Skip to main content
CVE-2014-5300 MEDIUM POC THREAT This Month

Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 allows remote attackers to bypass the signature check, impersonate arbitrary users, and execute commands via a message without a signature. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.3%.

Authentication Bypass Moab
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
15.3%
CVE-2014-7185 MEDIUM POC This Month

Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Mac Os X
NVD
CVSS 2.0
6.4
EPSS
1.1%
CVE-2014-5376 MEDIUM POC This Month

Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0, when a pre-generated key is used, does not validate that the requesting user matches the actor in the message, which allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Moab
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-5375 MEDIUM POC This Month

The server in Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 does not properly validate the message owner matches the submitting user, which allows remote authenticated users to impersonate. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Moab
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-7296 MEDIUM This Month

The default configuration in the accessibility engine in SpagoBI 5.0.0 does not set FEATURE_SECURE_PROCESSING, which allows remote authenticated users to execute arbitrary Java code via a crafted XSL. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Java RCE Code Injection Spagobi
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2014-3187 MEDIUM This Month

Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

XSS Apple Google Chrome Iphone Os
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2014-7273 MEDIUM This Month

The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Getmail
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-7275 MEDIUM This Month

The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Getmail
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-7274 MEDIUM This Month

The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Getmail
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-3199 MEDIUM This Month

The wrap function in bindings/core/v8/custom/V8EventCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 38.0.2125.101, has an erroneous fallback outcome for wrapper-selection. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary Enterprise Linux Server Supplementary Eus +2
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-3198 MEDIUM This Month

The Instance::HandleInputEvent function in pdf/instance.cc in the PDFium component in Google Chrome before 38.0.2125.101 interprets a certain -1 value as an index instead of a no-visible-page error. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Chrome Enterprise Linux Desktop Supplementary +3
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-3195 MEDIUM This Month

Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of uninitialized memory and does not properly concatenate arrays of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +2
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-3197 MEDIUM This Month

The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Privilege Escalation Google Chrome Enterprise Linux Desktop Supplementary +3
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-7229 MEDIUM This Month

Unspecified vulnerability in Joomla!. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Joomla
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2014-7203 MEDIUM This Month

libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Zeromq
NVD GitHub
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-7202 MEDIUM This Month

stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Zeromq
NVD GitHub
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-7983 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in com_contact in Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Joomla
NVD
CVSS 2.0
4.3
EPSS
0.0%
CVE-2014-6631 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in com_media in Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Joomla
NVD
CVSS 2.0
4.3
EPSS
0.0%
CVE-2014-7982 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Joomla
NVD
CVSS 2.0
4.3
EPSS
0.0%
CVE-2014-3641 MEDIUM PATCH This Month

The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Cinder
NVD
CVSS 2.0
4.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy