CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
9601 CVE-2013-4591 119 DoS Overflow Mem. Corr. 2013-11-20 2016-12-30
6.2
None Local High Not required Complete Complete Complete
Buffer overflow in the __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via a getxattr system call for the system.nfs4_acl extended attribute of a pathname on an NFSv4 filesystem.
9602 CVE-2013-4588 119 Overflow +Priv 2013-11-20 2016-12-30
6.6
None Local Medium Single system Complete Complete Complete
Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2.6.33, when CONFIG_IP_VS is used, allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability for (1) a getsockopt system call, related to the do_ip_vs_get_ctl function, or (2) a setsockopt system call, related to the do_ip_vs_set_ctl function.
9603 CVE-2013-4581 94 Exec Code 2014-05-12 2014-05-12
6.8
None Remote Medium Not required Partial Partial Partial
GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote attackers to execute arbitrary code via a crafted change using SSH.
9604 CVE-2013-4580 287 Bypass 2014-05-12 2016-05-18
6.8
None Remote Medium Not required Partial Partial Partial
GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication via unspecified API calls.
9605 CVE-2013-4565 119 DoS Exec Code Overflow 2014-04-25 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the __OLEdecode function in ppthtml 0.5.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .ppt file.
9606 CVE-2013-4562 352 CSRF 2014-05-13 2014-05-14
6.8
None Remote Medium Not required Partial Partial Partial
The omniauth-facebook gem 1.4.1 before 1.5.0 does not properly store the session parameter, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via the state parameter.
9607 CVE-2013-4555 352 CSRF 2013-11-17 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in ecrire/action/logout.php in SPIP before 2.1.24 allows remote attackers to hijack the authentication of arbitrary users for requests that logout the user via unspecified vectors.
9608 CVE-2013-4548 264 Bypass 2013-11-08 2015-11-20
6.0
None Remote Medium Single system Partial Partial Partial
The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address.
9609 CVE-2013-4546 Exec Code 2014-05-13 2014-05-14
6.5
None Remote Low Single system Partial Partial Partial
The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL.
9610 CVE-2013-4524 22 Dir. Trav. 2013-11-26 2013-11-27
6.8
None Remote Low Single system Complete None None
Directory traversal vulnerability in repository/filesystem/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a path.
9611 CVE-2013-4511 189 Overflow +Priv 2013-11-12 2014-03-05
6.9
None Local Medium Not required Complete Complete Complete
Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c.
9612 CVE-2013-4497 264 Bypass 2013-11-05 2013-11-06
6.4
None Remote Low Not required Partial Partial None
The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.
9613 CVE-2013-4490 Exec Code 2014-05-13 2014-05-14
6.5
None Remote Low Single system Partial Partial Partial
The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key.
9614 CVE-2013-4489 Exec Code 2014-05-17 2014-05-19
6.5
None Remote Low Single system Partial Partial Partial
The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code search feature.
9615 CVE-2013-4482 +Priv 2013-11-23 2019-04-22
6.2
None Local High Not required Complete Complete Complete
Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the (1) current working directory or (2) its parent directories.
9616 CVE-2013-4479 94 Exec Code 2013-12-07 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
lib/sup/message_chunks.rb in Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the content_type of an email attachment.
9617 CVE-2013-4478 94 Exec Code 2013-12-07 2013-12-09
6.8
None Remote Medium Not required Partial Partial Partial
Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment.
9618 CVE-2013-4470 264 DoS +Priv Mem. Corr. 2013-11-04 2018-01-08
6.9
None Local Medium Not required Complete Complete Complete
The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c.
9619 CVE-2013-4468 1 Exec Code 2014-05-14 2014-05-15
6.5
None Remote Low Single system Partial Partial Partial
VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in the extension parameter in an OriginateVDRelogin action to manager_send.php.
9620 CVE-2013-4467 89 1 Exec Code Sql 2014-03-11 2014-05-20
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in the agent interface (agc/) in VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allow (1) remote attackers to execute arbitrary SQL commands via the campaign variable in SCRIPT_multirecording_AJAX.php, (2) remote authenticated users to execute arbitrary SQL commands via the server_ip parameter to manager_send.php, or (3) other unspecified vectors. NOTE: some of these details are obtained from third party information.
9621 CVE-2013-4457 78 Exec Code 2013-11-02 2013-11-05
6.8
None Remote Medium Not required Partial Partial Partial
The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation.
9622 CVE-2013-4446 94 Exec Code 2013-12-07 2013-12-09
6.8
None Remote Medium Not required Partial Partial Partial
The _json_decode function in plugins/context_reaction_block.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support the json_decode function, allows remote attackers to execute arbitrary PHP code via unspecified vectors related to Ajax operations, possibly involving eval injection.
9623 CVE-2013-4444 94 Exec Code 2014-09-11 2017-01-06
6.8
None Remote Medium Not required Partial Partial Partial
Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.
9624 CVE-2013-4435 287 2013-11-05 2013-11-07
6.0
None Remote Medium Single system Partial Partial Partial
Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine.
9625 CVE-2013-4422 89 Exec Code Sql 2013-10-23 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ (backslash) in a message.
9626 CVE-2013-4419 264 Exec Code 2013-11-05 2018-12-13
6.8
None Local Network High Not required Complete Complete Complete
The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitrary commands by creating /tmp/.guestfish-$UID/ in advance.
9627 CVE-2013-4407 2013-11-23 2014-04-01
6.8
None Remote Medium Not required Partial Partial Partial
HTTP::Body::Multipart in the HTTP-Body 1.08, 1.17, and earlier module for Perl uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume the suffix is well-formed.
9628 CVE-2013-4405 352 CSRF 2013-12-23 2014-01-13
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allow remote attackers to hijack the authentication of cumin users for unspecified requests.
9629 CVE-2013-4404 264 Bypass +Info 2013-12-23 2014-01-13
6.5
None Remote Low Single system Partial Partial Partial
cumin in Red Hat Enterprise MRG Grid 2.4 does not properly enforce user roles, which allows remote authenticated users to bypass intended role restrictions and obtain sensitive information or perform privileged operations via unspecified vectors.
9630 CVE-2013-4397 189 DoS Exec Code Overflow 2013-10-17 2019-04-22
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in the th_read function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) name or (2) link in an archive, which triggers a heap-based buffer overflow.
9631 CVE-2013-4396 399 DoS Exec Code 2013-10-10 2016-11-28
6.5
None Remote Low Single system Partial Partial Partial
Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.
9632 CVE-2013-4388 119 DoS Exec Code Overflow 2013-10-11 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
9633 CVE-2013-4387 119 DoS Overflow Mem. Corr. 2013-10-10 2014-03-26
6.1
None Local Network Low Not required None None Complete
net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not properly determine the need for UDP Fragmentation Offload (UFO) processing of small packets after the UFO queueing of a large packet, which allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via network traffic that triggers a large response packet.
9634 CVE-2013-4379 264 Bypass 2013-10-09 2013-10-10
6.4
None Remote Low Not required Partial Partial None
The Make Meeting Scheduler module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to bypass intended access restrictions for a poll via a direct request to the node's URL instead of the hashed URL.
9635 CVE-2013-4344 119 Overflow +Priv 2013-10-04 2018-10-30
6.0
None Local High Single system Complete Complete Complete
Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.
9636 CVE-2013-4343 399 +Priv 2013-09-25 2019-05-31
6.9
None Local Medium Not required Complete Complete Complete
Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel through 3.11.1 allows local users to gain privileges by leveraging the CAP_NET_ADMIN capability and providing an invalid tuntap interface name in a TUNSETIFF ioctl call.
9637 CVE-2013-4330 94 2013-10-04 2019-05-24
6.8
None Remote Medium Not required Partial Partial Partial
Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName message header to a (1) FILE or (2) FTP producer.
9638 CVE-2013-4329 264 DoS +Priv 2013-09-12 2017-01-06
6.5
None Local Network High Single system Complete Complete Complete
The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows local HVM guest domains to gain privileges or cause a denial of service via a DMA instruction.
9639 CVE-2013-4325 264 Bypass 2013-09-23 2014-01-13
6.9
None Local Medium Not required Complete Complete Complete
The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process.
9640 CVE-2013-4321 94 Exec Code 2014-05-20 2014-05-21
6.5
None Remote Low Single system Partial Partial Partial
The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.4 allows remote authenticated editors to execute arbitrary PHP code via unspecified characters in the file extension when renaming a file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4250.
9641 CVE-2013-4306 352 CSRF 2013-10-11 2019-07-18
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in api/ApiQueryCheckUser.php in the CheckUser extension for MediaWiki, possibly Checkuser before 2.3, allows remote attackers to hijack the authentication of arbitrary users for requests that "perform sensitive write actions" via unspecified vectors.
9642 CVE-2013-4299 264 +Info 2013-10-24 2019-04-22
6.0
None Remote Medium Single system Partial Partial Partial
Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device.
9643 CVE-2013-4291 264 +Priv 2013-09-30 2013-10-01
6.9
None Local Medium Not required Complete Complete Complete
The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to gain privileges.
9644 CVE-2013-4254 20 DoS +Priv 2013-08-24 2013-10-02
6.9
None Local Medium Not required Complete Complete Complete
The validate_event function in arch/arm/kernel/perf_event.c in the Linux kernel before 3.10.8 on the ARM platform allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by adding a hardware event to an event group led by a software event.
9645 CVE-2013-4250 20 Exec Code 2014-05-20 2014-05-31
6.5
None Remote Low Single system Partial Partial Partial
The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file.
9646 CVE-2013-4246 284 DoS +Info 2017-10-30 2017-11-18
6.5
None Remote Low Single system Partial Partial Partial
libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt FSFS repositories and cause a denial of service or obtain sensitive information by editing packed revision properties.
9647 CVE-2013-4244 119 DoS Exec Code Overflow 2013-09-28 2014-03-05
6.8
None Remote Medium Not required Partial Partial Partial
The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image.
9648 CVE-2013-4243 119 DoS Exec Code Overflow 2013-09-10 2017-06-30
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image.
9649 CVE-2013-4240 352 CSRF 2014-04-02 2014-04-02
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add new testimonials via the hms-testimonials-addnew page, (2) add new groups via the hms-testimonials-addnewgroup page, (3) change default settings via the hms-testimonials-settings page, (4) change advanced settings via the hms-testimonials-settings-advanced page, (5) change custom fields settings via the hms-testimonials-settings-fields page, or (6) change template settings via the hms-testimonials-templates-new page to wp-admin/admin.php.
9650 CVE-2013-4237 119 DoS Exec Code Overflow 2013-10-09 2017-06-30
6.8
None Remote Medium Not required Partial Partial Partial
sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.