Skip to main content
CVE-2013-4123 MEDIUM POC PATCH THREAT This Month

client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 69.9%.

Denial Of Service Squid Opensuse
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
69.9%
Threat
4.6
CVE-2013-4341 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 allow remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Moodle
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
9.7%
CVE-2013-4233 MEDIUM POC This Month

Integer overflow in the abc_set_parts function in load_abc.cpp in libmodplug 0.8.8.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service RCE Libmodplug Debian Linux
NVD
CVSS 2.0
6.8
EPSS
3.8%
CVE-2013-4234 MEDIUM POC This Month

Multiple heap-based buffer overflows in the (1) abc_MIDI_drum and (2) abc_MIDI_gchord functions in load_abc.cpp in libmodplug 0.8.8.4 and earlier allow remote attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service RCE Libmodplug Debian Linux
NVD
CVSS 2.0
6.8
EPSS
3.1%
CVE-2013-2256 MEDIUM POC PATCH This Month

OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available.

Privilege Escalation Nova
NVD
CVSS 2.0
6.0
EPSS
0.5%
CVE-2013-4179 MEDIUM POC PATCH This Month

The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Denial Of Service Havana Compute
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-1439 MEDIUM POC PATCH This Month

The "faster LJPEG decoder" in libraw 0.13.x, 0.14.x, and 0.15.x before 0.15.4 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted photo file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Libraw
NVD GitHub
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-5721 MEDIUM POC PATCH This Month

The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Wireshark
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-1025 MEDIUM This Month

Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple RCE Iphone Os +1
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2013-1032 MEDIUM This Month

QuickTime in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted idsc atom in a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption Apple RCE +2
NVD
CVSS 2.0
6.8
EPSS
1.0%
CVE-2013-1026 MEDIUM This Month

Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple RCE Mac Os X +1
NVD
CVSS 2.0
6.8
EPSS
1.0%
CVE-2013-1027 MEDIUM PATCH This Month

Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Privilege Escalation Apple RCE Mac Os X
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2013-5494 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified MeetingPlace Solution, as used in Unified MeetingPlace Web Conferencing and Unified MeetingPlace, allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Unified Meetingplace Unified Meetingplace Web Conferencing
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-5496 MEDIUM This Month

Open Network Environment Platform (ONEP) in Cisco NX-OS allows remote authenticated users to cause a denial of service (network-element reload) via a crafted packet, aka Bug ID CSCui51551. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Nx Os
NVD
CVSS 2.0
6.3
EPSS
0.2%
CVE-2013-2888 MEDIUM This Month

Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or. Rated medium severity (CVSS 6.2). No vendor patch available.

Buffer Overflow Denial Of Service Linux RCE Linux Kernel
NVD
CVSS 2.0
6.2
EPSS
0.1%
CVE-2013-1028 MEDIUM This Month

The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Apple Iphone Os Mac Os X
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2012-6087 MEDIUM PATCH This Month

repository/s3/S3.php in the Amazon S3 library in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not verify that the server hostname matches a domain name. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

PHP Information Disclosure Moodle
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2013-1033 MEDIUM This Month

Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apple Mac Os X
NVD
CVSS 2.0
5.5
EPSS
0.2%
CVE-2013-5650 MEDIUM This Month

Junos Pulse Secure Access Service (IVE) 7.1 before 7.1r5, 7.2 before 7.2r10, 7.3 before 7.3r6, and 7.4 before 7.4r3 and Junos Pulse Access Control Service (UAC) 4.1 before 4.1r8.1, 4.2 before 4.2r5,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Juniper Ivanti Junos Pulse Secure Access Service Junos Pulse Access Control Service
NVD
CVSS 2.0
5.4
EPSS
0.7%
CVE-2013-2895 MEDIUM This Month

drivers/hid/hid-logitech-dj.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LOGITECH_DJ is enabled, allows physically proximate attackers to cause a. Rated medium severity (CVSS 5.4). No vendor patch available.

Buffer Overflow Denial Of Service Linux Linux Kernel
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2013-4315 MEDIUM PATCH This Month

Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x before 1.5.3, and 1.6.x before 1.6 beta 3 allows remote attackers to read arbitrary files via a file path in the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Python Path Traversal Django
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2013-4180 MEDIUM PATCH This Month

The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Openstack Foreman
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2013-4132 MEDIUM This Month

KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Kde Workspace Kde Sc Opensuse
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2013-5751 MEDIUM This Month

Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal SAP Netweaver
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-5720 MEDIUM This Month

Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Wireshark
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-1029 MEDIUM This Month

The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to cause a denial of service (panic) via crafted IGMP packets that leverage incorrect, extraneous code in the IGMP parser. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Mac Os X
NVD
CVSS 2.0
4.9
EPSS
0.5%
CVE-2013-2896 MEDIUM This Month

drivers/hid/hid-ntrig.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_NTRIG is enabled, allows physically proximate attackers to cause a denial of. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Linux Linux Kernel
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2013-2893 MEDIUM This Month

The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate attackers to. Rated medium severity (CVSS 4.7). No vendor patch available.

Buffer Overflow Denial Of Service Linux Linux Kernel
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2013-2892 MEDIUM This Month

drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of. Rated medium severity (CVSS 4.7). No vendor patch available.

Buffer Overflow Denial Of Service Linux Linux Kernel
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2013-2889 MEDIUM This Month

drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of. Rated medium severity (CVSS 4.7). No vendor patch available.

Buffer Overflow Denial Of Service Linux Linux Kernel
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2013-2894 MEDIUM This Month

drivers/hid/hid-lenovo-tpkbd.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LENOVO_TPKBD is enabled, allows physically proximate attackers to cause. Rated medium severity (CVSS 4.7). No vendor patch available.

Buffer Overflow Denial Of Service Linux Lenovo Linux Kernel
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2013-2890 MEDIUM This Month

drivers/hid/hid-sony.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_SONY is enabled, allows physically proximate attackers to cause a denial of. Rated medium severity (CVSS 4.7). No vendor patch available.

Buffer Overflow Denial Of Service Linux Linux Kernel
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2013-2891 MEDIUM This Month

drivers/hid/hid-steelseries.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_STEELSERIES is enabled, allows physically proximate attackers to cause a. Rated medium severity (CVSS 4.7). No vendor patch available.

Buffer Overflow Denial Of Service Linux Linux Kernel
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2013-1824 MEDIUM PATCH This Month

The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

PHP XXE Enterprise Linux Mac Os X
NVD
CVSS 2.0
4.3
EPSS
2.1%
CVE-2013-2897 MEDIUM This Month

Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically. Rated medium severity (CVSS 4.7). No vendor patch available.

Buffer Overflow Denial Of Service Linux Linux Kernel
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2013-2899 MEDIUM This Month

drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allows physically proximate attackers to cause a. Rated medium severity (CVSS 4.7). No vendor patch available.

Buffer Overflow Denial Of Service Linux Linux Kernel
NVD
CVSS 2.0
4.7
EPSS
0.0%
CVE-2013-5718 MEDIUM PATCH This Month

The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not restrict the dch_id value, which allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Privilege Escalation Denial Of Service Wireshark
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2013-4202 MEDIUM PATCH This Month

The (1) backup (api/contrib/backups.py) and (2) volume transfer (contrib/volume_transfer.py) APIs in OpenStack Cinder Grizzly 2013.1.3 and earlier allows remote attackers to cause a denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Cinder Ubuntu Linux
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2013-1441 MEDIUM PATCH This Month

econvert in ExactImage 0.8.9 and earlier does not properly initialize the setjmp variable, which allows context-dependent users to cause a denial of service (crash) via a crafted image file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Exactimage
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-5719 MEDIUM PATCH This Month

epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Wireshark
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-5722 MEDIUM This Month

Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Wireshark
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4181 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the addAlert function in the RedirectServlet servlet in oVirt Engine and Red Hat Enterprise Virtualization Manager (RHEV-M), as used in Red Hat Enterprise. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat XSS Enterprise Virtualization
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-5495 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web framework in the Application Server in Cisco Unified MeetingPlace allows remote attackers to inject arbitrary web script or HTML via an unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Unified Meetingplace
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4704 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in ChamaNet ChamaCargo 7.0000 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Chamacargo
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4047 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Spss Analytical Decision Management
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-5717 MEDIUM PATCH This Month

The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does not properly maintain a certain free list, which allows remote attackers to cause a denial of service (application crash) via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Wireshark
NVD
CVSS 2.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy