Skip to main content
CVE-2014-8080 MEDIUM POC This Month

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Opensuse Ubuntu Linux Ruby Enterprise Linux
NVD VulDB
CVSS 2.0
5.0
EPSS
9.8%
CVE-2014-0204 MEDIUM POC PATCH This Month

OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Keystone
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2013-0336 MEDIUM POC PATCH This Month

The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Freeipa
NVD
CVSS 2.0
5.0
EPSS
1.1%
CVE-2014-3712 MEDIUM POC This Month

Katello allows remote attackers to cause a denial of service (memory consumption) via the (1) mode parameter in the setup_utils function in content_search_controller.rb or (2) action parameter in the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Katello
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2012-6661 MEDIUM POC PATCH This Month

Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Plone Zope
NVD GitHub
CVSS 2.0
5.0
EPSS
0.4%
CVE-2012-5508 MEDIUM POC PATCH This Month

The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow remote attackers to obtain random numbers and derive the PRNG state for password resets via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Plone
NVD GitHub
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-8494 MEDIUM POC This Month

ESTsoft ALUpdate 8.5.1.0.0 uses weak permissions (Users: Full Control) for the (1) AlUpdate folder and (2) AlUpdate.exe, which allows local users to gain privileges via a Trojan horse file. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Alupdate
NVD
CVSS 2.0
4.6
EPSS
0.0%
CVE-2014-5272 MEDIUM This Month

libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x before 2.2.7, and 2.3.x before 2.3.2 allows remote attackers to have unspecified impact via a crafted iff image, which triggers an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Ffmpeg
NVD
CVSS 2.0
6.8
EPSS
3.8%
CVE-2014-0488 MEDIUM PATCH This Month

APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Advanced Package Tool
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2012-5500 MEDIUM PATCH This Month

The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Plone
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3654 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Red Hat Java Satellite Satellite With Embedded Oracle +3
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy