Skip to main content
CVE-2013-3897 HIGH POC KEV PATCH THREAT Act Now

Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Buffer Overflow Memory Corruption Denial Of Service RCE Microsoft +1
NVD Exploit-DB VulDB
CVSS 3.1
8.8
EPSS
88.2%
Threat
7.4
CVE-2013-3896 MEDIUM POC KEV PATCH THREAT Act Now

Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Information Disclosure Microsoft
NVD Exploit-DB VulDB
CVSS 3.1
5.5
EPSS
81.6%
Threat
6.5
CVE-2013-5576 MEDIUM POC PATCH THREAT This Month

administrator/components/com_media/helpers/media.php in the media manager in Joomla!. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 52.1%.

PHP Authentication Bypass Joomla
NVD Exploit-DB GitHub
CVSS 2.0
6.8
EPSS
52.1%
Threat
4.4
CVE-2013-3861 HIGH Act Now

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 allows remote attackers to cause a denial of service (application crash or hang) via crafted character sequences in JSON data, aka. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 78.4% and no vendor patch available.

Denial Of Service Microsoft Net Framework
NVD
CVSS 2.0
7.8
EPSS
78.4%
CVE-2013-3195 CRITICAL PATCH Act Now

The DSA_InsertItem function in Comctl32.dll in the Windows common control library in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 63.0%.

Microsoft RCE Windows 7 Windows 8 Windows Rt +5
NVD
CVSS 2.0
10.0
EPSS
63.0%
CVE-2013-3889 CRITICAL Emergency

Microsoft Excel 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; Office Compatibility Pack SP3; and Excel. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 65.0% and no vendor patch available.

Buffer Overflow Microsoft RCE Excel Excel Viewer +5
NVD
CVSS 2.0
9.3
EPSS
65.0%
CVE-2013-3128 CRITICAL PATCH Act Now

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 57.8%.

Microsoft RCE Windows 7 Windows 8 Windows Rt +6
NVD
CVSS 2.0
9.3
EPSS
57.8%
CVE-2013-3860 HIGH Act Now

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly parse a DTD during XML digital-signature validation, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 63.8% and no vendor patch available.

Denial Of Service Microsoft Net Framework
NVD
CVSS 2.0
7.8
EPSS
63.8%
CVE-2013-3892 CRITICAL Emergency

Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Memory Corruption Vulnerability.". Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 53.2% and no vendor patch available.

Buffer Overflow Microsoft RCE Word
NVD
CVSS 2.0
9.3
EPSS
53.2%
CVE-2013-3891 CRITICAL Emergency

Microsoft Word 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Memory Corruption Vulnerability.". Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 53.2% and no vendor patch available.

Buffer Overflow Microsoft RCE Word
NVD
CVSS 2.0
9.3
EPSS
53.2%
CVE-2013-3890 CRITICAL Emergency

Microsoft Excel 2007 SP3, Excel Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Excel Memory Corruption. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 53.2% and no vendor patch available.

Buffer Overflow Microsoft RCE Excel Excel Viewer +1
NVD
CVSS 2.0
9.3
EPSS
53.2%
CVE-2013-5967 HIGH POC THREAT Act Now

Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the date_from. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 35.3%.

PHP SQLi Open Source Security Information Management
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
35.3%
Threat
4.1
CVE-2013-3881 HIGH POC THREAT Act Now

win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a crafted application, aka "Win32k NULL Page Vulnerability.". Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 17.7%.

Information Disclosure Microsoft Windows 7
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
17.7%
CVE-2012-4412 HIGH POC THREAT Act Now

Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 18.7%.

Buffer Overflow Denial Of Service RCE Glibc
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
18.7%
CVE-2013-3871 CRITICAL Act Now

Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 25.8% and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft RCE Internet Explorer
NVD
CVSS 2.0
9.3
EPSS
25.8%
CVE-2013-3874 CRITICAL Act Now

Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 24.6% and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft RCE Internet Explorer
NVD
CVSS 2.0
9.3
EPSS
24.6%
CVE-2013-3873 CRITICAL Act Now

Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 24.6% and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft RCE Internet Explorer
NVD
CVSS 2.0
9.3
EPSS
24.6%
CVE-2013-3886 CRITICAL Act Now

Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 22.3% and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft RCE Internet Explorer
NVD
CVSS 2.0
9.3
EPSS
22.3%
CVE-2013-3885 CRITICAL Act Now

Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 22.3% and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft RCE Internet Explorer
NVD
CVSS 2.0
9.3
EPSS
22.3%
CVE-2013-3882 CRITICAL Act Now

Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 22.3% and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft RCE Internet Explorer
NVD
CVSS 2.0
9.3
EPSS
22.3%
CVE-2013-3875 CRITICAL Act Now

Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 22.3% and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft RCE Internet Explorer
NVD
CVSS 2.0
9.3
EPSS
22.3%
CVE-2013-3894 HIGH Act Now

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 27.0% and no vendor patch available.

Code Injection Microsoft RCE Windows 7 Windows 8 +6
NVD
CVSS 3.1
8.1
EPSS
27.0%
CVE-2013-3872 CRITICAL Act Now

Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 20.2% and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft RCE Internet Explorer
NVD
CVSS 2.0
9.3
EPSS
20.2%
CVE-2013-3895 MEDIUM This Month

Microsoft SharePoint Server 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to conduct clickjacking attacks via a crafted web page, aka "Parameter Injection Vulnerability.". Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 32.2% and no vendor patch available.

Privilege Escalation Microsoft Office Web Apps Sharepoint Server
NVD
CVSS 2.0
6.8
EPSS
32.2%
CVE-2013-5327 CRITICAL PATCH Act Now

MDBMS.dll in Adobe RoboHelp 10 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.8%.

Buffer Overflow Adobe Denial Of Service RCE Robohelp
NVD
CVSS 2.0
10.0
EPSS
10.8%
CVE-2013-4258 HIGH POC This Week

Format string vulnerability in the osLogMsg function in server/os/aulog.c in Network Audio System (NAS) 1.9.3 allows remote attackers to cause a denial of service (crash) and possibly execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Network Audio System
NVD
CVSS 2.0
7.5
EPSS
1.2%
CVE-2013-5325 CRITICAL Act Now

Adobe Reader and Acrobat 11.x before 11.0.05 on Windows allow remote attackers to execute arbitrary JavaScript code in a javascript: URL via a crafted PDF document. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection Microsoft Adobe RCE Acrobat +1
NVD
CVSS 2.0
9.3
EPSS
0.8%
CVE-2012-4424 MEDIUM POC This Month

Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service RCE Glibc
NVD
CVSS 2.0
5.1
EPSS
0.6%
CVE-2013-4256 MEDIUM POC PATCH This Month

Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1.9.3 allow local users to cause a denial of service (crash) or possibly execute arbitrary code via the (1) display. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service RCE Ubuntu Linux Network Audio System
NVD
CVSS 2.0
4.6
EPSS
0.2%
CVE-2013-4332 MEDIUM POC PATCH This Month

Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Glibc Enterprise Linux
NVD
CVSS 2.0
4.3
EPSS
1.6%
CVE-2013-3888 HIGH This Week

dxgkrnl.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 7 Windows Server 2008 Windows Vista
NVD
CVSS 3.1
8.4
EPSS
0.6%
CVE-2013-4385 HIGH PATCH This Week

Buffer overflow in the "read-string!" procedure in the "extras" unit in CHICKEN stable before 4.8.0.5 and development snapshots before 4.8.3 allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service RCE Chicken
NVD
CVSS 2.0
7.5
EPSS
2.7%
CVE-2013-3880 LOW Monitor

The App Container feature in the kernel-mode drivers in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to bypass intended access restrictions and obtain sensitive. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Epss exploitation probability 20.3% and no vendor patch available.

Privilege Escalation Microsoft Windows 8 Windows Rt Windows Server 2012
NVD
CVSS 2.0
3.5
EPSS
20.3%
CVE-2013-3200 HIGH This Week

The USB drivers in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Microsoft RCE Windows 7 Windows 8 +6
NVD
CVSS 2.0
7.2
EPSS
0.5%
CVE-2013-3879 HIGH This Week

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Windows 7 Windows 8 Windows Rt +5
NVD
CVSS 2.0
7.2
EPSS
0.5%
CVE-2013-4237 MEDIUM PATCH This Month

sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service RCE Glibc
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2013-0736 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Mingle Forum plugin 1.0.34 and possibly earlier for WordPress allow remote attackers to hijack the authentication of administrators. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF WordPress XSS Mingle Forum
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-4379 MEDIUM PATCH This Month

The Make Meeting Scheduler module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to bypass intended access restrictions for a poll via a direct request to the node's URL instead of the. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Make Meeting Scheduler Module
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2013-4356 MEDIUM This Month

Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when live migration is performed on hosts with more than 5TB of RAM, which allows local 64-bit PV guests to read or write to invalid. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Denial Of Service Xen
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2013-2099 MEDIUM PATCH This Month

Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Python Denial Of Service Ubuntu Linux
NVD
CVSS 2.0
4.3
EPSS
5.2%
CVE-2013-4284 MEDIUM This Month

Cumin, as used in Red Hat Enterprise MRG 2.4, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted Ajax update request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Denial Of Service Enterprise Mrg
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-4384 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Google Site Search module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.10 for Drupal allows remote attackers to inject arbitrary web script or HTML by. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Google XSS Google Site Search Module
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-2207 LOW PATCH Monitor

pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to. Rated low severity (CVSS 2.6).

Privilege Escalation Glibc Fedora
NVD
CVSS 2.0
2.6
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy