Skip to main content
CVE-2013-4152 MEDIUM POC PATCH THREAT This Month

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 72.3%.

CSRF Privilege Escalation Java Denial Of Service XXE +1
NVD GitHub
CVSS 2.0
6.8
EPSS
72.3%
Threat
5.0
CVE-2013-6934 HIGH POC This Week

The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service RCE Streaming Media Vlc Media Player
NVD
CVSS 2.0
7.5
EPSS
4.0%
CVE-2013-7315 MEDIUM POC PATCH This Month

The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

CSRF Privilege Escalation Java Denial Of Service XXE +1
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-0494 CRITICAL Act Now

Adobe Digital Editions 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Denial Of Service RCE Digital Editions
NVD
CVSS 2.0
10.0
EPSS
4.2%
CVE-2013-6933 HIGH This Week

The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Streaming Media
NVD
CVSS 2.0
7.5
EPSS
3.4%
CVE-2013-7048 LOW POC PATCH Monitor

OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local. Rated low severity (CVSS 3.3). Public exploit code available.

Privilege Escalation Nova
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2013-7314 MEDIUM This Month

The OSPF implementation on NEC IP38X, IX1000, IX2000, and IX3000 routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Ip38X 1000 Ip38X 105 Ip38X 107E Ip38X 1100 +8
NVD
CVSS 2.0
6.8
EPSS
2.5%
CVE-2013-6443 MEDIUM This Month

CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protect_from_forgery mechanism and conduct cross-site request forgery (CSRF) attacks via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cloudforms Cloudforms 3 0 Management Engine
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-0675 MEDIUM This Month

The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers' installations, which makes it easier for remote. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Telepresence Video Communication Server
NVD
CVSS 2.0
6.4
EPSS
0.4%
CVE-2014-1242 MEDIUM This Month

Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, which allows man-in-the-middle attackers to spoof content by gaining control over the client-server data stream. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Apple Itunes
NVD
CVSS 2.0
5.8
EPSS
0.5%
CVE-2013-7312 MEDIUM This Month

The OSPF implementation on Enterasys switches and routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on. Rated medium severity (CVSS 5.4). No vendor patch available.

Denial Of Service C5 G3 K10 K6 +5
NVD
CVSS 2.0
5.4
EPSS
1.3%
CVE-2013-7311 MEDIUM This Month

The OSPF implementation in Check Point Gaia OS R75.X and R76 and IPSO OS 6.2 R75.X and R76 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA). Rated medium severity (CVSS 5.4). No vendor patch available.

Denial Of Service Gaia Os Ipso Os
NVD
CVSS 2.0
5.4
EPSS
1.1%
CVE-2013-7310 MEDIUM This Month

The OSPF implementation on Yamaha routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA. Rated medium severity (CVSS 5.4). No vendor patch available.

Denial Of Service Fwx120 Rt105 Rt107E Rt140 +10
NVD
CVSS 2.0
5.4
EPSS
0.9%
CVE-2013-7306 MEDIUM This Month

The OSPF implementation on Brocade routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA. Rated medium severity (CVSS 5.4). No vendor patch available.

Denial Of Service Adx Bigiron Rx Fastiron Icx +7
NVD
CVSS 2.0
5.4
EPSS
0.5%
CVE-2013-7307 MEDIUM This Month

The OSPF implementation on the Brocade Vyatta vRouter with software before 6.6R1 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before. Rated medium severity (CVSS 5.4). No vendor patch available.

Denial Of Service Vyatta Vrouter Software Vyatta Vrouter
NVD
CVSS 2.0
5.4
EPSS
0.5%
CVE-2013-7309 MEDIUM This Month

The OSPF implementation in Extreme Networks EXOS does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA. Rated medium severity (CVSS 5.4). No vendor patch available.

Denial Of Service Exos
NVD
CVSS 2.0
5.4
EPSS
0.4%
CVE-2013-7313 MEDIUM This Month

The OSPF implementation in Juniper Junos through 13.x, JunosE, and ScreenOS through 6.3.x does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets. Rated medium severity (CVSS 5.4). No vendor patch available.

Denial Of Service Juniper Junos Junose Screenos
NVD
CVSS 2.0
5.4
EPSS
0.2%
CVE-2013-7308 MEDIUM This Month

The OSPF implementation on the D-Link DES-3810-28 switch with firmware R2.20.B017 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before. Rated medium severity (CVSS 5.4). No vendor patch available.

Denial Of Service D-Link Des 3810 28 Firmware Des 3810 28
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2013-6447 MEDIUM PATCH This Month

Multiple XML External Entity (XXE) vulnerabilities in the (1) ExecutionHandler, (2) PollHandler, and (3) SubscriptionHandler classes in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure XXE Jboss Seam 2 Framework
NVD GitHub
CVSS 2.0
5.0
EPSS
1.4%
CVE-2013-6448 MEDIUM PATCH This Month

The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Jboss Seam 2 Framework
NVD GitHub
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-6412 MEDIUM This Month

The transform_save function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Augeas
NVD GitHub
CVSS 2.0
4.6
EPSS
0.0%
CVE-2014-0006 MEDIUM PATCH This Month

The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Swift
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-6447 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 5.0.0 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Splunk
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-0979 LOW Monitor

The start_authentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does not properly handle the return value from the lightdm_greeter_get_authentication_user function,. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Opensuse Lightdm Gtk Greeter
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-5371 LOW Monitor

The client in IBM Tivoli Storage Manager (TSM) 6.3.1 and 6.4.0 on Windows does not preserve permissions of Resilient File System (ReFS) files across backup and restore operations, which allows local. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft IBM Tivoli Storage Manager
NVD
CVSS 2.0
2.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy