| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
56201 |
CVE-2013-6738 |
79 |
|
XSS |
2014-04-24 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint. |
|
56202 |
CVE-2013-6737 |
264 |
|
|
2014-06-21 |
2017-08-28 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
IBM System Storage Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.0 does not properly restrict the content of a dump file upon encountering a 1691 hardware fault, which allows remote authenticated users to obtain sensitive customer-data fragments by reading this file after it is copied. |
|
56203 |
CVE-2013-6735 |
264 |
|
+Info |
2013-12-22 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web Content Manager (WCM) URL. |
|
56204 |
CVE-2013-6733 |
79 |
|
XSS |
2013-12-17 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Web Application in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
56205 |
CVE-2013-6732 |
79 |
|
XSS |
2014-02-22 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. |
|
56206 |
CVE-2013-6731 |
264 |
|
|
2014-02-26 |
2017-08-28 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
IBM Netezza Performance Portal 2.x before 2.0.0.3 allows remote authenticated users to change arbitrary passwords via an HTTP POST request. |
|
56207 |
CVE-2013-6730 |
264 |
|
Bypass |
2014-03-04 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x before 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF10, when the wcm.path.traversal.security setting is enabled, allows remote attackers to bypass intended read restrictions on an item by accessing that item within search results. |
|
56208 |
CVE-2013-6728 |
264 |
|
|
2014-02-14 |
2017-08-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The charting component in IBM WebSphere Dashboard Framework (WDF) 6.1.5 and 7.0.1 allows remote attackers to view or delete image files by leveraging incorrect security constraints for a temporary directory. |
|
56209 |
CVE-2013-6727 |
264 |
|
+Info |
2014-01-31 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Connect client in IBM Sametime 8.5.2 through 8.5.2.1 and 9.0 before HF1 does not properly restrict unsigned Java plugins, which allows remote attackers to obtain sensitive information via unspecified vectors. |
|
56210 |
CVE-2013-6724 |
|
|
Exec Code |
2014-02-01 |
2017-08-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the vsflex8l ActiveX control in IBM SPSS SamplePower 3.0.1 before FP1 IF1 allows remote attackers to execute arbitrary code via a crafted ComboList property value. |
|
56211 |
CVE-2013-6723 |
264 |
|
+Info |
2013-12-22 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM WebSphere Portal 8.0.0.1 before CF09 does not properly handle references in compute="always" Web Content Manager (WCM) navigator components, which allows remote attackers to obtain sensitive component information via unspecified vectors. |
|
56212 |
CVE-2013-6722 |
|
|
DoS |
2014-02-14 |
2017-08-28 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Unrestricted file upload vulnerability in the Registration/Edit My Profile portlet in IBM WebSphere Portal 7.x before 7.0.0.2 CF27 and 8.x through 8.0.0.1 CF09 allows remote attackers to cause a denial of service or modify data via unspecified vectors. |
|
56213 |
CVE-2013-6720 |
22 |
1
|
Dir. Trav. Bypass |
2014-03-06 |
2017-08-28 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
Directory traversal vulnerability in download.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to bypass intended access restrictions via a .. (dot dot) in the log parameter, as demonstrated using a crafted request for a customer-support file, as demonstrated by a log file. |
|
56214 |
CVE-2013-6719 |
78 |
1
|
Exec Code |
2014-03-06 |
2017-08-28 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
|
delivery.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the testconn_host parameter. |
|
56215 |
CVE-2013-6718 |
310 |
|
|
2013-11-30 |
2017-08-28 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
The Advanced Management Module (AMM) with firmware 3.64B, 3.64C, and 3.64G for IBM BladeCenter systems allows remote attackers to discover account names and passwords via use of an unspecified interface. |
|
56216 |
CVE-2013-6717 |
|
|
DoS |
2013-12-19 |
2018-09-25 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
The OLAP query engine in IBM DB2 and DB2 Connect 9.7 through FP9, 9.8 through FP5, 10.1 through FP3, and 10.5 through FP2, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service (database outage and deactivation) via unspecified vectors. |
|
56217 |
CVE-2013-6714 |
264 |
|
DoS |
2014-05-26 |
2017-08-28 |
4.1 |
None |
Local |
Medium |
Single system |
Partial |
Partial |
Partial |
|
The FlashCopy Manager for VMware component in IBM Tivoli Storage FlashCopy Manager 3.1 through 4.1.0.1 does not properly check authorization for backup and restore operations, which allows local users to obtain sensitive VM data or cause a denial of service (data overwrite or disk consumption) via unspecified GUI actions. |
|
56218 |
CVE-2013-6713 |
264 |
|
DoS |
2014-05-26 |
2017-08-28 |
4.1 |
None |
Local |
Medium |
Single system |
Partial |
Partial |
Partial |
|
The Data Protection for VMware component in IBM Tivoli Storage Manager for Virtual Environments (TSMVE) 6.3 through 7.1.0.2 does not properly check authorization for backup and restore operations, which allows local users to obtain sensitive VM data or cause a denial of service (disk consumption) via unspecified GUI actions. |
|
56219 |
CVE-2013-6712 |
119 |
|
DoS Overflow |
2013-11-27 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification. |
|
56220 |
CVE-2013-6711 |
79 |
|
XSS |
2013-12-14 |
2016-09-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the product-creation administrative page in Cisco WebEx Sales Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul25540. |
|
56221 |
CVE-2013-6710 |
352 |
|
CSRF |
2013-12-14 |
2016-09-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Training Center allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCul25567. |
|
56222 |
CVE-2013-6709 |
200 |
|
Bypass +Info |
2013-12-14 |
2016-09-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The registration component in Cisco WebEx Training Center provides the training-session URL before payment is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul57111. |
|
56223 |
CVE-2013-6708 |
264 |
|
|
2013-12-10 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cisco Cloud Portal 9.4 allows remote attackers to read files of unspecified types via a direct request, aka Bug IDs CSCuj08426 and CSCui60889. |
|
56224 |
CVE-2013-6707 |
399 |
|
DoS |
2013-12-07 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Memory leak in the connection-manager implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to cause a denial of service (multi-protocol management outage) by making multiple management session requests, aka Bug ID CSCug33233. |
|
56225 |
CVE-2013-6706 |
20 |
|
DoS |
2013-11-28 |
2016-11-02 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP header validation, aka Bug ID CSCuj23992. |
|
56226 |
CVE-2013-6705 |
20 |
|
DoS |
2013-12-03 |
2016-09-15 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
The IP Device Tracking (IPDT) feature in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (IPDT AVL corruption and device reload) via a crafted sequence of ARP packets, aka Bug ID CSCuh38133. |
|
56227 |
CVE-2013-6704 |
399 |
|
DoS |
2013-12-03 |
2016-09-15 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Cisco IOS XE does not properly manage memory for TFTP UDP flows, which allows remote attackers to cause a denial of service (memory consumption) via TFTP (1) client or (2) server traffic, aka Bug IDs CSCuh09324 and CSCty42686. |
|
56228 |
CVE-2013-6703 |
20 |
|
DoS |
2013-12-03 |
2016-09-15 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The TLS/SSLv3 module on Cisco ONS 15454 controller cards allows remote attackers to cause a denial of service (card reset) via crafted (1) TLS or (2) SSLv3 packets, aka Bug ID CSCuh34787. |
|
56229 |
CVE-2013-6702 |
20 |
|
DoS |
2013-12-04 |
2016-09-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The management implementation on Cisco ONS 15454 controller cards with software 9.8 and earlier allows remote attackers to cause a denial of service (card reset) via crafted packets, aka Bug ID CSCtz50902. |
|
56230 |
CVE-2013-6701 |
20 |
|
DoS |
2013-12-18 |
2016-09-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The tNetTaskLimit process on the Transport Node Controller (TNC) on Cisco ONS 15454 devices with software 9.6 and earlier does not properly prioritize health pings, which allows remote attackers to cause a denial of service (watchdog timeout and TNC reset) via a flood of network traffic, aka Bug ID CSCud97155. |
|
56231 |
CVE-2013-6700 |
20 |
|
DoS |
2013-11-28 |
2013-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The SNMP module in Cisco IOS XR allows remote attackers to cause a denial of service (process reload) via a request for an unspecified MIB, aka Bug ID CSCuh43144. |
|
56232 |
CVE-2013-6699 |
119 |
|
DoS Overflow |
2013-11-22 |
2014-02-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service via a crafted CAPWAP packet that triggers a buffer over-read, aka Bug ID CSCuh81880. |
|
56233 |
CVE-2013-6698 |
264 |
|
XSS |
2013-11-22 |
2013-11-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The web interface on Cisco Wireless LAN Controller (WLC) devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuf77821. |
|
56234 |
CVE-2013-6696 |
20 |
|
DoS |
2013-12-02 |
2014-03-04 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Cisco Adaptive Security Appliance (ASA) Software does not properly handle errors during the processing of DNS responses, which allows remote attackers to cause a denial of service (device reload) via a malformed response, aka Bug ID CSCuj28861. |
|
56235 |
CVE-2013-6695 |
264 |
|
+Info |
2013-12-02 |
2014-03-04 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
The RBAC implementation in Cisco Secure Access Control System (ACS) does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug ID CSCuj39274. |
|
56236 |
CVE-2013-6694 |
20 |
|
DoS |
2013-11-22 |
2013-11-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The IPSec implementation in Cisco IOS allows remote attackers to cause a denial of service (MTU change and tunnel-session drop) via crafted ICMP packets, aka Bug ID CSCul29918. |
|
56237 |
CVE-2013-6693 |
119 |
|
DoS Overflow |
2013-11-21 |
2013-11-22 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service (chunk corruption and device reload) by establishing many multicast flows, aka Bug ID CSCue22345. |
|
56238 |
CVE-2013-6692 |
399 |
|
DoS |
2013-11-21 |
2013-11-22 |
6.3 |
None |
Remote |
Medium |
Single system |
None |
None |
Complete |
|
Cisco IOS XE 3.8S(.2) and earlier does not properly use a DHCP pool during assignment of an IP address, which allows remote authenticated users to cause a denial of service (device reload) via an AAA packet that triggers an address requirement, aka Bug ID CSCuh04949. |
|
56239 |
CVE-2013-6691 |
119 |
|
DoS Overflow |
2014-07-14 |
2017-08-28 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
|
The WebVPN CIFS implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0(.4.1) and earlier allows remote CIFS servers to cause a denial of service (device reload) via a long share list, aka Bug ID CSCuj83344. |
|
56240 |
CVE-2013-6690 |
79 |
|
XSS |
2013-12-03 |
2016-09-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the web interface in the Assurance component in Cisco Prime Collaboration allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCui92643, CSCui94038, and CSCui94161. |
|
56241 |
CVE-2013-6689 |
20 |
|
Bypass |
2013-11-17 |
2013-11-19 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229. |
|
56242 |
CVE-2013-6688 |
22 |
|
Dir. Trav. |
2013-11-17 |
2013-11-19 |
6.3 |
None |
Remote |
Medium |
Single system |
None |
Complete |
None |
|
Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222. |
|
56243 |
CVE-2013-6687 |
255 |
|
|
2014-01-16 |
2014-01-17 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
The web portal in the Enterprise License Manager component in Cisco WebEx Meetings Server allows remote authenticated users to discover the cleartext administrative password by reading HTML source code, aka Bug ID CSCul33876. |
|
56244 |
CVE-2013-6686 |
20 |
|
DoS |
2013-11-17 |
2013-11-19 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
|
The SSL VPN implementation in Cisco IOS 15.3(1)T2 and earlier allows remote authenticated users to cause a denial of service (interface queue wedge) via crafted DTLS packets in an SSL session, aka Bug IDs CSCuh97409 and CSCud90568. |
|
56245 |
CVE-2013-6685 |
264 |
|
+Priv |
2013-11-13 |
2013-11-14 |
6.6 |
None |
Local |
Medium |
Single system |
Complete |
Complete |
Complete |
|
The firmware on Cisco Unified IP phones 8961, 9951, and 9971 uses weak permissions for memory block devices, which allows local users to gain privileges by mounting a device with a setuid file in its filesystem, aka Bug ID CSCui04382. |
|
56246 |
CVE-2013-6684 |
20 |
|
DoS |
2013-11-13 |
2013-11-14 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
|
The web framework on Cisco Wireless LAN Controller (WLC) devices does not properly validate configuration parameters, which allows remote authenticated users to cause a denial of service via a crafted HTTP request, aka Bug ID CSCuh81011. |
|
56247 |
CVE-2013-6683 |
20 |
|
DoS |
2013-11-13 |
2013-11-14 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
The IPv6 implementation in Cisco NX-OS does not properly handle neighbor-table adjacencies, which allows remote attackers to cause a denial of service (NS processing outage) via a series of malformed packets, aka Bug ID CSCtd15904. |
|
56248 |
CVE-2013-6682 |
20 |
|
DoS |
2013-11-13 |
2013-11-14 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
The phone-proxy implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0.3.6 and earlier does not properly validate X.509 certificates, which allows remote attackers to cause a denial of service (connection-database corruption) via an invalid entry, aka Bug ID CSCui33299. |
|
56249 |
CVE-2013-6674 |
79 |
|
XSS |
2014-02-17 |
2015-08-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a related issue to CVE-2014-2018. |
|
56250 |
CVE-2013-6673 |
310 |
|
|
2013-12-11 |
2018-10-30 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user. |
