Skip to main content
CVE-2014-3476 MEDIUM POC PATCH This Month

OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available.

Privilege Escalation Keystone Cloud
NVD
CVSS 2.0
6.0
EPSS
0.7%
CVE-2014-0478 MEDIUM POC This Month

APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Advanced Package Tool
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-4188 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Jp1 Performance Management Manager Web Option Tuning Manager
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-4046 MEDIUM PATCH This Month

Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Asterisk Certified Asterisk
NVD
CVSS 2.0
6.5
EPSS
1.4%
CVE-2013-6078 MEDIUM This Month

The default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager (DPM) 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm, which. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Rsa Bsafe Toolkits Rsa Data Protection Manager
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2014-4047 MEDIUM PATCH This Month

Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Certified Asterisk Asterisk
NVD
CVSS 2.0
5.0
EPSS
3.0%
CVE-2014-4044 MEDIUM This Month

OpenAFS 1.6.8 does not properly clear the fields in the host structure, which allows remote attackers to cause a denial of service (uninitialized memory access and crash) via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Openafs
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-4193 MEDIUM This Month

The TLS implementation in EMC RSA BSAFE-Java Toolkits (aka Share for Java) supports the Extended Random extension during use of the Dual_EC_DRBG algorithm, which makes it easier for remote attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Bsafe Share
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-3249 MEDIUM This Month

Puppet Enterprise 2.8.x before 2.8.7 allows remote attackers to obtain sensitive information via vectors involving hiding and unhiding nodes. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Puppet Enterprise
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-4040 MEDIUM This Month

snap in powerpc-utils 1.2.20 produces an archive with fstab and yaboot.conf files potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Powerpc Utils
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-4192 MEDIUM This Month

The Dual_EC_DRBG implementation in EMC RSA BSAFE-C Toolkits (aka Share for C and C++) processes certain requests for output bytes by considering only the requested byte count and not the use of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Bsafe Share
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-4191 MEDIUM This Month

The TLS implementation in EMC RSA BSAFE-C Toolkits (aka Share for C and C++) sends a long series of random bytes during use of the Dual_EC_DRBG algorithm, which makes it easier for remote attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Bsafe Share
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-4045 MEDIUM PATCH This Month

The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero, allows remote attackers to cause a denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Asterisk
NVD
CVSS 2.0
4.3
EPSS
1.8%
CVE-2014-4048 MEDIUM PATCH This Month

The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service (deadlock) by terminating a subscription request before it is complete, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Asterisk
NVD
CVSS 2.0
4.3
EPSS
1.6%
CVE-2014-4038 MEDIUM This Month

ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to (1) rtas_errd/diag_support.c and /tmp/get_dt_files, (2) scripts/ppc64_diag_mkrsrc and. Rated medium severity (CVSS 4.4). No vendor patch available.

Information Disclosure Linux Enterprise Server Ppc64 Diag Enterprise Linux Server
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2014-4189 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Jp1 Performance Management Manager Web Option Tuning Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-4187 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in signup.php in ClipBucket allows remote attackers to inject arbitrary web script or HTML via the Username field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Clipbucket
NVD
CVSS 2.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy