Skip to main content
CVE-2013-6282 HIGH POC KEV PATCH THREAT Act Now

The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Information Disclosure Google Linux
NVD GitHub Exploit-DB VulDB
CVSS 3.1
8.8
EPSS
67.7%
Threat
6.8
CVE-2013-6829 HIGH POC THREAT Act Now

admin/confnetworking.html in PineApp Mail-SeCure allows remote attackers to execute arbitrary commands via shell metacharacters in the pinghost parameter during a ping operation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 71.9%.

Code Injection RCE Mail Secure
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
71.9%
Threat
5.2
CVE-2013-6830 HIGH POC This Week

admin/confnetworking.html in PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms allows remote attackers to execute arbitrary commands via shell metacharacters in the nsserver. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Mail Secure 5099Sk
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
7.9%
CVE-2013-5730 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DSL-2740B Gateway with firmware EU_1.00 allow remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF D-Link Dsl 2740B Firmware Dsl 2740B
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
7.1%
CVE-2013-4563 HIGH POC PATCH This Week

The udp6_ufo_fragment function in net/ipv6/udp_offload.c in the Linux kernel through 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly perform a certain size comparison before. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Linux Linux Kernel Ubuntu Linux
NVD GitHub
CVSS 2.0
7.1
EPSS
1.6%
CVE-2013-4579 MEDIUM POC THREAT This Month

The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 15.3%.

Linux Information Disclosure Linux Kernel
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
15.3%
CVE-2013-6831 HIGH POC This Week

PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms has a sudoers file that does not properly restrict user specifications, which allows local users to gain privileges via a sudo. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Mail Secure 5099Sk
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
0.6%
CVE-2013-4495 CRITICAL Act Now

The send_the_mail function in server/svr_mail.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) before 4.2.6 allows remote attackers to execute arbitrary commands. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Torque Resource Manager
NVD
CVSS 2.0
10.0
EPSS
5.4%
CVE-2013-3095 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR865L router (Rev. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF D-Link Dir865L Firmware Dir865L
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.9%
CVE-2013-6826 MEDIUM POC This Month

cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Fortinet Fortianalyzer Firmware Fortianalyzer 1000D Fortianalyzer 2000B +4
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-6822 CRITICAL Act Now

GRMGApp in SAP NetWeaver allows remote attackers to have unspecified impact and attack vectors, related to an XML External Entity (XXE) issue. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SAP Netweaver
NVD
CVSS 2.0
10.0
EPSS
1.5%
CVE-2013-4591 MEDIUM POC PATCH This Month

Buffer overflow in the __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (memory corruption and system crash) or. Rated medium severity (CVSS 6.2). Public exploit code available.

Buffer Overflow Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
6.2
EPSS
0.0%
CVE-2013-6820 CRITICAL Act Now

Unrestricted file upload vulnerability in the SAP NetWeaver Development Infrastructure (NWDI) allows remote attackers to execute arbitrary code by uploading a file with an executable extension via. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

SAP File Upload RCE Netweaver Development Infrastructure
NVD
CVSS 2.0
9.3
EPSS
3.8%
CVE-2013-4559 HIGH This Week

lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Lighttpd Debian Linux Opensuse
NVD
CVSS 2.0
7.6
EPSS
9.5%
CVE-2013-4487 MEDIUM POC PATCH This Month

Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Gnutls Opensuse
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-5215 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the web interface "WiFi scan" option in FOSCAM Wireless IP Cameras allows remote attackers to inject arbitrary web script or HTML via the SSID. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Wireless Ip Camera
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4592 MEDIUM POC PATCH This Month

Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain. Rated medium severity (CVSS 4.0). Public exploit code available.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
4.0
EPSS
0.1%
CVE-2013-5607 HIGH This Week

Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Netscape Portable Runtime Seamonkey Firefox
NVD
CVSS 2.0
7.5
EPSS
1.6%
CVE-2013-1417 LOW POC PATCH Monitor

do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Kerberos 5
NVD GitHub
CVSS 2.0
3.5
EPSS
0.5%
CVE-2013-4386 HIGH PATCH This Week

Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Openstack Foreman
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2013-6817 MEDIUM This Month

Heap-based buffer overflow in SAP Network Interface Router (SAProuter) 7.30 allows remote attackers to cause a denial of service and execute arbitrary code via crafted NI Route messages. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service SAP RCE Network Interface Router
NVD
CVSS 2.0
6.8
EPSS
1.6%
CVE-2013-4588 HIGH PATCH This Week

Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2.6.33, when CONFIG_IP_VS is used, allow local users to gain privileges by leveraging the. Rated high severity (CVSS 7.0).

Buffer Overflow Linux Linux Kernel Ubuntu Linux
NVD GitHub
CVSS 3.1
7.0
EPSS
0.1%
CVE-2013-6828 MEDIUM This Month

admin/management.html in PineApp Mail-SeCure allows remote attackers to bypass authentication and perform a sys_usermng operation via the it parameter. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mail Secure
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2013-6818 MEDIUM This Month

SAP NetWeaver Logviewer 6.30, when running on Windows, allows remote attackers to bypass intended access restrictions via unspecified vectors. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Privilege Escalation Microsoft Netweaver Logviewer
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2013-6823 MEDIUM This Month

GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Netweaver
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2013-4560 MEDIUM This Month

Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Use After Free Lighttpd Debian Linux +1
NVD
CVSS 2.0
5.0
EPSS
6.8%
CVE-2013-6814 MEDIUM This Month

The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure SAP Netweaver
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-6815 MEDIUM This Month

The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service XXE SAP Netweaver
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-4466 MEDIUM PATCH This Month

Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Gnutls
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2013-6827 MEDIUM This Month

Absolute path traversal vulnerability in admin/viewmsg.php in PineApp Mail-SeCure allows remote attackers to read arbitrary files via a full pathname in the msg parameter. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Path Traversal Mail Secure
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-6821 MEDIUM This Month

Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal SAP Netweaver
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2013-6074 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14 allows remote attackers to inject arbitrary web script or HTML via an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-6816 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the (1) JavaDumpService and (2) DataCollector servlets in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

SAP XSS Netweaver
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-5966 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in ZK Framework before 5.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Zk Framework
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-4507 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in CollectiveAccess Providence and Pawtucket before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Pawtucket Providence
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-6819 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

SAP XSS Netweaver
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy