Skip to main content
CVE-2013-4474 MEDIUM POC THREAT This Month

Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 25.4%.

Denial Of Service Ubuntu Linux Poppler
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
25.4%
CVE-2013-4164 MEDIUM POC PATCH THREAT This Month

Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 12.0%.

Buffer Overflow Denial Of Service RCE Ruby
NVD
CVSS 2.0
6.8
EPSS
12.0%
CVE-2013-2561 MEDIUM POC This Month

OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst,. Rated medium severity (CVSS 6.3). Public exploit code available and no vendor patch available.

Information Disclosure Enterprise Linux Ibutils
NVD
CVSS 2.0
6.3
EPSS
0.1%
CVE-2013-0221 MEDIUM POC This Month

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Enterprise Linux Opensuse
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
6.0%
CVE-2013-4589 MEDIUM POC This Month

The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 might allow remote attackers to cause a denial of service (crash) via vectors related to exporting the alpha of an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Suse Linux Enterprise Software Development Kit Suse Studio Onsite Suse Linux Enterprise Debuginfo Graphicsmagick +1
NVD
CVSS 2.0
4.3
EPSS
2.5%
CVE-2013-4264 MEDIUM POC PATCH This Month

The kempf_decode_tile function in libavcodec/g2meet.c in FFmpeg before 2.0.1 allows remote attackers to cause a denial of service (out-of-bounds heap write) via a G2M4 encoded file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Denial Of Service Ffmpeg
NVD GitHub
CVSS 2.0
4.3
EPSS
0.8%
CVE-2013-0281 MEDIUM POC PATCH This Month

Pacemaker 1.1.10, when remote Cluster Information Base (CIB) configuration or resource management is enabled, does not limit the duration of connections to the blocking sockets, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Enterprise Linux Pacemaker
NVD GitHub
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-4407 MEDIUM This Month

HTTP::Body::Multipart in the HTTP-Body module for Perl (1.07 through 1.22, before 1.23) uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Http Body
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2013-6860 MEDIUM This Month

Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Adaptive Server Enterprise
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-4214 MEDIUM This Month

rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache. Rated medium severity (CVSS 6.3). No vendor patch available.

PHP Information Disclosure Nagios Openstack
NVD
CVSS 2.0
6.3
EPSS
0.0%
CVE-2013-2029 MEDIUM This Month

nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary. Rated medium severity (CVSS 6.3). No vendor patch available.

Red Hat Information Disclosure Openstack
NVD
CVSS 2.0
6.3
EPSS
0.0%
CVE-2013-6864 MEDIUM This Month

Directory traversal vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal SAP Adaptive Server Enterprise
NVD
CVSS 2.0
6.1
EPSS
0.7%
CVE-2013-4482 MEDIUM This Month

Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in. Rated medium severity (CVSS 6.2). No vendor patch available.

Python Information Disclosure Luci Enterprise Linux
NVD
CVSS 2.0
6.2
EPSS
0.1%
CVE-2013-1058 MEDIUM This Month

maas-import-pxe-files in MAAS before 13.10 does not verify the integrity of downloaded files, which allows remote attackers to modify these files via a man-in-the-middle (MITM) attack. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Ubuntu Linux Maas
NVD
CVSS 2.0
5.8
EPSS
0.7%
CVE-2013-0861 MEDIUM This Month

The avcodec_decode_audio4 function in libavcodec/utils.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 allows remote attackers to trigger memory corruption via vectors related to the channel layout. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Ffmpeg
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-6861 MEDIUM This Month

Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows local users to obtain. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure SAP Adaptive Server Enterprise
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2013-0860 MEDIUM This Month

The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 does not properly verify that a frame is fully initialized, which allows remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Ffmpeg
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2013-6858 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Horizon Opensuse Ubuntu Linux
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-4545 MEDIUM This Month

cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

OpenSSL Information Disclosure Curl Libcurl
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-4485 MEDIUM This Month

389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Denial Of Service Enterprise Linux 389 Directory Server Directory Server
NVD
CVSS 2.0
4.0
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy