Skip to main content
CVE-2014-0195 MEDIUM POC PATCH THREAT This Month

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 92.8%.

OpenSSL Denial Of Service RCE Buffer Overflow MariaDB +3
NVD GitHub
CVSS 2.0
6.8
EPSS
92.8%
Threat
5.6
CVE-2014-3470 MEDIUM PATCH This Month

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 91.4%.

OpenSSL Denial Of Service Null Pointer Dereference Storage Fedora +8
NVD
CVSS 2.0
4.3
EPSS
91.4%
CVE-2014-0221 MEDIUM PATCH This Month

The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 82.1%.

Denial Of Service OpenSSL Storage Fedora Enterprise Linux +7
NVD
CVSS 2.0
4.3
EPSS
82.1%
CVE-2014-3976 MEDIUM POC THREAT This Month

Buffer overflow in A10 Networks Advanced Core Operating System (ACOS) before 2.7.0-p6 and 2.7.1 before 2.7.1-P1_55 allows remote attackers to cause a denial of service (crash) and possibly execute. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 33.5%.

Denial Of Service RCE Buffer Overflow Advanced Core Operating System
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
33.5%
CVE-2014-3975 MEDIUM POC THREAT This Month

Absolute path traversal vulnerability in filemanager.php in AuraCMS 3.0 allows remote attackers to list a directory via a full pathname in the viewdir parameter. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.7%.

Path Traversal PHP Auracms
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
13.7%
CVE-2013-3739 MEDIUM POC THREAT This Month

Directory traversal vulnerability in editor.php in Network Weathermap 0.97c and earlier allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.2%.

Path Traversal PHP Network Weathermap
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
10.2%
CVE-2013-2618 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in editor.php in Network Weathermap before 0.97b allows remote attackers to inject arbitrary web script or HTML via the map_title parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Network Weathermap
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
8.7%
CVE-2014-3974 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in filemanager.php in AuraCMS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the viewdir parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Auracms
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
4.7%
CVE-2012-4728 MEDIUM POC This Month

The (1) QProGetNotebookWindowHandle and (2) Ordinal132 functions in QPW160.dll in Corel Quattro Pro X6 Standard Edition 16.0.0.388 and earlier allows remote attackers to cause a denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Quattro Pro X6
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2014-2577 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Transform Content Center in Bottomline Technologies Transform Foundation Server before 4.3.1 Patch 8 and 5.x before 5.2 Patch 7 allow remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Transform Foundation Server
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-3878 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the web client interface in Ipswitch IMail Server 12.3 and 12.4, possibly before 12.4.1.15, allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Imail Server
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-2130 MEDIUM POC PATCH This Month

ZNC 1.0 allows remote authenticated users to cause a denial of service (NULL pointer reference and crash) via a crafted request to the (1) editnetwork, (2) editchan, (3) addchan, or (4) delchan page. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Znc
NVD GitHub
CVSS 2.0
4.0
EPSS
1.1%
CVE-2014-3469 MEDIUM PATCH This Month

The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Null Pointer Dereference Gnutls Libtasn1 Virtualization +11
NVD
CVSS 2.0
5.0
EPSS
8.7%
CVE-2014-3467 MEDIUM PATCH This Month

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Buffer Overflow Gnutls Libtasn1 Virtualization +12
NVD
CVSS 2.0
5.0
EPSS
6.8%
CVE-2014-3968 MEDIUM PATCH This Month

The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Xen Opensuse
NVD
CVSS 2.0
5.5
EPSS
0.4%
CVE-2014-3967 MEDIUM PATCH This Month

The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Xen Opensuse
NVD
CVSS 2.0
5.5
EPSS
0.3%
CVE-2013-0302 MEDIUM This Month

Unspecified vulnerability in ownCloud Server before 4.0.12 allows remote attackers to obtain sensitive information via unspecified vectors related to "inclusion of the Amazon SDK testing suite.". Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Owncloud Owncloud Server
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-1998 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Nippon Institute of Agroinformatics SOY CMS 1.4.0c and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Soy Cms
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-0304 MEDIUM This Month

ownCloud Server before 4.5.7 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to /apps/calendar/export.php. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF PHP Privilege Escalation Owncloud Owncloud Server
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-2346 MEDIUM This Month

COPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11 through 7.11 SP0 build 10238 and zenon DNP3 Process Gateway (DNP3 outstation) 7.11 SP0 build 10238 and earlier allow physically proximate. Rated medium severity (CVSS 4.0). No vendor patch available.

Denial Of Service Zenon Dnp3 Ng Driver Zenon Dnp3 Process Gateway
NVD
CVSS 2.0
4.0
EPSS
0.1%
CVE-2014-3940 MEDIUM This Month

The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing. Rated medium severity (CVSS 4.0). No vendor patch available.

Denial Of Service Race Condition Linux Buffer Overflow Enterprise Linux +2
NVD
CVSS 2.0
4.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy