All CVEs — 2013 (Page 7/25)

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0

2013-10-13

High

CVE-2013-4827

SQL injection vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to execute arbitrary SQL commands via unspecified…

CVSS: 7.5 CWE: CWE-89

Medium

CVE-2013-4826

Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to obtain sensitive information via unknown vectors…

CVSS: 5.0 CWE: CWE-200

High

CVE-2013-4824

Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass authentication via unknown vectors, aka Z…

CVSS: 7.5 CWE: CWE-287

Medium

CVE-2013-4056

Cross-site request forgery (CSRF) vulnerability in the Data Quality Console and Information Analyzer components in IBM InfoSphere Information Server 8.7 through FP2 and 9.1 through 9.1.2.0 allows rem…

CVSS: 6.8 CWE: CWE-352

High

CVE-2013-3415

Cisco Adaptive Security Appliance (ASA) Software 8.4.x before 8.4(3) and 8.6.x before 8.6(1.3) does not properly manage memory upon an AnyConnect SSL VPN client disconnection, which allows remote att…

CVSS: 7.8 CWE: CWE-119

High

CVE-2013-2787

Alstom e-terracontrol 3.5, 3.6, and 3.7 allows remote attackers to cause a denial of service (infinite loop) via crafted DNP3 packets.

CVSS: 7.8 CWE: CWE-20

Medium

CVE-2012-4709

Invensys Wonderware InTouch HMI 2012 R2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption)…

CVSS: 6.9 CWE: CWE-119

Medium

CVE-2012-4108

The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary operating-system commands via crafted parameters to a file-relate…

CVSS: 6.8 CWE: CWE-78

Medium

CVE-2012-4105

The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service (component crash) via crafted "debug hardware" parameters, aka Bug ID CSCtq86…

CVSS: 4.6 CWE: CWE-20

2013-10-11

High

CVE-2013-6079

Buffer overflow in MostGear Soft Easy LAN Folder Share 3.2.0.100 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in the (1) r…

CVSS: 7.2 CWE: CWE-119

Medium

CVE-2013-4388

Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute ar…

CVSS: 6.8 CWE: CWE-119

Low

CVE-2013-4255

The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, or (5) KILL policy that evaluate…

CVSS: 3.5 CWE: CWE-20

High

CVE-2013-4203

The self.run_gpg function in lib/rgpg/gpg_helper.rb in the rgpg gem before 0.2.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.

CVSS: 7.5 CWE: CWE-94

Medium

CVE-2013-4173

Directory traversal vulnerability in the trend-data daemon (xymond_rrd) in Xymon 4.x before 4.3.12 allows remote attackers to delete arbitrary files via a .. (dot dot) in the host name in a "drophost…

CVSS: 5.0 CWE: CWE-22

Medium

CVE-2013-4167

Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) before 1.11.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79

High

CVE-2013-4137

Multiple SQL injection vulnerabilities in StatusNet 1.0 before 1.0.2 and 1.1.0 allow remote attackers to execute arbitrary SQL commands via vectors related to user lists and "a particular tag format."

CVSS: 7.5 CWE: CWE-89

Medium

CVE-2009-5136

The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANT_SUSPEND policy that evaluate to an UNDEFINED state, which allows remote authenticated users to cau…

CVSS: 4.0 CWE: CWE-20

Medium

CVE-2007-6755

The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skele…

CVSS: 5.8 CWE: CWE-327

Medium

CVE-2013-5028

SQL injection vulnerability in IT/hardware-list.dll in Kwoksys Kwok Information Server before 2.8.5 allows remote authenticated users to execute arbitrary SQL commands via the (1) hardwareType, (2) h…

CVSS: 6.5 CWE: CWE-89

Medium

CVE-2013-4306

Cross-site request forgery (CSRF) vulnerability in api/ApiQueryCheckUser.php in the CheckUser extension for MediaWiki, possibly Checkuser before 2.3, allows remote attackers to hijack the authenticat…

CVSS: 6.8 CWE: CWE-352

Medium

CVE-2013-4305

Cross-site scripting (XSS) vulnerability in contrib/example.php in the SyntaxHighlight GeSHi extension for MediaWiki, possibly as downloaded before September 2013, allows remote attackers to inject a…

CVSS: 4.3 CWE: CWE-79

Critical

CVE-2013-2578

cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to execute arbitr…

CVSS: 10.0 CWE: CWE-78

Medium

CVE-2013-5533

The image-upgrade functionality on Cisco 9900 Unified IP phones allows local users to gain privileges by placing shell commands in an unspecified parameter, aka Bug ID CSCuh10334.

CVSS: 6.0 CWE: CWE-20

Medium

CVE-2013-5532

Buffer overflow in the web-application interface on Cisco 9900 IP phones allows remote attackers to cause a denial of service (webapp interface outage) via long values in unspecified fields, aka Bug…

CVSS: 5.0 CWE: CWE-20

Medium

CVE-2013-5528

Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal…

CVSS: 4.0 CWE: CWE-22

2013-10-10

Medium

CVE-2013-5527

The OSPF functionality in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted options in an LSA type 11 packet, aka Bug ID CSCui21030.

CVSS: 5.7 CWE: CWE-20

High

CVE-2013-5526

Cisco 9900 fourth-generation IP phones do not properly perform SDP negotiation, which allows remote attackers to cause a denial of service (device reboot) via crafted SDP packets, aka Bug ID CSCuf066…

CVSS: 7.1 CWE: CWE-20

Medium

CVE-2013-5525

SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a…

CVSS: 6.5 CWE: CWE-89

Medium

CVE-2013-5524

Cross-site scripting (XSS) vulnerability in the troubleshooting page in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unsp…

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2013-5523

The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attack…

CVSS: 4.3 CWE: CWE-20

Medium

CVE-2013-5008

The agent and task-agent components in Symantec Management Platform 7.0 and 7.1 before 7.1 SP2 Mp1.1v7 rollup, as used in certain Altiris products, use the same registry-entry encryption key across d…

CVSS: 4.6 CWE: CWE-200

Medium

CVE-2013-4387

net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not properly determine the need for UDP Fragmentation Offload (UFO) processing of small packets after the UFO queueing of a large packet,…

CVSS: 6.1 CWE: CWE-119

Medium

CVE-2013-0580

Cross-site request forgery (CSRF) vulnerability in the Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote authenticated users to hijack the…

CVSS: 4.9 CWE: CWE-352

High

CVE-2013-4271

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a ser…

CVSS: 7.5 CWE: CWE-502

High

CVE-2013-2138

The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a repla…

CVSS: 7.5 CWE: CWE-20

Medium

CVE-2013-1881

GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML Ext…

CVSS: 4.3 CWE: CWE-20

2013-10-09

Medium

CVE-2013-4237

sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execut…

CVSS: 6.8 CWE: CWE-119

Medium

CVE-2013-0736

Multiple cross-site request forgery (CSRF) vulnerabilities in the Mingle Forum plugin 1.0.34 and possibly earlier for WordPress allow remote attackers to hijack the authentication of administrators f…

CVSS: 6.8 CWE: CWE-352

Medium

CVE-2012-4424

Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execut…

CVSS: 5.1 CWE: CWE-119

High

CVE-2013-5967

Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the date_from par…

CVSS: 7.5 CWE: CWE-89

Medium

CVE-2013-5576

administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended…

CVSS: 6.8 CWE: CWE-20

Critical

CVE-2013-5327

MDBMS.dll in Adobe RoboHelp 10 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

CVSS: 10.0 CWE: CWE-119

Critical

CVE-2013-5325

Adobe Reader and Acrobat 11.x before 11.0.05 on Windows allow remote attackers to execute arbitrary JavaScript code in a javascript: URL via a crafted PDF document.

CVSS: 9.3 CWE: CWE-94

High

CVE-2013-4385

Buffer overflow in the "read-string!" procedure in the "extras" unit in CHICKEN stable before 4.8.0.5 and development snapshots before 4.8.3 allows remote attackers to cause a denial of service (memo…

CVSS: 7.5 CWE: CWE-119

Medium

CVE-2013-4384

Cross-site scripting (XSS) vulnerability in Google Site Search module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.10 for Drupal allows remote attackers to inject arbitrary web script or HTML by c…

CVSS: 4.3 CWE: CWE-79

High

CVE-2013-4258

Format string vulnerability in the osLogMsg function in server/os/aulog.c in Network Audio System (NAS) 1.9.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitra…

CVSS: 7.5 CWE: CWE-134

Medium

CVE-2013-4256

Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1.9.3 allow local users to cause a denial of service (crash) or possibly execute arbitrary code via the (1) display…

CVSS: 4.6 CWE: CWE-119

High

CVE-2013-3897

Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (mem…

CVSS: 8.8 CWE: CWE-416

High

CVE-2013-3894

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows…

CVSS: 8.1 CWE: CWE-94

Critical

CVE-2013-3892

Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Memory Corruption Vulnerability."

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2013-3891

Microsoft Word 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Memory Corruption Vulnerability."

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2013-3890

Microsoft Excel 2007 SP3, Excel Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Excel Memory Corruption Vulner…

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2013-3889

Microsoft Excel 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; Office Compatibility Pack SP3; and Excel Servic…

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2013-3886

Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruptio…

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2013-3885

Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln…

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2013-3882

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2013-3875

Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption…

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2013-3874

Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulne…

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2013-3873

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2013-3872

CVSS: 9.3 CWE: CWE-20

Critical

CVE-2013-3871

Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru…

CVSS: 9.3 CWE: CWE-119

High

CVE-2013-3861

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 allows remote attackers to cause a denial of service (application crash or hang) via crafted character sequences in JSON data, aka "J…

CVSS: 7.8 CWE: CWE-20

High

CVE-2013-3860

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly parse a DTD during XML digital-signature validation, which allows remote attackers to cause a denial of service (ap…

CVSS: 7.8 CWE: CWE-20

High

CVE-2013-3200

The USB drivers in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Serve…

CVSS: 7.2 CWE: CWE-94

2013-10-05

Medium

CVE-2013-3610

qis/QIS_finish.htm on the ASUS RT-N10E router with firmware before 2.0.0.25 does not require authentication, which allows remote attackers to discover the administrator password via a direct request.

CVSS: 6.1 CWE: CWE-287

Critical

CVE-2013-2808

Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management…

CVSS: 9.3 CWE: CWE-119

Medium

CVE-2012-4122

The CLI parser in Cisco NX-OS allows local users to bypass intended access restrictions, and overwrite or create arbitrary files, via shell output redirection, aka Bug IDs CSCts56672 and CSCts56669.

CVSS: 6.2 CWE: CWE-20

Medium

CVE-2012-4098

The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka…

CVSS: 5.0 CWE: CWE-20

Medium

CVE-2012-4091

The RIP service engine in Cisco NX-OS allows remote attackers to cause a denial of service (engine restart) via a malformed (1) RIPv4 or (2) RIPv6 message, aka Bug ID CSCtj73415.

CVSS: 5.0 CWE: CWE-20

Medium

CVE-2012-4084

Cross-site request forgery (CSRF) vulnerability in the web-management interface in the fabric interconnect (FI) component in Cisco Unified Computing System (UCS) allows remote attackers to hijack the…

CVSS: 6.8 CWE: CWE-352

High

CVE-2012-4075

Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in unspecified command parameters, aka Bug IDs CSCtf19827 and CSCtf27788.

CVSS: 7.2 CWE: CWE-78

2013-10-04

High

CVE-2013-3541

Directory traversal vulnerability in cgi-bin/admin/fileread in AirLive WL2600CAM and possibly other camera models allows remote attackers to read arbitrary files via a .. (dot dot) in the READ.filePa…

CVSS: 7.8 CWE: CWE-22

Medium

CVE-2013-3540

Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/usrgrp.cgi in AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models allows…

CVSS: 6.8 CWE: CWE-352

Medium

CVE-2013-5091

SQL injection vulnerability in CalendarCommon.php in vTiger CRM 5.4.0 and possibly earlier allows remote authenticated users to execute arbitrary SQL commands via the onlyforuser parameter in an inde…

CVSS: 6.5 CWE: CWE-89

Medium

CVE-2013-4986

Stack-based buffer overflow in PDFAX0722_IconCool.dll 7.22.1125.2121 in IconCool PDFCool Studio 3.32 Build 130330 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file.

CVSS: 6.8 CWE: CWE-119

Medium

CVE-2013-6044

The is_safe_url function in utils/http.py in Django 1.4.x before 1.4.6, 1.5.x before 1.5.2, and 1.6 before beta 2 treats a URL's scheme as safe even if it is not HTTP or HTTPS, which might introduce…

CVSS: 4.3 CWE: CWE-79

High

CVE-2013-6011

Citrix NetScaler Application Delivery Controller (ADC) 10.0 before 10.0-76.7 allows remote attackers to cause a denial of service (nsconfigd crash and appliance reboot) via a crafted request.

CVSS: 7.8 CWE: CWE-20

Medium

CVE-2013-4788

The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it…

CVSS: 5.1 CWE: CWE-20

High

CVE-2013-4344

Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a R…

CVSS: 7.2 CWE: CWE-120

Medium

CVE-2013-4330

Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName…

CVSS: 6.8 CWE: CWE-94

Medium

CVE-2013-4249

Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbit…

CVSS: 4.3 CWE: CWE-79

Low

CVE-2013-4157

Red Hat Storage 2.0 allows local users to overwrite arbitrary files via a symlink attack on the (1) e, (2) local-bricks.list, (3) bricks.err, or (4) limits.conf files in /tmp.

CVSS: 3.6 CWE: CWE-59

Medium

CVE-2013-2223

GNU ZRTPCPP before 3.2.0 allows remote attackers to obtain sensitive information (uninitialized heap memory) or cause a denial of service (out-of-bounds read) via a crafted packet, as demonstrated by…

CVSS: 5.8 CWE: CWE-119

Medium

CVE-2013-2222

Multiple stack-based buffer overflows in GNU ZRTPCPP before 3.2.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ZRTP Hello packet to th…

CVSS: 6.8 CWE: CWE-119

High

CVE-2013-2221

Heap-based buffer overflow in the ZRtp::storeMsgTemp function in GNU ZRTPCPP before 3.2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large…

CVSS: 7.5 CWE: CWE-119

Medium

CVE-2013-5419

Multiple buffer overflows in (1) mkque and (2) mkquedev in bos.rte.printers in IBM AIX 6.1 and 7.1 allow local users to gain privileges by leveraging printq group membership.

CVSS: 6.9 CWE: CWE-119

Medium

CVE-2013-5163

Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified vecto…

CVSS: 6.6 CWE: CWE-287

Low

CVE-2013-4829

HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c; Color LaserJet CM4540, M575, and M775; and ScanJet Enterprise 8500fn1 FutureSmart devices allow l…

CVSS: 1.5 CWE: CWE-200

Medium

CVE-2013-4711

Cross-site scripting (XSS) vulnerability in Accela BizSearch 3.2 on Linux and Solaris allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79

High

CVE-2013-2964

Buffer overflow in dsmtca in IBM Tivoli Storage Manager (TSM) through 5.5.4.0, 6.1.0 through 6.1.5.4, 6.2.0 through 6.2.4.7, and 6.3.0 through 6.3.0.17 on UNIX and Linux allows local users to gain pr…

CVSS: 7.2 CWE: CWE-119

2013-10-03

Critical

CVE-2013-0742

Stack-based buffer overflow in Corel PDF Fusion 1.11 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long ZIP directory entry name in an XPS f…

CVSS: 9.3 CWE: CWE-119

Medium

CVE-2013-4327

systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race con…

CVSS: 6.9 CWE: CWE-362

High

CVE-2013-4288

Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is perf…

CVSS: 7.2 CWE: CWE-362

Medium

CVE-2013-6010

Cross-site scripting (XSS) vulnerability in the Comment Attachment plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Attachment field title."

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2013-6009

CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain conditions, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting…

CVSS: 4.3 CWE: CWE-94

Low

CVE-2013-5690

Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) content with the text/xml MIM…

CVSS: 3.5 CWE: CWE-79

Critical

CVE-2013-5944

The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which a…

CVSS: 10.0 CWE: CWE-287

Medium

CVE-2013-5519

Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a…

CVSS: 4.3 CWE: CWE-79

Critical

CVE-2013-0693

The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier performs…

CVSS: 10.0 CWE: CWE-200

Critical

CVE-2013-0689

The TFTP server on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote at…

CVSS: 10.0 CWE: CWE-94

2013-10-02

Medium

CVE-2013-5979

Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php.

CVSS: 5.0 CWE: CWE-22

Medium

CVE-2013-5517

SQL injection vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh…

CVSS: 5.5 CWE: CWE-89

Medium

CVE-2013-4066

IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to conduct clickjacking attacks by creating an overlay interface on top of the Web Console interface.

CVSS: 4.3 CWE: CWE-20

Medium

CVE-2012-4111

The create certreq command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bu…

CVSS: 6.8 CWE: CWE-20

Medium

CVE-2012-4110

run-script in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86560.

CVSS: 6.8 CWE: CWE-20

Medium

CVE-2012-4109

The clear sshkey command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug…

CVSS: 6.8 CWE: CWE-20

Medium

CVE-2012-4104

Absolute path traversal vulnerability in the image-download process in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to overwrite or delete arbitrary fi…

CVSS: 6.6 CWE: CWE-22

Medium

CVE-2012-4103

ethanalyzer in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq02686.

CVSS: 6.8 CWE: CWE-20

Medium

CVE-2012-4102

The activate firmware command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka…

CVSS: 6.8 CWE: CWE-20

Medium

CVE-2012-4095

The local file editor in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges, and read or modify arbitrary files, via unspecified key bindi…

CVSS: 5.5 CWE: CWE-20

Medium

CVE-2013-4032

The Fast Communications Manager (FCM) in IBM DB2 Enterprise Server Edition and Advanced Enterprise Server Edition 10.1 before FP3 and 10.5, when a multi-node configuration is used, allows remote atta…

CVSS: 5.0 CWE: CWE-20

Medium

CVE-2013-2920

The DoResolveRelativeHost function in url/url_canon_relative.cc in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service (out-of-bounds read) via a relative URL conta…

CVSS: 5.0 CWE: CWE-119

High

CVE-2013-2919

Google V8, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

CVSS: 7.5 CWE: CWE-119

Medium

CVE-2013-2917

The ReverbConvolverStage::ReverbConvolverStage function in core/platform/audio/ReverbConvolverStage.cpp in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows…

CVSS: 5.0 CWE: CWE-119

Medium

CVE-2013-2907

The Window.prototype object implementation in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVSS: 5.0 CWE: CWE-119

Medium

CVE-2013-2906

Multiple race conditions in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allow remote attackers to cause a denial of service or possibly have unspecified other…

CVSS: 6.8 CWE: CWE-362

2013-10-01

Medium

CVE-2013-5976

Cross-site scripting (XSS) vulnerability in the access policy logout page (logout.inc) in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.1.0 through 11.3.0 allows remote attackers to inject arbitrary web…

CVSS: 4.3 CWE: CWE-79

Low

CVE-2013-2013

The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the pro…

CVSS: 2.1 CWE: CWE-200

Medium

CVE-2013-1892

MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (inv…

CVSS: 6.0 CWE: CWE-20

Medium

CVE-2013-5580

The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions in conn.c in ngIRCd 18 through 20.2, when the configuration option NoticeAuth is enabled, does not properly handle the return code fo…

CVSS: 4.3 CWE: CWE-20