Total
9170 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-1093 | 1 Novell | 1 Zenworks Configuration Management | 2013-11-06 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in the fwdToURL function in the ZCC login page in zcc-framework.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the directToPage parameter. | |||||
CVE-2013-4623 | 1 Polarssl | 1 Polarssl | 2013-10-30 | 4.3 MEDIUM | N/A |
The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 and 1.2.x before 1.2.8 does not properly parse certificate messages during the SSL/TLS handshake, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certificate message that contains a PEM encoded certificate. | |||||
CVE-2013-3954 | 1 Apple | 2 Iphone Os, Mac Os X | 2013-10-30 | 6.9 MEDIUM | N/A |
The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with a header count field, or (2) obtain sensitive information from kernel heap memory via a certain size value in conjunction with a crafted buffer. | |||||
CVE-2013-2898 | 1 Linux | 1 Linux Kernel | 2013-10-30 | 1.9 LOW | N/A |
drivers/hid/hid-sensor-hub.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_SENSOR_HUB is enabled, allows physically proximate attackers to obtain sensitive information from kernel memory via a crafted device. | |||||
CVE-2013-5741 | 1 Triplc | 2 Nano-10 Plc, Nano-10 Plc Firmware | 2013-10-29 | 7.8 HIGH | N/A |
Triangle Research International (aka Tri) Nano-10 PLC devices with firmware r81 and earlier do not properly handle large length values in MODBUS data, which allows remote attackers to cause a denial of service (transition to the interrupt state) via a crafted packet to TCP port 502. | |||||
CVE-2011-4106 | 1 Binarymoon | 1 Timthumb | 2013-10-28 | 6.8 MEDIUM | N/A |
TimThumb (timthumb.php) before 2.0 does not validate the entire source with the domain white list, which allows remote attackers to upload and execute arbitrary code via a URL containing a white-listed domain in the src parameter, then accessing it via a direct request to the file in the cache directory, as exploited in the wild in August 2011. | |||||
CVE-2013-4390 | 1 Apache | 2 Sling, Sling Auth Core Component | 2013-10-25 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter, related to "a custom login form and XSS." | |||||
CVE-2013-5175 | 1 Apple | 1 Mac Os X | 2013-10-24 | 6.6 MEDIUM | N/A |
The kernel in Apple Mac OS X before 10.9 allows local users to obtain sensitive information or cause a denial of service (out-of-bounds read and system crash) via a crafted Mach-O file. | |||||
CVE-2013-5168 | 1 Apple | 1 Mac Os X | 2013-10-24 | 6.8 MEDIUM | N/A |
Console in Apple Mac OS X before 10.9 allows user-assisted remote attackers to execute arbitrary applications by triggering a log entry with a crafted attached URL. | |||||
CVE-2013-5536 | 1 Cisco | 1 Secure Access Control System | 2013-10-24 | 5.0 MEDIUM | N/A |
Cisco Secure Access Control System (ACS) does not properly implement an incoming-packet firewall rule, which allows remote attackers to cause a denial of service (process crash) via a flood of crafted packets, aka Bug ID CSCui51521. | |||||
CVE-2013-5192 | 1 Apple | 1 Mac Os X | 2013-10-24 | 4.9 MEDIUM | N/A |
The USB hub controller in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a request with a crafted (1) port or (2) port number. | |||||
CVE-2013-5140 | 1 Apple | 1 Iphone Os | 2013-10-22 | 7.8 HIGH | N/A |
The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment. | |||||
CVE-2013-5155 | 1 Apple | 1 Iphone Os | 2013-10-22 | 7.1 HIGH | N/A |
The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random. | |||||
CVE-2013-5493 | 1 Cisco | 2 Virtualization Experience Client 6000, Virtualization Experience Client 6000 Series Firmware | 2013-10-22 | 6.8 MEDIUM | N/A |
The diagnostic module in the firmware on Cisco Virtualization Experience Client 6000 devices allows local users to bypass intended access restrictions and execute arbitrary commands via unspecified vectors, aka Bug ID CSCug68407. | |||||
CVE-2013-5550 | 1 Cisco | 1 Unified Computing System | 2013-10-22 | 4.6 MEDIUM | N/A |
The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via crafted command parameters that trigger hardware-component write operations, aka Bug ID CSCtq86549. | |||||
CVE-2012-4117 | 1 Cisco | 1 Unified Computing System | 2013-10-21 | 5.8 MEDIUM | N/A |
The fabric-interconnect component in Cisco Unified Computing System (UCS) does not properly verify X.509 certificates, which allows man-in-the-middle attackers to watch SSL KVM video-channel traffic or modify this traffic via a crafted certificate, aka Bug ID CSCtr73033. | |||||
CVE-2013-5496 | 1 Cisco | 1 Nx-os | 2013-10-16 | 6.3 MEDIUM | N/A |
Open Network Environment Platform (ONEP) in Cisco NX-OS allows remote authenticated users to cause a denial of service (network-element reload) via a crafted packet, aka Bug ID CSCui51551. | |||||
CVE-2013-5539 | 1 Cisco | 2 Identity Services Engine, Identity Services Engine Software | 2013-10-16 | 6.0 MEDIUM | N/A |
The upload-dialog implementation in Cisco Identity Services Engine (ISE) allows remote authenticated users to upload files with an arbitrary file type, and consequently conduct attacks against unspecified other systems, via a crafted file, aka Bug ID CSCui67511. | |||||
CVE-2013-5529 | 1 Cisco | 1 Webex Meetings Server | 2013-10-16 | 6.8 MEDIUM | N/A |
The deployment module in the server in Cisco WebEx Meeting Center does not properly validate the passphrase, which allows remote attackers to launch a deployment or cause a denial of service (deployment interruption) via a direct request, aka Bug ID CSCuf52200. | |||||
CVE-2013-2787 | 1 Alstom | 1 E-terracontrol | 2013-10-15 | 7.8 HIGH | N/A |
Alstom e-terracontrol 3.5, 3.6, and 3.7 allows remote attackers to cause a denial of service (infinite loop) via crafted DNP3 packets. |