Skip to main content
CVE-2013-3597 MEDIUM POC THREAT This Month

servlet/CollectionListServlet in SearchBlox before 7.5 build 1 allows remote attackers to read usernames and passwords via a getList action. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 38.4%.

Information Disclosure Searchblox
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
38.4%
CVE-2013-3586 HIGH POC This Week

Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Samsung Authentication Bypass Smart Viewer Dvr
NVD Exploit-DB
CVSS 2.0
7.6
EPSS
7.8%
CVE-2013-3582 HIGH POC This Week

Buffer overflow in Dell BIOS on Dell Latitude D###, E####, XT2, and Z600 devices, and Dell Precision M#### devices, allows local users to bypass intended BIOS signing requirements and install. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Dell Latitude D530 Latitude D531 Latitude D630 +19
NVD
CVSS 2.0
7.6
EPSS
0.8%
CVE-2013-3585 MEDIUM POC THREAT This Month

Samsung Web Viewer for Samsung DVR devices stores credentials in cleartext, which allows context-dependent attackers to obtain sensitive information via vectors involving (1) direct access to a file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.3%.

Samsung Authentication Bypass Smart Viewer
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
11.3%
CVE-2013-2782 CRITICAL Act Now

Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers' installations, which makes it easier for. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Schneider Electric Information Disclosure Tburjr900 Tburjr900 Firmware
NVD
CVSS 2.0
9.3
EPSS
0.3%
CVE-2013-5018 MEDIUM POC This Month

The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Strongswan Opensuse
NVD
CVSS 2.0
4.3
EPSS
2.9%
CVE-2013-2035 MEDIUM POC PATCH This Month

Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary. Rated medium severity (CVSS 4.4). Public exploit code available.

Code Injection Java RCE Hawtjni
NVD GitHub
CVSS 2.0
4.4
EPSS
0.0%
CVE-2013-2353 HIGH This Week

Unspecified vulnerability in HP StoreOnce D2D Backup System 1.x before 1.2.19 and 2.x before 2.3.0 allows remote attackers to cause a denial of service via unknown vectors. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service HP Storeonce D2D
NVD
CVSS 2.0
7.8
EPSS
1.4%
CVE-2013-2247 HIGH PATCH This Week

The Fast Permissions Administration module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to the modal content callback, which allows remote attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Fast Permission Administration
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2013-3590 MEDIUM This Month

Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploading an executable file with the image/jpeg. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

File Upload RCE Searchblox
NVD
CVSS 2.0
6.8
EPSS
3.8%
CVE-2013-1432 HIGH PATCH This Week

Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not properly maintain references on pages stored for deferred cleanup, which allows local PV guest kernels to cause a denial of service. Rated high severity (CVSS 7.4).

Denial Of Service Xen
NVD
CVSS 2.0
7.4
EPSS
0.4%
CVE-2013-2072 HIGH This Week

Buffer overflow in the Python bindings for the xc_vcpu_setaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of. Rated high severity (CVSS 7.4). No vendor patch available.

Python Buffer Overflow Denial Of Service Xen Debian Linux
NVD
CVSS 2.0
7.4
EPSS
0.4%
CVE-2013-2211 HIGH This Week

The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and emulated serial console devices, which allows local guest. Rated high severity (CVSS 7.4). No vendor patch available.

Privilege Escalation Xen
NVD
CVSS 2.0
7.4
EPSS
0.2%
CVE-2013-2176 HIGH This Week

Unquoted Windows search path vulnerability in the Red Hat Enterprise Virtualization Application Provisioning Tool (RHEV-APT) in the rhev-guest-tools-iso package 3.2 allows local users to gain. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Microsoft Enterprise Virtualization
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2013-3077 HIGH PATCH This Week

Multiple integer overflows in the IP_MSFILTER and IPV6_MSFILTER features in (1) sys/netinet/in_mcast.c and (2) sys/netinet6/in6_mcast.c in the multicast implementation in the kernel in FreeBSD 8.3. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Buffer Overflow Freebsd
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2013-2804 HIGH This Week

The DNP Master Driver in Software Toolbox TOP Server before 5.12.140.0 allows remote attackers to cause a denial of service (master-station infinite loop) via crafted DNP3 packets to TCP port 20000. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Top Server
NVD
CVSS 2.0
7.1
EPSS
0.5%
CVE-2013-3583 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in saveProperties.html in Corporater EPM Suite allows remote attackers to hijack the authentication of arbitrary users for requests that change. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Epm Suite
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-4274 LOW POC PATCH Monitor

Cross-site scripting (XSS) vulnerability in the password_policy_admin_view function in password_policy.admin.inc in the Password Policy module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. Public exploit code available.

XSS Password Policy
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2013-2123 MEDIUM PATCH This Month

The Node access user reference module 6.x-3.x before 6.x-3.5 and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to content containing a user reference field when the author. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Privilege Escalation Nodeaccess Userreference Module
NVD
CVSS 2.0
5.8
EPSS
0.5%
CVE-2013-4111 MEDIUM PATCH This Month

The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Python Information Disclosure Python Glanceclient Opensuse
NVD GitHub
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-2212 MEDIUM This Month

The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling caches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly. Rated medium severity (CVSS 5.7). No vendor patch available.

Buffer Overflow Denial Of Service Xen
NVD
CVSS 2.0
5.7
EPSS
0.2%
CVE-2013-2077 MEDIUM This Month

Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR, which allows local PV guest users to cause a denial of service (unhandled exception and hypervisor crash) via. Rated medium severity (CVSS 5.2). No vendor patch available.

Privilege Escalation Denial Of Service Xen
NVD
CVSS 2.0
5.2
EPSS
0.1%
CVE-2013-3598 MEDIUM This Month

Directory traversal vulnerability in servlet/CreateTemplateServlet in SearchBlox before 7.5 build 1 allows remote attackers to overwrite arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Searchblox
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2013-2178 MEDIUM This Month

The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Apache Fail2Ban
NVD GitHub
CVSS 2.0
5.0
EPSS
0.8%
CVE-2013-4139 MEDIUM PATCH This Month

The Stage File Proxy module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to cause a denial of service (file operations performance degradation and failure) via a large number of requests. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Stage File Proxy
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-3271 MEDIUM This Month

EMC RSA Authentication Agent for PAM 7.0 before 7.0.2.1 enforces the maximum number of login attempts within the PAM-enabled application codebase, instead of within the Agent codebase, which makes it. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Rsa Authentication Agent
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-4033 MEDIUM This Month

IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 allow remote authenticated users to execute DML statements by leveraging EXPLAIN authority. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation IBM Db2 Db2 Connect
NVD
CVSS 2.0
4.6
EPSS
1.0%
CVE-2013-3495 MEDIUM This Month

The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device. Rated medium severity (CVSS 4.7). No vendor patch available.

Privilege Escalation Intel Denial Of Service Opensuse Xen
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2013-3584 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Corporater EPM Suite allows remote attackers to inject arbitrary web script or HTML via the customerId parameter to an unspecified component. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Epm Suite
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-2197 MEDIUM PATCH This Month

The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal, when using the login delay option, allows remote attackers to cause a denial of service (CPU consumption) via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Login Security
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-4272 MEDIUM PATCH This Month

The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6, 7.x-2.x before 7.x-2.1, and 7.x-3.x before 7.x-3.3 for Drupal, when the debugging level is set to 5 or 6, logs the content of submitted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Botcha
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-2076 MEDIUM This Month

Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one domain to. Rated medium severity (CVSS 4.3). No vendor patch available.

Intel Information Disclosure Xen
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2013-4039 MEDIUM This Month

IBM WebSphere Extended Deployment Compute Grid 8.0 before 8.0.0.3 allows remote authenticated users to obtain sensitive information, and consequently bypass intended access restrictions on jobs, via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Websphere Extended Deployment Compute Grid
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2013-4138 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Hatch theme 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with the "Administer content," "Create new article," or "Edit any. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Hatch
NVD
CVSS 2.0
2.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy