Total
5279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-6685 | 1 Cisco | 4 Unified Ip Phone 8961, Unified Ip Phone 9951, Unified Ip Phone 9971 and 1 more | 2013-11-14 | 6.6 MEDIUM | N/A |
| The firmware on Cisco Unified IP phones 8961, 9951, and 9971 uses weak permissions for memory block devices, which allows local users to gain privileges by mounting a device with a setuid file in its filesystem, aka Bug ID CSCui04382. | |||||
| CVE-2013-5552 | 1 Cisco | 2 Content Services Gateway, Ios | 2013-11-14 | 6.4 MEDIUM | N/A |
| Cisco IOS 12.4(24)MDB9 and earlier on Content Services Gateway (CSG) devices does not properly implement the "parse error drop" feature, which allows remote attackers to bypass intended access restrictions via a crafted series of packets, aka Bug ID CSCug90143. | |||||
| CVE-2013-4987 | 1 Pineapp | 1 Mail-secure | 2013-11-08 | 8.5 HIGH | N/A |
| PineApp Mail-SeCure before 3.70 allows remote authenticated users to gain privileges by leveraging console access and providing shell metacharacters in a "system ping" command. | |||||
| CVE-2013-4439 | 1 Saltstack | 1 Salt | 2013-11-06 | 4.9 MEDIUM | N/A |
| Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key. | |||||
| CVE-2013-6077 | 1 Citrix | 1 Xendesktop | 2013-11-06 | 5.8 MEDIUM | N/A |
| Citrix XenDesktop 7.0, when upgraded from XenDesktop 5.x, does not properly enforce policy rule permissions, which allows remote attackers to bypass intended restrictions. | |||||
| CVE-2013-4497 | 1 Openstack | 3 Folsom, Grizzly, Havana | 2013-11-06 | 6.4 MEDIUM | N/A |
| The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions. | |||||
| CVE-2013-3264 | 1 Smackcoders | 1 Wp Ultimate Email Marketer Plugin | 2013-11-06 | 6.4 MEDIUM | N/A |
| The WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress does not properly restrict access to (1) list/edit.php and (2) campaign/editCampaign.php, which allows remote attackers to modify list or campaign data. | |||||
| CVE-2013-6617 | 1 Saltstack | 1 Salt | 2013-11-06 | 10.0 HIGH | N/A |
| The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges. | |||||
| CVE-2013-5975 | 1 F5 | 1 Big-ip Access Policy Manager | 2013-10-30 | 4.3 MEDIUM | N/A |
| The access policy logon page (logon.inc) in F5 BIG-IP APM 11.1.0 through 11.2.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||||
| CVE-2013-5145 | 1 Apple | 1 Iphone Os | 2013-10-30 | 6.3 MEDIUM | N/A |
| kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message. | |||||
| CVE-2012-4572 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Enterprise Portal Platform | 2013-10-30 | 3.7 LOW | N/A |
| Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loaded and the modules share class names, which allows local users to control certain applications' authorization decisions via a crafted application. | |||||
| CVE-2012-0827 | 1 Drupal | 1 Drupal | 2013-10-29 | 3.5 LOW | N/A |
| The File module in Drupal 7.x before 7.11, when using unspecified field access modules, allows remote authenticated users to read arbitrary private files that are associated with restricted fields via unspecified vectors. | |||||
| CVE-2013-1067 | 1 Canonical | 1 Ubuntu Linux | 2013-10-28 | 4.9 MEDIUM | N/A |
| Apport 2.12.5 and earlier uses weak permissions for core dump files created by setuid binaries, which allows local users to obtain sensitive information by reading the file. | |||||
| CVE-2013-6128 | 1 Wellintech | 1 Kingview | 2013-10-28 | 5.8 MEDIUM | N/A |
| The KCHARTXYLib.KChartXY ActiveX control in KChartXY.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict SaveToFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the single pathname argument, as demonstrated by a directory traversal attack. | |||||
| CVE-2013-3280 | 1 Emc | 1 Rsa Authentication Agent | 2013-10-25 | 7.5 HIGH | N/A |
| EMC RSA Authentication Agent 7.1.x before 7.1.2 for Web for Internet Information Services has a fail-open design, which allows remote attackers to bypass intended access restrictions via vectors that trigger an agent crash. | |||||
| CVE-2013-5521 | 1 Cisco | 1 Identity Services Engine Software | 2013-10-25 | 5.0 MEDIUM | N/A |
| Cisco Identity Services Engine does not properly restrict the creation of guest accounts, which allows remote attackers to cause a denial of service (exhaustion of the account supply) via a series of requests within one session, aka Bug ID CSCue94287. | |||||
| CVE-2013-5522 | 1 Cisco | 2 Catalyst 3750-x, Ios | 2013-10-25 | 6.8 MEDIUM | N/A |
| Cisco IOS on Catalyst 3750X switches has default Service Module credentials, which makes it easier for local users to gain privileges via a Service Module login, aka Bug ID CSCue92286. | |||||
| CVE-2013-5154 | 1 Apple | 1 Iphone Os | 2013-10-25 | 4.3 MEDIUM | N/A |
| The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a crafted application. | |||||
| CVE-2013-5149 | 1 Apple | 1 Iphone Os | 2013-10-25 | 4.3 MEDIUM | N/A |
| The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification registration process. | |||||
| CVE-2013-5165 | 1 Apple | 1 Mac Os X | 2013-10-24 | 6.4 MEDIUM | N/A |
| socketfilterfw in Application Firewall in Apple Mac OS X before 10.9 does not properly implement the --blockApp option, which allows remote attackers to bypass intended access restrictions via a network connection to an application for which blocking was configured. | |||||