| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-3503 |
264 |
|
|
2013-05-08 |
2013-05-08 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
The Profile Importer feature in monarch.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. |
|
2 |
CVE-2013-2484 |
|
|
DoS |
2013-03-07 |
2013-04-10 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
The CIMD dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet. |
|
3 |
CVE-2013-2483 |
189 |
|
DoS |
2013-03-07 |
2013-04-10 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
The acn_add_dmp_data function in epan/dissectors/packet-acn.c in the ACN dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via an invalid count value in ACN_DMP_ADT_D_RE DMP data. |
|
4 |
CVE-2013-2480 |
|
|
DoS |
2013-03-07 |
2013-04-10 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
The RTPS and RTPS2 dissectors in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allow remote attackers to cause a denial of service (application crash) via a malformed packet. |
|
5 |
CVE-2013-2479 |
|
|
DoS |
2013-03-07 |
2013-04-10 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
The dissect_mpls_echo_tlv_dd_map function in epan/dissectors/packet-mpls-echo.c in the MPLS Echo dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via invalid Sub-tlv data. |
|
6 |
CVE-2013-2478 |
189 |
|
DoS Overflow |
2013-03-07 |
2013-04-10 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
The dissect_server_info function in epan/dissectors/packet-ms-mms.c in the MS-MMS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not properly manage string lengths, which allows remote attackers to cause a denial of service (application crash) via a malformed packet that (1) triggers an integer overflow or (2) has embedded '\0' characters in a string. |
|
7 |
CVE-2013-2477 |
119 |
|
DoS Overflow |
2013-03-07 |
2013-04-10 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
The CSN.1 dissector in Wireshark 1.8.x before 1.8.6 does not properly manage function pointers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. |
|
8 |
CVE-2013-2475 |
|
|
DoS |
2013-03-07 |
2013-04-10 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
The TCP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet. |
|
9 |
CVE-2013-2406 |
|
|
|
2013-04-17 |
2013-04-18 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote authenticated users to affect integrity via vectors related to PIA Core Technology. |
|
10 |
CVE-2013-2403 |
|
|
|
2013-04-17 |
2013-04-18 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
Unspecified vulnerability in the Siebel Enterprise Application Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Web Services, a different vulnerability than CVE-2013-0416. |
|
11 |
CVE-2013-2401 |
|
|
|
2013-04-17 |
2013-04-18 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote authenticated users to affect integrity via unknown vectors related to Portal. |
|
12 |
CVE-2013-2391 |
|
|
|
2013-04-17 |
2013-04-18 |
3.0 |
None |
Local |
Medium |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install. |
|
13 |
CVE-2013-2387 |
|
|
|
2013-04-17 |
2013-04-18 |
3.6 |
None |
Remote |
High |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to BASE. |
|
14 |
CVE-2013-2381 |
|
|
|
2013-04-17 |
2013-04-18 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server Privileges. |
|
15 |
CVE-2013-2379 |
|
|
|
2013-04-17 |
2013-04-18 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 12.0.1 allows remote authenticated users to affect integrity via unknown vectors related to RT. |
|
16 |
CVE-2013-2377 |
|
|
|
2013-04-17 |
2013-04-17 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect confidentiality via unknown vectors related to My Services. |
|
17 |
CVE-2013-1959 |
264 |
|
+Priv |
2013-05-03 |
2013-05-03 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a file within an unprivileged process and then modifying the file within a privileged process. |
|
18 |
CVE-2013-1922 |
264 |
|
|
2013-05-13 |
2013-05-14 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted, a different vulnerability than CVE-2008-2004. |
|
19 |
CVE-2013-1840 |
200 |
|
+Info |
2013-03-22 |
2013-04-10 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image. |
|
20 |
CVE-2013-1835 |
200 |
|
+Info |
2013-03-25 |
2013-03-26 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated administrators to obtain sensitive information from the external repositories of arbitrary users by leveraging the login_as feature. |
|
21 |
CVE-2013-1833 |
79 |
|
XSS |
2013-03-25 |
2013-03-26 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename. |
|
22 |
CVE-2013-1766 |
264 |
|
|
2013-03-20 |
2013-03-21 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspecified vectors. |
|
23 |
CVE-2013-1611 |
79 |
|
XSS |
2013-05-09 |
2013-05-10 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in administrative-interface pages in the management console in Symantec Brightmail Gateway 9.5.x allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
|
24 |
CVE-2013-1567 |
|
|
|
2013-04-17 |
2013-04-17 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-2395. |
|
25 |
CVE-2013-1566 |
|
|
|
2013-04-17 |
2013-04-17 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. |
|
26 |
CVE-2013-1556 |
|
|
|
2013-04-17 |
2013-04-17 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 12.0.1 allows remote authenticated users to affect integrity via vectors related to OTH. |
|
27 |
CVE-2013-1549 |
|
|
|
2013-04-17 |
2013-04-17 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 5.3.3, 6.0.1, and 12.0.0 allows remote authenticated users to affect integrity via vectors related to BASE. |
|
28 |
CVE-2013-1548 |
|
|
|
2013-04-17 |
2013-04-17 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types. |
|
29 |
CVE-2013-1547 |
|
|
|
2013-04-17 |
2013-04-17 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 12.0.1 allows remote authenticated users to affect integrity via vectors related to BASE. |
|
30 |
CVE-2013-1541 |
|
|
|
2013-04-17 |
2013-04-17 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 3.1.0, 5.0.2 through 5.0.5, and 5.3.0 through 5.3.4 allows remote authenticated users to affect confidentiality via vectors related to BASE. |
|
31 |
CVE-2013-1539 |
|
|
|
2013-04-17 |
2013-04-17 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 3.1.0, 5.0.2 through 5.0.5, and 5.3.0 through 5.3.4 allows remote authenticated users to affect confidentiality via vectors related to CTF. |
|
32 |
CVE-2013-1530 |
|
|
|
2013-04-17 |
2013-04-17 |
3.8 |
None |
Local |
High |
Single system |
None |
None |
Complete |
|
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via unknown vectors related to Kernel. |
|
33 |
CVE-2013-1511 |
|
|
|
2013-04-17 |
2013-04-17 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. |
|
34 |
CVE-2013-1503 |
|
|
|
2013-04-17 |
2013-04-17 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote authenticated users to affect integrity via unknown vectors related to Content Server. |
|
35 |
CVE-2013-1290 |
264 |
|
Bypass |
2013-04-09 |
2013-04-10 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability." |
|
36 |
CVE-2013-1244 |
79 |
|
XSS |
2013-05-15 |
2013-05-16 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the portal module in Cisco WebEx Social allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL in the link field in a post, aka Bug ID CSCue67199. |
|
37 |
CVE-2013-0964 |
20 |
|
Bypass |
2013-01-29 |
2013-02-05 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
The kernel in Apple iOS before 6.1 and Apple TV before 5.2 does not properly validate copyin and copyout arguments, which allows local users to bypass intended pointer restrictions and access locations in the first kernel-memory page by specifying a length of less than one page. |
|
38 |
CVE-2013-0944 |
200 |
|
+Info |
2013-05-03 |
2013-05-03 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
The web-based file-restore interface in EMC Avamar Server before 6.1.0 allows remote authenticated users to read arbitrary files via a crafted URL. |
|
39 |
CVE-2013-0914 |
264 |
|
Bypass |
2013-03-22 |
2013-05-14 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call. |
|
40 |
CVE-2013-0672 |
79 |
|
XSS |
2013-03-21 |
2013-03-22 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified data. |
|
41 |
CVE-2013-0578 |
287 |
|
+Info |
2013-05-10 |
2013-05-10 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
The Sterling Order Management APIs in IBM Sterling Multi-Channel Fulfillment Solution 8.0 before HF128 and IBM Sterling Selling and Fulfillment Foundation 8.5 before HF93, 9.0 before HF73, 9.1.0 before FP45, and 9.2.0 before FP17, when the API tester is enabled, do not require administrative credentials, which allows remote authenticated users to obtain sensitive database information via a request to the API tester URI. |
|
42 |
CVE-2013-0553 |
|
|
|
2013-04-27 |
2013-04-29 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
The client implementation in IBM Sametime 8.5.1 through 8.5.2.1, as used in Sametime Connect client, Sametime Advanced Connect client, Sametime Advanced Web client, and other products, allows remote authenticated users to send commands to individual chat users, or to all participants in a chat room, via a crafted Sametime Instant Message (IM). |
|
43 |
CVE-2013-0540 |
287 |
|
Bypass |
2013-04-24 |
2013-04-24 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.0.2, when SSL is not enabled, does not properly validate authentication cookies, which allows remote authenticated users to bypass intended access restrictions via an HTTP session. |
|
44 |
CVE-2013-0535 |
79 |
|
XSS |
2013-05-02 |
2013-05-03 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
|
45 |
CVE-2013-0533 |
79 |
|
XSS |
2013-04-27 |
2013-04-29 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Sametime Links server in IBM Sametime 8.0.2 through 8.5.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
|
46 |
CVE-2013-0478 |
79 |
|
XSS |
2013-02-20 |
2013-02-21 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 and 10.1 before FP1 and InfoSphere Master Data Management Server for Product Information Management 6.0, 9.0, and 9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
|
47 |
CVE-2013-0457 |
79 |
|
XSS |
2013-02-20 |
2013-02-20 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a uisessionid. |
|
48 |
CVE-2013-0453 |
79 |
|
XSS |
2013-03-21 |
2013-03-22 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Web Reports in IBM Tivoli Endpoint Manager (TEM) before 8.2.1372 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. |
|
49 |
CVE-2013-0414 |
|
|
|
2013-01-16 |
2013-01-17 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity and availability via unknown vectors related to Utility/ksh93. |
|
50 |
CVE-2013-0412 |
|
|
|
2013-04-17 |
2013-04-17 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect integrity and availability via unknown vectors related to Utility/pax. |
