Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-2891 | 1 Linux | 1 Linux Kernel | 2013-09-18 | 4.7 MEDIUM | N/A |
| drivers/hid/hid-steelseries.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_STEELSERIES is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. | |||||
| CVE-2013-2890 | 1 Linux | 1 Linux Kernel | 2013-09-18 | 4.7 MEDIUM | N/A |
| drivers/hid/hid-sony.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_SONY is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. | |||||
| CVE-2013-1033 | 1 Apple | 1 Mac Os X | 2013-09-18 | 5.5 MEDIUM | N/A |
| Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access. | |||||
| CVE-2013-1029 | 1 Apple | 1 Mac Os X | 2013-09-18 | 4.9 MEDIUM | N/A |
| The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to cause a denial of service (panic) via crafted IGMP packets that leverage incorrect, extraneous code in the IGMP parser. | |||||
| CVE-2013-1030 | 1 Apple | 1 Mac Os X | 2013-09-18 | 2.1 LOW | N/A |
| mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process. | |||||
| CVE-2013-1027 | 1 Apple | 1 Mac Os X | 2013-09-18 | 6.8 MEDIUM | N/A |
| Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a crafted package. | |||||
| CVE-2013-5021 | 2 Abb, Ni | 5 Datamanager, Labview, Labwindows and 2 more | 2013-09-17 | 9.3 HIGH | N/A |
| Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value. | |||||
| CVE-2013-5022 | 1 Ni | 4 Labview, Labwindows, Measurementstudio and 1 more | 2013-09-17 | 10.0 HIGH | N/A |
| Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allows remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method, in conjunction with file content in the (1) Caption or (2) FormatString property value. | |||||
| CVE-2013-5026 | 1 Ni | 1 Lookout | 2013-09-17 | 9.3 HIGH | N/A |
| An ActiveX control in lookout650.ocx, lookout660.ocx, and lookout670.ocx in National Instruments Lookout 6.5 through 6.7 allows remote attackers to execute arbitrary code by triggering the download of, and calls to, an arbitrary DLL file. | |||||
| CVE-2013-5649 | 1 Juniper | 1 Ive Os | 2013-09-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.1 before 7.1r15, 7.2 before 7.2r11, 7.3 before 7.3r6, and 7.4 before 7.4r3 allow (1) remote attackers to inject arbitrary web script or HTML via vectors involving login pages, and allow (2) remote authenticated users to inject arbitrary web script or HTML via vectors involving a support page. | |||||
| CVE-2013-4298 | 1 Imagemagick | 1 Imagemagick | 2013-09-17 | 4.3 MEDIUM | N/A |
| The ReadGIFImage function in coders/gif.c in ImageMagick before 6.7.8-8 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted comment in a GIF image. | |||||
| CVE-2012-3748 | 1 Apple | 2 Iphone Os, Safari | 2013-09-17 | 5.1 MEDIUM | N/A |
| Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays. | |||||
| CVE-2013-3615 | 1 Dahuasecurity | 65 Dvr0404hd-a, Dvr0404hd-l, Dvr0404hd-s and 62 more | 2013-09-17 | 7.8 HIGH | N/A |
| Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack. | |||||
| CVE-2013-3613 | 1 Dahuasecurity | 65 Dvr0404hd-a, Dvr0404hd-l, Dvr0404hd-s and 62 more | 2013-09-17 | 7.8 HIGH | N/A |
| Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port. | |||||
| CVE-2013-3612 | 1 Dahuasecurity | 65 Dvr0404hd-a, Dvr0404hd-l, Dvr0404hd-s and 62 more | 2013-09-17 | 10.0 HIGH | N/A |
| Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or (c) unknown other vectors. | |||||
| CVE-2013-5620 | 2013-09-17 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions. | |||||
| CVE-2013-5621 | 2013-09-17 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions. | |||||
| CVE-2013-5622 | 2013-09-17 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions. | |||||
| CVE-2013-5623 | 2013-09-17 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions. | |||||
| CVE-2013-5624 | 2013-09-17 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions. | |||||