Skip to main content
CVE-2013-7331 MEDIUM POC KEV PATCH THREAT Act Now

The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
6.5
EPSS
81.8%
Threat
6.8
CVE-2013-4841 CRITICAL Act Now

Unspecified vulnerability in dbd_manager in LeftHand OS before 11.0 in HP StoreVirtual 4000 and StoreVirtual VSA Software (formerly LeftHand Virtual SAN Appliance) allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 28.4% and no vendor patch available.

HP RCE Lefthand Storevirtual Virtual Storage Appliance Storevirtual 4000
NVD
CVSS 2.0
10.0
EPSS
28.4%
CVE-2013-7332 MEDIUM POC THREAT This Month

The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.9%.

Denial Of Service Microsoft Windows 8 Windows 8 1
NVD
CVSS 2.0
5.0
EPSS
13.9%
CVE-2013-4322 MEDIUM PATCH This Month

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 36.7%.

Tomcat Denial Of Service Apache
NVD
CVSS 2.0
4.3
EPSS
36.7%
CVE-2013-4286 MEDIUM PATCH This Month

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Epss exploitation probability 23.6%.

Tomcat Apache Information Disclosure
NVD
CVSS 2.0
5.8
EPSS
23.6%
CVE-2014-2205 MEDIUM POC This Month

The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) before 4.6.7 Hotfix 940148 allows remote authenticated users with permissions to add dashboards to read arbitrary files by. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation XXE Epolicy Orchestrator
NVD
CVSS 2.0
6.3
EPSS
0.4%
CVE-2013-3712 CRITICAL Act Now

SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for System z 1.3 uses "static" secret tokens, which has unspecified impact and vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Studio Extension For System Z Studio Onsite
NVD
CVSS 2.0
10.0
EPSS
0.3%
CVE-2013-6204 HIGH This Week

The Web Console in HP Application Information Optimizer (formerly HP Database Archiving) 6.2, 6.3, 6.4, 7.0, and 7.1 allows remote attackers to execute arbitrary code or obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Application Information Optimizer
NVD
CVSS 2.0
7.5
EPSS
4.6%
CVE-2013-6203 HIGH This Week

The Web Console in HP Application Information Optimizer (formerly HP Database Archiving) 6.2, 6.3, 6.4, 7.0, and 7.1 allows remote attackers to execute arbitrary code or obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Application Information Optimizer
NVD
CVSS 2.0
7.5
EPSS
4.6%
CVE-2013-2824 HIGH PATCH This Week

Schneider Electric StruxureWare SCADA Expert Vijeo Citect 7.40, Vijeo Citect 7.20 through 7.30SP1, CitectSCADA 7.20 through 7.30SP1, StruxureWare PowerSCADA Expert 7.30 through 7.30SR1, and. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Schneider Electric Citectscada Powerlogic Scada Struxureware Powerscada Expert +1
NVD
CVSS 2.0
7.8
EPSS
0.2%
CVE-2014-0033 MEDIUM PATCH This Month

org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 16.2%.

Tomcat Apache Information Disclosure Java
NVD
CVSS 2.0
4.3
EPSS
16.2%
CVE-2014-0842 MEDIUM PATCH This Month

The account-creation functionality in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 places the new user's default password within the creation page, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Rational Focal Point
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-2096 MEDIUM This Month

Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0 allows local users to gain privileges via a Trojan horse bin/catfish.py under the current working directory. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Catfish
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-2095 MEDIUM This Month

Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0, when a Fedora package such as 0.8.2-1 is not used, allows local users to gain privileges via a Trojan horse bin/catfish.pyc under. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Catfish
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-2094 MEDIUM This Month

Untrusted search path vulnerability in Catfish through 0.4.0.3, when a Fedora package such as 0.4.0.2-2 is not used, allows local users to gain privileges via a Trojan horse catfish.pyc in the. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Catfish
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-2093 MEDIUM This Month

Untrusted search path vulnerability in Catfish through 0.4.0.3 allows local users to gain privileges via a Trojan horse catfish.py in the current working directory. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Catfish
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2012-2134 MEDIUM PATCH This Month

The handle_connection_error function in ldap_helper.c in bind-dyndb-ldap before 1.1.0rc1 does not properly handle LDAP query errors, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Bind Dyndb Ldap
NVD
CVSS 2.0
4.3
EPSS
1.0%
CVE-2013-4590 MEDIUM PATCH This Month

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Tomcat Apache Information Disclosure XXE Debian Linux +1
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2013-6731 MEDIUM PATCH This Month

IBM Netezza Performance Portal 2.x before 2.0.0.3 allows remote authenticated users to change arbitrary passwords via an HTTP POST request. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation IBM Netezza Performance Portal
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-0839 MEDIUM PATCH This Month

IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to modify data via vectors involving a direct object reference. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation IBM Rational Focal Point
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-0843 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to inject arbitrary web script or HTML by. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Rational Focal Point
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2014-0840 LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allow remote authenticated users to inject arbitrary web script. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Rational Focal Point
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2014-0853 LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in the (1) ForwardController and (2) AttributeEditor scripts in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Rational Focal Point
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-0058 LOW Monitor

The security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by. Rated low severity (CVSS 1.9). No vendor patch available.

Red Hat Information Disclosure Jboss Enterprise Application Platform
NVD
CVSS 2.0
1.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy