7.5

CVE-2014-2053

getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Getid3Getid3 Version <= 1.9.7
Getid3Getid3 Version1.9.0
Getid3Getid3 Version1.9.1
Getid3Getid3 Version1.9.2
Getid3Getid3 Version1.9.3
Getid3Getid3 Version1.9.4 Updateb1
Getid3Getid3 Version1.9.5
Getid3Getid3 Version1.9.6
OwncloudOwncloud Server Updatea Version <= 5.0.14
OwncloudOwncloud Server Version5.0.0
OwncloudOwncloud Server Version5.0.1
OwncloudOwncloud Server Version5.0.2
OwncloudOwncloud Server Version5.0.3
OwncloudOwncloud Server Version5.0.4
OwncloudOwncloud Server Version5.0.5
OwncloudOwncloud Server Version5.0.6
OwncloudOwncloud Server Version5.0.7
OwncloudOwncloud Server Version5.0.8
OwncloudOwncloud Server Version5.0.9
OwncloudOwncloud Server Version5.0.10
OwncloudOwncloud Server Version5.0.11
OwncloudOwncloud Server Version5.0.12
OwncloudOwncloud Server Version5.0.13
OwncloudOwncloud Server Version5.0.14
Getid3Getid3 Version <= 1.9.7
Getid3Getid3 Version1.9.0
Getid3Getid3 Version1.9.1
Getid3Getid3 Version1.9.2
Getid3Getid3 Version1.9.3
Getid3Getid3 Version1.9.4 Updateb1
Getid3Getid3 Version1.9.5
Getid3Getid3 Version1.9.6
OwncloudOwncloud Server Version6.0.0
OwncloudOwncloud Server Version6.0.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.65% 0.852
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P