Skip to main content
CVE-2013-4810 CRITICAL POC KEV THREAT Emergency

HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

HP Code Injection RCE
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
89.6%
Threat
7.6
CVE-2013-4811 CRITICAL POC THREAT Emergency

UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 83.5%.

HP RCE Identity Driven Manager Procurve Manager
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
83.5%
Threat
6.0
CVE-2013-4812 CRITICAL POC THREAT Emergency

UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 74.0%.

HP RCE Identity Driven Manager Procurve Manager
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
74.0%
Threat
5.7
CVE-2013-4123 MEDIUM POC PATCH THREAT This Month

client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 69.9%.

Denial Of Service Squid Opensuse
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
69.9%
Threat
4.6
CVE-2013-4341 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 allow remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Moodle
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
9.7%
CVE-2013-4233 MEDIUM POC This Month

Integer overflow in the abc_set_parts function in load_abc.cpp in libmodplug 0.8.8.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service RCE Libmodplug Debian Linux
NVD
CVSS 2.0
6.8
EPSS
3.8%
CVE-2013-4234 MEDIUM POC This Month

Multiple heap-based buffer overflows in the (1) abc_MIDI_drum and (2) abc_MIDI_gchord functions in load_abc.cpp in libmodplug 0.8.8.4 and earlier allow remote attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service RCE Libmodplug Debian Linux
NVD
CVSS 2.0
6.8
EPSS
3.1%
CVE-2013-4813 CRITICAL Act Now

The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allows remote attackers to execute arbitrary commands via a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection HP RCE Identity Driven Manager Procurve Manager
NVD
CVSS 2.0
10.0
EPSS
6.4%
CVE-2013-5369 CRITICAL Act Now

IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 might allow remote attackers to execute arbitrary code by deploying and accessing a service. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Code Injection RCE Spss Analytical Decision Management
NVD
CVSS 2.0
9.3
EPSS
8.9%
CVE-2013-2256 MEDIUM POC PATCH This Month

OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available.

Privilege Escalation Nova
NVD
CVSS 2.0
6.0
EPSS
0.5%
CVE-2013-4049 HIGH This Week

Unrestricted file upload vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote authenticated users to execute arbitrary code by. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

RCE File Upload IBM Spss Analytical Decision Management
NVD
CVSS 2.0
8.5
EPSS
2.6%
CVE-2013-4179 MEDIUM POC PATCH This Month

The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Denial Of Service Havana Compute
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-1439 MEDIUM POC PATCH This Month

The "faster LJPEG decoder" in libraw 0.13.x, 0.14.x, and 0.15.x before 0.15.4 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted photo file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Libraw
NVD GitHub
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-5721 MEDIUM POC PATCH This Month

The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Wireshark
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4809 HIGH This Week

Multiple SQL injection vulnerabilities in GetEventsServlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allow remote attackers to execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi HP Identity Driven Manager Procurve Manager
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2013-4182 HIGH PATCH This Week

app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Openstack Foreman
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2013-5674 HIGH PATCH This Week

badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

PHP Code Injection RCE Moodle
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2013-4313 HIGH PATCH This Week

Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote attackers to conduct SQL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Microsoft Moodle
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2013-1025 MEDIUM This Month

Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple RCE Iphone Os +1
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2013-1032 MEDIUM This Month

QuickTime in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted idsc atom in a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption Apple RCE +2
NVD
CVSS 2.0
6.8
EPSS
1.0%
CVE-2013-1026 MEDIUM This Month

Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple RCE Mac Os X +1
NVD
CVSS 2.0
6.8
EPSS
1.0%
CVE-2013-1027 MEDIUM PATCH This Month

Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Privilege Escalation Apple RCE Mac Os X
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2013-5494 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified MeetingPlace Solution, as used in Unified MeetingPlace Web Conferencing and Unified MeetingPlace, allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Unified Meetingplace Unified Meetingplace Web Conferencing
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-5496 MEDIUM This Month

Open Network Environment Platform (ONEP) in Cisco NX-OS allows remote authenticated users to cause a denial of service (network-element reload) via a crafted packet, aka Bug ID CSCui51551. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Nx Os
NVD
CVSS 2.0
6.3
EPSS
0.2%
CVE-2013-2888 MEDIUM This Month

Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or. Rated medium severity (CVSS 6.2). No vendor patch available.

Buffer Overflow Denial Of Service Linux RCE Linux Kernel
NVD
CVSS 2.0
6.2
EPSS
0.1%
CVE-2013-1028 MEDIUM This Month

The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Apple Iphone Os Mac Os X
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2012-6087 MEDIUM PATCH This Month

repository/s3/S3.php in the Amazon S3 library in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not verify that the server hostname matches a domain name. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

PHP Information Disclosure Moodle
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2013-1033 MEDIUM This Month

Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apple Mac Os X
NVD
CVSS 2.0
5.5
EPSS
0.2%
CVE-2013-5650 MEDIUM This Month

Junos Pulse Secure Access Service (IVE) 7.1 before 7.1r5, 7.2 before 7.2r10, 7.3 before 7.3r6, and 7.4 before 7.4r3 and Junos Pulse Access Control Service (UAC) 4.1 before 4.1r8.1, 4.2 before 4.2r5,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Juniper Ivanti Junos Pulse Secure Access Service Junos Pulse Access Control Service
NVD
CVSS 2.0
5.4
EPSS
0.7%
CVE-2013-2895 MEDIUM This Month

drivers/hid/hid-logitech-dj.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LOGITECH_DJ is enabled, allows physically proximate attackers to cause a. Rated medium severity (CVSS 5.4). No vendor patch available.

Buffer Overflow Denial Of Service Linux Linux Kernel
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2013-4315 MEDIUM PATCH This Month

Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x before 1.5.3, and 1.6.x before 1.6 beta 3 allows remote attackers to read arbitrary files via a file path in the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Python Path Traversal Django
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2013-4180 MEDIUM PATCH This Month

The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Openstack Foreman
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2013-4132 MEDIUM This Month

KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Kde Workspace Kde Sc Opensuse
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2013-5751 MEDIUM This Month

Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal SAP Netweaver
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-5720 MEDIUM This Month

Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Wireshark
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-1029 MEDIUM This Month

The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to cause a denial of service (panic) via crafted IGMP packets that leverage incorrect, extraneous code in the IGMP parser. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Mac Os X
NVD
CVSS 2.0
4.9
EPSS
0.5%
CVE-2013-2896 MEDIUM This Month

drivers/hid/hid-ntrig.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_NTRIG is enabled, allows physically proximate attackers to cause a denial of. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Linux Linux Kernel
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2013-2893 MEDIUM This Month

The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate attackers to. Rated medium severity (CVSS 4.7). No vendor patch available.

Buffer Overflow Denial Of Service Linux Linux Kernel
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2013-2892 MEDIUM This Month

drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of. Rated medium severity (CVSS 4.7). No vendor patch available.

Buffer Overflow Denial Of Service Linux Linux Kernel
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2013-2889 MEDIUM This Month

drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of. Rated medium severity (CVSS 4.7). No vendor patch available.

Buffer Overflow Denial Of Service Linux Linux Kernel
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2013-2894 MEDIUM This Month

drivers/hid/hid-lenovo-tpkbd.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LENOVO_TPKBD is enabled, allows physically proximate attackers to cause. Rated medium severity (CVSS 4.7). No vendor patch available.

Buffer Overflow Denial Of Service Linux Lenovo Linux Kernel
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2013-2890 MEDIUM This Month

drivers/hid/hid-sony.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_SONY is enabled, allows physically proximate attackers to cause a denial of. Rated medium severity (CVSS 4.7). No vendor patch available.

Buffer Overflow Denial Of Service Linux Linux Kernel
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2013-2891 MEDIUM This Month

drivers/hid/hid-steelseries.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_STEELSERIES is enabled, allows physically proximate attackers to cause a. Rated medium severity (CVSS 4.7). No vendor patch available.

Buffer Overflow Denial Of Service Linux Linux Kernel
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2013-1824 MEDIUM PATCH This Month

The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

PHP XXE Enterprise Linux Mac Os X
NVD
CVSS 2.0
4.3
EPSS
2.1%
CVE-2013-2897 MEDIUM This Month

Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically. Rated medium severity (CVSS 4.7). No vendor patch available.

Buffer Overflow Denial Of Service Linux Linux Kernel
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2013-2899 MEDIUM This Month

drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allows physically proximate attackers to cause a. Rated medium severity (CVSS 4.7). No vendor patch available.

Buffer Overflow Denial Of Service Linux Linux Kernel
NVD
CVSS 2.0
4.7
EPSS
0.0%
CVE-2013-5718 MEDIUM PATCH This Month

The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not restrict the dch_id value, which allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Privilege Escalation Denial Of Service Wireshark
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2013-4202 MEDIUM PATCH This Month

The (1) backup (api/contrib/backups.py) and (2) volume transfer (contrib/volume_transfer.py) APIs in OpenStack Cinder Grizzly 2013.1.3 and earlier allows remote attackers to cause a denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Cinder Ubuntu Linux
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2013-1441 MEDIUM PATCH This Month

econvert in ExactImage 0.8.9 and earlier does not properly initialize the setjmp variable, which allows context-dependent users to cause a denial of service (crash) via a crafted image file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Exactimage
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-5719 MEDIUM PATCH This Month

epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Wireshark
NVD
CVSS 2.0
4.3
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy