Skip to main content
CVE-2013-6166 MEDIUM POC This Month

Google Chrome before 29 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Google Chrome
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.6%
CVE-2013-6167 MEDIUM POC This Month

Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Mozilla Firefox
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-4737 CRITICAL PATCH Act Now

The CONFIG_STRICT_MEMORY_RWX implementation for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly consider. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

Privilege Escalation Linux Google Qualcomm Quic Mobile Station Modem Kernel
NVD
CVSS 2.0
9.3
EPSS
0.6%
CVE-2012-6638 HIGH PATCH This Week

The tcp_rcv_state_process function in net/ipv4/tcp_input.c in the Linux kernel before 3.2.24 allows remote attackers to cause a denial of service (kernel resource consumption) via a flood of SYN+FIN. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
7.8
EPSS
1.1%
CVE-2012-2663 HIGH PATCH This Week

extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP SYN+FIN packets in --syn rules, which might allow remote attackers to bypass intended firewall restrictions via crafted packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Iptables
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2012-1171 MEDIUM This Month

The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure
NVD GitHub
CVSS 2.0
5.0
EPSS
0.2%
CVE-2012-1088 LOW Monitor

iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by (1) configure or (2) examples/dhcp-client-script. Rated low severity (CVSS 3.3). No vendor patch available.

Information Disclosure Iproute2
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2013-0346 LOW Monitor

Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Tomcat Privilege Escalation Apache
NVD
CVSS 2.0
2.1
EPSS
0.6%
CVE-2012-6108 LOW Monitor

HP Linux Imaging and Printing (HPLIP) before 3.13.2 uses world-writable permissions for /var/log/hp and /var/log/hp/tmp, which allows local users to delete log files via standard filesystem. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation HP Linux Imaging And Printing Project
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy