CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
15651 CVE-2013-2561 59 2013-11-23 2019-04-22
6.3
None Local Medium Not required None Complete Complete
OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst, (6) ibdiagnet.mcfdbs, (7) ibdiagnet.pkey, (8) ibdiagnet.psl, (9) ibdiagnet.slvl, or (10) ibdiagnet.sm in /tmp/.
15652 CVE-2013-2559 89 Exec Code Sql CSRF 2014-03-27 2020-08-25
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in Symphony CMS before 2.3.2 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter to system/authors/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
15653 CVE-2013-2492 119 Exec Code Overflow 2013-03-15 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during extraction of a group number from CNCT information.
15654 CVE-2013-2486 189 DoS 2013-03-07 2018-10-30
6.1
None Local Network Low Not required None None Complete
The dissect_diagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet.
15655 CVE-2013-2485 DoS 2013-03-07 2018-10-30
6.1
None Local Network Low Not required None None Complete
The FCSP dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
15656 CVE-2013-2482 DoS 2013-03-07 2018-10-30
6.1
None Local Network Low Not required None None Complete
The AMPQ dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
15657 CVE-2013-2476 399 DoS 2013-03-07 2018-10-30
6.1
None Local Network Low Not required None None Complete
The dissect_hartip function in epan/dissectors/packet-hartip.c in the HART/IP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a packet with a header that is too short.
15658 CVE-2013-2467 2013-06-18 2017-09-19
6.9
None Local Medium Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 5.0 Update 45 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Java installer.
15659 CVE-2013-2439 2013-04-17 2017-09-19
6.9
None Local Medium Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Install.
15660 CVE-2013-2407 2013-06-18 2018-01-05
6.4
None Remote Low Not required Partial None Partial
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "XML security and the class loader."
15661 CVE-2013-2398 2013-04-17 2013-10-11
6.0
None Remote Medium ??? Partial Partial Partial
Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Open UI Client.
15662 CVE-2013-2395 2013-04-17 2014-02-21
6.8
None Remote Low ??? None None Complete
Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-1567.
15663 CVE-2013-2378 2013-04-17 2019-12-17
6.0
None Remote Medium ??? Partial Partial Partial
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.
15664 CVE-2013-2375 2013-04-17 2018-12-06
6.0
None Remote Medium ??? Partial Partial Partial
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
15665 CVE-2013-2373 264 +Info 2013-03-15 2013-03-18
6.4
None Remote Low Not required Partial Partial None
The Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors.
15666 CVE-2013-2323 264 Bypass 2013-06-28 2019-10-09
6.0
None Remote Medium ??? Partial Partial Partial
HP SQL/MX 3.0 through 3.2 on NonStop servers, when SQL/MP Objects are used, allows remote authenticated users to bypass intended access restrictions and modify data via unspecified vectors, aka the "SQL/MP tables" issue.
15667 CVE-2013-2305 352 CSRF 2013-04-25 2013-04-25
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0, Cybozu Dezie before 8.0.7, and Cybozu Mailwise before 5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that change passwords.
15668 CVE-2013-2297 255 +Priv 2013-09-17 2013-09-18
6.9
None Local Medium Not required Complete Complete Complete
Eucalyptus EuStore sets a blank root password in the default configuration of EMI 3868652036, EMI 0400376721, EMI 2425352071, and EMI 1347115203, which allows local users to gain privileges via unspecified vectors, a related issue to CVE-2013-2069.
15669 CVE-2013-2274 Exec Code 2013-03-20 2019-07-10
6.5
None Remote Low ??? Partial Partial Partial
Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report.
15670 CVE-2013-2256 264 +Info 2013-09-16 2018-11-16
6.0
None Remote Medium ??? Partial Partial Partial
OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unspecified impacts by guessing the flavor id.
15671 CVE-2013-2238 119 DoS Exec Code Overflow 2013-09-30 2013-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Multiple buffer overflows in the switch_perform_substitution function in switch_regex.c in FreeSWITCH 1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the index and substituted variables.
15672 CVE-2013-2225 1 2014-05-27 2014-05-28
6.4
None Remote Low Not required None Partial Partial
inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php.
15673 CVE-2013-2224 DoS +Priv 2013-07-04 2019-04-22
6.9
None Local Medium Not required Complete Complete Complete
A certain Red Hat patch for the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows local users to cause a denial of service (invalid free operation and system crash) or possibly gain privileges via a sendmsg system call with the IP_RETOPTS option, as demonstrated by hemlock.c. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-3552.
15674 CVE-2013-2222 119 DoS Exec Code Overflow 2013-10-04 2018-01-09
6.8
None Remote Medium Not required Partial Partial Partial
Multiple stack-based buffer overflows in GNU ZRTPCPP before 3.2.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ZRTP Hello packet to the (1) ZRtp::findBestSASType, (2) ZRtp::findBestAuthLen, (3) ZRtp::findBestCipher, (4) ZRtp::findBestHash, or (5) ZRtp::findBestPubKey functions.
15675 CVE-2013-2208 94 Exec Code 2013-10-28 2013-10-30
6.8
None Remote Medium Not required Partial Partial Partial
tpp 1.3.1 allows remote attackers to execute arbitrary commands via a --exec command in a TPP template file.
15676 CVE-2013-2196 2013-08-23 2014-12-12
6.9
None Local Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "other problems" that are not CVE-2013-2194 or CVE-2013-2195.
15677 CVE-2013-2195 189 2013-08-23 2014-12-12
6.9
None Local Medium Not required Complete Complete Complete
The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "pointer dereferences" involving unexpected calculations.
15678 CVE-2013-2194 189 Overflow 2013-08-23 2014-12-12
6.9
None Local Medium Not required Complete Complete Complete
Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel.
15679 CVE-2013-2189 119 DoS Overflow Mem. Corr. 2013-07-31 2013-07-31
6.8
None Remote Medium Not required Partial Partial Partial
Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
15680 CVE-2013-2174 119 DoS Exec Code Overflow 2013-07-31 2019-04-22
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character.
15681 CVE-2013-2171 264 +Priv Bypass 2013-07-02 2019-03-18
6.9
None Local Medium Not required Complete Complete Complete
The vm_map_lookup function in sys/vm/vm_map.c in the mmap implementation in the kernel in FreeBSD 9.0 through 9.1-RELEASE-p4 does not properly determine whether a task should have write access to a memory location, which allows local users to bypass filesystem write permissions and consequently gain privileges via a crafted application that leverages read permissions, and makes mmap and ptrace system calls.
15682 CVE-2013-2158 352 CSRF 2013-07-01 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the Services module 6.x-3.x and 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
15683 CVE-2013-2143 20 1 +Priv 2014-04-17 2014-04-17
6.5
None Remote Low ??? Partial Partial Partial
The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.
15684 CVE-2013-2121 94 1 Exec Code 2013-07-31 2018-08-13
6.0
None Remote Medium ??? Partial Partial Partial
Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.
15685 CVE-2013-2114 Exec Code 2013-11-18 2013-11-21
6.8
None Remote Medium Not required Partial Partial Partial
Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19 through 1.19.6 and 1.20.x before 1.20.6 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.
15686 CVE-2013-2113 264 +Priv 2013-07-31 2018-08-13
6.0
None Remote Medium ??? Partial Partial Partial
The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role.
15687 CVE-2013-2109 352 Exec Code 2020-02-10 2020-02-24
6.8
None Remote Medium Not required Partial Partial Partial
WordPress plugin wp-cleanfix has Remote Code Execution
15688 CVE-2013-2107 352 CSRF 2014-05-23 2014-05-30
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the Mail On Update plugin before 5.2.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change the "List of alternative recipients" via the mailonupdate_mailto parameter in the mail-on-update page to wp-admin/options-general.php. NOTE: a third party claims that 5.2.1 and 5.2.2 are also vulnerable, but the issue might require a separate CVE identifier since this might reflect an incomplete fix.
15689 CVE-2013-2067 287 2013-06-01 2019-04-15
6.8
None Remote Medium Not required Partial Partial Partial
java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
15690 CVE-2013-2066 119 DoS Exec Code Overflow 2013-06-15 2013-11-25
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in X.org libXv 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvQueryPortAttributes function.
15691 CVE-2013-2065 264 Bypass 2013-11-02 2018-10-30
6.4
None Remote Low Not required Partial Partial None
(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.
15692 CVE-2013-2064 189 Overflow 2013-06-15 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function.
15693 CVE-2013-2063 189 Overflow 2013-06-15 2013-11-25
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in X.org libXtst 1.2.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XRecordGetContext function.
15694 CVE-2013-2062 189 Overflow 2013-06-15 2013-09-12
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in X.org libXp 1.0.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XpGetAttributes, (2) XpGetOneAttribute, (3) XpGetPrinterList, and (4) XpQueryScreens functions.
15695 CVE-2013-2059 287 2013-05-21 2017-08-29
6.0
None Remote Medium ??? Partial Partial Partial
OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.
15696 CVE-2013-2053 119 DoS Exec Code Overflow 2013-07-09 2019-07-29
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the atodn function in Openswan before 2.6.39, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be the same vulnerability as CVE-2013-2052 and CVE-2013-2054.
15697 CVE-2013-2048 264 Exec Code CSRF 2014-03-14 2014-03-17
6.5
None Remote Low ??? Partial Partial Partial
ownCloud before 5.0.6 does not properly check permissions, which allows remote authenticated users to execute arbitrary API commands via unspecified vectors. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary API commands.
15698 CVE-2013-2046 89 Exec Code Sql 2014-03-09 2014-03-10
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
15699 CVE-2013-2045 89 Exec Code Sql 2014-03-09 2014-03-10
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
15700 CVE-2013-2034 352 Exec Code CSRF 2014-05-14 2016-07-15
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.