Skip to main content
CVE-2014-1928 MEDIUM POC PATCH This Month

The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors,. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available.

RCE Python Python Gnupg
NVD
CVSS 2.0
4.6
EPSS
0.2%
CVE-2014-7180 MEDIUM POC This Month

Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for (1) eccert.pl and (2) ecconfigure.pl, which allows local users to execute arbitrary Perl code by. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Electriccommander
NVD
CVSS 2.0
4.6
EPSS
0.0%
CVE-2014-6230 MEDIUM POC This Month

WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For header. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Wp Ban
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2014-3137 MEDIUM PATCH This Month

Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

RCE Bottle
NVD GitHub
CVSS 2.0
6.8
EPSS
0.9%
CVE-2014-3604 MEDIUM PATCH This Month

Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Java Not Yet Commons Ssl
NVD GitHub VulDB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-5075 MEDIUM This Month

The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Jboss Fuse Smack Api
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-3409 MEDIUM This Month

The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS Ios Xe
NVD
CVSS 2.0
6.1
EPSS
1.1%
CVE-2014-6251 MEDIUM This Month

Stack-based buffer overflow in CPUMiner before 2.4.1 allows remote attackers to have an unspecified impact by sending a mining.subscribe response with a large nonce2 length, then triggering the. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Cpuminer
NVD
CVSS 2.0
6.0
EPSS
0.5%
CVE-2014-4624 MEDIUM This Month

EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Java 6 0 6 0 402 7 0 +1
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2014-8760 MEDIUM PATCH This Month

ejabberd before 2.1.13 does not enforce the starttls_required setting when compression is used, which causes clients to establish connections without encryption. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Ejabberd
NVD GitHub
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-1929 MEDIUM PATCH This Month

python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to "option injection through positional arguments." NOTE: this vulnerability exists. Rated medium severity (CVSS 4.4).

Python Code Injection Python Gnupg
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2014-4623 MEDIUM This Month

EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Avamar
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-6611 MEDIUM This Month

The BlackBerry World app before 5.0.0.262 on BlackBerry 10 OS 10.2.0, before 5.0.0.263 on BlackBerry 10 OS 10.2.1, and before 5.1.0.53 on BlackBerry 10 OS 10.3.0 does not properly validate. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Blackberry World Blackberry Os
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4594 MEDIUM PATCH This Month

The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to use the payment of other anonymous users when. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Payment For Webform
NVD
CVSS 2.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy