| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-3507 |
200 |
|
+Info |
2013-05-08 |
2013-05-08 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
The NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to obtain sensitive information via a direct request for (1) a configuration file, (2) a database dump, or (3) the Tomcat status context. |
|
2 |
CVE-2013-3502 |
255 |
|
Exec Code +Info |
2013-05-08 |
2013-05-08 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
monarch_scan.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands, and consequently obtain sensitive information, by leveraging a JOSSO SSO cookie. |
|
3 |
CVE-2013-3237 |
200 |
|
+Info |
2013-04-22 |
2013-04-22 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The vsock_stream_sendmsg function in net/vmw_vsock/af_vsock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
4 |
CVE-2013-3236 |
200 |
|
+Info |
2013-04-22 |
2013-04-22 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The vmci_transport_dgram_dequeue function in net/vmw_vsock/vmci_transport.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
5 |
CVE-2013-3235 |
200 |
|
+Info |
2013-04-22 |
2013-04-22 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
6 |
CVE-2013-3234 |
200 |
|
+Info |
2013-04-22 |
2013-04-22 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
7 |
CVE-2013-3233 |
200 |
|
+Info |
2013-04-22 |
2013-04-22 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The llcp_sock_recvmsg function in net/nfc/llcp/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable and a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
8 |
CVE-2013-3232 |
200 |
|
+Info |
2013-04-22 |
2013-04-22 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
9 |
CVE-2013-3231 |
200 |
|
+Info |
2013-04-22 |
2013-04-22 |
4.7 |
None |
Local |
Medium |
Not required |
Complete |
None |
None |
|
The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
10 |
CVE-2013-3230 |
200 |
|
+Info |
2013-04-22 |
2013-04-22 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The l2tp_ip6_recvmsg function in net/l2tp/l2tp_ip6.c in the Linux kernel before 3.9-rc7 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
11 |
CVE-2013-3229 |
200 |
|
+Info |
2013-04-22 |
2013-04-22 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
12 |
CVE-2013-3228 |
200 |
|
+Info |
2013-04-22 |
2013-04-22 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
13 |
CVE-2013-3227 |
200 |
|
+Info |
2013-04-22 |
2013-04-22 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
14 |
CVE-2013-3226 |
200 |
|
+Info |
2013-04-22 |
2013-04-22 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The sco_sock_recvmsg function in net/bluetooth/sco.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
15 |
CVE-2013-3225 |
200 |
|
+Info |
2013-04-22 |
2013-04-22 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
16 |
CVE-2013-3224 |
200 |
|
+Info |
2013-04-22 |
2013-04-22 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
17 |
CVE-2013-3223 |
200 |
|
+Info |
2013-04-22 |
2013-04-22 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
18 |
CVE-2013-3222 |
200 |
|
+Info |
2013-04-22 |
2013-04-22 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. |
|
19 |
CVE-2013-3210 |
200 |
|
+Info |
2013-04-19 |
2013-04-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain. |
|
20 |
CVE-2013-3076 |
200 |
|
+Info |
2013-04-22 |
2013-04-22 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c. |
|
21 |
CVE-2013-3060 |
287 |
|
DoS +Info |
2013-04-21 |
2013-04-22 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests. |
|
22 |
CVE-2013-3055 |
264 |
|
Exec Code +Info |
2013-04-24 |
2013-04-25 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Lexmark Markvision Enterprise before 1.8 provides a diagnostic interface on TCP port 9789, which allows remote attackers to execute arbitrary code, change the configuration, or obtain sensitive fleet-management information via unspecified vectors. |
|
23 |
CVE-2013-2848 |
200 |
|
XSS +Info |
2013-05-22 |
2013-05-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors. |
|
24 |
CVE-2013-2832 |
119 |
|
Overflow +Info |
2013-04-16 |
2013-04-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Buffer::Set function in core/cross/buffer.cc in the O3D plug-in in Google Chrome OS before 26.0.1410.57 does not prevent uninitialized data from remaining in a buffer, which might allow remote attackers to obtain sensitive information via unspecified vectors. |
|
25 |
CVE-2013-2744 |
200 |
|
+Info |
2013-04-02 |
2013-04-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
importbuddy.php in the BackupBuddy plugin 2.2.25 for WordPress allows remote attackers to obtain configuration information via a step 0 phpinfo action, which calls the phpinfo function. |
|
26 |
CVE-2013-2741 |
287 |
|
+Info |
2013-04-02 |
2013-04-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive information, or overwrite or delete files, via vectors involving a (1) direct request, (2) step=1 request, (3) step=2 or step=3 request, or (4) step=7 request. |
|
27 |
CVE-2013-2737 |
200 |
|
+Info |
2013-05-16 |
2013-05-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to obtain sensitive information via unspecified vectors. |
|
28 |
CVE-2013-2636 |
399 |
|
+Info |
2013-03-22 |
2013-04-05 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
net/bridge/br_mdb.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application. |
|
29 |
CVE-2013-2635 |
399 |
|
+Info |
2013-03-22 |
2013-04-05 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux kernel before 3.8.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. |
|
30 |
CVE-2013-2634 |
399 |
|
+Info |
2013-03-22 |
2013-04-05 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. |
|
31 |
CVE-2013-2633 |
20 |
|
+Info |
2013-03-21 |
2013-04-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Piwik before 1.11 accepts input from a POST request instead of a GET request in unspecified circumstances, which might allow attackers to obtain sensitive information by leveraging the logging of parameters. |
|
32 |
CVE-2013-2548 |
310 |
|
+Info |
2013-03-15 |
2013-05-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. |
|
33 |
CVE-2013-2547 |
310 |
|
+Info |
2013-03-15 |
2013-05-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. |
|
34 |
CVE-2013-2546 |
310 |
|
+Info |
2013-03-15 |
2013-05-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability. |
|
35 |
CVE-2013-2373 |
264 |
|
+Info |
2013-03-15 |
2013-03-18 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
The Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors. |
|
36 |
CVE-2013-2371 |
200 |
|
+Info |
2013-03-15 |
2013-03-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Web API in the Statistics Server in TIBCO Spotfire Statistics Services 3.3.x before 3.3.1, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to obtain sensitive information via an unspecified HTTP request. |
|
37 |
CVE-2013-2308 |
200 |
|
Bypass +Info |
2013-05-09 |
2013-05-09 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
The (1) OWA Helper and (2) OSG Lite programs in SoftBank Online Service Gate allow remote authenticated users to discover their own passwords, and consequently bypass an Office 365 restriction, via unspecified vectors. |
|
38 |
CVE-2013-2304 |
264 |
|
+Info |
2013-04-16 |
2013-04-16 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The Sleipnir Mobile application 2.8.0 and earlier and Sleipnir Mobile Black Edition application 2.8.0 and earlier for Android allow remote attackers to load arbitrary Extension APIs, and trigger downloads or obtain sensitive HTTP response-body information, via a crafted web page. |
|
39 |
CVE-2013-2302 |
200 |
|
+Info |
2013-04-04 |
2013-04-05 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
TransWARE Active! mail 6, when an external public interface is used, allows local users to obtain sensitive information belonging to arbitrary users by leveraging shell access, as demonstrated by a TELNET or SSH session to the server. |
|
40 |
CVE-2013-2301 |
264 |
|
+Info |
2013-03-29 |
2013-03-29 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The OMRON OpenWnn application before 1.3.6 for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem. |
|
41 |
CVE-2013-2300 |
264 |
|
+Info |
2013-03-27 |
2013-03-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The FlickWnn (aka OpenWnn/Flick support) application 2.02 and earlier for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem. |
|
42 |
CVE-2013-2273 |
200 |
|
+Info |
2013-03-12 |
2013-03-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 make it easier for remote attackers to obtain potentially sensitive information about returned change by leveraging certain predictability in the outputs of a Bitcoin transaction. |
|
43 |
CVE-2013-2272 |
200 |
|
+Info |
2013-03-12 |
2013-03-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The penny-flooding protection mechanism in the CTxMemPool::accept method in bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 allows remote attackers to determine associations between wallet addresses and IP addresses via a series of large Bitcoin transactions with insufficient fees. |
|
44 |
CVE-2013-2264 |
200 |
|
+Info |
2013-04-01 |
2013-04-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur. |
|
45 |
CVE-2013-2082 |
|
|
+Info |
2013-05-24 |
2013-05-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not enforce capability requirements for reading blog comments, which allows remote attackers to obtain sensitive information via a crafted request. |
|
46 |
CVE-2013-2081 |
|
|
+Info |
2013-05-24 |
2013-05-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not consider "don't send" attributes during hub registration, which allows remote hubs to obtain sensitive site information by reading form data. |
|
47 |
CVE-2013-2080 |
|
|
+Info |
2013-05-24 |
2013-05-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The core_grade component in Moodle through 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not properly consider the existence of hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role and reading the Gradebook Overview report. |
|
48 |
CVE-2013-2006 |
200 |
|
+Info |
2013-05-21 |
2013-05-22 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file. |
|
49 |
CVE-2013-1977 |
264 |
|
+Info |
2013-05-21 |
2013-05-22 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file. |
|
50 |
CVE-2013-1964 |
264 |
|
DoS +Info |
2013-05-21 |
2013-05-22 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possible have other impacts via unspecified vectors. |
