Total
5231 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-6398 | 1 Apache | 1 Cloudstack | 2024-11-21 | 2.8 LOW | N/A |
The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request. | |||||
CVE-2013-6383 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 6.9 MEDIUM | N/A |
The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. | |||||
CVE-2013-6375 | 2 Opensuse, Xen | 2 Opensuse, Xen | 2024-11-21 | 7.9 HIGH | N/A |
Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properly flush the TLB after clearing a present translation table entry, which allows local guest administrators to cause a denial of service or gain privileges via unspecified vectors related to an "inverted boolean parameter." | |||||
CVE-2013-6373 | 1 Jenkins-ci | 1 Exclusion | 2024-11-21 | 5.5 MEDIUM | N/A |
The Exclusion plugin before 0.9 for Jenkins does not properly prevent access to resource locks, which allows remote authenticated users to list and release resources via unspecified vectors. | |||||
CVE-2013-6319 | 1 Ibm | 1 Algo One | 2024-11-21 | 4.0 MEDIUM | N/A |
IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to bypass intended access restrictions and read content via unspecified vectors. | |||||
CVE-2013-6316 | 1 Ibm | 1 Websphere Portal | 2024-11-21 | 4.3 MEDIUM | N/A |
IBM WebSphere Portal 7.0.0.x before 7.0.0.2 CF26 and 8.0.0.x before 8.0.0.1 CF09 does not properly handle content-selection changes during Taxonomy component rendering, which allows remote attackers to obtain sensitive property information in opportunistic circumstances by leveraging an error in a Web Content Manager (WCM) context processor. | |||||
CVE-2013-6271 | 1 Google | 1 Android | 2024-11-21 | 8.8 HIGH | N/A |
Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the com.android.settings.ChooseLockGeneric class with the PASSWORD_QUALITY_UNSPECIFIED option. | |||||
CVE-2013-6246 | 1 Dell | 1 Quest One Password Manager | 2024-11-21 | 5.0 MEDIUM | N/A |
The Dell Quest One Password Manager, possibly 5.0, allows remote attackers to bypass CAPTCHA protections and obtain sensitive information (user's full name) by sending a login request with a valid domain and username but without the CaptchaType, UseCaptchaEveryTime, and CaptchaResponse parameters. | |||||
CVE-2013-6230 | 1 Isc | 1 Bind | 2024-11-21 | 6.8 MEDIUM | N/A |
The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in ISC BIND 9.6-ESV before 9.6-ESV-R10-P1, 9.8 before 9.8.6-P1, 9.9 before 9.9.4-P1, 9.9.3-S1, 9.9.4-S1, and other products, does not properly support the SIO_GET_INTERFACE_LIST command for netmask 255.255.255.255, which allows remote attackers to bypass intended IP address restrictions by leveraging misinterpretation of this netmask as a 0.0.0.0 netmask. | |||||
CVE-2013-6180 | 1 Emc | 2 Rsa Netwitness Nextgen, Rsa Security Analytics | 2024-11-21 | 6.8 MEDIUM | N/A |
EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended access restrictions by sending a Core request from a web browser or other unintended user agent. | |||||
CVE-2013-6129 | 1 Vbulletin | 1 Vbulletin | 2024-11-21 | 7.5 HIGH | N/A |
The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid, htmldata[password], htmldata[confirmpassword], and htmldata[email] parameters, as exploited in the wild in October 2013. | |||||
CVE-2013-6128 | 1 Wellintech | 1 Kingview | 2024-11-21 | 5.8 MEDIUM | N/A |
The KCHARTXYLib.KChartXY ActiveX control in KChartXY.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict SaveToFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the single pathname argument, as demonstrated by a directory traversal attack. | |||||
CVE-2013-6077 | 1 Citrix | 1 Xendesktop | 2024-11-21 | 5.8 MEDIUM | N/A |
Citrix XenDesktop 7.0, when upgraded from XenDesktop 5.x, does not properly enforce policy rule permissions, which allows remote attackers to bypass intended restrictions. | |||||
CVE-2013-6026 | 3 Alphanetworks, Dlink, Planex | 13 Vdsl Asl-55052, Vdsl Asl-56552, Di-524up and 10 more | 2024-11-21 | 10.0 HIGH | N/A |
The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlset_roodkcableoj28840ybtide User-Agent HTTP header, as exploited in the wild in October 2013. | |||||
CVE-2013-6004 | 1 Cybozu | 1 Garoon | 2024-11-21 | 6.8 MEDIUM | N/A |
Session fixation vulnerability in Cybozu Garoon before 3.7.2 allows remote attackers to hijack web sessions via unspecified vectors. | |||||
CVE-2013-5975 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | 4.3 MEDIUM | N/A |
The access policy logon page (logon.inc) in F5 BIG-IP APM 11.1.0 through 11.2.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||||
CVE-2013-5973 | 1 Vmware | 2 Esx, Esxi | 2024-11-21 | 4.4 MEDIUM | N/A |
VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power User or Resource Pool Administrator role for a vCenter Server Add Existing Disk action with a (1) -flat, (2) -rdm, or (3) -rdmp filename. | |||||
CVE-2013-5972 | 1 Vmware | 2 Player, Workstation | 2024-11-21 | 7.2 HIGH | N/A |
VMware Workstation 9.x before 9.0.3 and VMware Player 5.x before 5.0.3 on Linux do not properly handle shared libraries, which allows host OS users to gain host OS privileges via unspecified vectors. | |||||
CVE-2013-5971 | 1 Vmware | 1 Vcenter Server | 2024-11-21 | 6.8 MEDIUM | N/A |
Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors. | |||||
CVE-2013-5965 | 2 Adcisolutions, Drupal | 2 Node View Permissions, Drupal | 2024-11-21 | 5.0 MEDIUM | N/A |
The Node View Permissions module 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the hook_query_alter function, which might allow remote attackers to obtain sensitive information by reading a node listing. |