CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
8601 CVE-2013-7027 119 DoS Overflow 2013-12-09 2014-03-16
6.1
None Local Network Low Not required None None Complete
The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header.
8602 CVE-2013-7024 119 DoS Overflow 2013-12-09 2016-12-02
6.8
None Remote Medium Not required Partial Partial Partial
The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not consider the component number in certain calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.
8603 CVE-2013-7023 119 DoS Overflow 2013-12-09 2016-12-02
6.8
None Remote Medium Not required Partial Partial Partial
The ff_combine_frame function in libavcodec/parser.c in FFmpeg before 2.1 does not properly handle certain memory-allocation errors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data.
8604 CVE-2013-7022 119 DoS Overflow 2013-12-09 2016-12-02
6.8
None Remote Medium Not required Partial Partial Partial
The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 does not properly allocate memory for tiles, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data.
8605 CVE-2013-7021 399 DoS 2013-12-09 2016-12-02
6.8
None Remote Medium Not required Partial Partial Partial
The filter_frame function in libavfilter/vf_fps.c in FFmpeg before 2.1 does not properly ensure the availability of FIFO content, which allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact via crafted data.
8606 CVE-2013-7020 119 DoS Overflow 2013-12-09 2017-01-06
6.8
None Remote Medium Not required Partial Partial Partial
The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce certain bit-count and colorspace constraints, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data.
8607 CVE-2013-7019 20 DoS 2013-12-09 2016-12-02
6.8
None Remote Medium Not required Partial Partial Partial
The get_cox function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not properly validate the reduction factor, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.
8608 CVE-2013-7018 119 DoS Overflow 2013-12-09 2016-12-02
6.8
None Remote Medium Not required Partial Partial Partial
libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the use of valid code-block dimension values, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.
8609 CVE-2013-7017 DoS 2013-12-09 2016-12-02
6.8
None Remote Medium Not required Partial Partial Partial
libavcodec/jpeg2000.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via crafted JPEG2000 data.
8610 CVE-2013-7016 119 DoS Overflow 2013-12-09 2016-12-02
6.8
None Remote Medium Not required Partial Partial Partial
The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the expected sample separation, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.
8611 CVE-2013-7015 20 DoS 2013-12-09 2016-12-02
6.8
None Remote Medium Not required Partial Partial Partial
The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg before 2.1 does not properly validate a certain height value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Flash Screen Video data.
8612 CVE-2013-7014 189 DoS 2013-12-09 2016-12-02
6.8
None Remote Medium Not required Partial Partial Partial
Integer signedness error in the add_bytes_l2_c function in libavcodec/pngdsp.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted PNG data.
8613 CVE-2013-7013 189 DoS 2013-12-09 2016-12-02
6.8
None Remote Medium Not required Partial Partial Partial
The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 uses an incorrect ordering of arithmetic operations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data.
8614 CVE-2013-7012 119 DoS Overflow 2013-12-09 2016-12-02
6.8
None Remote Medium Not required Partial Partial Partial
The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not prevent attempts to use non-zero image offsets, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.
8615 CVE-2013-7011 119 DoS Overflow 2013-12-09 2016-12-02
6.8
None Remote Medium Not required Partial Partial Partial
The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not prevent changes to global parameters, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data.
8616 CVE-2013-7010 189 DoS 2013-12-09 2016-12-02
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg before 2.1 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data.
8617 CVE-2013-7009 119 DoS Overflow 2013-12-09 2016-12-02
6.8
None Remote Medium Not required Partial Partial Partial
The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before 2.1 does not properly maintain a pointer to pixel data, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Apple RPZA data.
8618 CVE-2013-7008 DoS 2013-12-09 2016-12-02
6.8
None Remote Medium Not required Partial Partial Partial
The decode_slice_header function in libavcodec/h264.c in FFmpeg before 2.1 incorrectly relies on a certain droppable field, which allows remote attackers to cause a denial of service (deadlock) or possibly have unspecified other impact via crafted H.264 data.
8619 CVE-2013-6994 310 2014-05-19 2014-05-19
6.4
None Remote Low Not required Partial Partial None
OpenText Exceed OnDemand (EoD) 8 transmits the session ID in cleartext, which allows remote attackers to perform session fixation attacks by sniffing the network.
8620 CVE-2013-6992 352 XSS CSRF 2014-01-03 2018-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in askapache-firefox-adsense.php in the AskApache Firefox Adsense plugin 3.0 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the aafireadcode parameter to wp-admin/options-general.php.
8621 CVE-2013-6983 89 Exec Code Sql 2013-12-31 2017-08-28
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the web interface in Cisco Unified Presence Server allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh35615.
8622 CVE-2013-6976 352 1 CSRF 2013-12-19 2016-09-15
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup on Cisco EPC3925 devices allows remote attackers to hijack the authentication of administrators for requests that change a password via the Password and PasswordReEnter parameters, aka Bug ID CSCuh37496.
8623 CVE-2013-6942 352 CSRF 2014-03-11 2014-03-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
8624 CVE-2013-6937 119 1 Exec Code Overflow 2013-12-04 2014-01-03
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the name attribute of the cols element in a .wstyle file.
8625 CVE-2013-6931 89 Exec Code Sql 2014-01-29 2014-02-21
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the API in Cybozu Garoon 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6929.
8626 CVE-2013-6930 89 Exec Code Sql 2014-01-29 2014-02-21
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the page-navigation implementation in Cybozu Garoon 2.0.0 through 2.0.6, 2.1.0 through 2.1.3, 2.5.0 through 2.5.4, 3.0.0 through 3.0.3, 3.5.0 through 3.5.5, and 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6929.
8627 CVE-2013-6929 89 Exec Code Sql 2013-12-27 2013-12-30
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted API input.
8628 CVE-2013-6922 352 1 CSRF 2014-01-21 2014-01-22
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in the Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts via a crafted request to admin/access_control_user_add.php; (2) modify or (3) delete user accounts; (4) perform a factory reset; (5) perform a device reboot; or (6) add, (7) modify, or (8) delete shares and volumes.
8629 CVE-2013-6887 20 DoS 2014-04-27 2014-04-28
6.4
None Remote Low Not required Partial Partial None
OpenJPEG 1.5.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger NULL pointer dereferences, division-by-zero, and other errors.
8630 CVE-2013-6883 352 1 CSRF 2013-12-17 2014-01-13
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to hijack the authentication of administrators for requests that modify the disk erase technique settings via unspecified vectors.
8631 CVE-2013-6872 89 1 Exec Code Sql 2014-01-21 2015-07-28
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in managetimetracker.php in Collabtive before 1.2 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a projectpdf action.
8632 CVE-2013-6864 22 Dir. Trav. 2013-11-23 2013-11-27
6.1
None Remote High Single system Complete Partial Partial
Directory traversal vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to affect confidentiality, integrity, and availability via unspecified vectors.
8633 CVE-2013-6860 +Info 2013-11-23 2013-11-27
6.8
None Remote Low Single system Complete None None
Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to obtain sensitive information via unspecified vectors.
8634 CVE-2013-6852 352 1 CSRF 2013-11-21 2013-11-22
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in html/json.html on HP 2620 switches allows remote attackers to hijack the authentication of administrators for requests that change an administrative password via the setPassword method.
8635 CVE-2013-6840 264 +Priv 2013-12-10 2013-12-12
6.9
None Local Medium Not required Complete Complete Complete
Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and 10.1 before 10.1.0.0.2 allows local users to gain database privileges via unspecified vectors.
8636 CVE-2013-6828 287 Bypass 2013-11-20 2013-11-21
6.4
None Remote Low Not required Partial Partial None
admin/management.html in PineApp Mail-SeCure allows remote attackers to bypass authentication and perform a sys_usermng operation via the it parameter.
8637 CVE-2013-6826 352 CSRF 2013-11-20 2013-11-20
6.8
None Remote Medium Not required Partial Partial Partial
cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks.
8638 CVE-2013-6823 264 Bypass 2013-11-20 2018-12-10
6.4
None Remote Low Not required Partial Partial None
GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors.
8639 CVE-2013-6818 264 Bypass 2013-11-20 2018-12-10
6.4
None Remote Low Not required Partial Partial None
SAP NetWeaver Logviewer 6.30, when running on Windows, allows remote attackers to bypass intended access restrictions via unspecified vectors.
8640 CVE-2013-6817 119 DoS Exec Code Overflow 2013-11-20 2018-12-10
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in SAP Network Interface Router (SAProuter) 7.30 allows remote attackers to cause a denial of service and execute arbitrary code via crafted NI Route messages.
8641 CVE-2013-6807 310 Bypass +Info 2014-05-19 2014-05-19
6.8
None Remote Medium Not required Partial Partial Partial
The client in OpenText Exceed OnDemand (EoD) 8 supports anonymous ciphers by default, which allows man-in-the-middle attackers to bypass server certificate validation, redirect a connection, and obtain sensitive information via crafted responses.
8642 CVE-2013-6806 287 +Info 2014-05-19 2014-05-19
6.8
None Remote Medium Not required Partial Partial Partial
OpenText Exceed OnDemand (EoD) 8 allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via a crafted string in a response, which triggers a downgrade to simple authentication that sends credentials in plaintext.
8643 CVE-2013-6797 352 CSRF 2013-11-18 2013-11-19
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in bluewrench-video-widget.php in the Blue Wrench Video Widget plugin before 2.0.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that embed arbitrary URLs via the bw_url parameter in the bw-videos page to wp-admin/admin.php, as demonstrated by embedding a URL to a JavaScript file.
8644 CVE-2013-6787 89 1 Exec Code Sql 2013-12-05 2013-12-27
6.0
None Remote Medium Single system Partial Partial Partial
SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter.
8645 CVE-2013-6763 119 DoS Overflow +Priv Mem. Corr. 2013-11-12 2014-01-07
6.9
None Local Medium Not required Complete Complete Complete
The uio_mmap_physical function in drivers/uio/uio.c in the Linux kernel before 3.12 does not validate the size of a memory block, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted mmap operations, a different vulnerability than CVE-2013-4511.
8646 CVE-2013-6719 78 1 Exec Code 2014-03-06 2017-08-28
6.0
None Remote Medium Single system Partial Partial Partial
delivery.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the testconn_host parameter.
8647 CVE-2013-6718 310 2013-11-30 2017-08-28
6.4
None Remote Low Not required Partial Partial None
The Advanced Management Module (AMM) with firmware 3.64B, 3.64C, and 3.64G for IBM BladeCenter systems allows remote attackers to discover account names and passwords via use of an unspecified interface.
8648 CVE-2013-6710 352 CSRF 2013-12-14 2016-09-16
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Training Center allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCul25567.
8649 CVE-2013-6705 20 DoS 2013-12-03 2016-09-15
6.1
None Local Network Low Not required None None Complete
The IP Device Tracking (IPDT) feature in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (IPDT AVL corruption and device reload) via a crafted sequence of ARP packets, aka Bug ID CSCuh38133.
8650 CVE-2013-6692 399 DoS 2013-11-21 2013-11-22
6.3
None Remote Medium Single system None None Complete
Cisco IOS XE 3.8S(.2) and earlier does not properly use a DHCP pool during assignment of an IP address, which allows remote authenticated users to cause a denial of service (device reload) via an AAA packet that triggers an address requirement, aka Bug ID CSCuh04949.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.