CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
9801 CVE-2013-6411 119 DoS Overflow 2013-12-14 2017-08-28
5.0
None Remote Low Not required None None Partial
The HandleCrashedAircraft function in aircraft_cmd.cpp in OpenTTD 0.3.6 through 1.3.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) by crashing an aircraft outside of the map.
9802 CVE-2013-6401 310 DoS 2014-03-20 2014-05-23
5.0
None Remote Low Not required None None Partial
Jansson, possibly 2.4 and earlier, does not restrict the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted JSON document.
9803 CVE-2013-6396 310 +Info 2014-02-18 2014-02-20
5.8
None Remote Medium Not required Partial Partial None
The OpenStack Python client library for Swift (python-swiftclient) 1.0 through 1.9.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
9804 CVE-2013-6391 264 +Priv 2013-12-14 2017-08-28
5.8
None Remote Medium Not required Partial Partial None
The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2tokens API request.
9805 CVE-2013-6389 20 2013-12-07 2014-01-03
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.24 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
9806 CVE-2013-6385 94 Exec Code CSRF 2013-12-07 2014-01-13
5.1
None Remote High Not required Partial Partial Partial
The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote attackers to trigger application-specific impacts such as arbitrary code execution via application-specific vectors.
9807 CVE-2013-6376 189 DoS 2013-12-14 2014-03-16
5.2
None Local Network Medium Single system None None Complete
The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode.
9808 CVE-2013-6373 264 2013-11-25 2016-07-15
5.5
None Remote Low Single system Partial None Partial
The Exclusion plugin before 0.9 for Jenkins does not properly prevent access to resource locks, which allows remote authenticated users to list and release resources via unspecified vectors.
9809 CVE-2013-6371 310 DoS 2014-04-22 2017-08-28
5.0
None Remote Low Not required None None Partial
The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions.
9810 CVE-2013-6370 119 DoS Overflow 2014-04-22 2017-08-28
5.0
None Remote Low Not required None None Partial
Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors.
9811 CVE-2013-6367 189 DoS 2013-12-14 2018-01-08
5.7
None Local Network Medium Not required None None Complete
The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value.
9812 CVE-2013-6312 2013-11-22 2017-08-28
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in IBM Rational Service Tester 8.3.x and 8.5.x before 8.5.1 and Rational Performance Tester 8.3.x and 8.5.x before 8.5.1 allows remote attackers to read arbitrary files via unknown vectors.
9813 CVE-2013-6285 200 +Info 2013-10-27 2013-11-21
5.0
None Remote Low Not required Partial None None
The search component in the Treasurer application in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to obtain sensitive query-structure information via an invalid search request, a different vulnerability than CVE-2013-6020.
9814 CVE-2013-6246 264 Bypass +Info 2013-10-23 2013-10-24
5.0
None Remote Low Not required Partial None None
The Dell Quest One Password Manager, possibly 5.0, allows remote attackers to bypass CAPTCHA protections and obtain sensitive information (user's full name) by sending a login request with a valid domain and username but without the CaptchaType, UseCaptchaEveryTime, and CaptchaResponse parameters.
9815 CVE-2013-6244 2013-10-23 2013-10-30
5.0
None Remote Low Not required Partial None None
The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
9816 CVE-2013-6197 Exec Code 2013-12-28 2017-08-28
5.2
None Local Network Low Single system Partial Partial Partial
Unspecified vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote authenticated users to execute arbitrary code via unknown vectors.
9817 CVE-2013-6193 DoS 2013-12-17 2014-01-07
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability on HP LaserJet M1522n and M2727; LaserJet Pro 100, 300, 400, CM1415fnw, CP1*, M121*, M1536dnf, and P1*; Color LaserJet CM* and CP*; and TopShot LaserJet Pro M275 printers allows remote attackers to cause a denial of service via unknown vectors.
9818 CVE-2013-6174 20 2013-11-20 2015-07-22
5.8
None Remote Medium Not required Partial Partial None
Multiple open redirect vulnerabilities in xAdmin in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters.
9819 CVE-2013-6171 287 Bypass 2013-12-09 2018-03-15
5.8
None Remote Medium Not required Partial Partial None
checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the response to the dovecot-auth server.
9820 CVE-2013-6143 399 DoS 2014-01-31 2014-02-10
5.0
None Remote Low Not required None None Partial
The Schneider Electric Telvent SAGE 3030 RTU with firmware C3413-500-001D3_P4 and C3413-500-001F0_PB allows remote attackers to cause a denial of service (temporary outage and CPU consumption) via malformed DNP3 traffic.
9821 CVE-2013-6141 2014-01-29 2014-02-21
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in op5 Monitor before 6.1.3 allows attackers to read arbitrary files via unknown vectors related to lack of authorization.
9822 CVE-2013-6128 264 1 Dir. Trav. 2013-10-25 2013-10-28
5.8
None Remote Medium Not required None Partial Partial
The KCHARTXYLib.KChartXY ActiveX control in KChartXY.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict SaveToFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the single pathname argument, as demonstrated by a directory traversal attack.
9823 CVE-2013-6127 22 1 Dir. Trav. 2013-10-25 2013-10-28
5.8
None Remote Medium Not required None Partial Partial
The SUPERGRIDLib.SuperGrid ActiveX control in SuperGrid.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict ReplaceDBFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the two pathname arguments, as demonstrated by a directory traversal attack.
9824 CVE-2013-6114 190 1 DoS Overflow 2013-11-04 2016-09-30
5.0
None Remote Low Not required None None Partial
Integer overflow in the OZDocument::parseElement function in Apple Motion 5.0.7 allows remote attackers to cause a denial of service (application crash) via a (1) large or (2) small value in the subview attribute of a viewer element in a .motn file.
9825 CVE-2013-6078 310 2014-06-17 2014-06-19
5.8
None Remote Medium Not required Partial Partial None
The default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager (DPM) 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging unspecified "security concerns," aka the ESA-2013-068 issue. NOTE: this issue has been SPLIT from CVE-2007-6755 because the vendor announcement did not state a specific technical rationale for a change in the algorithm; thus, CVE cannot reach a conclusion that a CVE-2007-6755 concern was the reason, or one of the reasons, for this change.
9826 CVE-2013-6077 264 Bypass 2013-11-05 2013-11-06
5.8
None Remote Medium Not required Partial Partial None
Citrix XenDesktop 7.0, when upgraded from XenDesktop 5.x, does not properly enforce policy rule permissions, which allows remote attackers to bypass intended restrictions.
9827 CVE-2013-6076 DoS 2013-11-02 2013-11-21
5.0
None Remote Low Not required None None Partial
strongSwan 5.0.2 through 5.1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and charon daemon crash) via a crafted IKEv1 fragmentation packet.
9828 CVE-2013-6075 119 DoS Overflow Bypass 2013-11-02 2013-11-21
5.0
None Remote Low Not required None None Partial
The compare_dn function in utils/identification.c in strongSwan 4.3.3 through 5.1.1 allows (1) remote attackers to cause a denial of service (out-of-bounds read, NULL pointer dereference, and daemon crash) or (2) remote authenticated users to impersonate arbitrary users and bypass access restrictions via a crafted ID_DER_ASN1_DN ID, related to an "insufficient length check" during identity comparison.
9829 CVE-2013-6053 20 +Info 2014-04-27 2014-04-28
5.0
None Remote Low Not required Partial None None
OpenJPEG 1.5.1 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read.
9830 CVE-2013-6052 200 +Info 2013-12-12 2014-01-27
5.0
None Remote Low Not required Partial None None
OpenJPEG 1.3 and earlier allows remote attackers to obtain sensitive information via unspecified vectors.
9831 CVE-2013-6048 20 DoS 2013-12-13 2014-03-05
5.0
None Remote Low Not required None None Partial
The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data.
9832 CVE-2013-6043 200 +Info 2014-12-27 2018-08-13
5.0
None Remote Low Not required Partial None None
The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of requests.
9833 CVE-2013-6030 22 Dir. Trav. 2014-01-23 2016-12-30
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability on the Emerson Network Power Avocent MergePoint Unity 2016 (aka MPU2016) KVM switch with firmware 1.9.16473 allows remote attackers to read arbitrary files via unspecified vectors, as demonstrated by reading the /etc/passwd file.
9834 CVE-2013-6020 200 +Info 2013-10-27 2013-11-21
5.8
None Remote Medium Not required Partial Partial None
passwordRequestPOST.jsp in Tyler Technologies TaxWeb 3.13.3.1 sends different HTTP status codes for invalid password-recovery requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests to the (1) Assessor, (2) Recorder, or (3) Treasurer application.
9835 CVE-2013-6006 287 Bypass 2013-12-27 2013-12-30
5.8
None Remote Medium Not required Partial Partial None
Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request.
9836 CVE-2013-6002 399 DoS 2013-12-05 2014-01-03
5.0
None Remote Low Not required None None Partial
The server in Cybozu Garoon before 3.7 SP1 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
9837 CVE-2013-6000 22 Dir. Trav. 2013-12-05 2014-02-25
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Tattyan HP TOWN before 5_10_1 allows remote attackers to read arbitrary files via a .. (dot dot) in a request.
9838 CVE-2013-5999 310 +Info 2013-11-22 2014-03-05
5.8
None Remote Medium Not required Partial Partial None
Kingsoft KDrive Personal before 1.21.0.1880 on Windows does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
9839 CVE-2013-5995 200 +Info 2013-11-20 2013-11-21
5.5
None Remote Low Single system Partial Partial None
data/class/helper/SC_Helper_Address.php in the front-features implementation in LOCKON EC-CUBE 2.12.3 through 2.13.0 allows remote authenticated users to obtain sensitive information via unspecified vectors related to addresses.
9840 CVE-2013-5994 200 +Info 2013-11-20 2013-11-21
5.0
None Remote Low Not required Partial None None
data/class/pages/mypage/LC_Page_Mypage_DeliveryAddr.php in LOCKON EC-CUBE 2.11.2 through 2.13.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.
9841 CVE-2013-5979 22 Dir. Trav. 2013-10-02 2018-08-13
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php.
9842 CVE-2013-5965 264 +Info 2013-09-30 2013-10-11
5.0
None Remote Low Not required Partial None None
The Node View Permissions module 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the hook_query_alter function, which might allow remote attackers to obtain sensitive information by reading a node listing.
9843 CVE-2013-5962 1 Exec Code 2013-09-30 2017-08-28
5.1
None Remote High Not required Partial Partial Partial
Unrestricted file upload vulnerability in frames/upload-images.php in the Complete Gallery Manager plugin before 3.3.4 rev40279 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/[year]/[month]/.
9844 CVE-2013-5960 310 Bypass 2013-09-30 2017-11-22
5.8
None Remote Medium Not required Partial Partial None
The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0.1 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protection mechanisms via an attack against the intended cipher mode in a non-default configuration, a different vulnerability than CVE-2013-5679.
9845 CVE-2013-5958 399 DoS 2014-12-27 2014-12-29
5.0
None Remote Low Not required None None Partial
The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a similar issue to CVE-2013-5750.
9846 CVE-2013-5919 20 DoS 2014-05-30 2018-10-30
5.0
None Remote Low Not required None None Partial
Suricata before 1.4.6 allows remote attackers to cause a denial of service (crash) via a malformed SSL record.
9847 CVE-2013-5910 2014-01-15 2018-01-04
5.0
None Remote Low Not required None Partial None
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that CanonicalizerBase.java in the XML canonicalizer allows untrusted code to access mutable byte arrays.
9848 CVE-2013-5906 2014-01-15 2018-01-04
5.1
None Remote High Not required Partial Partial Partial
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install, a different vulnerability than CVE-2013-5905.
9849 CVE-2013-5905 2014-01-15 2018-01-04
5.1
None Remote High Not required Partial Partial Partial
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install, a different vulnerability than CVE-2013-5906.
9850 CVE-2013-5902 2014-01-15 2018-01-04
5.1
None Remote High Not required Partial Partial Partial
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2014-0410, CVE-2014-0415, CVE-2014-0418, and CVE-2014-0424.
Total number of vulnerabilities : 21278   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 (This Page)198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.