Skip to main content
CVE-2013-4342 HIGH POC THREAT Act Now

xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 15.3%.

Privilege Escalation Xinetd Enterprise Linux
NVD GitHub
CVSS 2.0
7.6
EPSS
15.3%
CVE-2013-2240 HIGH POC PATCH This Week

lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly remove query fragments, which allows remote attackers to have an unspecified impact via a replay attack, a different vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Information Disclosure Gallery
NVD GitHub
CVSS 2.0
7.5
EPSS
0.7%
CVE-2013-4387 MEDIUM POC PATCH This Month

net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not properly determine the need for UDP Fragmentation Offload (UFO) processing of small packets after the UFO queueing of a large packet,. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
6.1
EPSS
0.6%
CVE-2013-4767 CRITICAL Act Now

Unspecified vulnerability in Eucalyptus before 3.3.2 has unknown impact and attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Eucalyptus
NVD
CVSS 2.0
10.0
EPSS
0.5%
CVE-2013-4221 HIGH PATCH This Week

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Java RCE Restlet
NVD GitHub VulDB
CVSS 2.0
7.5
EPSS
2.1%
CVE-2013-2138 HIGH This Week

The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gallery
NVD GitHub
CVSS 2.0
7.5
EPSS
1.2%
CVE-2013-4271 HIGH PATCH This Week

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Java Restlet
NVD GitHub VulDB
CVSS 2.0
7.5
EPSS
0.5%
CVE-2013-5526 HIGH This Week

Cisco 9900 fourth-generation IP phones do not properly perform SDP negotiation, which allows remote attackers to cause a denial of service (device reboot) via crafted SDP packets, aka Bug ID. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Unified Ip Phone 9951 Unified Ip Phone 9971
NVD
CVSS 2.0
7.1
EPSS
0.8%
CVE-2013-4396 MEDIUM PATCH This Month

Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE X Org X11
NVD
CVSS 2.0
6.5
EPSS
2.0%
CVE-2013-5525 MEDIUM This Month

SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Identity Services Engine Software
NVD
CVSS 2.0
6.5
EPSS
0.8%
CVE-2013-4351 MEDIUM This Month

GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Gnupg
NVD
CVSS 2.0
5.8
EPSS
1.3%
CVE-2013-4345 MEDIUM PATCH This Month

Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Linux Information Disclosure Linux Kernel Fedora Enterprise Linux +1
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-1881 MEDIUM This Month

GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XXE Librsvg
NVD
CVSS 2.0
4.3
EPSS
7.8%
CVE-2013-5527 MEDIUM This Month

The OSPF functionality in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted options in an LSA type 11 packet, aka Bug ID CSCui21030. Rated medium severity (CVSS 5.7). No vendor patch available.

Denial Of Service Apple Cisco iOS Ios Xe
NVD
CVSS 2.0
5.7
EPSS
0.5%
CVE-2013-5499 MEDIUM This Month

The remember feature in the DHCP server in Cisco IOS allows remote attackers to cause a denial of service (device reload) by acquiring a lease and then sending a DHCPRELEASE message, aka Bug ID. Rated medium severity (CVSS 5.7). No vendor patch available.

Denial Of Service Apple Cisco iOS
NVD
CVSS 2.0
5.7
EPSS
0.2%
CVE-2013-0577 MEDIUM This Month

The Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote authenticated users to bypass intended access restrictions and create, modify, or. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Oracle IBM Infosphere Optim Data Growth For Oracle E Business Suite
NVD
CVSS 2.0
5.2
EPSS
0.1%
CVE-2013-2241 MEDIUM PATCH This Month

modules/gallery/helpers/data_rest.php in Gallery 3 before 3.0.9 allows remote attackers to bypass intended access restrictions and obtain sensitive information (image files) via the "full" string in. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

PHP Privilege Escalation Gallery
NVD GitHub
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-0580 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote authenticated users to hijack the. Rated medium severity (CVSS 4.9). No vendor patch available.

CSRF Oracle IBM Infosphere Optim Data Growth For Oracle E Business Suite
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2013-5008 MEDIUM PATCH This Month

The agent and task-agent components in Symantec Management Platform 7.0 and 7.1 before 7.1 SP2 Mp1.1v7 rollup, as used in certain Altiris products, use the same registry-entry encryption key across. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Denial Of Service Information Disclosure Management Platform
NVD
CVSS 2.0
4.6
EPSS
0.0%
CVE-2013-5524 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the troubleshooting page in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Identity Services Engine Software
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-5523 MEDIUM This Month

The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Cisco Identity Services Engine Software
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-0579 MEDIUM This Month

The Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote attackers to impersonate arbitrary users by leveraging access to a legitimate user's. Rated medium severity (CVSS 4.3). No vendor patch available.

Privilege Escalation Oracle IBM Infosphere Optim Data Growth For Oracle E Business Suite
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-3409 MEDIUM This Month

The portal in Cisco Prime Central for Hosted Collaboration Solution (HCS) places cleartext credentials in temporary files, which allows local users to obtain sensitive information by leveraging weak. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Prime Central For Hosted Collaboration Solution
NVD
CVSS 2.0
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy