Skip to main content
CVE-2013-0233 MEDIUM POC PATCH THREAT This Month

Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 68.8%.

Authentication Bypass Devise Opensuse
NVD GitHub
CVSS 2.0
6.8
EPSS
68.8%
Threat
4.9
CVE-2013-1183 CRITICAL Act Now

Buffer overflow in the Intelligent Platform Management Interface (IPMI) functionality in the Manager component in Cisco Unified Computing System (UCS) 1.0 and 1.1 before 1.1(1j) and 1.2 before. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.6% and no vendor patch available.

Buffer Overflow RCE Cisco Unified Computing System Infrastructure And Unified Computing System Software Unified Computing System 6120Xp Fabric Interconnect +3
NVD
CVSS 2.0
10.0
EPSS
10.6%
CVE-2013-1969 HIGH POC This Week

Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service RCE Libxml2
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2013-0728 CRITICAL Act Now

Multiple stack-based buffer overflows in NCSAddOn.dll in the ERDAS APOLLO ECWP plugin before 13.00.0001 for Internet Explorer, Firefox, and Chrome allow remote attackers to execute arbitrary code via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Google RCE Erdas Apollo Ecwp +1
NVD
CVSS 2.0
10.0
EPSS
7.1%
CVE-2013-1948 CRITICAL Act Now

converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Md2Pdf
NVD
CVSS 2.0
10.0
EPSS
1.7%
CVE-2013-1180 CRITICAL Act Now

Buffer overflow in the SNMP implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allows remote. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Cisco Nx Os Nexus 7000 +4
NVD
CVSS 2.0
9.0
EPSS
4.4%
CVE-2013-1179 CRITICAL Act Now

Multiple buffer overflows in the (1) SNMP and (2) License Manager implementations in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Cisco Nx Os Nexus 7000 +4
NVD
CVSS 2.0
9.0
EPSS
4.4%
CVE-2013-1933 CRITICAL Act Now

The extract_from_ocr function in lib/docsplit/text_extractor.rb in the Karteek Docsplit (karteek-docsplit) gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Karteek Docsplit
NVD
CVSS 2.0
9.3
EPSS
2.8%
CVE-2013-3055 CRITICAL Act Now

Lexmark Markvision Enterprise before 1.8 provides a diagnostic interface on TCP port 9789, which allows remote attackers to execute arbitrary code, change the configuration, or obtain sensitive. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation RCE Markvision
NVD
CVSS 2.0
9.3
EPSS
2.7%
CVE-2013-1947 CRITICAL Act Now

kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to (1) document.rb, (2) video.rb, or (3). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Kelredd Pruview
NVD
CVSS 2.0
9.3
EPSS
2.0%
CVE-2013-1192 CRITICAL Act Now

The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Microsoft Cisco Adaptive Security Appliance Device Manager Nexus 5000 +8
NVD
CVSS 2.0
9.3
EPSS
0.8%
CVE-2013-1185 CRITICAL Act Now

The web interface in the Manager component in Cisco Unified Computing System (UCS) 1.x and 2.x before 2.0(2m) allows remote attackers to obtain sensitive information by reading a (1). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Cisco Unified Computing System Infrastructure And Unified Computing System Software Unified Computing System 6120Xp Fabric Interconnect Unified Computing System 6140Xp Fabric Interconnect +3
NVD
CVSS 2.0
9.3
EPSS
0.6%
CVE-2013-1182 CRITICAL Act Now

The login page in the Web Console in the Manager component in Cisco Unified Computing System (UCS) before 1.0(2h), 1.1 before 1.1(1j), and 1.3(x) allows remote attackers to bypass LDAP authentication. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Cisco Unified Computing System Infrastructure And Unified Computing System Software Unified Computing System 6120Xp Fabric Interconnect Unified Computing System 6140Xp Fabric Interconnect +3
NVD
CVSS 2.0
9.3
EPSS
0.4%
CVE-2013-1949 MEDIUM POC This Month

Social Media Widget (social-media-widget) plugin 4.0 for WordPress contains an externally introduced modification (Trojan Horse), which allows remote attackers to force the upload of arbitrary files. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Social Media Widget
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-1178 HIGH This Week

Multiple buffer overflows in the Cisco Discovery Protocol (CDP) implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(4) and 6.x before 6.1(1), Nexus 5000 and 5500 devices 4.x. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Cisco Nx Os Nexus 7000 +25
NVD
CVSS 2.0
8.3
EPSS
1.6%
CVE-2013-1915 HIGH PATCH This Week

ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE Modsecurity Opensuse Fedora +1
NVD GitHub
CVSS 2.0
7.5
EPSS
4.8%
CVE-2013-1184 HIGH This Week

The management API in the XML API management service in the Manager component in Cisco Unified Computing System (UCS) 1.x before 1.2(1b) allows remote attackers to cause a denial of service (service. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Unified Computing System Infrastructure And Unified Computing System Software Unified Computing System 6120Xp Fabric Interconnect Unified Computing System 6140Xp Fabric Interconnect +3
NVD
CVSS 2.0
7.8
EPSS
0.8%
CVE-2013-1181 HIGH This Week

Cisco NX-OS on Nexus 5500 devices 4.x and 5.x before 5.0(3)N2(2), Nexus 3000 devices 5.x before 5.0(3)U3(2), and Unified Computing System (UCS) 6200 devices before 2.0(1w) allows remote attackers to. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Nx Os Nexus 5548P Nexus 5548Up +9
NVD
CVSS 2.0
7.8
EPSS
0.8%
CVE-2013-0175 HIGH PATCH This Week

multi_xml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote attackers to conduct object-injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE Multi Xml Grape
NVD GitHub
CVSS 2.0
7.5
EPSS
1.3%
CVE-2013-1186 HIGH This Week

Cisco Unified Computing System (UCS) 1.x before 1.4(4) and 2.x before 2.0(2m) allows remote attackers to bypass KVM authentication via a crafted authentication request to a Cisco Integrated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Unified Computing System Infrastructure And Unified Computing System Software Unified Computing System 6120Xp Fabric Interconnect Unified Computing System 6140Xp Fabric Interconnect +3
NVD
CVSS 2.0
7.5
EPSS
0.2%
CVE-2013-1215 MEDIUM This Month

The vpnclient program in the Easy VPN component on Cisco Adaptive Security Appliances (ASA) 5505 devices allows local users to gain privileges via unspecified vectors, aka Bug ID CSCuf85295. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Adaptive Security Appliance Software 5500 Series Adaptive Security Appliance Asa 5500
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-3269 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0 allows remote attackers to hijack the authentication of arbitrary users for requests that change. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Microsoft Cybozu Office
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-2305 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0, Cybozu Dezie before 8.0.7, and Cybozu Mailwise before 5.0.4 allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Microsoft Cybozu Office Cybozu Dezie Mailwise
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-2696 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the All in One Webmaster plugin before 8.2.4 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF WordPress XSS All In On Webmaster
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-2767 MEDIUM This Month

Unspecified vulnerability in Citrix NetScaler Access Gateway Enterprise Edition (AGEE) before 9.3.62.4 and 10.x through 10.0.74.4, and NetScaler AGEE Common Criteria build before 9.3.53.6, allows. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Citrix Authentication Bypass Netscaler Access Gateway Firmware Netscaler Access Gateway
NVD
CVSS 2.0
5.4
EPSS
0.3%
CVE-2012-4466 MEDIUM This Month

Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Ruby
NVD
CVSS 2.0
5.0
EPSS
1.2%
CVE-2012-4464 MEDIUM This Month

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Ruby
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-0338 MEDIUM This Month

libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Libxml2 Ubuntu Linux Opensuse
NVD
CVSS 2.0
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy