Skip to main content
CVE-2013-1488 CRITICAL POC THREAT Emergency

The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 86.3%.

Code Injection Java Oracle RCE Jdk +1
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
86.3%
Threat
6.1
CVE-2013-0249 HIGH POC THREAT Act Now

Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 44.2%.

Buffer Overflow Denial Of Service RCE Curl Libcurl +1
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
44.2%
Threat
4.3
CVE-2013-1491 CRITICAL Act Now

The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 19.6% and no vendor patch available.

Code Injection Java Oracle RCE Jdk +1
NVD
CVSS 2.0
10.0
EPSS
19.6%
CVE-2013-0401 CRITICAL Act Now

The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.1% and no vendor patch available.

Code Injection Java Oracle RCE Jdk +1
NVD
CVSS 2.0
10.0
EPSS
10.1%
CVE-2013-0402 CRITICAL Act Now

Heap-based buffer overflow in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Java Oracle RCE Javafx +2
NVD
CVSS 2.0
10.0
EPSS
5.1%
CVE-2013-0261 HIGH This Week

(1) installer/basedefs.py and (2) modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2013-1656 MEDIUM POC PATCH This Month

Spree Commerce 1.0.x through 1.3.2 allows remote authenticated administrators to instantiate arbitrary Ruby objects and execute arbitrary commands via the (1) payment_method parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Spree
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-1050 HIGH This Week

The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Gnome Screensaver
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2013-1762 MEDIUM This Month

stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Code Injection RCE Stunnel
NVD
CVSS 2.0
6.6
EPSS
2.0%
CVE-2013-0266 MEDIUM This Month

manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Race Condition
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2012-4066 MEDIUM This Month

The internal message protocol for Walrus in Eucalyptus 3.2.0 and earlier does not require signatures for unspecified request headers, which allows attackers to (1) delete or (2) upload snapshots. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Eucalyptus
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-0308 MEDIUM This Month

The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Git
NVD GitHub
CVSS 2.0
4.3
EPSS
1.0%
CVE-2013-2506 MEDIUM PATCH This Month

app/models/spree/user.rb in spree_auth_devise in Spree 1.1.x before 1.1.6, 1.2.x, and 1.3.x does not perform mass assignment safely when updating a user, which allows remote authenticated users to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Spree
NVD GitHub
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy