Skip to main content
CVE-2013-1896 MEDIUM POC THREAT This Month

mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 38.6%.

Denial Of Service Apache Http Server Jboss Enterprise Application Platform Enterprise Linux Desktop +7
NVD
CVSS 2.0
4.3
EPSS
38.6%
CVE-2013-3166 MEDIUM POC THREAT This Month

Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML via vectors involving incorrect auto-selection of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 18.0%.

Microsoft XSS Internet Explorer
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
18.0%
CVE-2013-1954 MEDIUM POC This Month

The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service RCE Vlc Media Player
NVD
CVSS 2.0
6.8
EPSS
2.3%
CVE-2013-3245 MEDIUM POC This Month

plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service RCE Vlc Media Player
NVD
CVSS 3.1
6.3
EPSS
1.9%
CVE-2012-5855 MEDIUM POC This Month

The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Vlc Media Player
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-3154 MEDIUM This Month

The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan. Rated medium severity (CVSS 6.9). No vendor patch available.

Privilege Escalation Microsoft Windows Defender Windows 7 Windows Server 2008
NVD
CVSS 2.0
6.9
EPSS
3.8%
CVE-2013-2853 MEDIUM This Month

The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ensure that headers are terminated by \r\n\r\n (carriage return, newline, carriage return, newline), which allows. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Google Chrome
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-3400 MEDIUM This Month

The license-installation module in Cisco NX-OS on Nexus 1000V devices allows local users to execute arbitrary commands via crafted "install license" arguments, aka Bug ID CSCuh30824. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cisco Nx Os Nexus 1000V
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-3408 MEDIUM This Month

The firmware on Cisco Virtualization Experience Client 6000 devices sets incorrect operating-system permissions, which allows local users to gain privileges via an unspecified sequence of commands,. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Virtualization Experience Client 6000 Series Firmware Virtualization Experience Client 6000 Virtualization Experience Client 6215
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-2786 MEDIUM This Month

Alstom Grid MiCOM S1 Agile before 1.0.3 and Alstom Grid MiCOM S1 Studio use weak permissions for the MiCOM S1 %PROGRAMFILES% directory, which allows local users to gain privileges via a Trojan horse. Rated medium severity (CVSS 6.6). No vendor patch available.

Privilege Escalation Micom S1 Agile Micom S1 Studio
NVD
CVSS 2.0
6.6
EPSS
0.0%
CVE-2013-2879 MEDIUM This Month

Google Chrome before 28.0.1500.71 does not properly determine the circumstances in which a renderer process can be considered a trusted process for sign-in and subsequent sync operations, which makes. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Google Chrome Debian Linux
NVD
CVSS 2.0
5.8
EPSS
0.5%
CVE-2013-2875 MEDIUM This Month

core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in Blink, as used in Google Chrome before 28.0.1500.71, allows remote attackers to cause a denial of service (out-of-bounds read) via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Google Chrome
NVD
CVSS 2.0
5.0
EPSS
1.4%
CVE-2013-2878 MEDIUM This Month

Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the handling of text. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Google Chrome Debian Linux
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-3349 MEDIUM This Month

Unspecified vulnerability in Adobe ColdFusion 9.0 through 9.0.2, when the JRun application server is used, allows remote attackers to cause a denial of service via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Denial Of Service Coldfusion
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-2877 MEDIUM This Month

parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Google Chrome Libxml2
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2013-2868 MEDIUM This Month

common/extensions/sync_helper.cc in Google Chrome before 28.0.1500.71 proceeds with sync operations for NPAPI extensions without checking for a certain plugin permission setting, which might allow. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Google Debian Linux Chrome
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-2876 MEDIUM This Month

browser/extensions/api/tabs/tabs_api.cc in Google Chrome before 28.0.1500.71 does not properly enforce restrictions on the capture of screenshots by extensions, which allows remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Google Debian Linux Chrome
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-2872 MEDIUM This Month

Google Chrome before 28.0.1500.71 on Mac OS X does not ensure a sufficient source of entropy for renderer processes, which might make it easier for remote attackers to defeat cryptographic protection. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-3172 MEDIUM This Month

Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Microsoft Windows 7 Windows Server 2003 +3
NVD
CVSS 2.0
4.9
EPSS
0.4%
CVE-2013-2869 MEDIUM This Month

Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted JPEG2000 image. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Google Debian Linux Chrome
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-3579 MEDIUM This Month

The Lookout Mobile Security application before 8.17-8a39d3f for Android allows attackers to cause a denial of service (application crash) via a crafted application that sends an intent to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Lookout Security Antivirus
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-3405 MEDIUM This Month

The web portal in TC software on Cisco TelePresence endpoints does not require an exact password match during a login attempt by a user who has not configured a password, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Cisco Telepresence Tc Software
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-1132 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Communications Domain Manager allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Unified Communications Domain Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-3416 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web framework in the unified-communications management implementation in Cisco Unified Operations Manager and Unified Service Monitor allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Unified Operations Manager Unified Service Monitor
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-2874 MEDIUM This Month

Google Chrome before 28.0.1500.71 on Windows, when an Nvidia GPU is used, allows remote attackers to bypass intended restrictions on access to screen data via vectors involving IPC transmission of GL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Nvidia Google Microsoft Chrome
NVD
CVSS 2.0
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy