Vulnerabilities > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-03-29 | CVE-2014-2670 | Cross-Site Scripting vulnerability in Zohocorp Manageengine Opstor 8.3 Cross-site scripting (XSS) vulnerability in Properties.do in ZOHO ManageEngine OpStor before build 8500 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter, a different vulnerability than CVE-2014-0344. | 3.5 |
| 2014-03-26 | CVE-2014-1826 | Cross-Site Scripting vulnerability in Ithoughts Ithoughtshd 4.19 Cross-site scripting (XSS) vulnerability in the iThoughtsHD app 4.19 for iOS on iPad devices, when the WiFi Transfer feature is used, allows remote attackers to inject arbitrary web script or HTML via a crafted map name. | 2.6 |
| 2014-03-26 | CVE-2014-0848 | Cryptographic Issues vulnerability in IBM Netezza Performance Portal The (1) ssl.conf and (2) httpd.conf files in the Apache HTTP Server component in IBM Netezza Performance Portal 2.0 before 2.0.0.4 have weak SSLCipherSuite values, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. | 3.5 |
| 2014-03-26 | CVE-2013-3998 | Code Injection vulnerability in IBM Infosphere Biginsights CRLF injection vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before 2.1 FP2 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 3.5 |
| 2014-03-26 | CVE-2013-3976 | Permissions, Privileges, and Access Controls vulnerability in IBM products The (1) Data Protection for Exchange component 6.1 before 6.1.3.4 and 6.3 before 6.3.1 in IBM Tivoli Storage Manager for Mail and the (2) FlashCopy Manager for Exchange component 2.2 and 3.1 before 3.1.1 in IBM Tivoli Storage FlashCopy Manager do not properly constrain mailbox contents during certain PST restore operations, which allows remote authenticated users to read the personal e-mail of other users in opportunistic circumstances by launching an e-mail client after an administrator performs a multiple-mailbox restore. | 2.1 |
| 2014-03-25 | CVE-2014-0884 | Cross-Site Scripting vulnerability in IBM Lotus Protector for Mail Security 2.8/2.8.1 Cross-site scripting (XSS) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2014-03-25 | CVE-2014-2573 | Permissions, Privileges, and Access Controls vulnerability in Openstack Compute 2013.2/2013.2.1/2013.2.2 The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image. | 2.3 |
| 2014-03-25 | CVE-2013-5951 | Cross-Site Scripting vulnerability in Extplorer 2.1.3 Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer 2.1.3, when used as a component for Joomla!, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) application.js.php in scripts/ or (2) admin.php, (3) copy_move.php, (4) functions.php, (5) header.php, or (6) upload.php in include/. | 2.6 |
| 2014-03-25 | CVE-2014-1515 | Information Exposure vulnerability in Mozilla Firefox Mozilla Firefox before 28.0.1 on Android processes a file: URL by copying a local file onto the SD card, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application. | 1.9 |
| 2014-03-24 | CVE-2014-2568 | USE After Free vulnerability in Linux Kernel Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. | 2.9 |