Skip to main content
CVE-2013-1775 MEDIUM POC This Month

sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

Privilege Escalation Sudo Mac Os X
NVD Exploit-DB
CVSS 2.0
6.9
EPSS
8.1%
CVE-2013-0198 MEDIUM POC This Month

Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Dnsmasq
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2013-0288 MEDIUM This Month

nss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code by performing a name lookup. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service RCE Nss Pam Ldapd
NVD
CVSS 2.0
6.8
EPSS
2.9%
CVE-2012-6026 MEDIUM This Month

The HTTP Profiler on the Cisco Aironet Access Point with software 15.2 and earlier does not properly manage buffers, which allows remote attackers to cause a denial of service (device reload) via. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Aironet Access Point Software
NVD
CVSS 2.0
6.1
EPSS
0.1%
CVE-2013-0931 MEDIUM This Month

EMC RSA Authentication Agent 7.1.x before 7.1.2 on Windows does not enforce the Quick PIN Unlock timeout feature, which allows physically proximate attackers to bypass the passcode requirement for a. Rated medium severity (CVSS 5.4). No vendor patch available.

Microsoft Authentication Bypass Authentication Agent For Windows
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2013-1415 MEDIUM PATCH This Month

The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Kerberos 5 Opensuse
NVD GitHub
CVSS 2.0
5.0
EPSS
1.6%
CVE-2012-3411 MEDIUM PATCH This Month

Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Dnsmasq Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Workstation
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2012-1016 MEDIUM PATCH This Month

The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Kerberos 5
NVD GitHub
CVSS 2.0
5.0
EPSS
0.6%
CVE-2013-0909 MEDIUM This Month

The XSS Auditor in Google Chrome before 25.0.1364.152 allows remote attackers to obtain sensitive HTTP Referer information via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Google XSS Chrome
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2012-4840 MEDIUM This Month

IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote attackers to conduct XPath injection attacks, and call XPath extension. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Code Injection RCE Cognos Business Intelligence
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2012-4855 MEDIUM This Month

Unspecified vulnerability in the web services framework in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 through 7.0.0.6 allows remote attackers to cause a denial of service (login outage) via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service IBM Websphere Commerce
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2012-2177 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows user-assisted remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Cognos Business Intelligence
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-4835 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote attackers to inject arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Cognos Business Intelligence
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2012-2193 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Query Studio in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows user-assisted remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Cognos Business Intelligence
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2012-4837 MEDIUM This Month

IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote authenticated users to conduct XPath injection attacks, and read. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Cognos Business Intelligence
NVD
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy