Skip to main content
CVE-2013-5979 MEDIUM POC THREAT This Month

Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 34.8%.

PHP Java Path Traversal Xibo
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
34.8%
CVE-2013-2922 MEDIUM This Month

Use-after-free vulnerability in core/html/HTMLTemplateElement.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Chrome
NVD
CVSS 2.0
6.8
EPSS
1.2%
CVE-2013-2921 MEDIUM This Month

Double free vulnerability in the ResourceFetcher::didLoadResource function in core/fetch/ResourceFetcher.cpp in the resource loader in Blink, as used in Google Chrome before 30.0.1599.66, allows. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Chrome
NVD
CVSS 2.0
6.8
EPSS
1.2%
CVE-2013-2913 MEDIUM This Month

Use-after-free vulnerability in the XMLDocumentParser::append function in core/xml/parser/XMLDocumentParser.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Chrome
NVD
CVSS 2.0
6.8
EPSS
1.2%
CVE-2013-2911 MEDIUM This Month

Use-after-free vulnerability in the XSLStyleSheet::compileStyleSheet function in core/xml/XSLStyleSheetLibxslt.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Chrome
NVD
CVSS 2.0
6.8
EPSS
1.2%
CVE-2013-2906 MEDIUM This Month

Multiple race conditions in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allow remote attackers to cause a denial of service or possibly have unspecified other. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Google Denial Of Service Race Condition Chrome
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2013-2914 MEDIUM This Month

Use-after-free vulnerability in the color-chooser dialog in Google Chrome before 30.0.1599.66 on Windows allows remote attackers to cause a denial of service or possibly have unspecified other impact. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Microsoft Chrome
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2012-4103 MEDIUM This Month

ethanalyzer in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq02686. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cisco Unified Computing System
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2012-4111 MEDIUM This Month

The create certreq command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cisco Unified Computing System
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2012-4110 MEDIUM This Month

run-script in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86560. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cisco Unified Computing System
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2012-4109 MEDIUM This Month

The clear sshkey command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cisco Unified Computing System
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2012-4102 MEDIUM This Month

The activate firmware command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cisco Unified Computing System
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2012-4104 MEDIUM This Month

Absolute path traversal vulnerability in the image-download process in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to overwrite or delete arbitrary. Rated medium severity (CVSS 6.6). No vendor patch available.

Path Traversal Cisco Unified Computing System
NVD
CVSS 2.0
6.6
EPSS
0.1%
CVE-2013-4067 MEDIUM This Month

IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to hijack sessions and read cookie values, or conduct phishing attacks to capture credentials, via. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation IBM Infosphere Information Server
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2013-5517 MEDIUM This Month

SQL injection vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Unified Communications Domain Manager
NVD
CVSS 2.0
5.5
EPSS
0.4%
CVE-2012-4095 MEDIUM This Month

The local file editor in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges, and read or modify arbitrary files, via unspecified key. Rated medium severity (CVSS 5.5). No vendor patch available.

Information Disclosure Cisco Unified Computing System
NVD
CVSS 2.0
5.5
EPSS
0.1%
CVE-2013-2920 MEDIUM This Month

The DoResolveRelativeHost function in url/url_canon_relative.cc in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service (out-of-bounds read) via a relative URL. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Google Chrome
NVD
CVSS 2.0
5.0
EPSS
1.5%
CVE-2013-2907 MEDIUM This Month

The Window.prototype object implementation in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Google Chrome
NVD
CVSS 2.0
5.0
EPSS
1.4%
CVE-2013-2917 MEDIUM This Month

The ReverbConvolverStage::ReverbConvolverStage function in core/platform/audio/ReverbConvolverStage.cpp in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Google Chrome
NVD
CVSS 2.0
5.0
EPSS
1.3%
CVE-2013-4032 MEDIUM This Month

The Fast Communications Manager (FCM) in IBM DB2 Enterprise Server Edition and Advanced Enterprise Server Edition 10.1 before FP3 and 10.5, when a multi-node configuration is used, allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Db2
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-2908 MEDIUM This Month

Google Chrome before 30.0.1599.66 uses incorrect function calls to determine the values of NavigationEntry objects, which allows remote attackers to spoof the address bar via vectors involving a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2013-2916 MEDIUM This Month

Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to spoof the address bar via vectors involving a response with a 204 (aka No Content) status code, in conjunction with a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Google Chrome
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-2915 MEDIUM This Month

Google Chrome before 30.0.1599.66 preserves pending NavigationEntry objects in certain invalid circumstances, which allows remote attackers to spoof the address bar via a URL with a malformed scheme,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Google Chrome
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-4066 MEDIUM This Month

IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to conduct clickjacking attacks by creating an overlay interface on top of the Web Console interface. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 2.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy