Skip to main content
CVE-2014-3147 LOW Monitor

Cross-site scripting (XSS) vulnerability in the auto-complete feature in Splunk Enterprise before 6.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a CSV file. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Splunk
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-5351 LOW Monitor

The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Kerberos 5
NVD GitHub
CVSS 2.0
2.1
EPSS
0.3%
CVE-2014-5270 LOW PATCH Monitor

Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Libgcrypt Debian Linux
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy