Skip to main content
CVE-2014-3556 MEDIUM PATCH This Month

The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 48.2%.

Nginx Command Injection
NVD
CVSS 2.0
6.8
EPSS
48.2%
CVE-2014-1908 MEDIUM POC This Month

The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Information Disclosure Videowhisper Live Streaming Integration
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
6.4%
CVE-2014-8109 MEDIUM PATCH This Month

mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 11.7%.

Apache Authentication Bypass Http Server Ubuntu Linux Fedora +2
NVD GitHub
CVSS 2.0
4.3
EPSS
11.7%
CVE-2014-6168 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1 before 5.1.0.15 IF0056 allows remote authenticated users to hijack the authentication of arbitrary users for. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS CSRF Security Identity Manager
NVD
CVSS 2.0
6.0
EPSS
0.1%
CVE-2014-8132 MEDIUM PATCH This Month

Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Libssh Debian Linux Opensuse Fedora +1
NVD
CVSS 2.0
5.0
EPSS
3.3%
CVE-2014-2224 MEDIUM This Month

Plogger 1.0 RC1 and earlier, when the Lucid theme is used, does not assign new values for certain codes, which makes it easier for remote attackers to bypass the CAPTCHA protection mechanism via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Plogger
NVD
CVSS 2.0
5.0
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy