Skip to main content
CVE-2013-4547 HIGH POC THREAT Act Now

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 90.9%.

Nginx Authentication Bypass Lifecycle Management Server Studio Onsite Webyast +1
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
90.9%
Threat
5.7
CVE-2013-4265 CRITICAL POC PATCH Act Now

The av_reallocp_array function in libavutil/mem.c in FFmpeg before 2.0.1 has an unspecified impact and remote vectors related to a "wrong return code" and a resultant NULL pointer dereference. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Ffmpeg
NVD GitHub
CVSS 2.0
10.0
EPSS
0.4%
CVE-2013-4474 MEDIUM POC THREAT This Month

Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 25.4%.

Denial Of Service Ubuntu Linux Poppler
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
25.4%
CVE-2013-4164 MEDIUM POC PATCH THREAT This Month

Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 12.0%.

Buffer Overflow Denial Of Service RCE Ruby
NVD
CVSS 2.0
6.8
EPSS
12.0%
CVE-2013-4473 HIGH POC This Week

Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service RCE Poppler Ubuntu Linux
NVD
CVSS 2.0
7.5
EPSS
2.3%
CVE-2013-1813 HIGH POC This Week

util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Enterprise Linux Tm Ac1900 Busybox
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2013-0873 CRITICAL Act Now

The read_header function in libavcodec/shorten.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid channel count, related to "freeing invalid addresses.". Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ffmpeg
NVD
CVSS 2.0
10.0
EPSS
2.0%
CVE-2013-2561 MEDIUM POC This Month

OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst,. Rated medium severity (CVSS 6.3). Public exploit code available and no vendor patch available.

Information Disclosure Enterprise Linux Ibutils
NVD
CVSS 2.0
6.3
EPSS
0.1%
CVE-2013-0864 CRITICAL Act Now

The gif_copy_img_rect function in libavcodec/gifdec.c in FFmpeg before 1.1.2 performs an incorrect calculation for an "end pointer," which allows remote attackers to have an unspecified impact via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Ffmpeg
NVD
CVSS 2.0
10.0
EPSS
1.4%
CVE-2013-0872 CRITICAL Act Now

The swr_init function in libswresample/swresample.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid or unsupported (1) input or (2) output channel layout,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Ffmpeg
NVD
CVSS 2.0
10.0
EPSS
1.4%
CVE-2013-0863 CRITICAL Act Now

Buffer overflow in the rle_decode function in libavcodec/sanm.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via crafted LucasArts Smush video. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Ffmpeg
NVD
CVSS 2.0
9.3
EPSS
1.3%
CVE-2013-0221 MEDIUM POC This Month

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Enterprise Linux Opensuse
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
6.0%
CVE-2013-0866 CRITICAL Act Now

The aac_decode_init function in libavcodec/aacdec.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large number of channels in an AAC file,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Ffmpeg
NVD
CVSS 2.0
9.3
EPSS
1.0%
CVE-2013-0862 CRITICAL Act Now

Multiple integer overflows in the process_frame_obj function in libavcodec/sanm.c in FFmpeg before 1.1.2 allow remote attackers to have an unspecified impact via crafted image dimensions in LucasArts. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Ffmpeg
NVD
CVSS 2.0
9.3
EPSS
0.9%
CVE-2013-0868 CRITICAL Act Now

libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted Huffyuv data, related to an out-of-bounds write and (1) unchecked return codes from. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Ffmpeg
NVD
CVSS 2.0
9.3
EPSS
0.9%
CVE-2013-0865 CRITICAL Act Now

The vqa_decode_chunk function in libavcodec/vqavideo.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large (1) cbp0 or (2) cbpz chunk in. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Ffmpeg
NVD
CVSS 2.0
9.3
EPSS
0.9%
CVE-2013-6865 CRITICAL Act Now

SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection SAP RCE Adaptive Server Enterprise
NVD
CVSS 2.0
9.0
EPSS
2.3%
CVE-2013-0867 CRITICAL Act Now

The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1.2 does not properly check when the pixel format changes, which allows remote attackers to have unspecified impact via. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Ffmpeg
NVD
CVSS 2.0
9.3
EPSS
0.7%
CVE-2013-0878 CRITICAL Act Now

The advance_line function in libavcodec/targa.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via crafted Targa image data, related to an out-of-bounds array access. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Ffmpeg
NVD
CVSS 2.0
9.3
EPSS
0.7%
CVE-2013-0877 CRITICAL Act Now

The old_codec37 function in libavcodec/sanm.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via crafted LucasArts Smush data that has a large size when decoded, related. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Ffmpeg
NVD
CVSS 2.0
9.3
EPSS
0.7%
CVE-2013-0876 CRITICAL Act Now

Multiple integer overflows in the (1) old_codec37 and (2) old_codec47 functions in libavcodec/sanm.c in FFmpeg before 1.1.3 allow remote attackers to have an unspecified impact via crafted LucasArts. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Ffmpeg
NVD
CVSS 2.0
9.3
EPSS
0.7%
CVE-2013-0875 CRITICAL Act Now

The ff_add_png_paeth_prediction function in libavcodec/pngdec.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via a crafted PNG image, related to an out-of-bounds array. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Ffmpeg
NVD
CVSS 2.0
9.3
EPSS
0.7%
CVE-2013-0874 CRITICAL Act Now

The (1) doubles2str and (2) shorts2str functions in libavcodec/tiff.c in FFmpeg before 1.1.3 allow remote attackers to have an unspecified impact via a crafted TIFF image, related to an out-of-bounds. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Ffmpeg
NVD
CVSS 2.0
9.3
EPSS
0.7%
CVE-2013-0869 CRITICAL Act Now

The field_end function in libavcodec/h264.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted H.264 data, related to an SPS and slice mismatch and an. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Ffmpeg
NVD
CVSS 2.0
9.3
EPSS
0.5%
CVE-2013-6866 CRITICAL Act Now

SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection SAP RCE Adaptive Server Enterprise
NVD
CVSS 2.0
9.0
EPSS
1.9%
CVE-2013-6863 CRITICAL Act Now

SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to gain privileges via. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Adaptive Server Enterprise
NVD
CVSS 2.0
9.0
EPSS
0.5%
CVE-2013-4589 MEDIUM POC This Month

The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 might allow remote attackers to cause a denial of service (crash) via vectors related to exporting the alpha of an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Suse Linux Enterprise Software Development Kit Suse Studio Onsite Suse Linux Enterprise Debuginfo Graphicsmagick +1
NVD
CVSS 2.0
4.3
EPSS
2.5%
CVE-2013-6859 HIGH This Week

SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

SAP Authentication Bypass Adaptive Server Enterprise
NVD
CVSS 2.0
8.5
EPSS
0.6%
CVE-2013-4264 MEDIUM POC PATCH This Month

The kempf_decode_tile function in libavcodec/g2meet.c in FFmpeg before 2.0.1 allows remote attackers to cause a denial of service (out-of-bounds heap write) via a G2M4 encoded file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Denial Of Service Ffmpeg
NVD GitHub
CVSS 2.0
4.3
EPSS
0.8%
CVE-2013-0281 MEDIUM POC PATCH This Month

Pacemaker 1.1.10, when remote Cluster Information Base (CIB) configuration or resource management is enabled, does not limit the duration of connections to the blocking sockets, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Enterprise Linux Pacemaker
NVD GitHub
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-6375 HIGH This Week

Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properly flush the TLB after clearing a present translation table entry, which allows local guest administrators to cause a. Rated high severity (CVSS 7.9). No vendor patch available.

Privilege Escalation Intel Denial Of Service Xen Opensuse
NVD
CVSS 2.0
7.9
EPSS
0.6%
CVE-2013-6862 HIGH This Week

Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote attackers to cause a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SAP Adaptive Server Enterprise
NVD
CVSS 2.0
7.8
EPSS
0.5%
CVE-2013-6868 HIGH This Week

SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows local users to obtain sensitive information via. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Adaptive Server Enterprise
NVD
CVSS 2.0
7.8
EPSS
0.2%
CVE-2012-0787 LOW POC PATCH Monitor

The clone_file function in transfer.c in Augeas before 1.0.0, when copy_if_rename_fails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files. Rated low severity (CVSS 3.7). Public exploit code available.

Information Disclosure Enterprise Linux Augeas
NVD GitHub
CVSS 2.0
3.7
EPSS
0.1%
CVE-2013-6869 HIGH This Week

SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Netweaver
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2013-4263 HIGH This Week

libavfilter in FFmpeg before 2.0.1 has unspecified impact and remote vectors related to a crafted "plane," which triggers an out-of-bounds heap write. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Ffmpeg
NVD GitHub
CVSS 2.0
7.5
EPSS
0.4%
CVE-2013-4459 LOW POC Monitor

LightDM 1.7.5 through 1.8.3 and 1.9.x before 1.9.2 does not apply the AppArmor profile to the Guest account, which allows local users to bypass intended restrictions by leveraging the Guest account. Rated low severity (CVSS 3.3). Public exploit code available and no vendor patch available.

Privilege Escalation Lightdm Ubuntu Linux
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2013-6867 HIGH This Week

Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.7 before 15.7 SP50 or 15.7 SP100 allows remote attackers to cause a denial of service via unspecified vectors. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service SAP Adaptive Server Enterprise
NVD
CVSS 2.0
7.1
EPSS
0.7%
CVE-2013-4407 MEDIUM This Month

HTTP::Body::Multipart in the HTTP-Body module for Perl (1.07 through 1.22, before 1.23) uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Http Body
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2013-6860 MEDIUM This Month

Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Adaptive Server Enterprise
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-4214 MEDIUM This Month

rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache. Rated medium severity (CVSS 6.3). No vendor patch available.

PHP Information Disclosure Nagios Openstack
NVD
CVSS 2.0
6.3
EPSS
0.0%
CVE-2013-2029 MEDIUM This Month

nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary. Rated medium severity (CVSS 6.3). No vendor patch available.

Red Hat Information Disclosure Openstack
NVD
CVSS 2.0
6.3
EPSS
0.0%
CVE-2013-6864 MEDIUM This Month

Directory traversal vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal SAP Adaptive Server Enterprise
NVD
CVSS 2.0
6.1
EPSS
0.7%
CVE-2013-4482 MEDIUM This Month

Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in. Rated medium severity (CVSS 6.2). No vendor patch available.

Python Information Disclosure Luci Enterprise Linux
NVD
CVSS 2.0
6.2
EPSS
0.1%
CVE-2013-1058 MEDIUM This Month

maas-import-pxe-files in MAAS before 13.10 does not verify the integrity of downloaded files, which allows remote attackers to modify these files via a man-in-the-middle (MITM) attack. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Ubuntu Linux Maas
NVD
CVSS 2.0
5.8
EPSS
0.7%
CVE-2013-0223 LOW POC Monitor

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i. Rated low severity (CVSS 1.9). Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Opensuse Enterprise Linux
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2013-6384 LOW POC Monitor

(1) impl_db2.py and (2) impl_mongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to. Rated low severity (CVSS 1.9). Public exploit code available and no vendor patch available.

Information Disclosure Ceilometer
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2013-0861 MEDIUM This Month

The avcodec_decode_audio4 function in libavcodec/utils.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 allows remote attackers to trigger memory corruption via vectors related to the channel layout. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Ffmpeg
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-6861 MEDIUM This Month

Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows local users to obtain. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure SAP Adaptive Server Enterprise
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2013-0860 MEDIUM This Month

The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 does not properly verify that a frame is fully initialized, which allows remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Ffmpeg
NVD
CVSS 2.0
4.3
EPSS
0.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy