CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2013

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
551 CVE-2012-4112 264 Exec Code +Priv 2013-10-19 2013-10-21
6.8
None Local Low ??? Complete Complete Complete
The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary commands via crafted command parameters within the command-line interface, aka Bug ID CSCtr43330.
552 CVE-2012-4111 20 +Priv 2013-10-02 2013-10-03
6.8
None Local Low ??? Complete Complete Complete
The create certreq command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86563.
553 CVE-2012-4110 20 +Priv 2013-10-02 2013-10-03
6.8
None Local Low ??? Complete Complete Complete
run-script in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86560.
554 CVE-2012-4109 20 +Priv 2013-10-02 2013-10-03
6.8
None Local Low ??? Complete Complete Complete
The clear sshkey command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86559.
555 CVE-2012-4108 78 Exec Code +Priv 2013-10-13 2013-10-15
6.8
None Local Low ??? Complete Complete Complete
The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary operating-system commands via crafted parameters to a file-related command, aka Bug ID CSCtq86554.
556 CVE-2012-4107 264 Exec Code +Priv 2013-10-13 2016-09-22
4.6
None Local Low ??? None Complete None
The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary commands via crafted parameters to a file-related command, aka Bug ID CSCtq86489.
557 CVE-2012-4106 264 Exec Code +Priv 2013-10-13 2016-09-22
6.8
None Local Low ??? Complete Complete Complete
The fabric-interconnect component in Cisco Unified Computing System (UCS) uses the same privilege level for execution of every script, which allows local users to gain privileges and execute arbitrary commands via an unspecified script-execution approach, aka Bug ID CSCtq86477.
558 CVE-2012-4105 20 DoS 2013-10-13 2016-09-22
4.6
None Local Low ??? None None Complete
The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service (component crash) via crafted "debug hardware" parameters, aka Bug ID CSCtq86468.
559 CVE-2012-4104 22 Dir. Trav. 2013-10-02 2013-10-03
6.6
None Local Medium ??? Complete Complete Complete
Absolute path traversal vulnerability in the image-download process in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to overwrite or delete arbitrary files via a full pathname in an image header, aka Bug ID CSCtq02706.
560 CVE-2012-4103 20 +Priv 2013-10-02 2017-02-19
6.8
None Local Low ??? Complete Complete Complete
ethanalyzer in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq02686.
561 CVE-2012-4102 20 +Priv 2013-10-02 2013-10-03
6.8
None Local Low ??? Complete Complete Complete
The activate firmware command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq02600.
562 CVE-2012-4099 20 DoS 2013-10-14 2016-09-22
4.3
None Remote Medium Not required None None Partial
The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13065.
563 CVE-2012-4098 20 DoS 2013-10-05 2017-08-29
5.0
None Remote Low Not required None None Partial
The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13055.
564 CVE-2012-4097 20 DoS 2013-10-14 2016-09-22
4.3
None Remote Medium Not required None None Partial
The BGP implementation in Cisco NX-OS does not properly filter segment types in AS paths, which allows remote attackers to cause a denial of service (BGP service reset) via a malformed UPDATE message, aka Bug ID CSCtn13043.
565 CVE-2012-4096 20 +Priv 2013-10-01 2013-10-01
6.2
None Local Low ??? Complete Complete None
The local file editor in the Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and modify arbitrary fabric-interconnect files, in the context of a vi process, via unspecified commands, aka Bug ID CSCtn06574.
566 CVE-2012-4095 20 +Priv 2013-10-02 2016-09-22
5.5
None Local High ??? Complete Complete None
The local file editor in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges, and read or modify arbitrary files, via unspecified key bindings, aka Bug ID CSCtn04521.
567 CVE-2012-4091 20 DoS 2013-10-05 2017-08-29
5.0
None Remote Low Not required None None Partial
The RIP service engine in Cisco NX-OS allows remote attackers to cause a denial of service (engine restart) via a malformed (1) RIPv4 or (2) RIPv6 message, aka Bug ID CSCtj73415.
568 CVE-2012-4090 264 +Info 2013-10-05 2017-08-29
4.0
None Remote Low ??? Partial None None
The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089.
569 CVE-2012-4084 352 CSRF 2013-10-05 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the web-management interface in the fabric interconnect (FI) component in Cisco Unified Computing System (UCS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCtg20755.
570 CVE-2012-4077 264 Exec Code +Priv 2013-10-14 2016-09-23
6.8
None Local Low ??? Complete Complete Complete
Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651.
571 CVE-2012-4076 20 Exec Code +Priv 2013-10-14 2017-08-29
6.8
None Local Low ??? Complete Complete Complete
Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in a command that calls the system library function, aka Bug IDs CSCtf23559 and CSCtf27780.
572 CVE-2012-4075 78 Exec Code +Priv 2013-10-05 2017-08-29
7.2
None Local Low Not required Complete Complete Complete
Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in unspecified command parameters, aka Bug IDs CSCtf19827 and CSCtf27788.
573 CVE-2012-3323 264 +Priv 2013-10-01 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
IBM Maximo Asset Management 6.2 before 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.3 allows remote attackers to gain privileges via unspecified vectors.
574 CVE-2012-2126 310 2013-10-01 2014-01-14
4.3
None Remote Medium Not required None Partial None
RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.
575 CVE-2012-2125 2013-10-01 2014-01-14
5.8
None Remote Medium Not required Partial Partial None
RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.
576 CVE-2012-0827 264 2013-10-28 2013-10-29
3.5
None Remote Medium ??? Partial None None
The File module in Drupal 7.x before 7.11, when using unspecified field access modules, allows remote authenticated users to read arbitrary private files that are associated with restricted fields via unspecified vectors.
577 CVE-2012-0826 352 DoS CSRF 2013-10-28 2014-03-08
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the Aggregator module in Drupal 6.x before 6.23 and 7.x before 7.11 allows remote attackers to hijack the authentication of unspecified victims for requests that update feeds and possibly cause a denial of service (loss of updates due to rate limit) via unspecified vectors.
578 CVE-2012-0825 200 +Info 2013-10-28 2014-03-08
6.8
None Remote Medium Not required Partial Partial Partial
Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.
579 CVE-2011-4106 20 2 Exec Code 2013-10-26 2013-10-28
6.8
None Remote Medium Not required Partial Partial Partial
TimThumb (timthumb.php) before 2.0 does not validate the entire source with the domain white list, which allows remote attackers to upload and execute arbitrary code via a URL containing a white-listed domain in the src parameter, then accessing it via a direct request to the file in the cache directory, as exploited in the wild in August 2011.
580 CVE-2011-2901 399 DoS 2013-10-01 2013-12-31
5.5
None Local Network Low ??? None None Complete
Off-by-one error in the __addr_ok macro in Xen 3.3 and earlier allows local 64 bit PV guest administrators to cause a denial of service (host crash) via unspecified hypercalls that ignore virtual-address bits.
581 CVE-2010-1159 119 DoS Exec Code Overflow 2013-10-28 2013-10-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple heap-based buffer overflows in Aircrack-ng before 1.1 allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) large length value in an EAPOL packet or (2) long EAPOL packet.
582 CVE-2009-5136 20 DoS 2013-10-11 2013-10-15
4.0
None Remote Low ??? None None Partial
The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANT_SUSPEND policy that evaluate to an UNDEFINED state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job.
583 CVE-2007-6755 310 2013-10-11 2016-11-28
5.8
None Remote Medium Not required Partial Partial None
The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.
Total number of vulnerabilities : 583   Page : 1 2 3 4 5 6 7 8 9 10 11 12 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.