Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-5160 | 1 Apple | 1 Iphone Os | 2013-10-07 | 3.3 LOW | N/A |
| Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button to trigger a NULL pointer dereference. | |||||
| CVE-2013-5161 | 1 Apple | 1 Iphone Os | 2013-10-07 | 4.4 MEDIUM | N/A |
| Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened apps, by leveraging unspecified transition errors. | |||||
| CVE-2013-5481 | 1 Cisco | 1 Ios | 2013-10-07 | 7.1 HIGH | N/A |
| The PPTP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted TCP port-1723 packets, aka Bug ID CSCtq14817. | |||||
| CVE-2013-0126 | 1 Verizon | 2 Fios Actiontec Mi424wr-gen31 Router, Fios Actiontec Mi424wr-gen31 Router Firmware | 2013-10-07 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via the username and user_level parameters or (2) enable remote administration via the is_telnet_primary and is_telnet_secondary parameters. | |||||
| CVE-2013-5473 | 1 Cisco | 2 Ios, Ios Xe | 2013-10-07 | 7.8 HIGH | N/A |
| Memory leak in Cisco IOS 12.2, 15.1, and 15.2; IOS XE 3.4.2S through 3.4.5S; and IOS XE 3.6.xS before 3.6.1S allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed IKEv1 packets, aka Bug ID CSCtx66011. | |||||
| CVE-2013-5093 | 1 Graphite Project | 1 Graphite | 2013-10-07 | 6.8 MEDIUM | N/A |
| The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object. | |||||
| CVE-2013-5476 | 1 Cisco | 1 Ios | 2013-10-07 | 7.8 HIGH | N/A |
| The Zone-Based Firewall (ZFW) feature in Cisco IOS 15.1 through 15.2, when content filtering or HTTP ALG inspection is enabled, allows remote attackers to cause a denial of service (device reload or hang) via crafted IPv4 HTTP traffic, aka Bug ID CSCtx56174. | |||||
| CVE-2013-5942 | 1 Graphite Project | 1 Graphite | 2013-10-07 | 6.8 MEDIUM | N/A |
| Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to (1) remote_storage.py, (2) storage.py, (3) render/datalib.py, and (4) whitelist/views.py, a different vulnerability than CVE-2013-5093. | |||||
| CVE-2013-5943 | 1 Graphite Project | 1 Graphite | 2013-10-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Graphite before 0.9.11 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-5480 | 1 Cisco | 1 Ios | 2013-10-07 | 7.8 HIGH | N/A |
| The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCuf28733. | |||||
| CVE-2013-5479 | 1 Cisco | 1 Ios | 2013-10-07 | 7.8 HIGH | N/A |
| The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCtn53730. | |||||
| CVE-2013-5478 | 1 Cisco | 2 Ios, Ios Xe | 2013-10-07 | 7.8 HIGH | N/A |
| Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via crafted UDP RSVP packets, aka Bug ID CSCuf17023. | |||||
| CVE-2013-5477 | 1 Cisco | 1 Ios | 2013-10-07 | 7.8 HIGH | N/A |
| The T1/E1 driver-queue functionality in Cisco IOS 12.2 and 15.0 through 15.3, when an HDLC32 driver is used, allows remote attackers to cause a denial of service (interface queue wedge) via bursty network traffic, aka Bug ID CSCub67465. | |||||
| CVE-2013-5475 | 1 Cisco | 2 Ios, Ios Xe | 2013-10-07 | 7.8 HIGH | N/A |
| Cisco IOS 12.2 through 12.4 and 15.0 through 15.3, and IOS XE 2.1 through 3.9, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets that are processed locally by a (1) server or (2) relay agent, aka Bug ID CSCug31561. | |||||
| CVE-2013-5474 | 1 Cisco | 1 Ios | 2013-10-07 | 7.8 HIGH | N/A |
| Race condition in the IPv6 virtual fragmentation reassembly (VFR) implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.3 allows remote attackers to cause a denial of service (device reload or hang) via fragmented IPv6 packets, aka Bug ID CSCud64812. | |||||
| CVE-2013-2704 | 2 Metin Saylan, Wordpress | 2 Dropdown Menu Widget, Wordpress | 2013-10-07 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Dropdown Menu Widget plugin 1.9.1 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences. | |||||
| CVE-2013-1190 | 1 Cisco | 1 Unified Computing System | 2013-10-07 | 5.0 MEDIUM | N/A |
| The C-Series Rack Server component 1.4 in Cisco Unified Computing System (UCS) does not properly restrict inbound access to ports, which allows remote attackers to cause a denial of service (Integrated Management Controller reboot or hang) via crafted packets, as demonstrated by nmap, aka Bug ID CSCtx19850. | |||||
| CVE-2013-4679 | 1 Symantec | 1 Workspace Virtualization | 2013-10-07 | 6.6 MEDIUM | N/A |
| Symantec Workspace Virtualization before 6.x before 6.4.1953.0, when a virtual application layer is configured, allows local users to gain privileges via an application that performs crafted interaction with the operating system. | |||||
| CVE-2013-1630 | 1 Guillaume Gauvrit | 1 Pyshop | 2013-10-07 | 6.8 MEDIUM | N/A |
| pyshop before 0.7.1 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a download operation. | |||||
| CVE-2013-2202 | 1 Wordpress | 1 Wordpress | 2013-10-07 | 4.3 MEDIUM | N/A |
| WordPress before 3.5.2 allows remote attackers to read arbitrary files via an oEmbed XML provider response containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||