Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-05-08 | CVE-2014-3115 | Cross-Site Request Forgery (CSRF) vulnerability in Fortinet Fortiweb Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote attackers to hijack the authentication of administrators via system/config/adminadd and other unspecified vectors. | 6.8 |
2014-05-08 | CVE-2014-2689 | Cross-Site Scripting vulnerability in Slashes&Dots Offria Cross-site scripting (XSS) vulnerability in Offiria 2.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to installer/index.php. | 4.3 |
2014-05-08 | CVE-2014-1934 | Link Following vulnerability in multiple products tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file. | 3.3 |
2014-05-08 | CVE-2014-1685 | Security Bypass vulnerability in Zabbix The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2.2.x before 2.2.2rc1 allows remote "Zabbix Admin" users to modify the media of arbitrary users via unspecified vectors. | 5.5 |
2014-05-08 | CVE-2014-1682 | Improper Authentication vulnerability in multiple products The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request. | 4.0 |
2014-05-08 | CVE-2014-0190 | Null Pointer Dereference vulnerability in multiple products The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image. | 4.3 |
2014-05-08 | CVE-2014-0135 | Permissions, Privileges, and Access Controls vulnerability in Theforeman Kafo Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses world-readable permissions for default_values.yaml, which allows local users to obtain passwords and other sensitive information by reading the file. | 1.9 |
2014-05-08 | CVE-2014-0134 | Information Exposure vulnerability in Openstack Compute 2013.2/2013.2.1/2013.2.2 The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image. | 3.5 |
2014-05-08 | CVE-2013-7041 | Cryptographic Issues vulnerability in Cristian Gafton PAM Userdb The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack. | 4.3 |
2014-05-08 | CVE-2013-3571 | Remote Denial of Service vulnerability in socat socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor consumption) via multiple request that are refused based on the (1) sourceport, (2) lowport, (3) range, or (4) tcpwrap restrictions. | 2.6 |