Total
5231 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-5754 | 1 Dahuasecurity | 65 Dvr0404hd-a, Dvr0404hd-l, Dvr0404hd-s and 62 more | 2024-11-21 | 10.0 HIGH | N/A |
The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain administrative access and change the administrator password via requests involving (1) ActiveX, (2) a standalone client, or (3) unspecified other vectors, a different vulnerability than CVE-2013-3612. | |||||
CVE-2013-5725 | 1 Metaclassy | 1 Byword | 2024-11-21 | 5.0 MEDIUM | N/A |
The Metaclassy Byword app 2.x before 2.1 for iOS does not require confirmation of Replace file actions, which allows remote attackers to overwrite arbitrary files via the name and text parameters in a byword://replace URL. | |||||
CVE-2013-5724 | 1 Debian | 1 Phpbb3 | 2024-11-21 | 2.1 LOW | N/A |
Phpbb3 before 3.0.11-4 for Debian GNU/Linux uses world-writable permissions for cache files, which allows local users to modify the file contents via standard filesystem write operations. | |||||
CVE-2013-5718 | 1 Wireshark | 1 Wireshark | 2024-11-21 | 4.3 MEDIUM | N/A |
The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not restrict the dch_id value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
CVE-2013-5710 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 3.7 LOW | N/A |
The nullfs implementation in sys/fs/nullfs/null_vnops.c in the kernel in FreeBSD 8.3 through 9.2 allows local users with certain permissions to bypass access restrictions via a hardlink in a nullfs instance to a file in a different instance. | |||||
CVE-2013-5701 | 1 Watchguard | 1 Server Center | 2024-11-21 | 7.2 HIGH | N/A |
Multiple untrusted search path vulnerabilities in (1) Watchguard Log Collector (wlcollector.exe) and (2) Watchguard WebBlocker Server (wbserver.exe) in WatchGuard Server Center 11.7.4, 11.7.3, and possibly earlier allow local users to gain privileges via a Trojan horse wgpr.dll file in the application's bin directory. | |||||
CVE-2013-5691 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 6.9 MEDIUM | N/A |
The (1) IPv6 and (2) ATM ioctl request handlers in the kernel in FreeBSD 8.3 through 9.2-STABLE do not validate SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR, and SIOCSIFNETMASK requests, which allows local users to perform link-layer actions, cause a denial of service (panic), or possibly gain privileges via a crafted application. | |||||
CVE-2013-5663 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 4.3 MEDIUM | N/A |
The App-ID cache feature in Palo Alto Networks PAN-OS before 4.0.14, 4.1.x before 4.1.11, and 5.0.x before 5.0.2 allows remote attackers to bypass intended security policies via crafted requests that trigger invalid caching, as demonstrated by incorrect identification of HTTP traffic as SIP traffic, aka Ref ID 47195. | |||||
CVE-2013-5606 | 1 Mozilla | 1 Network Security Services | 2024-11-21 | 5.8 MEDIUM | N/A |
The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate. | |||||
CVE-2013-5598 | 1 Mozilla | 2 Firefox, Firefox Esr | 2024-11-21 | 8.3 HIGH | N/A |
PDF.js in Mozilla Firefox before 25.0 and Firefox ESR 24.x before 24.1 does not properly handle the appending of an IFRAME element, which allows remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges by using this element within an embedded PDF object. | |||||
CVE-2013-5572 | 1 Zabbix | 1 Zabbix | 2024-11-21 | 3.5 LOW | N/A |
Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldap_bind_password value in the HTML source code. | |||||
CVE-2013-5556 | 1 Cisco | 1 Nexus 1000v | 2024-11-21 | 6.8 MEDIUM | N/A |
The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches allows local users to gain privileges and execute arbitrary commands via crafted "install all iso" arguments, aka Bug ID CSCui21340. | |||||
CVE-2013-5552 | 1 Cisco | 2 Content Services Gateway, Ios | 2024-11-21 | 6.4 MEDIUM | N/A |
Cisco IOS 12.4(24)MDB9 and earlier on Content Services Gateway (CSG) devices does not properly implement the "parse error drop" feature, which allows remote attackers to bypass intended access restrictions via a crafted series of packets, aka Bug ID CSCug90143. | |||||
CVE-2013-5548 | 1 Cisco | 1 Ios | 2024-11-21 | 4.3 MEDIUM | N/A |
The IKEv2 implementation in Cisco IOS, when AES-GCM or AES-GMAC is used, allows remote attackers to bypass certain IPsec anti-replay features via IPsec tunnel traffic, aka Bug ID CSCuj47795. | |||||
CVE-2013-5538 | 1 Cisco | 2 Identity Services Engine, Identity Services Engine Software | 2024-11-21 | 5.0 MEDIUM | N/A |
The Sponsor Portal in Cisco Identity Services Engine (ISE) uses weak permissions for uploaded files, which allows remote attackers to read arbitrary files via a direct request, aka Bug ID CSCui67506. | |||||
CVE-2013-5522 | 1 Cisco | 2 Catalyst 3750-x, Ios | 2024-11-21 | 6.8 MEDIUM | N/A |
Cisco IOS on Catalyst 3750X switches has default Service Module credentials, which makes it easier for local users to gain privileges via a Service Module login, aka Bug ID CSCue92286. | |||||
CVE-2013-5521 | 1 Cisco | 1 Identity Services Engine Software | 2024-11-21 | 5.0 MEDIUM | N/A |
Cisco Identity Services Engine does not properly restrict the creation of guest accounts, which allows remote attackers to cause a denial of service (exhaustion of the account supply) via a series of requests within one session, aka Bug ID CSCue94287. | |||||
CVE-2013-5509 | 1 Cisco | 1 Adaptive Security Appliance Software | 2024-11-21 | 10.0 HIGH | N/A |
The SSL implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0 before 9.0(2.6) and 9.1 before 9.1(2) allows remote attackers to bypass authentication, and obtain VPN access or administrative access, via a crafted X.509 client certificate, aka Bug ID CSCuf52468. | |||||
CVE-2013-5506 | 1 Cisco | 1 Firewall Services Module Software | 2024-11-21 | 6.6 MEDIUM | N/A |
The authorization functionality in Cisco Firewall Services Module (FWSM) 3.1.x and 3.2.x before 3.2(25) and 4.x before 4.1(13), when multiple-context mode is enabled, allows local users to read or modify any context's configuration via unspecified commands, aka Bug ID CSCue46080. | |||||
CVE-2013-5502 | 1 Cisco | 1 Mediasense | 2024-11-21 | 5.0 MEDIUM | N/A |
The web interface in Cisco MediaSense does not properly protect the client-server communication channel, which allows remote attackers to obtain sensitive query string or cookie information via unspecified vectors, aka Bug ID CSCuj23344. |