Skip to main content
CVE-2013-4212 MEDIUM POC PATCH THREAT This Month

Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 87.0%.

Code Injection Apache RCE Roller
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
87.0%
Threat
5.5
CVE-2013-6397 MEDIUM POC PATCH THREAT This Month

Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 90.9%.

Apache Path Traversal XXE Solr
NVD
CVSS 2.0
4.3
EPSS
90.9%
Threat
5.1
CVE-2013-6414 MEDIUM POC PATCH THREAT This Month

actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service (memory consumption) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 70.8%.

Denial Of Service Rails Ruby On Rails
NVD
CVSS 2.0
5.0
EPSS
70.8%
Threat
4.6
CVE-2013-4479 MEDIUM POC PATCH This Month

lib/sup/message_chunks.rb in Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the content_type of an email attachment. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Code Injection RCE Sup
NVD GitHub
CVSS 2.0
6.8
EPSS
0.5%
CVE-2013-4478 MEDIUM POC PATCH This Month

Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Code Injection RCE Sup
NVD GitHub
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-6920 CRITICAL Act Now

Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Authentication Bypass Sinamics S G Family Firmware Sinamics G110 Sinamics G110D +11
NVD
CVSS 2.0
10.0
EPSS
1.2%
CVE-2013-0858 CRITICAL Act Now

The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Debian Linux Ffmpeg
NVD
CVSS 2.0
9.3
EPSS
1.2%
CVE-2013-0854 CRITICAL Act Now

The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted MJPEG data. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Ffmpeg
NVD
CVSS 2.0
9.3
EPSS
0.9%
CVE-2013-0850 CRITICAL Act Now

The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted H.264 data, which triggers an out-of-bounds array access. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Ffmpeg
NVD
CVSS 2.0
9.3
EPSS
0.9%
CVE-2013-0849 CRITICAL Act Now

The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted (1) width or (2) height dimension that is not a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Ffmpeg
NVD
CVSS 2.0
9.3
EPSS
0.9%
CVE-2013-0846 CRITICAL Act Now

Array index error in the qdm2_decode_super_block function in libavcodec/qdm2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted QDM2 data, which triggers an. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Ffmpeg
NVD
CVSS 2.0
9.3
EPSS
0.9%
CVE-2013-0845 CRITICAL Act Now

libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via a crafted block length, which triggers an out-of-bounds write. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Ffmpeg
NVD
CVSS 2.0
9.3
EPSS
0.9%
CVE-2013-0852 CRITICAL Act Now

The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Ffmpeg
NVD
CVSS 2.0
9.3
EPSS
0.8%
CVE-2013-0844 CRITICAL Act Now

Off-by-one error in the adpcm_decode_frame function in libavcodec/adpcm.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via crafted DK4 data, which triggers an. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Ffmpeg
NVD
CVSS 2.0
9.3
EPSS
0.8%
CVE-2013-0855 CRITICAL Act Now

Integer overflow in the alac_decode_close function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a large number of samples per frame in Apple. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Apple Ffmpeg
NVD
CVSS 2.0
9.3
EPSS
0.8%
CVE-2013-0857 CRITICAL Act Now

The decode_frame_ilbm function in libavcodec/iff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted height value in IFF PBM/ILBM bitmap data. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Ffmpeg
NVD
CVSS 2.0
9.3
EPSS
0.7%
CVE-2013-0853 CRITICAL Act Now

The wavpack_decode_frame function in libavcodec/wavpack.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted WavPack data, which triggers an out-of-bounds array. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Ffmpeg
NVD
CVSS 2.0
9.3
EPSS
0.7%
CVE-2013-0848 CRITICAL Act Now

The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted width in huffyuv data with the predictor set to median and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Ffmpeg
NVD
CVSS 2.0
9.3
EPSS
0.7%
CVE-2013-0847 CRITICAL Act Now

The ff_id3v2_parse function in libavformat/id3v2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via ID3v2 header data, which triggers an out-of-bounds array access. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Ffmpeg
NVD
CVSS 2.0
9.3
EPSS
0.7%
CVE-2013-0859 CRITICAL Act Now

The add_doubles_metadata function in libavcodec/tiff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a negative or zero count value in a TIFF image, which triggers an. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Ffmpeg
NVD
CVSS 2.0
9.3
EPSS
0.5%
CVE-2013-0856 CRITICAL Act Now

The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Apple Lossless Audio Codec (ALAC) data, related to a large. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Apple Ffmpeg
NVD
CVSS 2.0
9.3
EPSS
0.5%
CVE-2013-0851 CRITICAL Act Now

The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Electronic Arts Madcow video data, which triggers an. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Ffmpeg
NVD
CVSS 2.0
9.3
EPSS
0.5%
CVE-2013-6408 MEDIUM PATCH This Month

The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.4%.

Apache XXE Solr
NVD
CVSS 2.0
6.4
EPSS
11.4%
CVE-2013-6407 MEDIUM PATCH This Month

The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.4%.

Apache XXE Solr
NVD
CVSS 2.0
6.4
EPSS
11.4%
CVE-2013-6638 HIGH PATCH This Week

Multiple buffer overflows in runtime.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allow remote attackers to cause a denial of service or possibly have unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Google Chrome V8
NVD
CVSS 2.0
7.5
EPSS
4.1%
CVE-2013-6999 MEDIUM POC This Month

The IsHandleEntrySecure function in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 SP2 does not properly validate the tagPROCESSINFO pW32Job field, which allows local users to. Rated medium severity (CVSS 4.0). Public exploit code available and no vendor patch available.

Denial Of Service Microsoft Windows Server 2008
NVD
CVSS 2.0
4.0
EPSS
0.5%
CVE-2013-6639 HIGH PATCH This Week

The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Google Chrome V8
NVD
CVSS 2.0
7.5
EPSS
2.8%
CVE-2013-6640 HIGH PATCH This Week

The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Google Chrome V8
NVD
CVSS 2.0
7.5
EPSS
2.7%
CVE-2012-6612 HIGH PATCH This Week

The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Apache XXE Solr
NVD
CVSS 2.0
7.5
EPSS
1.4%
CVE-2013-6637 HIGH This Week

Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2013-6410 HIGH PATCH This Week

nbd-server in Network Block Device (nbd) before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Nbd Debian Linux Ubuntu Linux
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2013-6634 MEDIUM PATCH This Month

The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Google Authentication Bypass Chrome
NVD
CVSS 2.0
6.8
EPSS
1.3%
CVE-2013-6635 MEDIUM PATCH This Month

Use-after-free vulnerability in the editing implementation in Blink, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service or possibly have unspecified. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Denial Of Service Google Chrome
NVD
CVSS 2.0
6.8
EPSS
1.2%
CVE-2013-4446 MEDIUM PATCH This Month

The _json_decode function in plugins/context_reaction_block.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

PHP Code Injection RCE Context
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2013-6386 MEDIUM PATCH This Month

Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand function to generate random numbers, which uses predictable seeds and allows remote attackers to predict security strings and bypass. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

PHP Authentication Bypass Drupal
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-6417 MEDIUM PATCH This Month

actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Rails Ruby On Rails
NVD
CVSS 2.0
6.4
EPSS
0.5%
CVE-2013-6409 MEDIUM This Month

Debian adequate before 0.8.1, when run by root with the --user option, allows local users to hijack the tty and possibly gain privileges via the TIOCSTI ioctl. Rated medium severity (CVSS 6.2). No vendor patch available.

Privilege Escalation Debian Adequate
NVD
CVSS 2.0
6.2
EPSS
0.0%
CVE-2013-6389 MEDIUM PATCH This Month

Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.24 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Open Redirect Drupal
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-6385 MEDIUM PATCH This Month

The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

CSRF Code Injection RCE Drupal
NVD
CVSS 2.0
5.1
EPSS
2.5%
CVE-2013-4445 MEDIUM PATCH This Month

The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal uses Drupal's token scheme to restrict access to blocks, which makes it easier for. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Privilege Escalation Context
NVD
CVSS 2.0
4.9
EPSS
0.6%
CVE-2013-5455 MEDIUM This Month

IBM SmartCloud Provisioning 2.1 before FP3 IF0001 allows remote authenticated users to modify virtual-system deployment via deployer.virtualsystems CLI commands, as demonstrated by a deletion using a. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation IBM Smartcloud Provisioning
NVD
CVSS 2.0
4.9
EPSS
0.3%
CVE-2013-4171 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the search results in the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Apache XSS Roller
NVD
CVSS 2.0
4.3
EPSS
2.0%
CVE-2013-6415 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the number_to_currency helper in actionpack/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Rails Ruby On Rails
NVD
CVSS 2.0
4.3
EPSS
1.5%
CVE-2013-6707 MEDIUM This Month

Memory leak in the connection-manager implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to cause a denial of service (multi-protocol. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software
NVD
CVSS 2.0
4.3
EPSS
1.3%
CVE-2013-6636 MEDIUM PATCH This Month

The FrameLoader::notifyIfInitialDocumentAccessed function in core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 31.0.1650.63, makes an incorrect check for an empty document during. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Google Chrome
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-4491 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/translation_helper.rb in the internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Rails Ruby On Rails
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-7001 MEDIUM This Month

The Multimedia Messaging Centre (MMSC) in NowSMS Now SMS & MMS Gateway before 2013.11.15 allows remote attackers to cause a denial of service via a malformed MM1 message that is routed to a (1) MM4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Now Sms Mms Gateway
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-7000 MEDIUM This Month

The Multimedia Messaging Centre (MMSC) in NowSMS Now SMS & MMS Gateway 2013.09.26 allows remote attackers to cause a denial of service via a malformed message to a MM4 connection. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Now Sms Mms Gateway
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-4492 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS I18N
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-6050 MEDIUM This Month

Integer overflow in Links before 2.8 allows remote attackers to cause a denial of service (crash) via crafted HTML tables. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Links
NVD
CVSS 2.0
4.3
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy