CVE & Exploit Intelligence Database

CVE-2013-2637 6.1 MEDIUM 1 PoC Analysis EPSS 0.01

A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code.

CWE-79 Feb 12, 2020

CVE-2014-2030 8.8 HIGH 1 PoC Analysis EPSS 0.19

Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947.

CWE-787 Feb 06, 2020

CVE-2014-1958 8.8 HIGH EPSS 0.01

Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030.

CWE-120 Feb 06, 2020

CVE-2013-3565 6.1 MEDIUM EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua.

CWE-79 Jan 31, 2020

CVE-2006-7246 6.8 MEDIUM EPSS 0.00

NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.

CWE-295 Jan 27, 2020

CVE-2015-5333 7.5 HIGH EPSS 0.02

Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates.

CWE-400 Jan 23, 2020

CVE-2015-5334 9.8 CRITICAL EPSS 0.10

Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508.

CWE-787 Jan 23, 2020

CVE-2015-2326 5.5 MEDIUM EPSS 0.01

The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/".

CWE-125 Jan 14, 2020

CVE-2015-2325 7.8 HIGH EPSS 0.00

The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.

CWE-125 Jan 14, 2020

CVE-2012-2142 7.8 HIGH EPSS 0.01

The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.

Jan 09, 2020

CVE-2012-2736 4.4 MEDIUM EPSS 0.00

In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network.

CWE-306 Dec 26, 2019

CVE-2014-8179 7.5 HIGH EPSS 0.01

Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation.

CWE-20 Dec 17, 2019

CVE-2014-8178 5.5 MEDIUM EPSS 0.00

Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands.

CWE-20 Dec 17, 2019

CVE-2014-3495 7.5 HIGH EPSS 0.00

duplicity 0.6.24 has improper verification of SSL certificates

CWE-295 Dec 13, 2019

CVE-2014-2387 4.4 MEDIUM EPSS 0.00

Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities

CWE-668 Dec 13, 2019

CVE-2013-7370 6.1 MEDIUM EPSS 0.01

node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware

CWE-79 Dec 11, 2019

CVE-2016-1000104 8.8 HIGH EPSS 0.00

A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.

CWE-20 Dec 03, 2019

CVE-2013-2625 6.5 MEDIUM EPSS 0.00

An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified

CWE-269 Nov 27, 2019

CVE-2012-6655 3.3 LOW EPSS 0.00

An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.

CWE-732 Nov 27, 2019

CVE-2011-1588 7.8 HIGH 1 Writeup EPSS 0.00

Thunar before 1.3.1 could crash when copy and pasting a file name with % format characters due to a format string error.

CWE-134 Nov 14, 2019