Skip to main content
CVE-2013-1911 MEDIUM POC This Month

lib/ldoce/word.rb in the ldoce 0.0.2 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in (1) an mp3 URL or (2) file name. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Ldoce
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2013-1664 MEDIUM POC PATCH This Month

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Buffer Overflow Denial Of Service Cinder Folsom Compute Nova Essex +4
NVD
CVSS 2.0
5.0
EPSS
3.9%
CVE-2012-1038 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the WebAAA login functionality (wba_login.html) in Juniper Networks Mobility System Software (MSS) 7.6.x before 7.6.3, 7.7.x before 7.7.1, 7.5.x before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Juniper XSS Networks Mobility System Software
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
1.1%
CVE-2013-0800 MEDIUM PATCH This Month

Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Buffer Overflow Mozilla RCE Firefox Seamonkey +8
NVD
CVSS 2.0
6.8
EPSS
2.8%
CVE-2013-0797 MEDIUM This Month

Untrusted search path vulnerability in the Mozilla Updater in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey. Rated medium severity (CVSS 6.9). No vendor patch available.

Mozilla Information Disclosure Firefox Thunderbird Thunderbird Esr +1
NVD
CVSS 2.0
6.9
EPSS
0.2%
CVE-2013-0794 MEDIUM This Month

Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prevent origin spoofing of tab-modal dialogs, which allows remote attackers to conduct phishing attacks via a crafted web site. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Firefox Seamonkey
NVD
CVSS 2.0
5.8
EPSS
0.6%
CVE-2013-1665 MEDIUM PATCH This Month

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Python Information Disclosure XXE Folsom Keystone Essex
NVD
CVSS 2.0
5.0
EPSS
3.0%
CVE-2013-0791 MEDIUM PATCH This Month

The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Mozilla Firefox Network Security Services +10
NVD
CVSS 2.0
5.0
EPSS
2.1%
CVE-2013-0793 MEDIUM This Month

Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 do not ensure the correctness of the address bar. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Firefox Thunderbird Thunderbird Esr +1
NVD
CVSS 2.0
4.3
EPSS
1.5%
CVE-2013-0792 MEDIUM This Month

Mozilla Firefox before 20.0 and SeaMonkey before 2.17, when gfx.color_management.enablev4 is used, do not properly handle color profiles during PNG rendering, which allows remote attackers to obtain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Buffer Overflow Denial Of Service Information Disclosure Firefox +1
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2013-0798 MEDIUM This Month

Mozilla Firefox before 20.0 on Android uses world-writable and world-readable permissions for the app_tmp installation directory in the local filesystem, which allows attackers to modify add-ons. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Mozilla Google Firefox
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-4546 MEDIUM This Month

The default configuration for IPA servers in Red Hat Enterprise Linux 6, when revoking a certificate from an Identity Management replica, does not properly update another Identity Management replica,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Authentication Bypass Enterprise Linux
NVD
CVSS 2.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy