Skip to main content
CVE-2015-0204 MEDIUM POC THREAT This Month

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 92.0%.

Information Disclosure OpenSSL
NVD GitHub
CVSS 2.0
4.3
EPSS
92.0%
Threat
5.1
CVE-2015-0921 MEDIUM POC PATCH THREAT This Month

XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 allows remote authenticated users to read arbitrary files via the. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 58.2%.

XXE Epolicy Orchestrator
NVD GitHub
CVSS 2.0
4.0
EPSS
58.2%
Threat
4.0
CVE-2015-0922 MEDIUM POC PATCH THREAT This Month

McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 45.7%.

Information Disclosure Epolicy Orchestrator
NVD GitHub
CVSS 2.0
5.0
EPSS
45.7%
CVE-2014-3571 MEDIUM This Month

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 31.6% and no vendor patch available.

Denial Of Service OpenSSL
NVD GitHub
CVSS 2.0
5.0
EPSS
31.6%
CVE-2015-0206 MEDIUM This Month

Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 31.1% and no vendor patch available.

OpenSSL Denial Of Service Buffer Overflow
NVD GitHub
CVSS 2.0
5.0
EPSS
31.1%
CVE-2014-9271 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in file_download.php in MantisBT before 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Debian Linux Mantisbt
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2013-7419 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in includes/refreshDate.php in the Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 for WordPress allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Js Multi Hotel
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-0205 MEDIUM This Month

The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 12.3% and no vendor patch available.

Information Disclosure OpenSSL
NVD GitHub
CVSS 2.0
5.0
EPSS
12.3%
CVE-2014-9529 MEDIUM PATCH This Month

Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly. Rated medium severity (CVSS 6.9).

Denial Of Service Race Condition Linux Buffer Overflow Linux Kernel +10
NVD GitHub
CVSS 2.0
6.9
EPSS
0.1%
CVE-2014-8031 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj40456. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Webex Meetings Server
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-9510 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the administration console in TP-Link TL-WR840N (V1) router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF TP-Link Tl Wr840N Firmware
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-3572 MEDIUM This Month

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure OpenSSL
NVD GitHub
CVSS 2.0
5.0
EPSS
8.8%
CVE-2014-8275 MEDIUM This Month

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure OpenSSL
NVD GitHub
CVSS 2.0
5.0
EPSS
8.7%
CVE-2014-8027 MEDIUM This Month

The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Secure Access Control System
NVD
CVSS 2.0
6.5
EPSS
0.2%
CVE-2014-3570 MEDIUM This Month

The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure OpenSSL
NVD GitHub
CVSS 2.0
5.0
EPSS
7.3%
CVE-2014-8029 MEDIUM This Month

Open redirect vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Open Redirect Secure Access Control System
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2014-8033 MEDIUM This Month

The play/modules component in Cisco WebEx Meetings Server allows remote attackers to obtain administrator access via crafted API requests, aka Bug ID CSCuj40421. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Webex Meetings Server
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-9272 MEDIUM This Month

The string_insert_href function in MantisBT 1.2.0a1 through 1.2.x before 1.2.18 does not properly validate the URL protocol, which allows remote attackers to conduct cross-site scripting (XSS). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Debian Linux Mantisbt
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-8030 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in sendPwMail.do in Cisco WebEx Meetings Server allows remote attackers to inject arbitrary web script or HTML via the email parameter, aka Bug ID CSCuj40381. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Webex Meetings Server
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-8028 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Secure Access Control System (ACS) allow remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Secure Access Control System
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-9500 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Moip module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Moip
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-8032 MEDIUM This Month

The OutlookAction LI in Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive encrypted-password information via unspecified vectors, aka Bug IDs CSCuj40453 and CSCuj40449. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings Server
NVD
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy