Skip to main content
CVE-2014-5335 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in innovaphone PBX 10.00 sr11 and earlier allow remote attackers to hijack the authentication of administrators for requests that modify. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Innovaphone Pbx
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.6%
CVE-2014-5455 MEDIUM POC This Month

Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft
NVD Exploit-DB GitHub VulDB
CVSS 3.1
5.3
EPSS
0.5%
CVE-2014-5454 MEDIUM This Month

Unrestricted file upload vulnerability in the image upload module in SAS Visual Analytics 6.4M1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

RCE File Upload Visual Analytics
NVD
CVSS 2.0
6.0
EPSS
1.4%
CVE-2014-3589 MEDIUM PATCH This Month

PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Python Python Imaging Pillow Opensuse
NVD GitHub
CVSS 2.0
5.0
EPSS
1.4%
CVE-2014-5253 MEDIUM PATCH This Month

OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Authentication Bypass Keystone Ubuntu Linux
NVD
CVSS 2.0
4.9
EPSS
0.3%
CVE-2014-5251 MEDIUM PATCH This Month

The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Authentication Bypass Keystone Ubuntu Linux
NVD
CVSS 2.0
4.9
EPSS
0.3%
CVE-2014-5252 MEDIUM PATCH This Month

The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Authentication Bypass Keystone Ubuntu Linux
NVD
CVSS 2.0
4.9
EPSS
0.3%
CVE-2014-5356 MEDIUM PATCH This Month

OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Privilege Escalation Image Registry And Delivery Service Glance Ubuntu Linux
NVD
CVSS 2.0
4.0
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy