Skip to main content
CVE-2013-3268 CRITICAL Act Now

Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after a logout action, which has unspecified impact and remote attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Imanager
NVD
CVSS 2.0
10.0
EPSS
0.2%
CVE-2012-5218 HIGH This Week

HP ElitePad 900 PCs with BIOS F.0x before F.01 Update 1.0.0.8 do not enable the Secure Boot feature, which allows local users to bypass intended BIOS restrictions and boot unintended operating. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation HP Elitepad
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2013-1217 MEDIUM This Month

The generic input/output control implementation in Cisco IOS does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) by sending many. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Apple Cisco iOS
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-0543 MEDIUM This Month

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux, Solaris, and HP-UX, when a Local OS registry is used, does not. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

IBM HP Authentication Bypass Websphere Application Server
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-1088 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Apache Tomcat Imanager
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2012-6140 LOW POC Monitor

pam_google_authenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions. Rated low severity (CVSS 1.9). Public exploit code available and no vendor patch available.

Information Disclosure Google Authenticator
NVD
CVSS 2.0
1.9
EPSS
0.0%
CVE-2013-1214 MEDIUM This Month

The scripts editor in Cisco Unified Contact Center Express (aka Unified CCX) does not properly manage privileges for anonymous logins, which allows remote attackers to read arbitrary scripts by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Unified Contact Center Express Editor Software
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-1195 MEDIUM This Month

The time-based ACL implementation on Cisco Adaptive Security Appliances (ASA) devices, and in Cisco Firewall Services Module (FWSM), does not properly handle periodic statements for the time-range. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Firewall Services Module Adaptive Security Appliance Software
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2013-1957 MEDIUM This Month

The clone_mnt function in fs/namespace.c in the Linux kernel before 3.8.6 does not properly restrict changes to the MNT_READONLY flag, which allows local users to bypass an intended read-only. Rated medium severity (CVSS 4.7). No vendor patch available.

Privilege Escalation Linux Linux Kernel
NVD GitHub
CVSS 2.0
4.7
EPSS
0.0%
CVE-2013-0565 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the RPC adapter for the Web 2.0 and Mobile toolkit in IBM WebSphere Application Server (WAS) 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Websphere Application Server
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-0542 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Websphere Application Server
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-0544 MEDIUM This Month

Directory traversal vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal IBM Websphere Application Server
NVD
CVSS 2.0
4.0
EPSS
1.1%
CVE-2013-0540 LOW Monitor

IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.0.2, when SSL is not enabled, does not properly validate authentication cookies, which allows remote authenticated users to. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Authentication Bypass Websphere Application Server
NVD
CVSS 2.0
3.5
EPSS
0.1%
CVE-2013-1956 LOW Monitor

The create_user_ns function in kernel/user_namespace.c in the Linux kernel before 3.8.6 does not check whether a chroot directory exists that differs from the namespace root directory, which allows. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Linux Linux Kernel
NVD GitHub
CVSS 2.0
2.1
EPSS
0.0%
CVE-2013-0541 LOW Monitor

Buffer overflow in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Windows, when a localOS registry is used in. Rated low severity (CVSS 1.9). No vendor patch available.

Buffer Overflow Denial Of Service Microsoft IBM Websphere Application Server
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2013-1958 LOW Monitor

The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.8.6 does not properly enforce capability requirements for controlling the PID value associated with a UNIX domain socket,. Rated low severity (CVSS 1.9). No vendor patch available.

Privilege Escalation Linux Linux Kernel
NVD GitHub
CVSS 2.0
1.9
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy