Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-6689 | 1 Cisco | 1 Unified Communications Manager | 2013-11-19 | 6.9 MEDIUM | N/A |
| Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229. | |||||
| CVE-2013-0741 | 1 Percipientstudios | 1 Imagen | 2013-11-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in imagegen.ashx in Percipient Studios ImageGen before 2.9.0 for Umbraco CMS allows remote attackers to inject arbitrary web script or HTML via the font parameter. | |||||
| CVE-2013-3407 | 1 Cisco | 1 Server Provisioner | 2013-11-19 | 5.0 MEDIUM | N/A |
| The web interface in Cisco Server Provisioner 6.4.0 Patch 5-1301292331 and earlier does not require authentication for unspecified pages, which allows remote attackers to obtain sensitive information via a direct request, aka Bug ID CSCug65664. | |||||
| CVE-2013-3694 | 3 Apple, Blackberry, Microsoft | 3 Mac Os X, Blackberry Link, Windows | 2013-11-19 | 6.8 MEDIUM | N/A |
| BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not require authentication for remote file-access folders, which allows remote attackers to read or create arbitrary files via IPv6 WebDAV requests, as demonstrated by a CSRF attack involving DNS rebinding. | |||||
| CVE-2013-5972 | 1 Vmware | 2 Player, Workstation | 2013-11-19 | 7.2 HIGH | N/A |
| VMware Workstation 9.x before 9.0.3 and VMware Player 5.x before 5.0.3 on Linux do not properly handle shared libraries, which allows host OS users to gain host OS privileges via unspecified vectors. | |||||
| CVE-2013-6801 | 1 Microsoft | 2 Windows Xp, Word | 2013-11-19 | 7.1 HIGH | N/A |
| Microsoft Word 2003 SP2 and SP3 on Windows XP SP3 allows remote attackers to cause a denial of service (CPU consumption) via a malformed .doc file containing an embedded image, as demonstrated by word2003forkbomb.doc, related to a "fork bomb" issue. | |||||
| CVE-2013-3061 | 1 Sap | 2 Erp Cental Component, Healthcare Industry Solution | 2013-11-18 | 6.5 MEDIUM | N/A |
| The ISHMED-PATRED_TRANSACT_RFCCALL function in the IS-H Industry-Specific Component Hospital subsystem in SAP Healthcare Industry Solution, and the SAP ERP central component (aka ECC 6), allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors. | |||||
| CVE-2013-3063 | 1 Sap | 1 Basis Communication Services | 2013-11-18 | 6.0 MEDIUM | N/A |
| SAP BASIS Communication Services 4.6B through 7.30 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2013-3238 | 1 Phpmyadmin | 1 Phpmyadmin | 2013-11-18 | 6.0 MEDIUM | N/A |
| phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature. | |||||
| CVE-2013-3239 | 1 Phpmyadmin | 1 Phpmyadmin | 2013-11-18 | 4.6 MEDIUM | N/A |
| phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename. | |||||
| CVE-2013-3240 | 1 Phpmyadmin | 1 Phpmyadmin | 2013-11-18 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3 allows remote authenticated users to read arbitrary files or possibly have unspecified other impact via a parameter that specifies a crafted export type. | |||||
| CVE-2013-3241 | 1 Phpmyadmin | 1 Phpmyadmin | 2013-11-18 | 4.0 MEDIUM | N/A |
| export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request. | |||||
| CVE-2013-5561 | 1 Cisco | 1 Adaptive Security Appliance Cx Context-aware Security Software | 2013-11-15 | 5.0 MEDIUM | N/A |
| The Safe Search enforcement feature in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security Software does not properly perform filtering, which allows remote attackers to bypass intended policy restrictions via unspecified vectors, aka Bug ID CSCui94622. | |||||
| CVE-2013-3285 | 1 Emc | 1 Networker | 2013-11-15 | 3.5 LOW | N/A |
| The NetWorker Management Console (NMC) in EMC NetWorker 8.0.x before 8.0.2.3, when using Active Directory/LDAP for authentication, allows remote authenticated users to discover cleartext administrator passwords via (1) unspecified NMC audit reports or (2) requests to RAP resources. | |||||
| CVE-2013-1439 | 1 Libraw | 1 Libraw | 2013-11-14 | 4.3 MEDIUM | N/A |
| The "faster LJPEG decoder" in libraw 0.13.x, 0.14.x, and 0.15.x before 0.15.4 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted photo file. | |||||
| CVE-2013-5565 | 1 Cisco | 1 Ios Xr | 2013-11-14 | 4.3 MEDIUM | N/A |
| The OSPFv3 functionality in Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (process crash) via a malformed LSA Type-1 packet, aka Bug ID CSCuj82176. | |||||
| CVE-2013-5566 | 1 Cisco | 2 Mds 9000, Nx-os | 2013-11-14 | 5.0 MEDIUM | N/A |
| Cisco NX-OS 5.0 and earlier on MDS 9000 devices allows remote attackers to cause a denial of service (supervisor CPU consumption) via Authentication Header (AH) authentication in a Virtual Router Redundancy Protocol (VRRP) frame, aka Bug ID CSCte27874. | |||||
| CVE-2013-6685 | 1 Cisco | 4 Unified Ip Phone 8961, Unified Ip Phone 9951, Unified Ip Phone 9971 and 1 more | 2013-11-14 | 6.6 MEDIUM | N/A |
| The firmware on Cisco Unified IP phones 8961, 9951, and 9971 uses weak permissions for memory block devices, which allows local users to gain privileges by mounting a device with a setuid file in its filesystem, aka Bug ID CSCui04382. | |||||
| CVE-2013-4740 | 1 Qualcomm | 1 Quic Mobile Station Modem Kernel | 2013-11-14 | 6.9 MEDIUM | N/A |
| goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, relies on user-space length values for kernel-memory copies of procfs file content, which allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that provides crafted values. | |||||
| CVE-2013-6683 | 1 Cisco | 1 Nx-os | 2013-11-14 | 6.1 MEDIUM | N/A |
| The IPv6 implementation in Cisco NX-OS does not properly handle neighbor-table adjacencies, which allows remote attackers to cause a denial of service (NS processing outage) via a series of malformed packets, aka Bug ID CSCtd15904. | |||||