Skip to main content
CVE-2013-1493 CRITICAL POC THREAT Emergency

The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 93.0%.

Java Denial Of Service Buffer Overflow Oracle RCE +2
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
93.0%
Threat
6.3
CVE-2013-1775 MEDIUM POC This Month

sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

Privilege Escalation Sudo Mac Os X
NVD Exploit-DB
CVSS 2.0
6.9
EPSS
8.1%
CVE-2013-0809 CRITICAL Act Now

Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle RCE Jre Jdk
NVD
CVSS 2.0
10.0
EPSS
8.2%
CVE-2013-0710 CRITICAL Act Now

Buffer overflow in Kingsoft Writer 2007 and 2010 before 2724 allows remote attackers to execute arbitrary code via a crafted RTF document. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 11.0% and no vendor patch available.

Buffer Overflow RCE Writer 2007 Writer 2010
NVD
CVSS 2.0
9.3
EPSS
11.0%
CVE-2013-0292 HIGH POC This Week

The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dbus Glib
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
0.2%
CVE-2012-4858 CRITICAL Act Now

IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 does not properly validate Java serialized input, which allows remote attackers to. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Information Disclosure IBM Cognos Business Intelligence
NVD
CVSS 2.0
9.3
EPSS
2.0%
CVE-2013-0198 MEDIUM POC This Month

Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Dnsmasq
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2013-0904 HIGH This Week

The Web Audio implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Google Chrome
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2013-0905 HIGH This Week

Use-after-free vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2013-0902 HIGH This Week

Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2013-0903 HIGH This Week

Use-after-free vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2013-0906 HIGH This Week

The IndexedDB implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Google Chrome
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2013-0907 HIGH This Week

Race condition in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Denial Of Service Race Condition Chrome
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2013-0910 HIGH This Week

Google Chrome before 25.0.1364.152 does not properly manage the interaction between the browser process and renderer processes during authorization of the loading of a plug-in, which makes it easier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2013-0911 HIGH This Week

Directory traversal vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to have an unspecified impact via vectors related to databases. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Path Traversal Chrome
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2013-0908 HIGH This Week

Google Chrome before 25.0.1364.152 does not properly manage bindings of extension processes, which has unspecified impact and attack vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome
NVD
CVSS 2.0
7.5
EPSS
0.2%
CVE-2013-0288 MEDIUM This Month

nss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code by performing a name lookup. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service RCE Nss Pam Ldapd
NVD
CVSS 2.0
6.8
EPSS
2.9%
CVE-2012-6026 MEDIUM This Month

The HTTP Profiler on the Cisco Aironet Access Point with software 15.2 and earlier does not properly manage buffers, which allows remote attackers to cause a denial of service (device reload) via. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Aironet Access Point Software
NVD
CVSS 2.0
6.1
EPSS
0.1%
CVE-2013-0931 MEDIUM This Month

EMC RSA Authentication Agent 7.1.x before 7.1.2 on Windows does not enforce the Quick PIN Unlock timeout feature, which allows physically proximate attackers to bypass the passcode requirement for a. Rated medium severity (CVSS 5.4). No vendor patch available.

Microsoft Authentication Bypass Authentication Agent For Windows
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2013-1415 MEDIUM PATCH This Month

The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Kerberos 5 Opensuse
NVD GitHub
CVSS 2.0
5.0
EPSS
1.6%
CVE-2012-3411 MEDIUM PATCH This Month

Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Dnsmasq Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Workstation
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2012-1016 MEDIUM PATCH This Month

The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Kerberos 5
NVD GitHub
CVSS 2.0
5.0
EPSS
0.6%
CVE-2013-0909 MEDIUM This Month

The XSS Auditor in Google Chrome before 25.0.1364.152 allows remote attackers to obtain sensitive HTTP Referer information via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Google XSS Chrome
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2012-4840 MEDIUM This Month

IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote attackers to conduct XPath injection attacks, and call XPath extension. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Code Injection RCE Cognos Business Intelligence
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2012-4855 MEDIUM This Month

Unspecified vulnerability in the web services framework in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 through 7.0.0.6 allows remote attackers to cause a denial of service (login outage) via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service IBM Websphere Commerce
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2012-2177 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows user-assisted remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Cognos Business Intelligence
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-4835 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote attackers to inject arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Cognos Business Intelligence
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2012-2193 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Query Studio in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows user-assisted remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Cognos Business Intelligence
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2012-4837 MEDIUM This Month

IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote authenticated users to conduct XPath injection attacks, and read. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Cognos Business Intelligence
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2012-4836 LOW Monitor

Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Cognos Business Intelligence
NVD
CVSS 2.0
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy