Skip to main content
CVE-2013-4397 MEDIUM POC This Month

Multiple integer overflows in the th_read function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service RCE Enterprise Linux Libtar
NVD
CVSS 2.0
6.8
EPSS
4.3%
CVE-2013-2254 MEDIUM POC PATCH This Month

The deepGetOrCreateNode function in impl/operations/AbstractCreateOperation.java in org.apache.sling.servlets.post.bundle 2.2.0 and 2.3.0 in Apache Sling does not properly handle a NULL value that. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Apache Java Org Apache Sling Servlets Post
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2013-4365 HIGH PATCH This Week

Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Apache Memory Corruption Mod Fcgid Debian Linux +3
NVD
CVSS 2.0
7.5
EPSS
6.7%
CVE-2013-4389 MEDIUM POC PATCH This Month

Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Rails Opensuse Debian Linux
NVD
CVSS 2.0
4.3
EPSS
1.3%
CVE-2013-6013 MEDIUM This Month

Buffer overflow in the flow daemon (flowd) in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7-S2, 12.1.X44 before 12.1X44-D15, 12.1X45 before 12.1X45-D10 on SRX devices, when using telnet. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Juniper RCE Junos
NVD
CVSS 2.0
6.8
EPSS
5.9%
CVE-2013-2190 LOW POC Monitor

The translate_hierarchy_event function in x11/clutter-device-manager-xi2.c in Clutter, when resuming the system, does not properly handle XIQueryDevice errors when a device has "disappeared," which. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Clutter Opensuse
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-0500 MEDIUM This Month

IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 does not properly handle device files that are created with the NFS protocol but accessed with a non-NFS protocol, which allows remote. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service IBM Storwize V7000 Unified Software Storwize V7000 Unified
NVD
CVSS 2.0
5.4
EPSS
0.4%
CVE-2013-4689 MEDIUM This Month

J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1R before 12.1R6, 12.1X44 before 12.1X44-D15, 12.1x45 before 12.1X45-D10, 12.2 before 12.2R3, 12.3 before 12.3R2, and 13.1 before 13.1R3. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Juniper Junos
NVD
CVSS 2.0
5.1
EPSS
0.1%
CVE-2013-4287 MEDIUM PATCH This Month

Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Enterprise Linux Rubygems Ruby
NVD
CVSS 2.0
4.3
EPSS
2.0%
CVE-2013-4370 MEDIUM This Month

The ocaml binding for the xc_vcpu_getaffinity function in Xen 4.2.x and 4.3.x frees certain memory that may still be intended for use, which allows local users to cause a denial of service (heap. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Xen
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2013-6170 MEDIUM This Month

Juniper Junos 10.0 before 10.0S28, 10.4 before 10.4R7, 11.1 before 11.1R5, 11.2 before 11.2R2, and 11.4 before 11.4R1, when in a Next-Generation Multicast VPN (NGEN MVPN) environment, allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-6015 MEDIUM This Month

Juniper Junos before 10.4S14, 11.4 before 11.4R5-S2, 12.1R before 12.1R3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D15 on SRX Series services gateways, when a plugin using TCP proxy is. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-4363 MEDIUM PATCH This Month

Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Rubygems Ruby
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-4371 MEDIUM This Month

Use-after-free vulnerability in the libxl_list_cpupool function in the libxl toolstack library in Xen 4.2.x and 4.3.x, when running "under memory pressure," returns the original pointer when the. Rated medium severity (CVSS 4.4). No vendor patch available.

Denial Of Service RCE Xen
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2013-6169 MEDIUM This Month

The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2) weak SSL ciphers, which makes it easier for remote attackers to obtain sensitive information via a brute-force attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Ejabberd
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-5376 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Storwize V7000 Unified Software Storwize V7000 Unified
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-3025 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational Focal Point 6.5.x and 6.6.x before 6.6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Rational Focal Point
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-4368 LOW Monitor

The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests. Rated low severity (CVSS 1.9). No vendor patch available.

Information Disclosure Xen
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2013-4369 LOW Monitor

The xlu_vif_parse_rate function in the libxlu library in Xen 4.2.x and 4.3.x allows local users to cause a denial of service (NULL pointer dereference) by using the "@" character as the VIF rate. Rated low severity (CVSS 1.9). No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
1.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy