Skip to main content
CVE-2014-1754 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 Gold and SP1, SharePoint Foundation 2013 Gold and SP1, Office Web Apps Server 2013 Gold and SP1, and SharePoint Server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 13.3% and no vendor patch available.

XSS Microsoft Office Web Apps Server Sharepoint Foundation Sharepoint Server +1
NVD
CVSS 2.0
4.3
EPSS
13.3%
CVE-2013-2034 MEDIUM PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Jenkins RCE
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-3430 MEDIUM PATCH This Month

Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Denial Of Service Authentication Bypass Dovecot
NVD
CVSS 2.0
5.0
EPSS
8.3%
CVE-2014-0137 MEDIUM This Month

SQL injection vulnerability in the saved_report_delete action in the ReportController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to execute. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat SQLi Cloudforms 3 0 Management Engine
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2013-5655 MEDIUM This Month

Directory traversal vulnerability in the FTP server in YingZhi Python Programming Language for iOS 1.9 allows remote attackers to read and possibly write arbitrary files via a .. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Apple Python Yingzhi Python Programming Language
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2013-4455 LOW POC PATCH Monitor

Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node, which allows local users to obtain the private key by. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Katello Installer
NVD GitHub
CVSS 2.0
2.1
EPSS
0.0%
CVE-2013-4471 MEDIUM PATCH This Month

The Identity v3 API in OpenStack Dashboard (Horizon) before 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Horizon
NVD
CVSS 2.0
5.5
EPSS
0.2%
CVE-2012-1600 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in functions.php in phpPgAdmin before 5.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) type of a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Phppgadmin Opensuse
NVD GitHub
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-2087 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) movie title to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS PHP Gallery
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-0078 MEDIUM This Month

The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Cloudforms 3 0 Management Engine
NVD
CVSS 2.0
4.0
EPSS
0.6%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy