to gain privileges via unknown vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Information Disclosure Oneview
NVD
CVSS 2.0
6.5
EPSS
0.2%
CVE-2014-0116 MEDIUM PATCH This Month

CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Privilege Escalation Apache Struts
NVD
CVSS 2.0
5.8
EPSS
2.8%
CVE-2014-1685 MEDIUM This Month

The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2.2.x before 2.2.2rc1 allows remote "Zabbix Admin" users to modify the media of arbitrary users via unspecified vectors. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zabbix Fedora
NVD
CVSS 2.0
5.5
EPSS
0.4%
CVE-2014-0110 MEDIUM PATCH This Month

Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (/tmp disk consumption) via a large invalid SOAP message. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Apache Cxf
NVD
CVSS 2.0
4.3
EPSS
6.1%
CVE-2014-0109 MEDIUM PATCH This Month

Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (memory consumption) via a large request with the Content-Type set to text/html to a SOAP. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Apache Cxf
NVD
CVSS 2.0
4.3
EPSS
6.1%
CVE-2013-0174 MEDIUM This Month

The external node classifier (ENC) API in Foreman before 1.1 allows remote attackers to obtain the hashed root password via an API request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Foreman
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-0173 MEDIUM This Month

Foreman before 1.1 uses a salt of "foreman" to hash root passwords, which makes it easier for attackers to guess the password via a brute force attack. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Foreman
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-2933 MEDIUM This Month

Directory traversal vulnerability in dirmng/index.php in Caldera 9.20 allows remote attackers to access arbitrary directories via a crafted pathname. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP Caldera
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-4544 MEDIUM This Month

hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers. Rated medium severity (CVSS 4.9). No vendor patch available.

RCE Denial Of Service Ubuntu Linux Qemu
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2013-7041 MEDIUM This Month

The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Pam Userdb
NVD
CVSS 2.0
4.3
EPSS
2.6%
CVE-2014-0190 MEDIUM This Month

The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Null Pointer Dereference Qt Fedora Opensuse +1
NVD
CVSS 2.0
4.3
EPSS
1.1%
CVE-2014-0362 MEDIUM This Month

Cross-site scripting (XSS) vulnerability on Google Search Appliance (GSA) devices before 7.0.14.G.216 and 7.2 before 7.2.0.G.114, when dynamic navigation is configured, allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Google Search Appliance Software
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2014-2854 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the SemanticTitle extension before 1.1.0 for MediaWiki allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Semantictitle
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-1682 MEDIUM This Month

The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zabbix Authentication Bypass Fedora
NVD
CVSS 2.0
4.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy