Skip to main content
CVE-2013-6271 HIGH POC THREAT Act Now

Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 21.7%.

Privilege Escalation Google Android
NVD
CVSS 2.0
8.8
EPSS
21.7%
CVE-2013-7104 CRITICAL POC Act Now

McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands by specifying them in the value attribute in a (1) Command or (2) Script XML element. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Email Gateway
NVD
CVSS 2.0
9.0
EPSS
0.7%
CVE-2013-7103 CRITICAL POC Act Now

McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the value attribute in a (1) TestFile XML element or the (2) hostname. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Email Gateway
NVD
CVSS 2.0
9.0
EPSS
0.7%
CVE-2013-6368 MEDIUM POC PATCH This Month

The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end. Rated medium severity (CVSS 6.2). Public exploit code available.

Denial Of Service Linux Linux Kernel Enterprise Linux
NVD GitHub
CVSS 2.0
6.2
EPSS
0.0%
CVE-2013-7105 CRITICAL Act Now

Buffer overflow in the Interstage HTTP Server log functionality, as used in Fujitsu Interstage Application Server 9.0.0, 9.1.0, 9.2.0, 9.3.1, and 10.0.0; and Interstage Studio 9.0.0, 9.1.0, 9.2.0,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Interstage Application Server Interstage Studio
NVD
CVSS 2.0
10.0
EPSS
0.4%
CVE-2013-7085 MEDIUM POC This Month

Uscan in devscripts 2.13.5, when USCAN_EXCLUSION is enabled, allows remote attackers to delete arbitrary files via a whitespace character in a filename. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Devscripts
NVD
CVSS 2.0
5.8
EPSS
1.0%
CVE-2013-6391 MEDIUM POC This Month

The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation Keystone Ubuntu Linux Openstack
NVD
CVSS 2.0
5.8
EPSS
0.5%
CVE-2013-6367 MEDIUM POC PATCH This Month

The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash). Rated medium severity (CVSS 5.7). Public exploit code available.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
5.7
EPSS
0.6%
CVE-2013-6411 MEDIUM POC This Month

The HandleCrashedAircraft function in aircraft_cmd.cpp in OpenTTD 0.3.6 through 1.3.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) by crashing an aircraft. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Openttd
NVD
CVSS 2.0
5.0
EPSS
2.3%
CVE-2013-6376 MEDIUM POC PATCH This Month

The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR. Rated medium severity (CVSS 5.2). Public exploit code available.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
5.2
EPSS
0.1%
CVE-2013-5107 MEDIUM POC This Month

Directory traversal vulnerability in RockMongo 1.1.5 and earlier allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Rockmongo
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2013-4520 MEDIUM POC PATCH This Month

xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Libxslt
NVD
CVSS 2.0
4.3
EPSS
1.4%
CVE-2013-6426 MEDIUM POC This Month

The cloudformation-compatible API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Heat
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2013-6428 MEDIUM POC This Month

The ReST API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 allows remote authenticated users to bypass the tenant scoping restrictions via a modified. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Heat
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-4587 HIGH PATCH This Week

Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Opensuse
NVD GitHub
CVSS 2.0
7.2
EPSS
0.0%
CVE-2013-7069 MEDIUM This Month

ack 2.00 through 2.11_02 allows remote attackers to execute arbitrary code via a (1) --pager, (2) --regex, or (3) --output option in a .ackrc file in a directory to be searched. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection RCE Ack
NVD GitHub
CVSS 2.0
6.8
EPSS
1.5%
CVE-2013-6710 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Training Center allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCul25567. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Webex Training Center
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-4000 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Cognos Command Center before 10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) start. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF IBM Cognos Command Center
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-6971 MEDIUM This Month

Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul57140. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Open Redirect Cisco Webex Training Center
NVD
CVSS 2.0
5.8
EPSS
0.5%
CVE-2013-6959 MEDIUM This Month

Open redirect vulnerability in Cisco WebEx Sales Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul25557. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Open Redirect Cisco Webex Sales Center
NVD
CVSS 2.0
5.8
EPSS
0.5%
CVE-2013-6967 MEDIUM This Month

Open redirect vulnerability in the mobile-browser subsystem in Cisco WebEx Sales Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Open Redirect Cisco Webex Sales Center
NVD
CVSS 2.0
5.8
EPSS
0.5%
CVE-2013-6972 MEDIUM This Month

Cisco WebEx Training Center allows remote attackers to discover session numbers, and bypass host approval for audio-conference attendance, by reading HTML source code, aka Bug ID CSCul57126. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Webex Training Center
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-6968 MEDIUM This Month

Cisco WebEx Training Center provides different error messages for registration attempts depending on whether the e-mail address exists, which allows remote attackers to enumerate attendees via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Webex Training Center
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-6965 MEDIUM This Month

The registration component in Cisco WebEx Training Center provides the training-session URL before e-mail confirmation is completed, which allows remote attackers to bypass intended access. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Webex Training Center
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-1364 MEDIUM This Month

The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to override LDAP configuration via the cnf parameter. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zabbix
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-6970 MEDIUM This Month

Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information by reading verbose error messages within server responses, aka Bug ID CSCul35928. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Webex Meeting Center
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-6709 MEDIUM This Month

The registration component in Cisco WebEx Training Center provides the training-session URL before payment is completed, which allows remote attackers to bypass intended access restrictions and join. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Webex Training Center
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-6973 MEDIUM This Month

Cisco WebEx Training Center allows remote attackers to discover registration IDs via a crafted URL, aka Bug ID CSCul57121. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Cisco Webex Training Center
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2013-4845 MEDIUM This Month

Cross-site scripting (XSS) vulnerability on HP Officejet Pro 8500 (aka A909) All-in-One printers allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP XSS Officejet Pro 8500 Firmware Officejet Pro 8500
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-6960 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meeting Center allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36248. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Webex Meeting Center
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-6711 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the product-creation administrative page in Cisco WebEx Sales Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Webex Sales Center
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-6051 MEDIUM This Month

The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Quagga
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-6963 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the registration component in Cisco WebEx Training Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Webex Training Center
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-6969 MEDIUM This Month

The training-registration page in Cisco WebEx Training Center allows remote attackers to modify unspecified fields via unknown vectors, aka Bug ID CSCul35990. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Cisco Webex Training Center
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-6962 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the mobile-browser subsystem in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Webex Meeting Center
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-6961 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Collaboration Partner Access Console (CPAC) in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Webex Meeting Center
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-5438 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web server in IBM Flex System Manager (FSM) 1.1.0 through 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Flex System Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4001 MEDIUM This Month

Session fixation vulnerability in IBM Cognos Command Center before 10.2 allows remote attackers to hijack web sessions via an authorization cookie. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Authentication Bypass Cognos Command Center
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-6964 LOW Monitor

Cisco WebEx Meeting Center allows remote authenticated users to bypass access control and inject content from a different WebEx site via unspecified vectors, aka Bug ID CSCul36197. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Cisco Webex Meeting Center
NVD
CVSS 2.0
3.5
EPSS
0.4%
CVE-2013-3043 LOW Monitor

Directory traversal vulnerability in the client in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal IBM Rational Software Architect Design Manager Rhapsody Design Manager
NVD
CVSS 2.0
2.1
EPSS
0.0%
CVE-2013-3042 LOW Monitor

Directory traversal vulnerability in the server in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal IBM Rational Software Architect Design Manager Rhapsody Design Manager
NVD
CVSS 2.0
2.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy