Total
5231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-3044 | 1 Ibm | 1 Lotus Sametime | 2024-11-21 | 3.5 LOW | N/A |
| The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to spoof the origin of chat messages, or compose anonymous chat messages, by leveraging meeting-attendance privileges. | |||||
| CVE-2013-3037 | 1 Ibm | 1 Rational Requirements Composer | 2024-11-21 | 4.4 MEDIUM | N/A |
| Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for local users to gain privileges via unknown vectors. | |||||
| CVE-2013-3024 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization. IBM X-Force ID: 84362. | |||||
| CVE-2013-3016 | 1 Ibm | 1 Websphere Portal | 2024-11-21 | 5.0 MEDIUM | N/A |
| IBM WebSphere Portal 6.1, 7.0, and 8.0 allows remote attackers to access the user directory via a crafted request for a servlet, related to the serveServletsByClassnameEnabled setting. | |||||
| CVE-2013-3005 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | 8.5 HIGH | N/A |
| The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, when RBAC is enabled, allows remote authenticated users to bypass intended file-ownership restrictions, and read or overwrite arbitrary files, via unspecified vectors. | |||||
| CVE-2013-2997 | 1 Ibm | 1 Security Appscan | 2024-11-21 | 1.7 LOW | N/A |
| IBM Security AppScan Enterprise before 8.7 does not invalidate the session context upon a logout action, which allows remote attackers to hijack sessions by leveraging an unattended workstation. | |||||
| CVE-2013-2989 | 1 Ibm | 1 Sterling Connect | 2024-11-21 | 6.8 MEDIUM | N/A |
| The file-copying functionality in IBM Sterling Connect:Direct 3.8.00, 4.0.00, and 4.1.0 for UNIX on AIX 6.1 through 7.1 uses incorrect privileges, which allows local users to bypass filesystem read permissions and write permissions by leveraging authentication to the Connect:Direct product. | |||||
| CVE-2013-2974 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2024-11-21 | 7.5 HIGH | N/A |
| The BIRT viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.x before 7.2.1.5 allows remote authenticated users to bypass authorization checks and obtain report-administration privileges, and consequently create or delete reports or conduct SQL injection attacks, via crafted parameters to the BIRT reporting URL. | |||||
| CVE-2013-2934 | 1 Citrix | 1 Cloudportal Services Manager | 2024-11-21 | 10.0 HIGH | N/A |
| Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 does not properly restrict access to web services, which has unspecified impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162. | |||||
| CVE-2013-2930 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 3.6 LOW | N/A |
| The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. | |||||
| CVE-2013-2929 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 3.3 LOW | N/A |
| The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h. | |||||
| CVE-2013-2905 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-11-21 | 5.0 MEDIUM | N/A |
| The SharedMemory::Create function in memory/shared_memory_posix.cc in Google Chrome before 29.0.1547.57 uses weak permissions under /dev/shm/, which allows attackers to obtain sensitive information via direct access to a POSIX shared-memory file. | |||||
| CVE-2013-2881 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-11-21 | 5.8 MEDIUM | N/A |
| Google Chrome before 28.0.1500.95 does not properly handle frames, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | |||||
| CVE-2013-2876 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-11-21 | 5.0 MEDIUM | N/A |
| browser/extensions/api/tabs/tabs_api.cc in Google Chrome before 28.0.1500.71 does not properly enforce restrictions on the capture of screenshots by extensions, which allows remote attackers to obtain sensitive information about the content of a previous page via vectors involving an interstitial page. | |||||
| CVE-2013-2874 | 2 Google, Microsoft | 2 Chrome, Windows | 2024-11-21 | 4.3 MEDIUM | N/A |
| Google Chrome before 28.0.1500.71 on Windows, when an Nvidia GPU is used, allows remote attackers to bypass intended restrictions on access to screen data via vectors involving IPC transmission of GL textures. | |||||
| CVE-2013-2866 | 1 Google | 2 Chrome, Chrome Os | 2024-11-21 | 4.3 MEDIUM | N/A |
| The Flash plug-in in Google Chrome before 27.0.1453.116, as used on Google Chrome OS before 27.0.1453.116 and separately, does not properly determine whether a user wishes to permit camera or microphone access by a Flash application, which allows remote attackers to obtain sensitive information from a machine's physical environment via a clickjacking attack, as demonstrated by an attack using a crafted Cascading Style Sheets (CSS) opacity property. | |||||
| CVE-2013-2835 | 1 Google | 1 Chrome Os | 2024-11-21 | 5.0 MEDIUM | N/A |
| Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechanism via a crafted web site, a different vulnerability than CVE-2013-2834. | |||||
| CVE-2013-2834 | 1 Google | 1 Chrome Os | 2024-11-21 | 5.0 MEDIUM | N/A |
| Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechanism via a crafted web site, a different vulnerability than CVE-2013-2835. | |||||
| CVE-2013-2826 | 1 Wellintech | 3 Kingalarm\&event, Kinggraphic, Kingscada | 2024-11-21 | 6.4 MEDIUM | N/A |
| WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 perform authentication on the KAEClientManager console rather than on the server, which allows remote attackers to bypass intended access restrictions and discover credentials via a crafted packet to TCP port 8130. | |||||
| CVE-2013-2796 | 1 Schneider-electric | 3 Citectscada, Powerlogic Scada, Vijeo Citect | 2024-11-21 | 6.9 MEDIUM | N/A |
| Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||