Skip to main content
CVE-2013-2492 MEDIUM POC THREAT This Month

Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 86.7%.

Buffer Overflow Microsoft RCE Firebird
NVD GitHub Exploit-DB
CVSS 2.0
6.8
EPSS
86.7%
Threat
5.5
CVE-2013-2566 MEDIUM POC THREAT This Month

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 90.8%.

Information Disclosure Communications Application Session Controller Http Server Integrated Lights Out Manager Firmware Sparc Enterprise M3000 Firmware +12
NVD
CVSS 3.0
5.9
EPSS
90.8%
Threat
5.4
CVE-2013-2560 HIGH POC This Week

Directory traversal vulnerability in the web interface on Foscam devices with firmware before 11.37.2.49 allows remote attackers to read arbitrary files via a .. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Fi8919W
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
9.0%
CVE-2013-0971 MEDIUM This Month

Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted ink annotations. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple RCE Mac Os X Mac Os X Server
NVD
CVSS 2.0
6.8
EPSS
1.5%
CVE-2013-0976 MEDIUM This Month

IOAcceleratorFamily in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted graphics image. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple RCE Mac Os X
NVD
CVSS 2.0
6.8
EPSS
1.3%
CVE-2013-0961 MEDIUM This Month

WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple RCE Safari
NVD
CVSS 2.0
6.8
EPSS
1.2%
CVE-2013-0960 MEDIUM This Month

WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple RCE Safari
NVD
CVSS 2.0
6.8
EPSS
1.2%
CVE-2013-0973 MEDIUM This Month

Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Apple Mac Os X Mac Os X Server
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-2373 MEDIUM This Month

The Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 does not properly implement access control, which allows remote attackers to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Spotfire Web Player
NVD
CVSS 2.0
6.4
EPSS
0.3%
CVE-2013-0966 MEDIUM This Month

The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Apple Authentication Bypass Mac Os X Mac Os X Server
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2013-2371 MEDIUM This Month

The Web API in the Statistics Server in TIBCO Spotfire Statistics Services 3.3.x before 3.3.1, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to obtain sensitive information via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Spotfire Statistics Services
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-0969 MEDIUM This Month

Login Window in Apple Mac OS X before 10.8.3 does not prevent application launching with the VoiceOver feature, which allows physically proximate attackers to bypass authentication and make arbitrary. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Mac Os X
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2013-2372 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Spotfire Web Player
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-0967 MEDIUM This Month

CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Apple Authentication Bypass Mac Os X Mac Os X Server
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-0970 MEDIUM This Month

Messages in Apple Mac OS X before 10.8.3 allows remote attackers to bypass the FaceTime call-confirmation prompt via a crafted FaceTime: URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Authentication Bypass Mac Os X
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-0248 LOW PATCH Monitor

The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary. Rated low severity (CVSS 3.3).

Privilege Escalation Apache Commons Fileupload
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2013-2547 LOW Monitor

The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel Enterprise Mrg
NVD GitHub
CVSS 2.0
2.1
EPSS
0.1%
CVE-2012-6536 LOW PATCH Monitor

net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not verify that the actual Netlink message length is consistent with a certain header field, which allows local users to obtain sensitive. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Linux Linux Kernel
NVD GitHub
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-2548 LOW Monitor

The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation,. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel Enterprise Mrg
NVD GitHub
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-2546 LOW Monitor

The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel Enterprise Mrg
NVD GitHub
CVSS 2.0
2.1
EPSS
0.1%
CVE-2012-6542 LOW PATCH Monitor

The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from. Rated low severity (CVSS 1.9). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Linux Linux Kernel Enterprise Linux
NVD GitHub
CVSS 2.0
1.9
EPSS
0.1%
CVE-2012-6537 LOW PATCH Monitor

net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN. Rated low severity (CVSS 1.9). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Linux Linux Kernel Enterprise Linux
NVD GitHub
CVSS 2.0
1.9
EPSS
0.1%
CVE-2012-6545 LOW PATCH Monitor

The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a. Rated low severity (CVSS 1.9). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Linux Enterprise Linux Linux Kernel
NVD GitHub
CVSS 2.0
1.9
EPSS
0.1%
CVE-2012-6544 LOW PATCH Monitor

The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a. Rated low severity (CVSS 1.9). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Linux Linux Kernel Enterprise Linux
NVD GitHub
CVSS 2.0
1.9
EPSS
0.1%
CVE-2012-6538 LOW PATCH Monitor

The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive. Rated low severity (CVSS 1.9). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Linux Linux Kernel Enterprise Linux
NVD GitHub
CVSS 2.0
1.9
EPSS
0.1%
CVE-2012-6543 LOW PATCH Monitor

The l2tp_ip6_getname function in net/l2tp/l2tp_ip6.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from. Rated low severity (CVSS 1.9). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Linux Linux Kernel
NVD GitHub
CVSS 2.0
1.9
EPSS
0.1%
CVE-2012-6540 LOW PATCH Monitor

The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 3.6 does not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allows local users to. Rated low severity (CVSS 1.9). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Linux Linux Kernel
NVD GitHub
CVSS 2.0
1.9
EPSS
0.1%
CVE-2012-6539 LOW PATCH Monitor

The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a. Rated low severity (CVSS 1.9). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Linux Linux Kernel
NVD GitHub
CVSS 2.0
1.9
EPSS
0.1%
CVE-2012-6541 LOW PATCH Monitor

The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from. Rated low severity (CVSS 1.9). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Linux Linux Kernel
NVD GitHub
CVSS 2.0
1.9
EPSS
0.1%
CVE-2012-6548 LOW PATCH Monitor

The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap. Rated low severity (CVSS 1.9). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Linux Linux Kernel Enterprise Linux
NVD GitHub
CVSS 2.0
1.9
EPSS
0.0%
CVE-2012-6549 LOW PATCH Monitor

The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from. Rated low severity (CVSS 1.9). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Linux Linux Kernel
NVD GitHub
CVSS 2.0
1.9
EPSS
0.0%
CVE-2012-6547 LOW PATCH Monitor

The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack. Rated low severity (CVSS 1.9). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Linux Linux Kernel
NVD GitHub
CVSS 2.0
1.9
EPSS
0.0%
CVE-2012-6546 LOW PATCH Monitor

The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted. Rated low severity (CVSS 1.9). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Linux Linux Kernel Enterprise Linux
NVD GitHub
CVSS 2.0
1.9
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy