Skip to main content
CVE-2013-4295 MEDIUM POC PATCH THREAT This Month

The gadget renderer in Apache Shindig 2.5.0 for PHP allows remote attackers to obtain sensitive information via an XML document containing an external entity declaration in conjunction with an entity. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 17.0%.

PHP Apache Information Disclosure XXE Shindig
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
17.0%
CVE-2013-1734 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allows remote attackers. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Bugzilla
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-1733 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in process_bug.cgi in Bugzilla 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that modify bugs. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Bugzilla
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-6246 MEDIUM POC This Month

The Dell Quest One Password Manager, possibly 5.0, allows remote attackers to bypass CAPTCHA protections and obtain sensitive information (user's full name) by sending a login request with a valid. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Dell Quest One Password Manager
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
8.0%
CVE-2013-4299 MEDIUM POC PATCH This Month

Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Linux Linux Kernel Enterprise Linux
NVD GitHub
CVSS 2.0
6.0
EPSS
0.8%
CVE-2013-1743 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Bugzilla
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.9%
CVE-2013-1742 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in editflagtypes.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allow remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Bugzilla
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-5170 MEDIUM This Month

Buffer underflow in CoreGraphics in Apple Mac OS X before 10.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple RCE Mac Os X
NVD
CVSS 2.0
6.8
EPSS
1.4%
CVE-2013-5168 MEDIUM This Month

Console in Apple Mac OS X before 10.9 allows user-assisted remote attackers to execute arbitrary applications by triggering a log entry with a crafted attached URL. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-5143 MEDIUM This Month

The RADIUS service in Server App in Apple OS X Server before 3.0 selects a fallback X.509 certificate in unspecified circumstances, which might allow man-in-the-middle attackers to hijack RADIUS. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Apple Os X Server
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-5175 MEDIUM This Month

The kernel in Apple Mac OS X before 10.9 allows local users to obtain sensitive information or cause a denial of service (out-of-bounds read and system crash) via a crafted Mach-O file. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Apple Mac Os X
NVD
CVSS 2.0
6.6
EPSS
0.0%
CVE-2013-5165 MEDIUM This Month

socketfilterfw in Application Firewall in Apple Mac OS X before 10.9 does not properly implement the --blockApp option, which allows remote attackers to bypass intended access restrictions via a. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apple Mac Os X
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2013-3244 MEDIUM This Month

Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM_PPB function in the Project System (PS-IS) module for SAP ERP Central Component (ECC) allow remote attackers to execute arbitrary. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection SAP RCE Erp Central Component
NVD
CVSS 2.0
6.0
EPSS
1.1%
CVE-2013-4390 MEDIUM PATCH This Month

Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Apache Open Redirect XSS Sling Sling Auth Core Component
NVD
CVSS 2.0
5.8
EPSS
1.3%
CVE-2013-5189 MEDIUM This Month

Apple Mac OS X before 10.9 does not preserve a certain administrative system-preferences setting across software updates, which allows context-dependent attackers to bypass intended access. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Apple Mac Os X
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-5184 MEDIUM This Month

The kernel in Apple Mac OS X before 10.9 does not properly check for errors during the processing of multicast Wi-Fi packets, which allows remote attackers to cause a denial of service (system crash). Rated medium severity (CVSS 5.7). No vendor patch available.

Denial Of Service Apple Mac Os X
NVD
CVSS 2.0
5.7
EPSS
0.2%
CVE-2013-6244 MEDIUM This Month

The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SAP Netweaver
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-5536 MEDIUM This Month

Cisco Secure Access Control System (ACS) does not properly implement an incoming-packet firewall rule, which allows remote attackers to cause a denial of service (process crash) via a flood of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Secure Access Control System
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-5130 MEDIUM This Month

WebKit in Apple Safari before 6.1 disables the Private Browsing feature upon a launch of the Web Inspector, which makes it easier for context-dependent attackers to obtain browsing information by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apple Safari
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-5178 MEDIUM This Month

LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filenames, which allows context-dependent attackers to spoof file extensions via a crafted character. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apple Mac Os X
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-5167 MEDIUM This Month

CFNetwork in Apple Mac OS X before 10.9 does not properly support Safari's deletion of session cookies in response to a reset operation, which makes it easier for remote web servers to track users. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-5182 MEDIUM This Month

Mail in Apple Mac OS X before 10.9 allows remote attackers to spoof the existence of a cryptographic signature for an e-mail message by using the multipart/signed content type within an unsigned. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-5166 MEDIUM This Month

The Bluetooth USB host controller in Apple Mac OS X before 10.9 prematurely deletes interfaces, which allows local users to cause a denial of service (system crash) via a crafted application. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Mac Os X
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2013-5192 MEDIUM This Month

The USB hub controller in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a request with a crafted (1) port or (2) port number. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Mac Os X
NVD
CVSS 2.0
4.9
EPSS
0.0%
CVE-2013-5177 MEDIUM This Month

The kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (panic) via an invalid iovec structure. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Mac Os X
NVD
CVSS 2.0
4.9
EPSS
0.0%
CVE-2013-5176 MEDIUM This Month

The kernel in Apple Mac OS X before 10.9 does not properly handle integer values during unspecified tty device operations, which allows local users to cause a denial of service (system hang) by. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Mac Os X
NVD
CVSS 2.0
4.9
EPSS
0.0%
CVE-2013-5174 MEDIUM This Month

Integer signedness error in the kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a crafted tty read operation. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Mac Os X
NVD
CVSS 2.0
4.9
EPSS
0.0%
CVE-2013-5181 MEDIUM This Month

The auto-configuration feature in Mail in Apple Mac OS X before 10.9 selects plaintext authentication for unspecified servers that support CRAM-MD5 authentication, which allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-5136 MEDIUM This Month

Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Apple Apple Remote Desktop
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-5180 MEDIUM This Month

The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-5190 MEDIUM This Month

Smart Card Services in Apple Mac OS X before 10.9 does not properly implement certificate-revocation checks, which allows remote attackers to cause a denial of service (Smart Card usage outage) by. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Denial Of Service Apple Mac Os X
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-5185 MEDIUM This Month

The ldapsearch command-line program in OpenLDAP in Apple Mac OS X before 10.9 does not properly process the minssf configuration setting, which allows remote attackers to obtain sensitive information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2013-5188 MEDIUM This Month

The Screen Lock implementation in Apple Mac OS X before 10.9, when hibernation and autologin are enabled, does not require a password for a transition out of hibernation, which allows physically. Rated medium severity (CVSS 4.0). No vendor patch available.

Privilege Escalation Apple Mac Os X
NVD
CVSS 2.0
4.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy