Skip to main content
CVE-2013-3597 MEDIUM POC THREAT This Month

servlet/CollectionListServlet in SearchBlox before 7.5 build 1 allows remote attackers to read usernames and passwords via a getList action. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 38.4%.

Information Disclosure Searchblox
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
38.4%
CVE-2013-3585 MEDIUM POC THREAT This Month

Samsung Web Viewer for Samsung DVR devices stores credentials in cleartext, which allows context-dependent attackers to obtain sensitive information via vectors involving (1) direct access to a file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.3%.

Samsung Authentication Bypass Smart Viewer
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
11.3%
CVE-2013-5018 MEDIUM POC This Month

The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Strongswan Opensuse
NVD
CVSS 2.0
4.3
EPSS
2.9%
CVE-2013-2035 MEDIUM POC PATCH This Month

Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary. Rated medium severity (CVSS 4.4). Public exploit code available.

Code Injection Java RCE Hawtjni
NVD GitHub
CVSS 2.0
4.4
EPSS
0.0%
CVE-2013-3590 MEDIUM This Month

Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploading an executable file with the image/jpeg. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

File Upload RCE Searchblox
NVD
CVSS 2.0
6.8
EPSS
3.8%
CVE-2013-3583 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in saveProperties.html in Corporater EPM Suite allows remote attackers to hijack the authentication of arbitrary users for requests that change. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Epm Suite
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-2123 MEDIUM PATCH This Month

The Node access user reference module 6.x-3.x before 6.x-3.5 and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to content containing a user reference field when the author. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Privilege Escalation Nodeaccess Userreference Module
NVD
CVSS 2.0
5.8
EPSS
0.5%
CVE-2013-4111 MEDIUM PATCH This Month

The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Python Information Disclosure Python Glanceclient Opensuse
NVD GitHub
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-2212 MEDIUM This Month

The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling caches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly. Rated medium severity (CVSS 5.7). No vendor patch available.

Buffer Overflow Denial Of Service Xen
NVD
CVSS 2.0
5.7
EPSS
0.2%
CVE-2013-2077 MEDIUM This Month

Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR, which allows local PV guest users to cause a denial of service (unhandled exception and hypervisor crash) via. Rated medium severity (CVSS 5.2). No vendor patch available.

Privilege Escalation Denial Of Service Xen
NVD
CVSS 2.0
5.2
EPSS
0.1%
CVE-2013-3598 MEDIUM This Month

Directory traversal vulnerability in servlet/CreateTemplateServlet in SearchBlox before 7.5 build 1 allows remote attackers to overwrite arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Searchblox
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2013-2178 MEDIUM This Month

The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Apache Fail2Ban
NVD GitHub
CVSS 2.0
5.0
EPSS
0.8%
CVE-2013-4139 MEDIUM PATCH This Month

The Stage File Proxy module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to cause a denial of service (file operations performance degradation and failure) via a large number of requests. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Stage File Proxy
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-3271 MEDIUM This Month

EMC RSA Authentication Agent for PAM 7.0 before 7.0.2.1 enforces the maximum number of login attempts within the PAM-enabled application codebase, instead of within the Agent codebase, which makes it. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Rsa Authentication Agent
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-4033 MEDIUM This Month

IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 allow remote authenticated users to execute DML statements by leveraging EXPLAIN authority. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation IBM Db2 Db2 Connect
NVD
CVSS 2.0
4.6
EPSS
1.0%
CVE-2013-3495 MEDIUM This Month

The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device. Rated medium severity (CVSS 4.7). No vendor patch available.

Privilege Escalation Intel Denial Of Service Opensuse Xen
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2013-3584 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Corporater EPM Suite allows remote attackers to inject arbitrary web script or HTML via the customerId parameter to an unspecified component. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Epm Suite
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-2197 MEDIUM PATCH This Month

The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal, when using the login delay option, allows remote attackers to cause a denial of service (CPU consumption) via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Login Security
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-4272 MEDIUM PATCH This Month

The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6, 7.x-2.x before 7.x-2.1, and 7.x-3.x before 7.x-3.3 for Drupal, when the debugging level is set to 5 or 6, logs the content of submitted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Botcha
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-2076 MEDIUM This Month

Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one domain to. Rated medium severity (CVSS 4.3). No vendor patch available.

Intel Information Disclosure Xen
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2013-4039 MEDIUM This Month

IBM WebSphere Extended Deployment Compute Grid 8.0 before 8.0.0.3 allows remote authenticated users to obtain sensitive information, and consequently bypass intended access restrictions on jobs, via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Websphere Extended Deployment Compute Grid
NVD
CVSS 2.0
4.0
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy