Skip to main content
CVE-2013-3900 MEDIUM KEV PATCH THREAT Act Now

Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update the Security Updates table and to inform customers that the. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 78.1%.

Jwt Attack Microsoft RCE
NVD VulDB
CVSS 3.1
5.5
EPSS
78.1%
Threat
4.9
CVE-2013-5045 MEDIUM POC THREAT This Month

Microsoft Internet Explorer 10 and 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka. Rated medium severity (CVSS 6.2). Public exploit code available and EPSS exploitation probability 24.2%.

Microsoft Authentication Bypass Internet Explorer
NVD Exploit-DB
CVSS 2.0
6.2
EPSS
24.2%
CVE-2013-5058 MEDIUM POC PATCH This Month

Integer overflow in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1,. Rated medium severity (CVSS 6.9). Public exploit code available.

Buffer Overflow Microsoft Integer Overflow Windows 7 Windows 8 +8
NVD Exploit-DB
CVSS 2.0
6.9
EPSS
2.3%
CVE-2013-5057 MEDIUM POC THREAT This Month

hxds.dll in Microsoft Office 2007 SP3 and 2010 SP1 and SP2 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted COM. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 14.8%.

Privilege Escalation Microsoft RCE Office
NVD
CVSS 2.0
4.3
EPSS
14.8%
CVE-2013-5054 MEDIUM POC THREAT This Month

Microsoft Office 2013 and 2013 RT allows remote attackers to discover authentication tokens via a crafted response to a file-open request for an Office file on a web site, as exploited in the wild in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.4%.

Information Disclosure Microsoft Office Office 2013 Rt
NVD
CVSS 2.0
4.3
EPSS
11.4%
CVE-2013-6673 MEDIUM POC This Month

Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Fedora Firefox Seamonkey +6
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2013-5059 MEDIUM This Month

Microsoft SharePoint Server 2010 SP1 and SP2 and 2013, and Office Web Apps 2013, allows remote attackers to execute arbitrary code via crafted page content, aka "SharePoint Page Content. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 12.2% and no vendor patch available.

Code Injection Microsoft RCE Office Web Apps Sharepoint Server
NVD
CVSS 2.0
6.8
EPSS
12.2%
CVE-2013-3878 MEDIUM This Month

Stack-based buffer overflow in the LRPC client in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges by operating an LRPC server that sends a crafted LPC port. Rated medium severity (CVSS 6.9). No vendor patch available.

Buffer Overflow Microsoft Windows Server 2003 Windows Xp
NVD
CVSS 2.0
6.9
EPSS
1.2%
CVE-2013-5046 MEDIUM This Month

Microsoft Internet Explorer 7 through 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code,. Rated medium severity (CVSS 6.2). No vendor patch available.

Microsoft Authentication Bypass Internet Explorer
NVD
CVSS 2.0
6.2
EPSS
2.6%
CVE-2013-5042 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Microsoft ASP.NET SignalR 1.1.x before 1.1.4 and 2.0.x before 2.0.1, and Visual Studio Team Foundation Server 2013, allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 10.4% and no vendor patch available.

Microsoft XSS Asp Net Signalr Visual Studio Team Foundation Server
NVD
CVSS 2.0
4.3
EPSS
10.4%
CVE-2013-5611 MEDIUM This Month

Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Solaris Fedora Ubuntu Linux +5
NVD
CVSS 2.0
5.8
EPSS
1.2%
CVE-2013-5072 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Outlook Web Access in Microsoft Exchange Server 2010 SP2 and SP3 and 2013 Cumulative Update 2 and 3 allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft XSS Exchange Server
NVD
CVSS 2.0
4.3
EPSS
6.6%
CVE-2013-3903 MEDIUM This Month

Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to cause a denial of service. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Microsoft Windows 8 Windows Rt Windows Rt 8 1 +1
NVD
CVSS 2.0
4.7
EPSS
1.0%
CVE-2013-6672 MEDIUM This Month

Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Opensuse Linux Enterprise Desktop Linux Enterprise Server +6
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2013-5612 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Firefox Seamonkey Fedora +13
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-5614 MEDIUM This Month

Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Firefox Seamonkey Fedora +13
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy