Skip to main content
CVE-2013-1927 MEDIUM This Month

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR.". Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Java RCE Icedtea Web Ubuntu Linux Opensuse
NVD
CVSS 2.0
6.8
EPSS
2.5%
CVE-2013-1196 MEDIUM This Month

The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System,. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cisco Application Networking Manager Context Directory Agent Identity Services Engine Software +8
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-1226 MEDIUM This Month

The Ethernet frame-forwarding implementation in Cisco NX-OS on Nexus 7000 devices allows remote attackers to cause a denial of service (forwarding loop and service outage) via a crafted frame, aka. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Nx Os Nexus 7000 +3
NVD
CVSS 2.0
6.1
EPSS
0.5%
CVE-2013-1926 MEDIUM This Month

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Icedtea Web Ubuntu Linux Opensuse
NVD
CVSS 2.0
5.8
EPSS
0.9%
CVE-2013-1914 MEDIUM This Month

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Glibc
NVD
CVSS 2.0
5.0
EPSS
3.1%
CVE-2013-1944 MEDIUM This Month

The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Curl Libcurl Ubuntu Linux
NVD GitHub
CVSS 2.0
5.0
EPSS
2.5%
CVE-2012-5221 MEDIUM This Month

Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal HP Color Laserjet 3000 Color Laserjet 3800 Color Laserjet 4700 +34
NVD
CVSS 2.0
5.0
EPSS
2.1%
CVE-2013-2015 MEDIUM PATCH This Month

The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers. Rated medium severity (CVSS 4.7).

Denial Of Service Linux Linux Kernel Enterprise Linux Enterprise Mrg
NVD GitHub
CVSS 2.0
4.7
EPSS
0.1%
CVE-2013-1928 MEDIUM This Month

The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive. Rated medium severity (CVSS 4.7). No vendor patch available.

Information Disclosure Linux Linux Kernel Enterprise Linux
NVD GitHub
CVSS 2.0
4.7
EPSS
0.1%
CVE-2013-1219 MEDIUM This Month

SensorApp in Cisco Intrusion Prevention System (IPS) allows local users to cause a denial of service (Regex hardware job failure and application hang) via a (1) initiate signature upgrade, (2). Rated medium severity (CVSS 4.4). No vendor patch available.

Denial Of Service Cisco Intrusion Prevention System
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2013-3302 MEDIUM This Month

Race condition in the smb_send_rqst function in fs/cifs/transport.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly. Rated medium severity (CVSS 4.4). No vendor patch available.

Denial Of Service Linux Race Condition Linux Kernel
NVD GitHub
CVSS 2.0
4.4
EPSS
0.1%
CVE-2013-1227 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via unspecified vectors,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Unified Communications Domain Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-1198 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in a Flash component in Cisco Unified Computing System (UCS) Central allows remote attackers to inject arbitrary web script or HTML via unspecified vectors,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Unified Computing System Software
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-1216 MEDIUM This Month

Memory leak in the SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (memory consumption and process restart) via crafted SNMP packets, aka Bug ID CSCue31546. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Apple Cisco Ios Xr
NVD
CVSS 2.0
4.0
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy