Skip to main content
CVE-2013-4397 MEDIUM POC This Month

Multiple integer overflows in the th_read function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service RCE Enterprise Linux Libtar
NVD
CVSS 2.0
6.8
EPSS
4.3%
CVE-2013-2254 MEDIUM POC PATCH This Month

The deepGetOrCreateNode function in impl/operations/AbstractCreateOperation.java in org.apache.sling.servlets.post.bundle 2.2.0 and 2.3.0 in Apache Sling does not properly handle a NULL value that. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Apache Java Org Apache Sling Servlets Post
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2013-4389 MEDIUM POC PATCH This Month

Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Rails Opensuse Debian Linux
NVD
CVSS 2.0
4.3
EPSS
1.3%
CVE-2013-6013 MEDIUM This Month

Buffer overflow in the flow daemon (flowd) in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7-S2, 12.1.X44 before 12.1X44-D15, 12.1X45 before 12.1X45-D10 on SRX devices, when using telnet. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Juniper RCE Junos
NVD
CVSS 2.0
6.8
EPSS
5.9%
CVE-2013-0500 MEDIUM This Month

IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 does not properly handle device files that are created with the NFS protocol but accessed with a non-NFS protocol, which allows remote. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service IBM Storwize V7000 Unified Software Storwize V7000 Unified
NVD
CVSS 2.0
5.4
EPSS
0.4%
CVE-2013-4689 MEDIUM This Month

J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1R before 12.1R6, 12.1X44 before 12.1X44-D15, 12.1x45 before 12.1X45-D10, 12.2 before 12.2R3, 12.3 before 12.3R2, and 13.1 before 13.1R3. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Juniper Junos
NVD
CVSS 2.0
5.1
EPSS
0.1%
CVE-2013-4287 MEDIUM PATCH This Month

Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Enterprise Linux Rubygems Ruby
NVD
CVSS 2.0
4.3
EPSS
2.0%
CVE-2013-4370 MEDIUM This Month

The ocaml binding for the xc_vcpu_getaffinity function in Xen 4.2.x and 4.3.x frees certain memory that may still be intended for use, which allows local users to cause a denial of service (heap. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Xen
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2013-6170 MEDIUM This Month

Juniper Junos 10.0 before 10.0S28, 10.4 before 10.4R7, 11.1 before 11.1R5, 11.2 before 11.2R2, and 11.4 before 11.4R1, when in a Next-Generation Multicast VPN (NGEN MVPN) environment, allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-6015 MEDIUM This Month

Juniper Junos before 10.4S14, 11.4 before 11.4R5-S2, 12.1R before 12.1R3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D15 on SRX Series services gateways, when a plugin using TCP proxy is. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-4363 MEDIUM PATCH This Month

Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Rubygems Ruby
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-4371 MEDIUM This Month

Use-after-free vulnerability in the libxl_list_cpupool function in the libxl toolstack library in Xen 4.2.x and 4.3.x, when running "under memory pressure," returns the original pointer when the. Rated medium severity (CVSS 4.4). No vendor patch available.

Denial Of Service RCE Xen
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2013-6169 MEDIUM This Month

The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2) weak SSL ciphers, which makes it easier for remote attackers to obtain sensitive information via a brute-force attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Ejabberd
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-5376 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Storwize V7000 Unified Software Storwize V7000 Unified
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-3025 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational Focal Point 6.5.x and 6.6.x before 6.6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Rational Focal Point
NVD
CVSS 2.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy