Skip to main content
CVE-2013-6795 CRITICAL POC PATCH Act Now

The Updater in Rackspace Openstack Windows Guest Agent for XenServer before 1.2.6.0 allows remote attackers to execute arbitrary code via a crafted serialized .NET object to TCP port 1984, which. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available.

Code Injection Microsoft RCE Openstack Windows Guest Agent
NVD GitHub
CVSS 2.0
9.3
EPSS
4.9%
CVE-2013-7216 HIGH POC This Week

Multiple SQL injection vulnerabilities in Classifieds Creator 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to demo/classifieds/product.asp, or (2) UserID or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Classifieds Creator
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2012-6616 MEDIUM POC This Month

The mov_text_decode_frame function in libavcodec/movtextdec.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via crafted 3GPP TS 26.245. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ffmpeg
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2013-6403 MEDIUM This Month

The admin page in ownCloud before 5.0.13 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to MariaDB. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Owncloud Owncloud Server
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2012-6618 LOW POC Monitor

The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ffmpeg
NVD
CVSS 2.0
2.6
EPSS
1.0%
CVE-2013-4550 MEDIUM PATCH This Month

Bip before 0.8.9, when running as a daemon, writes SSL handshake errors to an unexpected file descriptor that was previously associated with stderr before stderr has been closed, which allows remote. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable.

Information Disclosure Fedora Bip
NVD
CVSS 2.0
5.1
EPSS
1.0%
CVE-2013-4553 MEDIUM This Month

The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to. Rated medium severity (CVSS 5.2). No vendor patch available.

Buffer Overflow Denial Of Service Xen
NVD
CVSS 2.0
5.2
EPSS
0.3%
CVE-2013-4554 MEDIUM This Month

Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Xen
NVD
CVSS 2.0
5.2
EPSS
0.2%
CVE-2013-4358 MEDIUM This Month

libavcodec/h264.c in FFmpeg before 0.11.4 allows remote attackers to cause a denial of service (crash) via vectors related to alternating bit depths in H.264 data. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Ffmpeg
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2012-6615 MEDIUM This Month

The ff_ass_split_override_codes function in libavcodec/ass_split.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a subtitle. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Ffmpeg
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2012-6617 MEDIUM This Month

The prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (crash) via vectors related to the rtp format. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Ffmpeg
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-6388 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Color module in Drupal 7.x before 7.24 allows remote attackers to inject arbitrary web script or HTML via vectors related to CSS. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Drupal
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-6387 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Image module in Drupal 7.x before 7.24 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Drupal
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2013-4452 LOW Monitor

Red Hat JBoss Operations Network 3.1.2 uses world-readable permissions for the (1) server and (2) agent configuration files, which allows local users to obtain authentication credentials and other. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Jboss Operations Network
NVD
CVSS 2.0
2.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy