Skip to main content
CVE-2013-3896 MEDIUM POC KEV PATCH THREAT Act Now

Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Information Disclosure Microsoft
NVD Exploit-DB VulDB
CVSS 3.1
5.5
EPSS
81.6%
Threat
6.5
CVE-2013-5576 MEDIUM POC PATCH THREAT This Month

administrator/components/com_media/helpers/media.php in the media manager in Joomla!. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 52.1%.

PHP Authentication Bypass Joomla
NVD Exploit-DB GitHub
CVSS 2.0
6.8
EPSS
52.1%
Threat
4.4
CVE-2013-3895 MEDIUM This Month

Microsoft SharePoint Server 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to conduct clickjacking attacks via a crafted web page, aka "Parameter Injection Vulnerability.". Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 32.2% and no vendor patch available.

Privilege Escalation Microsoft Office Web Apps Sharepoint Server
NVD
CVSS 2.0
6.8
EPSS
32.2%
CVE-2012-4424 MEDIUM POC This Month

Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service RCE Glibc
NVD
CVSS 2.0
5.1
EPSS
0.6%
CVE-2013-4256 MEDIUM POC PATCH This Month

Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1.9.3 allow local users to cause a denial of service (crash) or possibly execute arbitrary code via the (1) display. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service RCE Ubuntu Linux Network Audio System
NVD
CVSS 2.0
4.6
EPSS
0.2%
CVE-2013-4332 MEDIUM POC PATCH This Month

Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Glibc Enterprise Linux
NVD
CVSS 2.0
4.3
EPSS
1.6%
CVE-2013-4237 MEDIUM PATCH This Month

sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service RCE Glibc
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2013-0736 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Mingle Forum plugin 1.0.34 and possibly earlier for WordPress allow remote attackers to hijack the authentication of administrators. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF WordPress XSS Mingle Forum
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-4379 MEDIUM PATCH This Month

The Make Meeting Scheduler module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to bypass intended access restrictions for a poll via a direct request to the node's URL instead of the. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Make Meeting Scheduler Module
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2013-4356 MEDIUM This Month

Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when live migration is performed on hosts with more than 5TB of RAM, which allows local 64-bit PV guests to read or write to invalid. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Denial Of Service Xen
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2013-2099 MEDIUM PATCH This Month

Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Python Denial Of Service Ubuntu Linux
NVD
CVSS 2.0
4.3
EPSS
5.2%
CVE-2013-4284 MEDIUM This Month

Cumin, as used in Red Hat Enterprise MRG 2.4, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted Ajax update request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Denial Of Service Enterprise Mrg
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-4384 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Google Site Search module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.10 for Drupal allows remote attackers to inject arbitrary web script or HTML by. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Google XSS Google Site Search Module
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy