Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4266 | 2013-08-27 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-5123. Reason: This candidate is a reservation duplicate of CVE-2013-5123. Notes: All CVE users should reference CVE-2013-5123 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2013-4328 | 2013-08-27 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-4238. Reason: This candidate is a duplicate of CVE-2013-4238. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2013-4238 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2012-4464 | 1 Ruby-lang | 1 Ruby | 2013-08-27 | 5.0 MEDIUM | N/A |
| Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_to_s API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE: this issue might exist because of a CVE-2011-1005 regression. | |||||
| CVE-2012-1118 | 1 Mantisbt | 1 Mantisbt | 2013-08-27 | 4.3 MEDIUM | N/A |
| The access_has_bug_level function in core/access_api.php in MantisBT before 1.2.9 does not properly restrict access when the private_bug_view_threshold is set to an array, which allows remote attackers to bypass intended restrictions and perform certain operations on private bug reports. | |||||
| CVE-2012-1122 | 1 Mantisbt | 1 Mantisbt | 2013-08-27 | 3.6 LOW | N/A |
| bug_actiongroup.php in MantisBT before 1.2.9 does not properly check the report_bug_threshold permission of the receiving project when moving a bug report, which allows remote authenticated users with the report_bug_threshold and move_bug_threshold privileges for a project to bypass intended access restrictions and move bug reports to a different project. | |||||
| CVE-2011-3755 | 1 Mantisbt | 1 Mantisbt | 2013-08-27 | 5.0 MEDIUM | N/A |
| MantisBT 1.2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by view_all_inc.php and certain other files. | |||||
| CVE-2011-2938 | 1 Mantisbt | 1 Mantisbt | 2013-08-27 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in filter_api.php in MantisBT before 1.2.7 allow remote attackers to inject arbitrary web script or HTML via a parameter, as demonstrated by the project_id parameter to search.php. | |||||
| CVE-2010-4350 | 1 Mantisbt | 1 Mantisbt | 2013-08-27 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP. | |||||
| CVE-2010-4348 | 1 Mantisbt | 1 Mantisbt | 2013-08-27 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP. | |||||
| CVE-2010-3763 | 1 Mantisbt | 1 Mantisbt | 2013-08-27 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in core/summary_api.php in MantisBT before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the Summary field, a different vector than CVE-2010-3303. | |||||
| CVE-2010-3303 | 1 Mantisbt | 1 Mantisbt | 2013-08-27 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.3 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) a plugin name, related to manage_plugin_uninstall.php; (2) an enumeration value or (3) a String value of a custom field, related to core/cfdefs/cfdef_standard.php; or a (4) project or (5) category name to print_all_bug_page_word.php. | |||||
| CVE-2013-5578 | 1 Staruml | 1 Staruml | 2013-08-26 | 9.3 HIGH | N/A |
| Buffer overflow in the ToDot method in the WINGRAPHVIZLib.NEATO ActiveX control in WinGraphviz.dll in StarUML allows remote attackers to execute arbitrary code via a long argument. | |||||
| CVE-2013-4220 | 1 Linux | 1 Linux Kernel | 2013-08-26 | 4.9 MEDIUM | N/A |
| The bad_mode function in arch/arm64/kernel/traps.c in the Linux kernel before 3.9.5 on the ARM64 platform allows local users to cause a denial of service (system crash) via vectors involving an attempted register access that triggers an unexpected value in the Exception Syndrome Register (ESR). | |||||
| CVE-2013-4219 | 1 Intel | 1 Wimax Network Service | 2013-08-26 | 7.5 HIGH | N/A |
| Multiple integer overflows in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices allow remote attackers to cause a denial of service (component crash) or possibly execute arbitrary code via an L5 connection with a crafted PDU value that triggers a heap-based buffer overflow within (1) L5SocketsDispatcher.c or (2) L5Connector.c. | |||||
| CVE-2013-4217 | 1 Intel | 1 Wimax Network Service | 2013-08-26 | 2.1 LOW | N/A |
| The OSAL_Crypt_SetEncryptedPassword function in InfraStack/OSDependent/Linux/OSAL/Services/wimax_osal_crypt_services.c in the OSAL crypt module in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices logs a cleartext password during certain attempts to set a password, which allows local users to obtain sensitive information by reading a log file. | |||||
| CVE-2013-3388 | 1 Cisco | 1 Prime Central For Hosted Collaboration Solution Assurance | 2013-08-26 | 7.8 HIGH | N/A |
| Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets to port 44444, aka Bug ID CSCtz92776. | |||||
| CVE-2012-6589 | 1 Myrephp | 1 Myre Business Directory | 2013-08-26 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in MYRE Business Directory allows remote attackers to inject arbitrary web script or HTML via the look parameter. | |||||
| CVE-2012-6585 | 1 Myrephp | 1 Myre Realty Manager | 2013-08-26 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in MYRE Realty Manager allows remote attackers to inject arbitrary web script or HTML via the cat_id1 parameter. | |||||
| CVE-2013-1662 | 1 Vmware | 2 Player, Workstation | 2013-08-26 | 6.9 MEDIUM | N/A |
| vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in a directory in the PATH, related to use of the popen library function. | |||||
| CVE-2013-5587 | 1 Bestpractical | 1 Rt | 2013-08-26 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket. NOTE: this issue has been SPLIT from CVE-2013-3371 due to different affected versions. | |||||
| CVE-2013-3374 | 1 Bestpractical | 1 Rt | 2013-08-26 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows remote attackers to obtain sensitive information (user preferences and caches) via unknown vectors, related to a "limited session re-use." | |||||
| CVE-2013-3373 | 1 Bestpractical | 1 Rt | 2013-08-26 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a MIME header. | |||||
| CVE-2013-3371 | 1 Bestpractical | 1 Rt | 2013-08-26 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 through 3.8.16 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the filename of an attachment. | |||||
| CVE-2013-3370 | 1 Bestpractical | 1 Rt | 2013-08-26 | 6.8 MEDIUM | N/A |
| Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 does not properly restrict access to private callback components, which allows remote attackers to have an unspecified impact via a direct request. | |||||
| CVE-2013-3368 | 1 Bestpractical | 1 Rt | 2013-08-26 | 3.3 LOW | N/A |
| bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name. | |||||
| CVE-2013-1909 | 2 Apache, Redhat | 2 Qpid, Enterprise Mrg | 2013-08-26 | 5.8 MEDIUM | N/A |
| The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2013-2802 | 1 Sixnet | 2 Rtu Firmware, Udr | 2013-08-23 | 10.0 HIGH | N/A |
| The universal protocol implementation in Sixnet UDR before 2.0 and RTU firmware before 4.8 allows remote attackers to execute arbitrary code; read, modify, or create files; or obtain file metadata via function opcodes. | |||||
| CVE-2013-2801 | 1 Osisoft | 1 Pi Interface | 2013-08-23 | 5.0 MEDIUM | N/A |
| The OSIsoft PI Interface for IEEE C37.118 before 1.0.6.158 allows remote attackers to cause a denial of service (instance shutdown and data-collection outage) via crafted C37.118 configuration packets that trigger an invalid read operation. | |||||
| CVE-2013-2299 | 1 Advantech | 1 Advantech Webaccess | 2013-08-23 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2003-0773 | 1 Sane | 2 Sane, Sane-backend | 2013-08-23 | 7.5 HIGH | N/A |
| saned in sane-backends 1.0.7 and earlier does not check the IP address of the connecting host during the SANE_NET_INIT RPC call, which allows remote attackers to use that call even if they are restricted in saned.conf. | |||||
| CVE-2013-3764 | 1 Oracle | 1 Fusion Middleware | 2013-08-22 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 7.4.0 and 7.5.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2013-3763. | |||||
| CVE-2013-3779 | 1 Oracle | 2 Virtualization, Vm Virtualbox | 2013-08-22 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization All 4.6 releases including 4.63 and 4.7 prior to 4.71 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web UI. | |||||
| CVE-2013-3823 | 1 Oracle | 1 Supply Chain Products Suite | 2013-08-22 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Security. | |||||
| CVE-2013-3956 | 2 Microsoft, Novell | 7 Windows 2003 Server, Windows 7, Windows 8 and 4 more | 2013-08-22 | 7.2 HIGH | N/A |
| The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted 0x143B6B IOCTL call. | |||||
| CVE-2013-4575 | 1 Symantec | 1 Backup Exec | 2013-08-22 | 7.9 HIGH | N/A |
| Heap-based buffer overflow in the utility program in the Linux agent in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote attackers to cause a denial of service (agent crash) or possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2013-4676 | 1 Symantec | 1 Backup Exec | 2013-08-22 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a (1) custom-reports generation page, (2) Storage Devices creation page, or (3) jobs creation page in the management console; or (4) a Backup Exec server-management page in the beutility console. | |||||
| CVE-2013-4677 | 1 Symantec | 1 Backup Exec | 2013-08-22 | 4.3 MEDIUM | N/A |
| Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 uses weak permissions (Everyone: Read and Everyone: Change) for backup data files, which allows local users to obtain sensitive information or modify the outcome of a restore via direct access to these files. | |||||
| CVE-2013-4684 | 1 Juniper | 13 Junos, Srx100, Srx110 and 10 more | 2013-08-22 | 7.8 HIGH | N/A |
| flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R8, 12.1 before 12.1R7, and 12.1X44 before 12.1X44-D15 on SRX devices, when PIM and NAT are enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted PIM packets, aka PR 842253. | |||||
| CVE-2013-4685 | 1 Juniper | 13 Junos, Srx100, Srx110 and 10 more | 2013-08-22 | 10.0 HIGH | N/A |
| Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R6, and 12.1X44 before 12.1X44-D15 on SRX devices, when Captive Portal is enabled with the UAC enforcer role, allows remote attackers to execute arbitrary code via crafted HTTP requests, aka PR 849100. | |||||
| CVE-2013-4686 | 1 Juniper | 1 Junos | 2013-08-22 | 7.1 HIGH | N/A |
| The kernel in Juniper Junos 10.4 before 10.4R14, 11.4 before 11.4R8, 11.4X27 before 11.4X27.43, 12.1 before 12.1R6, 12.1X44 before 12.1X44-D20, 12.2 before 12.2R4, and 12.3 before 12.3R2, in certain VLAN configurations with unrestricted arp-resp and proxy-arp settings, allows remote attackers to cause a denial of service (device crash) via a crafted ARP request, aka PR 842091. | |||||
| CVE-2013-4687 | 1 Juniper | 13 Junos, Srx100, Srx110 and 10 more | 2013-08-22 | 7.8 HIGH | N/A |
| flowd in Juniper Junos 10.4 before 10.4S14, 11.2 and 11.4 before 11.4R6-S2, and 12.1 before 12.1R6 on SRX devices, when certain Application Layer Gateways (ALGs) are enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted TCP packets, aka PRs 727980, 806269, and 835593. | |||||
| CVE-2013-4688 | 1 Juniper | 13 Junos, Srx100, Srx110 and 10 more | 2013-08-22 | 7.8 HIGH | N/A |
| flowd in Juniper Junos 10.4 before 10.4R11 on SRX devices, when the MSRPC Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted MSRPC requests, aka PR 772834. | |||||
| CVE-2013-4778 | 1 Siemens | 2 Enterprise Openscape Branch, Openscape Session Border Controller | 2013-08-22 | 7.8 HIGH | N/A |
| core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to obtain sensitive server and statistics information via unspecified vectors. | |||||
| CVE-2013-4779 | 1 Siemens | 2 Enterprise Openscape Branch, Openscape Session Border Controller | 2013-08-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in core/handleTw.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-4780 | 1 Siemens | 2 Enterprise Openscape Branch, Openscape Session Border Controller | 2013-08-22 | 7.8 HIGH | N/A |
| core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2013-4781 | 1 Siemens | 2 Enterprise Openscape Branch, Openscape Session Border Controller | 2013-08-22 | 10.0 HIGH | N/A |
| core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2013-4805 | 1 Hp | 1 Integrated Lights-out Firmware | 2013-08-22 | 9.0 HIGH | N/A |
| Unspecified vulnerability in HP Integrated Lights-Out 3 (aka iLO3) firmware before 1.60 and 4 (aka iLO4) firmware before 1.30 allows remote attackers to bypass authentication via unknown vectors. | |||||
| CVE-2013-4874 | 1 Verizon | 1 Wireless Network Extender | 2013-08-22 | 6.2 MEDIUM | N/A |
| The Uboot bootloader on the Verizon Wireless Network Extender SCS-26UC4 allows physically proximate attackers to obtain root access by connecting a crafted HDMI cable and using a sys session to modify the ramboot environment variable. | |||||
| CVE-2013-4875 | 1 Verizon | 1 Wireless Network Extender | 2013-08-22 | 6.2 MEDIUM | N/A |
| The Uboot bootloader on the Verizon Wireless Network Extender SCS-2U01 allows physically proximate attackers to bypass the intended boot process and obtain a login prompt by connecting a crafted HDMI cable and sending a SysReq interrupt. | |||||
| CVE-2013-4877 | 1 Verizon | 1 Wireless Network Extender | 2013-08-22 | 2.6 LOW | N/A |
| The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets. | |||||