Skip to main content
CVE-2013-1828 MEDIUM POC PATCH This Month

The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does not validate a size value before proceeding to a copy_from_user operation, which allows local users. Rated medium severity (CVSS 6.9). Public exploit code available.

Linux Information Disclosure Linux Kernel
NVD Exploit-DB GitHub
CVSS 2.0
6.9
EPSS
0.2%
CVE-2013-1860 MEDIUM POC PATCH This Month

Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system. Rated medium severity (CVSS 6.9). Public exploit code available.

Buffer Overflow Denial Of Service Linux RCE Linux Kernel +1
NVD GitHub
CVSS 2.0
6.9
EPSS
0.1%
CVE-2013-1798 MEDIUM POC PATCH This Month

The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations,. Rated medium severity (CVSS 6.2). Public exploit code available.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
6.2
EPSS
0.3%
CVE-2013-1827 MEDIUM POC PATCH This Month

net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN. Rated medium severity (CVSS 6.2). Public exploit code available.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
6.2
EPSS
0.1%
CVE-2013-1848 MEDIUM POC PATCH This Month

fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and. Rated medium severity (CVSS 6.2). Public exploit code available.

Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 2.0
6.2
EPSS
0.1%
CVE-2013-2501 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Terillion Reviews plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ProfileId field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress XSS Terillion Reviews Plugin
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
6.2%
CVE-2013-0731 MEDIUM POC This Month

ajax.functions.php in the MailUp plugin before 1.3.3 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Privilege Escalation PHP XSS Wp Mailup
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2013-2640 MEDIUM POC This Month

ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Privilege Escalation PHP XSS Wp Mailup
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-1865 MEDIUM PATCH This Month

OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Folsom Ubuntu Linux
NVD
CVSS 2.0
6.8
EPSS
1.2%
CVE-2013-1796 MEDIUM PATCH This Month

The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS. Rated medium severity (CVSS 6.8). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
6.8
EPSS
1.1%
CVE-2013-1797 MEDIUM This Month

Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other. Rated medium severity (CVSS 6.8). No vendor patch available.

Buffer Overflow Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
6.8
EPSS
0.6%
CVE-2013-1826 MEDIUM This Month

The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux kernel before 3.5.7 does not properly handle error conditions in dump_one_state function calls, which allows local users to gain. Rated medium severity (CVSS 6.2). No vendor patch available.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
6.2
EPSS
0.1%
CVE-2013-0335 MEDIUM PATCH This Month

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Privilege Escalation Essex Folsom Grizzly Ubuntu Linux
NVD
CVSS 2.0
6.0
EPSS
1.0%
CVE-2013-1792 MEDIUM This Month

Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Linux Race Condition Linux Kernel
NVD GitHub
CVSS 2.0
4.7
EPSS
0.0%
CVE-2013-1838 MEDIUM PATCH This Month

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Essex Folsom Grizzly Ubuntu Linux
NVD
CVSS 2.0
4.0
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy