Skip to main content
CVE-2014-6054 MEDIUM PATCH This Month

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 34.6%.

Denial Of Service Libvncserver Debian Linux Ubuntu Linux
NVD GitHub
CVSS 2.0
4.3
EPSS
34.6%
CVE-2014-0994 MEDIUM POC This Month

Heap-based buffer overflow in the ReadDIB function in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Embarcadero C Builder Xe6 Embarcadero Delphi Xe6
NVD
CVSS 2.0
6.8
EPSS
1.7%
CVE-2014-6409 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in M/Monit 3.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that change user passwords via the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF M Monit
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-0168 MEDIUM POC PATCH This Month

Cross-site request forgery (CSRF) vulnerability in Jolokia before 1.2.1 allows remote attackers to hijack the authentication of users for requests that execute MBeans methods via a crafted web page. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

CSRF Jolokia
NVD GitHub
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-1224 MEDIUM POC This Month

Incomplete blacklist vulnerability in the user registration feature in rexx Recruitment R6.1 and R7 without "fixes from 2014-01-15" allows remote attackers to conduct cross-site scripting (XSS). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Recruitment
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-4510 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in job.cc in apt-cacher-ng 0.7.26 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF Apt Cacher
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3642 MEDIUM This Month

vmdb/app/controllers/application_controller/performance.rb in Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to gain privileges via unspecified vectors,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Cloudforms 3 0 1 Management Engine Cloudforms 3 0 2 Management Engine Cloudforms 3 0 3 Management Engine +3
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2014-3633 MEDIUM This Month

The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Buffer Overflow Ubuntu Linux Libvirt
NVD
CVSS 2.0
5.8
EPSS
2.9%
CVE-2014-3521 MEDIUM This Month

The component in (1) /luci/homebase and (2) /luci/cluster menu in Red Hat Conga 0.12.2 allows remote authenticated users to bypass intended access restrictions via a crafted URL. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Conga
NVD
CVSS 2.0
5.5
EPSS
0.2%
CVE-2014-3657 MEDIUM This Month

The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Libvirt
NVD
CVSS 2.0
5.0
EPSS
1.3%
CVE-2013-7329 MEDIUM This Month

The CGI::Application module before 4.50_50 and 4.50_51 for Perl, when run modes are not specified, allows remote attackers to obtain sensitive information (web queries and environment details) via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cgi Application Module
NVD GitHub
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-1868 MEDIUM PATCH This Month

Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML serializers, allows attackers to cause a denial of service via an XML Entity Expansion (XEE) attack. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Restlet Framework
NVD GitHub
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-6496 MEDIUM This Month

Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive information via a crafted request to the (1) homebase, (2) cluster, (3) storage, (4) portal_skins/custom, or (5) logs Luci extension. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Conga
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-2644 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS HP Systems Insight Manager
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2014-0140 MEDIUM This Month

Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Cloudforms 3 0 1 Management Engine Cloudforms 3 0 2 Management Engine Cloudforms 3 0 3 Management Engine +3
NVD
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy