Skip to main content
CVE-2013-1892 MEDIUM POC THREAT This Month

MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 53.5%.

Denial Of Service RCE MongoDB Enterprise Mrg
NVD Exploit-DB
CVSS 2.0
6.0
EPSS
53.5%
Threat
4.3
CVE-2013-5745 HIGH POC THREAT Act Now

The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 18.7%.

Denial Of Service Vino Ubuntu Linux
NVD Exploit-DB
CVSS 2.0
7.1
EPSS
18.7%
CVE-2013-4042 CRITICAL Act Now

Unspecified vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 and 5.0 through FP2 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 19.2% and no vendor patch available.

RCE IBM Spss Collaboration And Deployment Services
NVD
CVSS 2.0
10.0
EPSS
19.2%
CVE-2013-5370 CRITICAL Act Now

Unspecified vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 and 5.0 through FP2 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 16.6% and no vendor patch available.

RCE IBM Spss Collaboration And Deployment Services
NVD
CVSS 2.0
10.0
EPSS
16.6%
CVE-2013-3969 MEDIUM POC This Month

The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through 2.4.4 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and server crash) or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE MongoDB
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
8.2%
CVE-2013-3688 HIGH POC This Week

The TP-Link IP Cameras TL-SC3171, TL-SC3130, TL-SC3130G, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6, does not properly restrict access to certain administrative. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation Denial Of Service TP-Link Tl Sc3130 Tl Sc3130G +3
NVD
CVSS 2.0
7.1
EPSS
0.6%
CVE-2013-3539 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Airlive Wl2600Cam Snc Ch140 Snc Ch180 Snc Ch240 +7
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
1.4%
CVE-2013-3690 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in cgi-bin/users.cgi in Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.1.0.8. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF 100Ap Device Firmware Fb 100Ap Md 100Ap Ob 100Ae +3
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
1.4%
CVE-2013-3963 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Gxv Device Firmware Gxv3500 Gxv3501 Gxv3504 +7
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-5572 LOW POC Monitor

Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldap_bind_password value in the HTML source code. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation Zabbix
NVD Exploit-DB
CVSS 2.0
3.5
EPSS
7.8%
CVE-2013-5725 MEDIUM POC This Month

The Metaclassy Byword app 2.x before 2.1 for iOS does not require confirmation of Replace file actions, which allows remote attackers to overwrite arbitrary files via the name and text parameters in. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apple Byword
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2012-5627 MEDIUM POC PATCH This Month

Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Oracle MySQL MariaDB
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
3.9%
CVE-2013-5395 HIGH This Week

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote attackers to bypass intended access restrictions via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Maximo Asset Management
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2013-2231 HIGH This Week

Unquoted Windows search path vulnerability in the QEMU Guest Agent service for Red Hat Enterprise Linux Desktop 6, HPC Node 6, Server 6, Workstation 6, Desktop Supplementary 6, Server Supplementary. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Microsoft Enterprise Linux Enterprise Linux Desktop Supplementary +2
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2012-3323 MEDIUM This Month

IBM Maximo Asset Management 6.2 before 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.3 allows remote attackers to gain privileges via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation IBM Maximo Asset Management
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2013-5381 MEDIUM This Month

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to gain privileges via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Maximo Asset Management
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2013-4021 MEDIUM This Month

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to conduct unspecified file-inclusion attacks via unknown vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Maximo Asset Management
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2013-3047 MEDIUM This Month

IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Maximo Asset Management
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2013-0451 MEDIUM This Month

SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 through 7.1.1.12 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi IBM Maximo Asset Management
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2013-3973 MEDIUM This Month

SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi IBM Maximo Asset Management
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2013-4017 MEDIUM This Month

SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi IBM Maximo Asset Management
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2013-4027 MEDIUM This Month

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Maximo Asset Management
NVD
CVSS 2.0
6.5
EPSS
0.3%
CVE-2013-5516 MEDIUM This Month

The Media Snapshot implementation on Cisco TelePresence Multipoint Switch (CTMS) devices allows remote authenticated users to cause a denial of service (device reload) by sending many Media Snapshot. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Telepresence Multipoint Switch
NVD
CVSS 2.0
6.3
EPSS
0.5%
CVE-2012-4096 MEDIUM This Month

The local file editor in the Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and modify arbitrary fabric-interconnect files, in the. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cisco Unified Computing System
NVD
CVSS 2.0
6.2
EPSS
0.1%
CVE-2013-4018 MEDIUM This Month

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Maximo Asset Management
NVD
CVSS 2.0
6.0
EPSS
0.5%
CVE-2012-2125 MEDIUM PATCH This Month

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Information Disclosure Rubygems
NVD GitHub
CVSS 2.0
5.8
EPSS
0.6%
CVE-2013-4210 MEDIUM This Month

The org.jboss.remoting.transport.socket.ServerThread class in Red Hat JBoss Remoting for Red Hat JBoss SOA Platform 5.3.1 GA, Web Platform 5.2.0, Enterprise Application Platform 5.2.0, and other. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Denial Of Service Jboss Enterprise Application Platform Jboss Enterprise Brms Platform Jboss Enterprise Soa Platform +1
NVD
CVSS 2.0
5.0
EPSS
1.3%
CVE-2013-2269 MEDIUM This Month

The Sponsorship Confirmation functionality in Aruba Networks ClearPass 5.x, 6.0.1, and 6.0.2, and Amigopod/ClearPass Guest 3.0 through 3.9.7, allows remote attackers to bypass intended access. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Aruba Clearpass Clearpass Guest
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-4013 MEDIUM This Month

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Maximo Asset Management
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-3278 MEDIUM This Month

EMC VPLEX before VPLEX GeoSynchrony 5.2 SP1 uses cleartext for storage of the LDAP/AD bind password, which allows local users to obtain sensitive information by reading the management-server. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Geosynchrony Vplex Geo Vplex Local Vplex Metro
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2013-5580 MEDIUM PATCH This Month

The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions in conn.c in ngIRCd 18 through 20.2, when the configuration option NoticeAuth is enabled, does not properly handle the return code. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Ngircd
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2013-5975 MEDIUM This Month

The access policy logon page (logon.inc) in F5 BIG-IP APM 11.1.0 through 11.2.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Big Ip Access Policy Manager
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-5976 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the access policy logout page (logout.inc) in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.1.0 through 11.3.0 allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Big Ip Access Policy Manager
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-4014 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Maximo Asset Management
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-2126 MEDIUM PATCH This Month

RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Rubygems
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-3964 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Samsung SHR-5162, SHR-5082, and possibly other models, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Samsung XSS Shr 5082 Shr 5162
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-3962 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Gxv Device Firmware Gxv3500 Gxv3501 Gxv3504 +7
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-3041 MEDIUM This Month

The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to obtain sensitive information from the client-server data stream. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Rational Clearquest
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-5383 MEDIUM This Month

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Maximo Asset Management
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-5382 MEDIUM This Month

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Maximo Asset Management
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-4708 MEDIUM This Month

The PPP Access Concentrator (PPPAC) in Internet Initiative Japan Inc. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Seil 2Fx1 Firmware Seil X1 Seil 2Fb1 Firmware Seil B1 +8
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-3972 MEDIUM This Month

IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Maximo Asset Management
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-4020 MEDIUM This Month

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to bypass intended access restrictions via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Maximo Asset Management
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-3971 MEDIUM This Month

IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Maximo Asset Management
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-3049 MEDIUM This Month

IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Maximo Asset Management
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-4019 LOW Monitor

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 before 7.1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Maximo Asset Management
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-3048 LOW Monitor

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to inject arbitrary web. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Maximo Asset Management
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-4361 LOW Monitor

The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xen
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-2013 LOW PATCH Monitor

The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Python Information Disclosure Python Keystoneclient
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-5380 LOW Monitor

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows local users to obtain sensitive information via unspecified vectors. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Maximo Asset Management
NVD
CVSS 2.0
2.1
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy