Skip to main content
CVE-2013-4342 HIGH POC THREAT Act Now

xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 15.3%.

Privilege Escalation Xinetd Enterprise Linux
NVD GitHub
CVSS 2.0
7.6
EPSS
15.3%
CVE-2013-2240 HIGH POC PATCH This Week

lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly remove query fragments, which allows remote attackers to have an unspecified impact via a replay attack, a different vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Information Disclosure Gallery
NVD GitHub
CVSS 2.0
7.5
EPSS
0.7%
CVE-2013-4221 HIGH PATCH This Week

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Java RCE Restlet
NVD GitHub VulDB
CVSS 2.0
7.5
EPSS
2.1%
CVE-2013-2138 HIGH This Week

The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gallery
NVD GitHub
CVSS 2.0
7.5
EPSS
1.2%
CVE-2013-4271 HIGH PATCH This Week

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Java Restlet
NVD GitHub VulDB
CVSS 2.0
7.5
EPSS
0.5%
CVE-2013-5526 HIGH This Week

Cisco 9900 fourth-generation IP phones do not properly perform SDP negotiation, which allows remote attackers to cause a denial of service (device reboot) via crafted SDP packets, aka Bug ID. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Unified Ip Phone 9951 Unified Ip Phone 9971
NVD
CVSS 2.0
7.1
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy