Skip to main content
CVE-2013-1828 MEDIUM POC PATCH This Month

The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does not validate a size value before proceeding to a copy_from_user operation, which allows local users. Rated medium severity (CVSS 6.9). Public exploit code available.

Linux Information Disclosure Linux Kernel
NVD Exploit-DB GitHub
CVSS 2.0
6.9
EPSS
0.2%
CVE-2013-1860 MEDIUM POC PATCH This Month

Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system. Rated medium severity (CVSS 6.9). Public exploit code available.

Buffer Overflow Denial Of Service Linux RCE Linux Kernel +1
NVD GitHub
CVSS 2.0
6.9
EPSS
0.1%
CVE-2013-1798 MEDIUM POC PATCH This Month

The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations,. Rated medium severity (CVSS 6.2). Public exploit code available.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
6.2
EPSS
0.3%
CVE-2013-1827 MEDIUM POC PATCH This Month

net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN. Rated medium severity (CVSS 6.2). Public exploit code available.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
6.2
EPSS
0.1%
CVE-2013-1848 MEDIUM POC PATCH This Month

fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and. Rated medium severity (CVSS 6.2). Public exploit code available.

Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 2.0
6.2
EPSS
0.1%
CVE-2013-2501 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Terillion Reviews plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ProfileId field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress XSS Terillion Reviews Plugin
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
6.2%
CVE-2013-0731 MEDIUM POC This Month

ajax.functions.php in the MailUp plugin before 1.3.3 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Privilege Escalation PHP XSS Wp Mailup
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2013-2640 MEDIUM POC This Month

ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Privilege Escalation PHP XSS Wp Mailup
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-1865 MEDIUM PATCH This Month

OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Folsom Ubuntu Linux
NVD
CVSS 2.0
6.8
EPSS
1.2%
CVE-2013-1796 MEDIUM PATCH This Month

The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS. Rated medium severity (CVSS 6.8). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
6.8
EPSS
1.1%
CVE-2013-1797 MEDIUM This Month

Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other. Rated medium severity (CVSS 6.8). No vendor patch available.

Buffer Overflow Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
6.8
EPSS
0.6%
CVE-2013-1826 MEDIUM This Month

The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux kernel before 3.5.7 does not properly handle error conditions in dump_one_state function calls, which allows local users to gain. Rated medium severity (CVSS 6.2). No vendor patch available.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
6.2
EPSS
0.1%
CVE-2013-0335 MEDIUM PATCH This Month

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Privilege Escalation Essex Folsom Grizzly Ubuntu Linux
NVD
CVSS 2.0
6.0
EPSS
1.0%
CVE-2013-1792 MEDIUM This Month

Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Linux Race Condition Linux Kernel
NVD GitHub
CVSS 2.0
4.7
EPSS
0.0%
CVE-2013-1838 MEDIUM PATCH This Month

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Essex Folsom Grizzly Ubuntu Linux
NVD
CVSS 2.0
4.0
EPSS
1.4%
CVE-2013-0914 LOW Monitor

The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Linux Linux Kernel
NVD GitHub
CVSS 2.0
3.6
EPSS
0.0%
CVE-2013-1840 LOW PATCH Monitor

The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Glance
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2013-2636 LOW PATCH Monitor

net/bridge/br_mdb.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application. Rated low severity (CVSS 1.9).

Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 2.0
1.9
EPSS
0.1%
CVE-2013-2635 LOW PATCH Monitor

The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux kernel before 3.8.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from. Rated low severity (CVSS 1.9).

Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 2.0
1.9
EPSS
0.0%
CVE-2013-2634 LOW PATCH Monitor

net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. Rated low severity (CVSS 1.9).

Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 2.0
1.9
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy