Skip to main content
CVE-2013-5200 HIGH POC This Week

The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not require authentication, which allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Open Xchange Appsuite
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2013-4300 HIGH POC PATCH This Week

The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Linux Linux Kernel
NVD GitHub
CVSS 2.0
7.2
EPSS
0.0%
CVE-2013-4777 MEDIUM POC This Month

A certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless uses init to create a /dev/socket/init_runit socket that listens for shell commands, which allows local. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

Privilege Escalation Google Android Defy Xt
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2013-4350 MEDIUM POC PATCH This Month

The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended configuration of IPsec encryption, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-5586 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in wikka.php in WikkaWiki before 1.3.4-p1 allows remote attackers to inject arbitrary web script or HTML via the wakka parameter to sql/. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Wikkawiki
NVD
CVSS 2.0
4.3
EPSS
1.0%
CVE-2013-5118 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Good for Enterprise app before 2.2.4.1659 for iOS allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail message. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Apple XSS Good For Enterprise
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-5634 MEDIUM POC PATCH This Month

arch/arm/kvm/arm.c in the Linux kernel before 3.10 on the ARM platform, when KVM is used, allows host OS users to cause a denial of service (NULL pointer dereference, OOPS, and host OS crash) or. Rated medium severity (CVSS 4.3). Public exploit code available.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-5934 MEDIUM POC This Month

Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 has a hardcoded password for node join operations, which allows remote attackers to expand a cluster by finding this. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Authentication Bypass Open Xchange Appsuite
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-2140 LOW POC PATCH Monitor

The dispatch_discard_io function in drivers/block/xen-blkback/blkback.c in the Xen blkback implementation in the Linux kernel before 3.10.5 allows guest OS users to cause a denial of service (data. Rated low severity (CVSS 3.8). Public exploit code available.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
3.8
EPSS
0.1%
CVE-2013-4343 MEDIUM This Month

Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel through 3.11.1 allows local users to gain privileges by leveraging the CAP_NET_ADMIN capability and providing an invalid tuntap. Rated medium severity (CVSS 6.9). No vendor patch available.

Linux Information Disclosure Linux Kernel Ubuntu Linux
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2013-5933 MEDIUM This Month

Stack-based buffer overflow in the sub_E110 function in init in a certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless allows local users to gain privileges or. Rated medium severity (CVSS 6.9). No vendor patch available.

Buffer Overflow Denial Of Service Google Android Defy Xt
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2013-1060 MEDIUM This Month

A certain Ubuntu build procedure for perf, as distributed in the Linux kernel packages in Ubuntu 10.04 LTS, 12.04 LTS, 12.10, 13.04, and 13.10, sets the HOME environment variable to the ~buildd. Rated medium severity (CVSS 6.9). No vendor patch available.

Privilege Escalation Linux Ubuntu Ubuntu Linux
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2013-5373 MEDIUM This Month

The RemoteClient component in IBM Rational ClearCase 8.0.0.03 through 8.0.0.07, and 8.0.1, uses world-writable permissions for the rcleartool script, which allows local users to gain privileges by. Rated medium severity (CVSS 6.9). No vendor patch available.

Privilege Escalation IBM Rational Clearcase
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2013-5937 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Click2Sell Suite module 6.x-1.x for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Click2Sell Suite Module
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2012-4086 MEDIUM This Month

A setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20790. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Cisco Unified Computing System
NVD
CVSS 2.0
5.1
EPSS
0.6%
CVE-2013-5750 MEDIUM PATCH This Month

The login form in the FriendsOfSymfony FOSUserBundle bundle before 1.3.3 for Symfony allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Fosuserbundle
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-5938 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Click2Sell Suite module 6.x-1.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a confirmation form. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Click2Sell Suite Module
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-5936 MEDIUM This Month

The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 allows remote attackers to obtain sensitive information about (1) runtime activity, (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-5935 MEDIUM This Month

The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 does not properly restrict the set of network interfaces that can receive API calls, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-4024 MEDIUM This Month

IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x support HTTP access to the Web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Data Studio Web Console Db2 Recovery Expert Infosphere Optim Configuration Manager +1
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-4022 LOW Monitor

IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x store unspecified. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Authentication Bypass Data Studio Web Console Db2 Recovery Expert Infosphere Optim Configuration Manager +1
NVD
CVSS 2.0
3.5
EPSS
0.1%
CVE-2013-4025 LOW Monitor

IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x do not have an off. Rated low severity (CVSS 1.9). No vendor patch available.

Privilege Escalation IBM Data Studio Web Console Db2 Recovery Expert Infosphere Optim Configuration Manager +1
NVD
CVSS 2.0
1.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy