Skip to main content
CVE-2013-4152 MEDIUM POC PATCH THREAT This Month

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 72.3%.

CSRF Privilege Escalation Java Denial Of Service XXE +1
NVD GitHub
CVSS 2.0
6.8
EPSS
72.3%
Threat
5.0
CVE-2013-7315 MEDIUM POC PATCH This Month

The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

CSRF Privilege Escalation Java Denial Of Service XXE +1
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-7314 MEDIUM This Month

The OSPF implementation on NEC IP38X, IX1000, IX2000, and IX3000 routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Ip38X 1000 Ip38X 105 Ip38X 107E Ip38X 1100 +8
NVD
CVSS 2.0
6.8
EPSS
2.5%
CVE-2013-6443 MEDIUM This Month

CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protect_from_forgery mechanism and conduct cross-site request forgery (CSRF) attacks via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cloudforms Cloudforms 3 0 Management Engine
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-0675 MEDIUM This Month

The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers' installations, which makes it easier for remote. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Telepresence Video Communication Server
NVD
CVSS 2.0
6.4
EPSS
0.4%
CVE-2014-1242 MEDIUM This Month

Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, which allows man-in-the-middle attackers to spoof content by gaining control over the client-server data stream. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Apple Itunes
NVD
CVSS 2.0
5.8
EPSS
0.5%
CVE-2013-7312 MEDIUM This Month

The OSPF implementation on Enterasys switches and routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on. Rated medium severity (CVSS 5.4). No vendor patch available.

Denial Of Service C5 G3 K10 K6 +5
NVD
CVSS 2.0
5.4
EPSS
1.3%
CVE-2013-7311 MEDIUM This Month

The OSPF implementation in Check Point Gaia OS R75.X and R76 and IPSO OS 6.2 R75.X and R76 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA). Rated medium severity (CVSS 5.4). No vendor patch available.

Denial Of Service Gaia Os Ipso Os
NVD
CVSS 2.0
5.4
EPSS
1.1%
CVE-2013-7310 MEDIUM This Month

The OSPF implementation on Yamaha routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA. Rated medium severity (CVSS 5.4). No vendor patch available.

Denial Of Service Fwx120 Rt105 Rt107E Rt140 +10
NVD
CVSS 2.0
5.4
EPSS
0.9%
CVE-2013-7306 MEDIUM This Month

The OSPF implementation on Brocade routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA. Rated medium severity (CVSS 5.4). No vendor patch available.

Denial Of Service Adx Bigiron Rx Fastiron Icx +7
NVD
CVSS 2.0
5.4
EPSS
0.5%
CVE-2013-7307 MEDIUM This Month

The OSPF implementation on the Brocade Vyatta vRouter with software before 6.6R1 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before. Rated medium severity (CVSS 5.4). No vendor patch available.

Denial Of Service Vyatta Vrouter Software Vyatta Vrouter
NVD
CVSS 2.0
5.4
EPSS
0.5%
CVE-2013-7309 MEDIUM This Month

The OSPF implementation in Extreme Networks EXOS does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA. Rated medium severity (CVSS 5.4). No vendor patch available.

Denial Of Service Exos
NVD
CVSS 2.0
5.4
EPSS
0.4%
CVE-2013-7313 MEDIUM This Month

The OSPF implementation in Juniper Junos through 13.x, JunosE, and ScreenOS through 6.3.x does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets. Rated medium severity (CVSS 5.4). No vendor patch available.

Denial Of Service Juniper Junos Junose Screenos
NVD
CVSS 2.0
5.4
EPSS
0.2%
CVE-2013-7308 MEDIUM This Month

The OSPF implementation on the D-Link DES-3810-28 switch with firmware R2.20.B017 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before. Rated medium severity (CVSS 5.4). No vendor patch available.

Denial Of Service D-Link Des 3810 28 Firmware Des 3810 28
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2013-6447 MEDIUM PATCH This Month

Multiple XML External Entity (XXE) vulnerabilities in the (1) ExecutionHandler, (2) PollHandler, and (3) SubscriptionHandler classes in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure XXE Jboss Seam 2 Framework
NVD GitHub
CVSS 2.0
5.0
EPSS
1.4%
CVE-2013-6448 MEDIUM PATCH This Month

The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Jboss Seam 2 Framework
NVD GitHub
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-6412 MEDIUM This Month

The transform_save function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Augeas
NVD GitHub
CVSS 2.0
4.6
EPSS
0.0%
CVE-2014-0006 MEDIUM PATCH This Month

The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Swift
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-6447 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 5.0.0 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Splunk
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy