Total
5231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-3543 | 1 Axis | 1 Media Control Activex Control | 2024-11-21 | 8.8 HIGH | N/A |
| The AXIS Media Control (AMC) ActiveX control (AxisMediaControlEmb.dll) 6.2.10.11 for AXIS network cameras allows remote attackers to create or overwrite arbitrary files via a file path to the (1) StartRecord, (2) SaveCurrentImage, or (3) StartRecordMedia methods. | |||||
| CVE-2013-3519 | 1 Vmware | 5 Esx, Esxi, Fusion and 2 more | 2024-11-21 | 7.9 HIGH | N/A |
| lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x before 5.0.3, VMware Fusion 5.x before 5.0.4, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1, when a 32-bit Windows guest OS is used, allows guest OS users to gain guest OS privileges via an application that performs a crafted memory allocation. | |||||
| CVE-2013-3509 | 1 Gwos | 1 Groundwork Monitor | 2024-11-21 | 6.5 MEDIUM | N/A |
| html/System-NeDi.php in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the scan functionality in the System / NeDi menu. | |||||
| CVE-2013-3506 | 1 Gwos | 1 Groundwork Monitor | 2024-11-21 | 7.5 HIGH | N/A |
| cgi-bin/performance/perfchart.cgi in the Performance component in GroundWork Monitor Enterprise 6.7.0 does not properly restrict XML content, which allows remote attackers to execute arbitrary commands by creating a .shtml file and leveraging Server Side Includes (SSI) functionality. | |||||
| CVE-2013-3503 | 1 Gwos | 1 Groundwork Monitor | 2024-11-21 | 3.5 LOW | N/A |
| The Profile Importer feature in monarch.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2013-3500 | 1 Gwos | 1 Groundwork Monitor | 2024-11-21 | 7.5 HIGH | N/A |
| The Foundation webapp admin interface in GroundWork Monitor Enterprise 6.7.0 uses the nagios account as the owner of writable files under /usr/local/groundwork, which allows context-dependent attackers to bypass intended filesystem restrictions by leveraging access to a GroundWork script. | |||||
| CVE-2013-3499 | 1 Gwos | 1 Groundwork Monitor | 2024-11-21 | 7.5 HIGH | N/A |
| GroundWork Monitor Enterprise 6.7.0 performs authentication on the basis of the HTTP Referer header, which allows remote attackers to obtain administrative privileges or access files via a crafted header. | |||||
| CVE-2013-3496 | 1 Infotecs | 4 Vipnet Client, Vipnet Coordinator, Vipnet Personal Firewall and 1 more | 2024-11-21 | 7.2 HIGH | N/A |
| Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file. | |||||
| CVE-2013-3495 | 2 Opensuse, Xen | 2 Opensuse, Xen | 2024-11-21 | 4.7 MEDIUM | N/A |
| The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device that is bus mastering capable that triggers a System Error Reporting (SERR) Non-Maskable Interrupt (NMI). | |||||
| CVE-2013-3463 | 1 Cisco | 2 Adaptive Security Appliance, Adaptive Security Appliance Software | 2024-11-21 | 4.3 MEDIUM | N/A |
| The protocol-inspection feature on Cisco Adaptive Security Appliances (ASA) devices does not properly implement the idle timeout, which allows remote attackers to cause a denial of service (connection-table exhaustion) via crafted requests that use an inspected protocol, aka Bug ID CSCuh13899. | |||||
| CVE-2013-3448 | 1 Cisco | 1 Webex Meetings Server | 2024-11-21 | 4.0 MEDIUM | N/A |
| Cisco WebEx Meetings Server does not check whether a user account is active, which allows remote authenticated users to bypass intended access restrictions by performing meeting operations after account deactivation, aka Bug ID CSCuh33315. | |||||
| CVE-2013-3445 | 1 Cisco | 1 Identity Services Engine | 2024-11-21 | 5.0 MEDIUM | N/A |
| The firewall subsystem in Cisco Identity Services Engine has an incorrect rule for open ports, which allows remote attackers to cause a denial of service (CPU consumption or process crash) via a flood of malformed IP packets, aka Bug ID CSCug94572. | |||||
| CVE-2013-3438 | 1 Cisco | 1 Unified Meetingplace Web Conferencing | 2024-11-21 | 5.0 MEDIUM | N/A |
| The web framework in the server in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to bypass intended access restrictions and read unspecified web pages via crafted parameters, aka Bug ID CSCuh86385. | |||||
| CVE-2013-3436 | 1 Cisco | 1 Ios | 2024-11-21 | 5.0 MEDIUM | N/A |
| The default configuration of the Group Encrypted Transport VPN (GET VPN) feature on Cisco IOS uses an improper mechanism for enabling Group Domain of Interpretation (GDOI) traffic flow, which allows remote attackers to bypass the encryption policy via certain uses of UDP port 848, aka Bug ID CSCui07698. | |||||
| CVE-2013-3426 | 1 Cisco | 3 Unified Ip Phone 9951, Unified Ip Phone 9971, Unified Ip Phones 9900 Series Firmware | 2024-11-21 | 5.0 MEDIUM | N/A |
| The Serviceability servlet on Cisco 9900 IP phones does not properly restrict paths, which allows remote attackers to read arbitrary files by specifying a pathname in a file request, aka Bug ID CSCuh52810. | |||||
| CVE-2013-3425 | 1 Cisco | 1 Webex | 2024-11-21 | 4.0 MEDIUM | N/A |
| The Meeting Center component in Cisco WebEx 11 generates different error messages for invalid file-access attempts depending on whether a file exists, which allows remote authenticated users to enumerate files via a series of SPI calls, aka Bug ID CSCuc35965. | |||||
| CVE-2013-3408 | 1 Cisco | 3 Virtualization Experience Client 6000, Virtualization Experience Client 6000 Series Firmware, Virtualization Experience Client 6215 | 2024-11-21 | 6.8 MEDIUM | N/A |
| The firmware on Cisco Virtualization Experience Client 6000 devices sets incorrect operating-system permissions, which allows local users to gain privileges via an unspecified sequence of commands, aka Bug ID CSCuc31764. | |||||
| CVE-2013-3407 | 1 Cisco | 1 Server Provisioner | 2024-11-21 | 5.0 MEDIUM | N/A |
| The web interface in Cisco Server Provisioner 6.4.0 Patch 5-1301292331 and earlier does not require authentication for unspecified pages, which allows remote attackers to obtain sensitive information via a direct request, aka Bug ID CSCug65664. | |||||
| CVE-2013-3405 | 1 Cisco | 1 Telepresence Tc Software | 2024-11-21 | 4.3 MEDIUM | N/A |
| The web portal in TC software on Cisco TelePresence endpoints does not require an exact password match during a login attempt by a user who has not configured a password, which allows remote attackers to bypass authentication by sending an arbitrary password, aka Bug ID CSCud96071. | |||||
| CVE-2013-3379 | 1 Cisco | 1 Telepresence Tc Software | 2024-11-21 | 8.3 HIGH | N/A |
| The firewall subsystem in Cisco TelePresence TC Software before 4.2 does not properly implement rules that grant access to hosts, which allows remote attackers to obtain shell access with root privileges by leveraging connectivity to the management network, aka Bug ID CSCts37781. | |||||