Skip to main content
CVE-2013-4011 HIGH POC Act Now

Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2). Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure IBM Aix Vios
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
8.5%
CVE-2013-1606 HIGH POC THREAT Act Now

Buffer overflow in the ubnt-streamer RTSP service on the Ubiquiti UBNT AirCam with airVision firmware before 1.1.6 allows remote attackers to execute arbitrary code via a long rtsp: URI in a DESCRIBE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 21.8%.

Buffer Overflow RCE Ubiquiti Airvision Firmware Aircam +2
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
21.8%
CVE-2013-4878 HIGH POC THREAT Act Now

The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.9%.

Privilege Escalation RCE Parallels Plesk Panel Parallels Small Business Panel
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
13.9%
CVE-2013-4781 CRITICAL Act Now

core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Siemens Command Injection Openscape Session Border Controller Enterprise Openscape Branch
NVD
CVSS 2.0
10.0
EPSS
3.8%
CVE-2012-6349 CRITICAL Act Now

Buffer overflow in the .mdb parser in Autonomy KeyView IDOL, as used in IBM Notes 8.5.x before 8.5.3 FP4, allows remote attackers to execute arbitrary code via a crafted file, aka SPR KLYH92XL3W. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE IBM Keyview Idol Lotus Notes
NVD
CVSS 2.0
9.3
EPSS
6.3%
CVE-2013-3411 HIGH This Week

The IDSM-2 drivers in Cisco Intrusion Prevention System (IPS) Software on Cisco Catalyst 6500 devices with an IDSM-2 module allow remote attackers to cause a denial of service (device hang) via. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Intrusion Prevention System Idsm 2
NVD
CVSS 2.0
7.8
EPSS
0.4%
CVE-2013-3410 HIGH This Week

Cisco Intrusion Prevention System (IPS) Software on IPS NME devices before 7.0(9)E4 allows remote attackers to cause a denial of service (device reload) via malformed IPv4 packets that trigger. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Intrusion Prevention System Ips Nme
NVD
CVSS 2.0
7.8
EPSS
0.4%
CVE-2013-1243 HIGH This Week

The IP stack in Cisco Intrusion Prevention System (IPS) Software in ASA 5500-X IPS-SSP software and hardware modules before 7.1(5)E4, IPS 4500 sensors before 7.1(6)E4, and IPS 4300 sensors before. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Asa 5500 X Series Ips Ssp Software Intrusion Prevention System +7
NVD
CVSS 2.0
7.8
EPSS
0.4%
CVE-2013-1218 HIGH This Week

Cisco Intrusion Prevention System (IPS) Software in ASA 5500-X IPS-SSP software modules before 7.1(7)sp1E4 allows remote attackers to cause a denial of service (Analysis Engine process hang or device. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Asa 5500 X Series Ips Ssp Software Intrusion Prevention System +7
NVD
CVSS 2.0
7.8
EPSS
0.4%
CVE-2013-4780 HIGH This Week

core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to read arbitrary. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Siemens Information Disclosure Openscape Session Border Controller Enterprise Openscape Branch
NVD
CVSS 2.0
7.8
EPSS
0.4%
CVE-2013-4778 HIGH This Week

core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to obtain sensitive. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Siemens Information Disclosure Openscape Session Border Controller Enterprise Openscape Branch
NVD
CVSS 2.0
7.8
EPSS
0.4%
CVE-2013-3404 HIGH This Week

SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Unified Communications Manager
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2013-3665 MEDIUM PATCH This Month

Unspecified vulnerability in Autodesk AutoCAD through 2014, AutoCAD LT through 2014, and DWG TrueView through 2014 allows remote attackers to execute arbitrary code via a crafted DWG file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

RCE Autocad Autocad Architecture Autocad Civil 3D Autocad Ecscad +10
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2013-4872 MEDIUM This Month

Google Glass before XE6 does not properly restrict the processing of QR codes, which allows physically proximate attackers to modify the configuration or redirect users to arbitrary web sites via a. Rated medium severity (CVSS 6.9). No vendor patch available.

Privilege Escalation Google Glass
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2013-3434 MEDIUM This Month

Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cisco Unified Communications Manager
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-3403 MEDIUM This Month

Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cisco Unified Communications Manager
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-3420 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the web framework on the Cisco Identity Services Engine (ISE) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Identity Services Engine Software Identity Services Engine
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-3433 MEDIUM This Month

Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cisco Unified Communications Manager
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-3402 MEDIUM This Month

An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Cisco RCE Unified Communications Manager
NVD
CVSS 2.0
6.5
EPSS
0.6%
CVE-2013-3412 MEDIUM This Month

SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Unified Communications Manager
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2013-4874 MEDIUM This Month

The Uboot bootloader on the Verizon Wireless Network Extender SCS-26UC4 allows physically proximate attackers to obtain root access by connecting a crafted HDMI cable and using a sys session to. Rated medium severity (CVSS 6.2). No vendor patch available.

Authentication Bypass Wireless Network Extender
NVD
CVSS 2.0
6.2
EPSS
0.6%
CVE-2013-4876 MEDIUM This Month

The Verizon Wireless Network Extender SCS-2U01 has a hardcoded password for the root account, which makes it easier for physically proximate attackers to obtain administrative access by leveraging a. Rated medium severity (CVSS 6.2). No vendor patch available.

Authentication Bypass Wireless Network Extender
NVD
CVSS 2.0
6.2
EPSS
0.3%
CVE-2013-4875 MEDIUM This Month

The Uboot bootloader on the Verizon Wireless Network Extender SCS-2U01 allows physically proximate attackers to bypass the intended boot process and obtain a login prompt by connecting a crafted HDMI. Rated medium severity (CVSS 6.2). No vendor patch available.

Authentication Bypass Wireless Network Extender
NVD
CVSS 2.0
6.2
EPSS
0.2%
CVE-2013-4668 MEDIUM PATCH This Month

Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remote attackers to create arbitrary files via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal File Roller Ubuntu Linux
NVD
CVSS 2.0
5.0
EPSS
1.3%
CVE-2013-4873 MEDIUM PATCH This Month

The Yahoo!. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Apple Authentication Bypass Tumblr
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-3426 MEDIUM This Month

The Serviceability servlet on Cisco 9900 IP phones does not properly restrict paths, which allows remote attackers to read arbitrary files by specifying a pathname in a file request, aka Bug ID. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Unified Ip Phones 9900 Series Firmware Unified Ip Phone 9951 Unified Ip Phone 9971
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-4779 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in core/handleTw.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

PHP Siemens XSS Openscape Session Border Controller Enterprise Openscape Branch
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-4877 LOW Monitor

The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and. Rated low severity (CVSS 2.6). No vendor patch available.

Authentication Bypass Wireless Network Extender
NVD
CVSS 2.0
2.6
EPSS
0.9%
CVE-2013-4869 LOW Monitor

Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and the IM & Presence Service in Cisco Unified Presence Server through 9.1(2) use the same CTI and database-encryption key across. Rated remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Unified Communications Manager
NVD
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy