Skip to main content
CVE-2014-3583 MEDIUM This Month

The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 41.8% and no vendor patch available.

Denial Of Service Buffer Overflow Apache Mac Os X Os X Server +3
NVD
CVSS 2.0
5.0
EPSS
41.8%
CVE-2014-8967 MEDIUM This Month

Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted HTML document in conjunction with a Cascading Style Sheets (CSS) token. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 29.9% and no vendor patch available.

RCE Microsoft Internet Explorer
NVD
CVSS 2.0
6.8
EPSS
29.9%
CVE-2014-6053 MEDIUM PATCH This Month

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 36.9%.

Denial Of Service Libvncserver Ubuntu Linux Debian Linux
NVD GitHub
CVSS 2.0
5.0
EPSS
36.9%
CVE-2014-9385 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Zenoss Core through 5 Beta 3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger arbitrary code. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF RCE Zenoss Core
NVD
CVSS 2.0
6.8
EPSS
0.9%
CVE-2014-9386 MEDIUM This Month

Zenoss Core before 4.2.5 SP161 sets an infinite lifetime for the session ID cookie, which makes it easier for remote attackers to hijack sessions by leveraging an unattended workstation, aka. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Zenoss Core
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2014-6260 MEDIUM This Month

Zenoss Core through 5 Beta 3 does not require a password for modifying the pager command string, which allows remote attackers to execute arbitrary commands or cause a denial of service (paging. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Denial Of Service Zenoss Core
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2014-6253 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to hijack the authentication of arbitrary users, aka ZEN-12653. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Zenoss Core
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-6255 MEDIUM This Month

Open redirect vulnerability in the login form in Zenoss Core before 4.2.5 SP161 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the came_from. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Zenoss Core
NVD
CVSS 2.0
6.4
EPSS
0.5%
CVE-2014-6259 MEDIUM This Month

Zenoss Core through 5 Beta 3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Zenoss Core
NVD
CVSS 2.0
5.0
EPSS
1.5%
CVE-2014-6258 MEDIUM This Month

An unspecified endpoint in Zenoss Core through 5 Beta 3 allows remote attackers to cause a denial of service (CPU consumption) by triggering an arbitrary regular-expression match attempt, aka. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Zenoss Core
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-9248 MEDIUM This Month

Zenoss Core through 5 Beta 3 does not require complex passwords, which makes it easier for remote attackers to obtain access via a brute-force attack, aka ZEN-15406. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zenoss Core
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-6257 MEDIUM This Month

Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions by using a web-endpoint URL to invoke an object helper method, aka ZEN-15407. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Zenoss Core
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-9250 MEDIUM This Month

Zenoss Core through 5 Beta 3 does not include the HTTPOnly flag in a Set-Cookie header for the authentication cookie, which makes it easier for remote attackers to obtain credential information via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zenoss Core
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-9245 MEDIUM This Month

Zenoss Core through 5 Beta 3 allows remote attackers to obtain sensitive information by attempting a product-rename action with an invalid new name and then reading a stack trace, as demonstrated by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zenoss Core
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-9251 MEDIUM This Month

Zenoss Core through 5 Beta 3 uses a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack on hash values in the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zenoss Core
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-6254 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to inject arbitrary web script or HTML via an attribute in a (1) device name, (2) device. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Zenoss Core
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2014-9247 MEDIUM This Month

Zenoss Core through 5 Beta 3 allows remote authenticated users to obtain sensitive (1) user account, (2) e-mail address, and (3) role information by visiting the ZenUsers (aka User Manager) page, aka. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zenoss Core
NVD
CVSS 2.0
4.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy