Skip to main content
CVE-2013-3356 CRITICAL PATCH Act Now

Buffer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 44.0%.

Buffer Overflow Adobe Microsoft RCE Acrobat +1
NVD
CVSS 2.0
10.0
EPSS
44.0%
CVE-2013-3353 CRITICAL PATCH Act Now

Buffer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 44.0%.

Buffer Overflow Adobe Microsoft RCE Acrobat Reader +1
NVD
CVSS 2.0
10.0
EPSS
44.0%
CVE-2013-3351 CRITICAL PATCH Act Now

Multiple stack-based buffer overflows in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allow attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 42.5%.

Buffer Overflow Adobe Microsoft RCE Acrobat Reader +1
NVD
CVSS 2.0
10.0
EPSS
42.5%
CVE-2013-3358 CRITICAL PATCH Act Now

Integer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 37.5%.

Adobe Microsoft RCE Acrobat Acrobat Reader
NVD
CVSS 2.0
10.0
EPSS
37.5%
CVE-2013-3357 CRITICAL PATCH Act Now

Integer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 37.5%.

Adobe Microsoft RCE Acrobat Acrobat Reader
NVD
CVSS 2.0
10.0
EPSS
37.5%
CVE-2013-3360 CRITICAL PATCH Act Now

Adobe Shockwave Player before 12.0.4.144 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 26.1%.

Buffer Overflow Adobe Denial Of Service RCE Shockwave Player
NVD
CVSS 2.0
10.0
EPSS
26.1%
CVE-2013-3355 CRITICAL PATCH Act Now

Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 26.1%.

Denial Of Service Buffer Overflow Adobe Microsoft RCE +2
NVD
CVSS 2.0
10.0
EPSS
26.1%
CVE-2013-3354 CRITICAL PATCH Act Now

Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 26.1%.

Denial Of Service Buffer Overflow Adobe Microsoft RCE +2
NVD
CVSS 2.0
10.0
EPSS
26.1%
CVE-2013-3352 CRITICAL PATCH Act Now

Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 26.1%.

Denial Of Service Buffer Overflow Adobe Microsoft RCE +2
NVD
CVSS 2.0
10.0
EPSS
26.1%
CVE-2013-4338 HIGH POC PATCH This Week

wp-includes/functions.php in WordPress before 3.6.1 does not properly determine whether data has been serialized, which allows remote attackers to execute arbitrary code by triggering erroneous PHP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress PHP Deserialization Code Injection RCE
NVD
CVSS 2.0
7.5
EPSS
9.6%
CVE-2013-5324 CRITICAL PATCH Act Now

Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.5%.

Google Denial Of Service Buffer Overflow Adobe Microsoft +4
NVD
CVSS 2.0
10.0
EPSS
11.5%
CVE-2013-3363 CRITICAL PATCH Act Now

Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.5%.

Google Denial Of Service Buffer Overflow Adobe Microsoft +4
NVD
CVSS 2.0
10.0
EPSS
11.5%
CVE-2013-3362 CRITICAL PATCH Act Now

Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.5%.

Google Denial Of Service Buffer Overflow Adobe Microsoft +4
NVD
CVSS 2.0
10.0
EPSS
11.5%
CVE-2013-3361 CRITICAL PATCH Act Now

Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.5%.

Google Denial Of Service Buffer Overflow Adobe Microsoft +4
NVD
CVSS 2.0
10.0
EPSS
11.5%
CVE-2013-3359 CRITICAL PATCH Act Now

Adobe Shockwave Player before 12.0.4.144 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.4%.

Buffer Overflow Adobe Denial Of Service RCE Shockwave Player
NVD
CVSS 2.0
10.0
EPSS
11.4%
CVE-2013-4339 HIGH POC PATCH This Week

WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress Authentication Bypass
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2013-2940 CRITICAL Act Now

Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Cloudportal Services Manager
NVD
CVSS 2.0
10.0
EPSS
0.4%
CVE-2013-2939 CRITICAL Act Now

Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Cloudportal Services Manager
NVD
CVSS 2.0
10.0
EPSS
0.4%
CVE-2013-2938 CRITICAL Act Now

Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Cloudportal Services Manager
NVD
CVSS 2.0
10.0
EPSS
0.4%
CVE-2013-2937 CRITICAL Act Now

Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, related to debugging messages, a different. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Cloudportal Services Manager
NVD
CVSS 2.0
10.0
EPSS
0.4%
CVE-2013-2936 CRITICAL Act Now

Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Cloudportal Services Manager
NVD
CVSS 2.0
10.0
EPSS
0.4%
CVE-2013-2935 CRITICAL Act Now

Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Cloudportal Services Manager
NVD
CVSS 2.0
10.0
EPSS
0.4%
CVE-2013-2934 CRITICAL Act Now

Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 does not properly restrict access to web services, which has unspecified impact and attack vectors, a different. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Citrix Cloudportal Services Manager
NVD
CVSS 2.0
10.0
EPSS
0.4%
CVE-2013-2933 CRITICAL Act Now

Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Cloudportal Services Manager
NVD
CVSS 2.0
10.0
EPSS
0.4%
CVE-2013-5216 MEDIUM POC PATCH This Month

Directory traversal vulnerability in logreader/uploadreader.jsp in CapaSystems Performance Guard before 6.2.102 allows remote attackers to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Performance Guard
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-4340 LOW POC PATCH Monitor

wp-admin/includes/post.php in WordPress before 3.6.1 allows remote authenticated users to spoof the authorship of a post by leveraging the Author role and providing a modified user_ID parameter. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

WordPress Privilege Escalation PHP
NVD
CVSS 2.0
3.5
EPSS
1.0%
CVE-2013-5723 HIGH This Week

SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Netweaver
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2013-2601 HIGH This Week

The NDVM in Citrix XenClient XT before 2.1.3 and 3.x before 3.1.4 allows remote attackers to execute arbitrary commands by using the UIVM to create a network connection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Xenclient Xt
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2013-5739 LOW POC PATCH Monitor

The default configuration of WordPress before 3.6.1 does not prevent uploads of .swf and .exe files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS). Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

WordPress PHP XSS
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-5740 MEDIUM This Month

Unspecified vulnerability in the Intel Trusted Execution Technology (TXT) SINIT Authenticated Code Modules (ACM) before 1.2, as used by the Intel QM77, QS77, Q77 Express, C216, Q67 Express, C202,. Rated medium severity (CVSS 6.9). No vendor patch available.

Intel Authentication Bypass C202 Chipset C204 Chipset C206 Chipset +7
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2013-4329 MEDIUM PATCH This Month

The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows. Rated medium severity (CVSS 6.5).

Privilege Escalation Denial Of Service Xen
NVD
CVSS 2.0
6.5
EPSS
0.2%
CVE-2013-3446 MEDIUM This Month

Open redirect vulnerability in the login page in Cisco Digital Media Manager (DMM) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Open Redirect Cisco Digital Media Manager
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2013-3038 MEDIUM This Month

Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for remote attackers to discover credentials via unknown vectors. Rated medium severity (CVSS 5.4). No vendor patch available.

IBM Authentication Bypass Rational Requirements Composer
NVD
CVSS 2.0
5.4
EPSS
0.2%
CVE-2013-3039 MEDIUM This Month

IBM Rational Requirements Composer before 4.0.4 does not properly perform authentication, which has unspecified impact and remote attack vectors. Rated medium severity (CVSS 5.4). No vendor patch available.

IBM Authentication Bypass Rational Requirements Composer
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2013-5488 MEDIUM This Month

Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Prime Lan Management Solution Security Manager Unified Operations Manager +1
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2013-3036 MEDIUM This Month

Open redirect vulnerability in IBM Rational Requirements Composer before 4.0.4 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Open Redirect IBM Rational Requirements Composer
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2013-5738 MEDIUM PATCH This Month

The get_allowed_mime_types function in wp-includes/functions.php in WordPress before 3.6.1 does not require the unfiltered_html capability for uploads of .htm and .html files, which might make it. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

WordPress PHP XSS
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-3037 MEDIUM This Month

Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for local users to gain privileges via unknown vectors. Rated medium severity (CVSS 4.4). No vendor patch available.

Privilege Escalation IBM Rational Requirements Composer
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2013-4308 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in pages/TalkpageHistoryView.php in the LiquidThreads (LQT) extension 2.x and possibly 3.x for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

PHP XSS Liquidthreads
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-4307 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in repo/includes/EntityView.php in the Wikibase extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

PHP XSS Mediawiki
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-5724 LOW Monitor

Phpbb3 before 3.0.11-4 for Debian GNU/Linux uses world-writable permissions for cache files, which allows local users to modify the file contents via standard filesystem write operations. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Debian Phpbb3
NVD
CVSS 2.0
2.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy