CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
9551 CVE-2013-2048 264 Exec Code CSRF 2014-03-14 2014-03-17
6.5
None Remote Low Single system Partial Partial Partial
ownCloud before 5.0.6 does not properly check permissions, which allows remote authenticated users to execute arbitrary API commands via unspecified vectors. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary API commands.
9552 CVE-2013-2046 89 Exec Code Sql 2014-03-09 2014-03-10
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
9553 CVE-2013-2045 89 Exec Code Sql 2014-03-09 2014-03-10
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
9554 CVE-2013-2034 352 Exec Code CSRF 2014-05-14 2016-07-15
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors.
9555 CVE-2013-2029 59 2013-11-23 2013-11-25
6.3
None Local Medium Not required None Complete Complete
nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a predictable name in /tmp/.
9556 CVE-2013-2007 264 2013-05-21 2017-08-28
6.9
None Local Medium Not required Complete Complete Complete
The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.
9557 CVE-2013-2005 119 Overflow Mem. Corr. 2013-06-15 2017-04-20
6.8
None Remote Medium Not required Partial Partial Partial
X.org libXt 1.1.3 and earlier does not check the return value of the XGetWindowProperty function, which allows X servers to trigger use of an uninitialized pointer and memory corruption via vectors related to the (1) ReqCleanup, (2) HandleSelectionEvents, (3) ReqTimedOut, (4) HandleNormal, and (5) HandleSelectionReplies functions.
9558 CVE-2013-2004 119 DoS Overflow 2013-06-15 2013-06-20
6.8
None Remote Medium Not required Partial Partial Partial
The (1) GetDatabase and (2) _XimParseStringFile functions in X.org libX11 1.5.99.901 (1.6 RC1) and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service (stack consumption) via a crafted file.
9559 CVE-2013-2003 189 Overflow 2013-06-15 2017-04-20
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in X.org libXcursor 1.1.13 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the _XcursorFileHeaderCreate function.
9560 CVE-2013-2002 189 DoS Exec Code Overflow 2013-06-15 2017-04-20
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in X.org libXt 1.1.3 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the _XtResourceConfigurationEH function.
9561 CVE-2013-2001 119 DoS Exec Code Overflow 2013-06-15 2013-11-24
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in X.org libXxf86vm 1.1.2 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XF86VidModeGetGammaRamp function.
9562 CVE-2013-2000 119 DoS Exec Code Overflow 2013-06-15 2013-11-24
6.8
None Remote Medium Not required Partial Partial Partial
Multiple buffer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XDGAQueryModes and (2) XDGASetMode functions.
9563 CVE-2013-1999 119 DoS Exec Code Overflow 2013-06-15 2013-11-24
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in X.org libXvMC 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvMCGetDRInfo function.
9564 CVE-2013-1998 119 DoS Exec Code Overflow 2013-06-15 2017-04-20
6.8
None Remote Medium Not required Partial Partial Partial
Multiple buffer overflows in X.org libXi 1.7.1 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XGetDeviceButtonMapping, (2) XIPassiveGrabDevice, and (3) XQueryDeviceState functions.
9565 CVE-2013-1997 119 DoS Exec Code Overflow 2013-06-15 2013-11-30
6.8
None Remote Medium Not required Partial Partial Partial
Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XAllocColorCells, (2) _XkbReadGetDeviceInfoReply, (3) _XkbReadGeomShapes, (4) _XkbReadGetGeometryReply, (5) _XkbReadKeySyms, (6) _XkbReadKeyActions, (7) _XkbReadKeyBehaviors, (8) _XkbReadModifierMap, (9) _XkbReadExplicitComponents, (10) _XkbReadVirtualModMap, (11) _XkbReadGetNamesReply, (12) _XkbReadGetMapReply, (13) _XimXGetReadData, (14) XListFonts, (15) XListExtensions, and (16) XGetFontPath functions.
9566 CVE-2013-1996 119 Overflow 2013-06-15 2015-05-11
6.8
None Remote Medium Not required Partial Partial Partial
X.org libFS 1.0.4 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the FSOpenServer function.
9567 CVE-2013-1995 119 Overflow 2013-06-15 2017-04-20
6.8
None Remote Medium Not required Partial Partial Partial
X.org libXi 1.7.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the XListInputDevices function.
9568 CVE-2013-1994 189 Overflow 2013-06-15 2013-06-20
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in X.org libchromeXvMC and libchromeXvMCPro in openChrome 0.3.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) uniDRIOpenConnection and (2) uniDRIGetClientDriverName functions.
9569 CVE-2013-1993 189 Overflow 2013-06-15 2014-01-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XF86DRIOpenConnection and (2) XF86DRIGetClientDriverName functions.
9570 CVE-2013-1992 189 Overflow 2013-06-15 2013-11-24
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in X.org libdmx 1.1.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) DMXGetScreenAttributes, (2) DMXGetWindowAttributes, and (3) DMXGetInputAttributes functions.
9571 CVE-2013-1991 189 Overflow 2013-06-15 2013-11-24
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XDGAQueryModes and (2) XDGASetMode functions.
9572 CVE-2013-1990 189 Overflow 2013-06-15 2013-11-24
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in X.org libXvMC 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvMCListSurfaceTypes and (2) XvMCListSubpictureTypes functions.
9573 CVE-2013-1989 189 Overflow 2013-06-15 2013-11-24
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in X.org libXv 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvQueryPortAttributes, (2) XvListImageFormats, and (3) XvCreateImage function.
9574 CVE-2013-1988 189 Overflow 2013-06-15 2013-11-24
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in X.org libXRes 1.0.6 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XResQueryClients and (2) XResQueryClientResources functions.
9575 CVE-2013-1987 189 Overflow 2013-06-15 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in X.org libXrender 0.9.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRenderQueryFilters, (2) XRenderQueryFormats, and (3) XRenderQueryPictIndexValues functions.
9576 CVE-2013-1986 189 Overflow 2013-06-15 2013-11-30
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in X.org libXrandr 1.4.0 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRRQueryOutputProperty and (2) XRRQueryProviderProperty functions.
9577 CVE-2013-1985 20 Overflow 2013-06-15 2013-11-30
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in X.org libXinerama 1.1.2 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XineramaQueryScreens function.
9578 CVE-2013-1984 189 Overflow 2013-06-15 2013-11-30
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4) XGetDeviceMotionEvents, (5) XIGetProperty, (6) XIGetSelectedEvents, (7) XGetDeviceProperties, and (8) XListInputDevices functions.
9579 CVE-2013-1983 189 Overflow 2013-06-15 2013-11-30
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in X.org libXfixes 5.0 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XFixesGetCursorImage function.
9580 CVE-2013-1982 189 Overflow 2013-06-15 2013-06-20
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in X.org libXext 1.3.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XcupGetReservedColormapEntries, (2) XcupStoreColors, (3) XdbeGetVisualInfo, (4) XeviGetVisualInfo, (5) XShapeGetRectangles, and (6) XSyncListSystemCounters functions.
9581 CVE-2013-1981 189 Overflow 2013-06-15 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XQueryFont, (2) _XF86BigfontQueryFont, (3) XListFontsWithInfo, (4) XGetMotionEvents, (5) XListHosts, (6) XGetModifierMapping, (7) XGetPointerMapping, (8) XGetKeyboardMapping, (9) XGetWindowProperty, (10) XGetImage, (11) LoadColornameDB, (12) XrmGetFileDatabase, (13) _XimParseStringFile, or (14) TransFileName functions.
9582 CVE-2013-1980 119 Exec Code Overflow 2014-02-11 2014-02-12
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the get_dsmp function in loaders/masi_load.c in libxmp before 4.1.0 allows remote attackers to execute arbitrary code via a crafted MASI file.
9583 CVE-2013-1979 264 +Priv 2013-05-03 2017-11-28
6.9
None Local Medium Not required Complete Complete Complete
The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application.
9584 CVE-2013-1978 119 DoS Exec Code Overflow 2013-12-12 2019-04-22
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries.
9585 CVE-2013-1976 59 2013-07-09 2019-04-22
6.9
None Local Medium Not required Complete Complete Complete
The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.
9586 CVE-2013-1964 264 DoS +Info 2013-05-21 2017-06-29
6.9
None Local Medium Not required Complete Complete Complete
Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possibly have other impacts via unspecified vectors.
9587 CVE-2013-1954 119 DoS Exec Code Overflow 2013-07-10 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ASF movie that triggers an out-of-bounds read.
9588 CVE-2013-1953 189 Overflow 2013-12-09 2013-12-13
6.8
None Remote Medium Not required Partial Partial Partial
Integer underflow in the input_bmp_reader function in input-bmp.c in AutoTrace 0.31.1 allows context-dependent attackers to have an unspecified impact via a small value in the biSize field in the header of a BMP file, which triggers a buffer overflow.
9589 CVE-2013-1943 20 +Priv +Info 2013-07-16 2019-04-22
6.9
None Local Medium Not required Complete Complete Complete
The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c.
9590 CVE-2013-1927 Exec Code 2013-04-29 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."
9591 CVE-2013-1913 189 DoS Exec Code Overflow 2013-12-12 2019-04-22
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large color entries value in an X Window System (XWD) image dump.
9592 CVE-2013-1911 20 Exec Code 2013-04-02 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
lib/ldoce/word.rb in the ldoce 0.0.2 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in (1) an mp3 URL or (2) file name.
9593 CVE-2013-1899 94 DoS Exec Code Sql 2013-04-04 2013-11-30
6.5
None Remote Low Single system Partial Partial Partial
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen).
9594 CVE-2013-1893 89 Exec Code Sql 2014-03-09 2017-08-28
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in addressbookprovider.php in ownCloud Server before 5.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to the contacts application.
9595 CVE-2013-1892 20 2 DoS Exec Code 2013-10-01 2013-11-30
6.0
None Remote Medium Single system Partial Partial Partial
MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument.
9596 CVE-2013-1888 59 2013-08-17 2013-11-30
6.9
None Local Medium Not required Complete Complete Complete
pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory.
9597 CVE-2013-1872 119 DoS Exec Code Overflow 2013-08-19 2019-04-22
6.8
None Remote Medium Not required Partial Partial Partial
The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d graphics that trigger an out-of-bounds array access, related to the fs_visitor::remove_dead_constants function. NOTE: this issue might be related to CVE-2013-0796.
9598 CVE-2013-1865 287 Bypass 2013-03-22 2013-11-30
6.8
None Remote Medium Not required Partial Partial Partial
OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token.
9599 CVE-2013-1863 264 2013-03-19 2013-03-21
6.0
None Remote Medium Single system Partial Partial Partial
Samba 4.x before 4.0.4, when configured as an Active Directory domain controller, uses world-writable permissions on non-default CIFS shares, which allows remote authenticated users to read, modify, create, or delete arbitrary files via standard filesystem operations.
9600 CVE-2013-1860 119 DoS Exec Code Overflow 2013-03-22 2016-12-07
6.9
None Local Medium Not required Complete Complete Complete
Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted cdc-wdm USB device.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.