Total
5231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-5148 | 1 Apple | 1 Keynote | 2024-11-21 | 7.2 HIGH | N/A |
| Apple Keynote before 6.0 does not properly handle the interaction between Keynote presentation mode and the Screen Lock implementation, which allows physically proximate attackers to obtain access by visiting an unattended workstation on which this mode was enabled during a sleep operation. | |||||
| CVE-2013-5145 | 1 Apple | 1 Iphone Os | 2024-11-21 | 6.3 MEDIUM | N/A |
| kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message. | |||||
| CVE-2013-5144 | 1 Apple | 1 Iphone Os | 2024-11-21 | 3.3 LOW | N/A |
| Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain notification and camera-pane state to trigger a NULL pointer dereference. | |||||
| CVE-2013-5137 | 1 Apple | 1 Iphone Os | 2024-11-21 | 2.6 LOW | N/A |
| IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API. | |||||
| CVE-2013-5133 | 1 Apple | 1 Iphone Os | 2024-11-21 | 8.8 HIGH | N/A |
| Backup in Apple iOS before 7.1 does not properly restrict symlinks, which allows remote attackers to overwrite files during a restore operation via crafted backup data. | |||||
| CVE-2013-5097 | 1 Juniper | 3 Junos Space, Junos Space Ja1500 Appliance, Junos Space Virtual Appliance | 2024-11-21 | 4.0 MEDIUM | N/A |
| Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly restrict access to the list of user accounts and their MD5 password hashes, which makes it easier for remote authenticated users to obtain sensitive information via a dictionary attack, aka PR 879462. | |||||
| CVE-2013-5096 | 1 Juniper | 3 Junos Space, Junos Space Ja1500 Appliance, Junos Space Virtual Appliance | 2024-11-21 | 4.0 MEDIUM | N/A |
| Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly implement role-based access control, which allows remote authenticated users to modify the configuration by leveraging the read-only privilege, aka PR 863804. | |||||
| CVE-2013-5057 | 1 Microsoft | 1 Office | 2024-11-21 | 4.3 MEDIUM | N/A |
| hxds.dll in Microsoft Office 2007 SP3 and 2010 SP1 and SP2 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted COM component on a web site that is visited with Internet Explorer, as exploited in the wild in December 2013, aka "HXDS ASLR Vulnerability." | |||||
| CVE-2013-5030 | 1 Ruckuswireless | 2 Zoneflex 2942, Zoneflex 2942 Firmware | 2024-11-21 | 7.2 HIGH | N/A |
| Ruckus Wireless Zoneflex 2942 devices with firmware 9.6.0.0.267 allow remote attackers to bypass authentication, and subsequently access certain configuration/ and maintenance/ scripts, by constructing a crafted URI after receiving an authentication error for an arbitrary login attempt. | |||||
| CVE-2013-5016 | 2 Broadcom, Microsoft | 2 Symantec Critical System Protection, Windows 2003 Server | 2024-11-21 | 7.6 HIGH | N/A |
| Symantec Critical System Protection (SCSP) before 5.2.9, when installed on an unpatched Windows Server 2003 R2 platform, allows remote attackers to bypass policy settings via unspecified vectors. | |||||
| CVE-2013-5010 | 1 Symantec | 1 Endpoint Protection | 2024-11-21 | 4.6 MEDIUM | N/A |
| The Application/Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly handle custom polices, which allows local users to bypass intended policy restrictions and access files or directories via unspecified vectors. | |||||
| CVE-2013-4987 | 1 Pineapp | 1 Mail-secure | 2024-11-21 | 8.5 HIGH | N/A |
| PineApp Mail-SeCure before 3.70 allows remote authenticated users to gain privileges by leveraging console access and providing shell metacharacters in a "system ping" command. | |||||
| CVE-2013-4984 | 1 Sophos | 1 Web Appliance | 2024-11-21 | 7.2 HIGH | N/A |
| The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument. | |||||
| CVE-2013-4971 | 1 Puppet | 1 Puppet Enterprise | 2024-11-21 | 5.0 MEDIUM | N/A |
| Puppet Enterprise before 3.2.0 does not properly restrict access to node endpoints in the console, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2013-4964 | 1 Puppet | 1 Puppet Enterprise | 2024-11-21 | 5.0 MEDIUM | N/A |
| Puppet Enterprise before 3.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
| CVE-2013-4956 | 2 Puppet, Puppetlabs | 3 Puppet, Puppet Enterprise, Puppet | 2024-11-21 | 3.6 LOW | N/A |
| Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were originally built, which might allow local users to read or modify those modules depending on the original permissions. | |||||
| CVE-2013-4943 | 1 Siemens | 1 Comos | 2024-11-21 | 7.2 HIGH | N/A |
| The client application in Siemens COMOS before 9.1 Update 458, 9.2 before 9.2.0.6.37, and 10.0 before 10.0.3.0.19 allows local users to gain privileges and bypass intended database-operation restrictions by leveraging COMOS project access. | |||||
| CVE-2013-4938 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.3 MEDIUM | N/A |
| The LTI (aka IMS-LTI) mod_form implementation in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly support the sendname, sendemailaddr, and acceptgrades settings, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an environment in which there was an ineffective attempt to enable the more secure values. | |||||
| CVE-2013-4878 | 2 Linux, Parallels | 3 Linux Kernel, Parallels Plesk Panel, Parallels Small Business Panel | 2024-11-21 | 7.5 HIGH | N/A |
| The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2012-1823. | |||||
| CVE-2013-4872 | 1 Google | 1 Glass | 2024-11-21 | 6.9 MEDIUM | N/A |
| Google Glass before XE6 does not properly restrict the processing of QR codes, which allows physically proximate attackers to modify the configuration or redirect users to arbitrary web sites via a crafted symbol, as demonstrated by selecting a Wi-Fi access point in order to conduct a man-in-the-middle attack. | |||||