Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-3473 | 1 Cisco | 1 Prime Central For Hosted Collaboration Solution Assurance | 2013-09-23 | 7.8 HIGH | N/A |
| The web framework in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance before 9.1.1 does not properly determine the existence of an authenticated session, which allows remote attackers to discover usernames and passwords via an HTTP request, aka Bug ID CSCud32600. | |||||
| CVE-2013-5696 | 1 Glpi-project | 1 Glpi | 2013-09-23 | 6.8 MEDIUM | N/A |
| inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 action or (2) execute arbitrary PHP code via an update_1 action. | |||||
| CVE-2013-5918 | 2 Platinum Seo Project, Wordpress | 2 Platinum Seo Plugin, Wordpress | 2013-09-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in platinum_seo_pack.php in the Platinum SEO plugin before 1.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||||
| CVE-2013-4706 | 1 Dlink | 2 Dwl-2100ap, Dwl-2100ap Firmware | 2013-09-23 | 6.3 MEDIUM | N/A |
| The SSH implementation on the D-Link Japan DWL-2100AP with firmware before R252JP-RC572 allows remote authenticated users to cause a denial of service (reboot) by leveraging login access. | |||||
| CVE-2013-4707 | 1 Dlink | 2 Des-3810, Des-3810 Firmware | 2013-09-23 | 6.3 MEDIUM | N/A |
| The SSH implementation on D-Link Japan DES-3810 devices with firmware before R2.20.011 allows remote authenticated users to cause a denial of service (device hang) by leveraging login access. | |||||
| CVE-2013-5917 | 2 Rodrigo Coimbra, Wordpress | 2 Nospam Pti, Wordpress | 2013-09-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in wp-comments-post.php in the NOSpam PTI plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the comment_post_ID parameter. | |||||
| CVE-2013-1130 | 2 Apple, Cisco | 2 Mac Os X, Anyconnect Secure Mobility Client | 2013-09-23 | 6.8 MEDIUM | N/A |
| Cisco AnyConnect Secure Mobility Client on Mac OS X uses weak permissions for a library directory, which allows local users to gain privileges via a crafted library file, aka Bug ID CSCue33619. | |||||
| CVE-2013-1121 | 1 Cisco | 1 Nx-os | 2013-09-19 | 5.4 MEDIUM | N/A |
| The regex engine in the BGP implementation in Cisco NX-OS, when a complex regular expression is configured for inbound routes, allows remote attackers to cause a denial of service (device reload) via a crafted AS path set, aka Bug ID CSCuf49554. | |||||
| CVE-2013-1031 | 1 Apple | 1 Mac Os X | 2013-09-19 | 3.3 LOW | N/A |
| Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an unattended workstation on which a locking failure had prevented the startup of the screen saver. | |||||
| CVE-2013-5134 | 2013-09-19 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was assigned to an issue that is not within the scope of CVE. Notes: none. | |||||
| CVE-2013-4138 | 2 Alienwp, Drupal | 2 Hatch, Drupal | 2013-09-18 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Hatch theme 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with the "Administer content," "Create new article," or "Edit any article type content" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-3277 | 1 Emc | 1 Rsa Archer Egrc | 2013-09-18 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in EMC RSA Archer GRC 5.x before 5.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2013-3458 | 1 Cisco | 2 Adaptive Security Appliance, Adaptive Security Appliance Software | 2013-09-18 | 7.1 HIGH | N/A |
| Cisco Adaptive Security Appliances (ASA) devices, when SMP is used, do not properly process X.509 certificates, which allows remote attackers to cause a denial of service (device crash) via a large volume of (1) SSL or (2) TLS traffic, aka Bug ID CSCuh19462. | |||||
| CVE-2013-5714 | 2 Videowhisper, Wordpress | 2 Live Streaming Integration Plugin, Wordpress | 2013-09-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ls/htmlchat.php in the VideoWhisper Live Streaming Integration plugin 4.25.3 and possibly earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2013-2297 | 1 Eucalyptus | 1 Eustore | 2013-09-18 | 6.9 MEDIUM | N/A |
| Eucalyptus EuStore sets a blank root password in the default configuration of EMI 3868652036, EMI 0400376721, EMI 2425352071, and EMI 1347115203, which allows local users to gain privileges via unspecified vectors, a related issue to CVE-2013-2069. | |||||
| CVE-2013-2296 | 1 Eucalyptus | 1 Eucalyptus | 2013-09-18 | 5.5 MEDIUM | N/A |
| Walrus in Eucalyptus before 3.2.2 does not verify authorization for the GetBucketLoggingStatus, SetBucketLoggingStatus, and SetBucketVersioningStatus bucket operations, which allows remote authenticated users to bypass intended restrictions on (1) modifying the logging setting, (2) modifying the versioning setting, or (3) accessing activity logs via a request. | |||||
| CVE-2012-4067 | 1 Eucalyptus | 1 Eucalyptus | 2013-09-18 | 4.3 MEDIUM | N/A |
| Walrus in Eucalyptus before 3.2.2 allows remote attackers to cause a denial of service (memory, thread, and CPU consumption) via a crafted XML message containing a DTD, as demonstrated by a bucket-logging request. | |||||
| CVE-2013-2788 | 1 Subnet | 1 Substation Server | 2013-09-18 | 4.3 MEDIUM | N/A |
| The DNP3 Slave service in SUBNET Solutions SubSTATION Server 2.7.0033 and 2.8.0106 allows remote attackers to cause a denial of service (unhandled exception and process crash) via unspecified vectors. | |||||
| CVE-2013-4766 | 1 Eucalyptus | 1 Eucalyptus | 2013-09-18 | 4.3 MEDIUM | N/A |
| The gather log service in Eucalyptus before 3.3.1 allows remote attackers to read log files via an unspecified request to the (1) Cluster Controller (CC) or (2) Node Controller (NC) component. | |||||
| CVE-2013-5132 | 1 Apple | 1 Airport Base Station Firmware | 2013-09-18 | 5.4 MEDIUM | N/A |
| Apple AirPort Base Station Firmware before 7.6.4 does not properly handle incorrect frame lengths, which allows remote attackers to cause a denial of service (device crash) by associating with the access point and then sending a short frame. | |||||