Skip to main content
CVE-2013-4387 MEDIUM POC PATCH This Month

net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not properly determine the need for UDP Fragmentation Offload (UFO) processing of small packets after the UFO queueing of a large packet,. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
6.1
EPSS
0.6%
CVE-2013-4396 MEDIUM PATCH This Month

Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE X Org X11
NVD
CVSS 2.0
6.5
EPSS
2.0%
CVE-2013-5525 MEDIUM This Month

SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Identity Services Engine Software
NVD
CVSS 2.0
6.5
EPSS
0.8%
CVE-2013-4351 MEDIUM This Month

GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Gnupg
NVD
CVSS 2.0
5.8
EPSS
1.3%
CVE-2013-4345 MEDIUM PATCH This Month

Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Linux Information Disclosure Linux Kernel Fedora Enterprise Linux +1
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-1881 MEDIUM This Month

GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XXE Librsvg
NVD
CVSS 2.0
4.3
EPSS
7.8%
CVE-2013-5527 MEDIUM This Month

The OSPF functionality in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted options in an LSA type 11 packet, aka Bug ID CSCui21030. Rated medium severity (CVSS 5.7). No vendor patch available.

Denial Of Service Apple Cisco iOS Ios Xe
NVD
CVSS 2.0
5.7
EPSS
0.5%
CVE-2013-5499 MEDIUM This Month

The remember feature in the DHCP server in Cisco IOS allows remote attackers to cause a denial of service (device reload) by acquiring a lease and then sending a DHCPRELEASE message, aka Bug ID. Rated medium severity (CVSS 5.7). No vendor patch available.

Denial Of Service Apple Cisco iOS
NVD
CVSS 2.0
5.7
EPSS
0.2%
CVE-2013-0577 MEDIUM This Month

The Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote authenticated users to bypass intended access restrictions and create, modify, or. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Oracle IBM Infosphere Optim Data Growth For Oracle E Business Suite
NVD
CVSS 2.0
5.2
EPSS
0.1%
CVE-2013-2241 MEDIUM PATCH This Month

modules/gallery/helpers/data_rest.php in Gallery 3 before 3.0.9 allows remote attackers to bypass intended access restrictions and obtain sensitive information (image files) via the "full" string in. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

PHP Privilege Escalation Gallery
NVD GitHub
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-0580 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote authenticated users to hijack the. Rated medium severity (CVSS 4.9). No vendor patch available.

CSRF Oracle IBM Infosphere Optim Data Growth For Oracle E Business Suite
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2013-5008 MEDIUM PATCH This Month

The agent and task-agent components in Symantec Management Platform 7.0 and 7.1 before 7.1 SP2 Mp1.1v7 rollup, as used in certain Altiris products, use the same registry-entry encryption key across. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Denial Of Service Information Disclosure Management Platform
NVD
CVSS 2.0
4.6
EPSS
0.0%
CVE-2013-5524 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the troubleshooting page in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Identity Services Engine Software
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-5523 MEDIUM This Month

The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Cisco Identity Services Engine Software
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-0579 MEDIUM This Month

The Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote attackers to impersonate arbitrary users by leveraging access to a legitimate user's. Rated medium severity (CVSS 4.3). No vendor patch available.

Privilege Escalation Oracle IBM Infosphere Optim Data Growth For Oracle E Business Suite
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-3409 MEDIUM This Month

The portal in Cisco Prime Central for Hosted Collaboration Solution (HCS) places cleartext credentials in temporary files, which allows local users to obtain sensitive information by leveraging weak. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Prime Central For Hosted Collaboration Solution
NVD
CVSS 2.0
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy