CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
15701 CVE-2013-2034 352 Exec Code CSRF 2014-05-14 2016-07-15
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors.
15702 CVE-2013-2029 59 2013-11-23 2013-11-25
6.3
None Local Medium Not required None Complete Complete
nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a predictable name in /tmp/.
15703 CVE-2013-2016 269 2019-12-30 2020-01-17
6.9
None Local Medium Not required Complete Complete Complete
A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host.
15704 CVE-2013-2011 116 Exec Code 2019-12-26 2020-01-02
6.8
None Remote Medium Not required Partial Partial Partial
WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. This issue exists because of an incomplete fix for CVE-2013-2009.
15705 CVE-2013-2009 Exec Code 2020-02-07 2020-02-10
6.8
None Remote Medium Not required Partial Partial Partial
WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution
15706 CVE-2013-2007 264 2013-05-21 2017-08-29
6.9
None Local Medium Not required Complete Complete Complete
The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.
15707 CVE-2013-2005 119 Overflow Mem. Corr. 2013-06-15 2017-04-21
6.8
None Remote Medium Not required Partial Partial Partial
X.org libXt 1.1.3 and earlier does not check the return value of the XGetWindowProperty function, which allows X servers to trigger use of an uninitialized pointer and memory corruption via vectors related to the (1) ReqCleanup, (2) HandleSelectionEvents, (3) ReqTimedOut, (4) HandleNormal, and (5) HandleSelectionReplies functions.
15708 CVE-2013-2004 119 DoS Overflow 2013-06-15 2013-06-21
6.8
None Remote Medium Not required Partial Partial Partial
The (1) GetDatabase and (2) _XimParseStringFile functions in X.org libX11 1.5.99.901 (1.6 RC1) and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service (stack consumption) via a crafted file.
15709 CVE-2013-2003 189 Overflow 2013-06-15 2017-04-21
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in X.org libXcursor 1.1.13 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the _XcursorFileHeaderCreate function.
15710 CVE-2013-2002 189 DoS Exec Code Overflow 2013-06-15 2017-04-21
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in X.org libXt 1.1.3 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the _XtResourceConfigurationEH function.
15711 CVE-2013-2001 119 DoS Exec Code Overflow 2013-06-15 2013-11-25
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in X.org libXxf86vm 1.1.2 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XF86VidModeGetGammaRamp function.
15712 CVE-2013-2000 119 DoS Exec Code Overflow 2013-06-15 2013-11-25
6.8
None Remote Medium Not required Partial Partial Partial
Multiple buffer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XDGAQueryModes and (2) XDGASetMode functions.
15713 CVE-2013-1999 119 DoS Exec Code Overflow 2013-06-15 2013-11-25
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in X.org libXvMC 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvMCGetDRInfo function.
15714 CVE-2013-1998 119 DoS Exec Code Overflow 2013-06-15 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Multiple buffer overflows in X.org libXi 1.7.1 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XGetDeviceButtonMapping, (2) XIPassiveGrabDevice, and (3) XQueryDeviceState functions.
15715 CVE-2013-1997 119 DoS Exec Code Overflow 2013-06-15 2013-12-01
6.8
None Remote Medium Not required Partial Partial Partial
Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XAllocColorCells, (2) _XkbReadGetDeviceInfoReply, (3) _XkbReadGeomShapes, (4) _XkbReadGetGeometryReply, (5) _XkbReadKeySyms, (6) _XkbReadKeyActions, (7) _XkbReadKeyBehaviors, (8) _XkbReadModifierMap, (9) _XkbReadExplicitComponents, (10) _XkbReadVirtualModMap, (11) _XkbReadGetNamesReply, (12) _XkbReadGetMapReply, (13) _XimXGetReadData, (14) XListFonts, (15) XListExtensions, and (16) XGetFontPath functions.
15716 CVE-2013-1996 119 Overflow 2013-06-15 2015-10-16
6.8
None Remote Medium Not required Partial Partial Partial
X.org libFS 1.0.4 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the FSOpenServer function.
15717 CVE-2013-1995 119 Overflow 2013-06-15 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
X.org libXi 1.7.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the XListInputDevices function.
15718 CVE-2013-1994 189 Overflow 2013-06-15 2013-06-21
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in X.org libchromeXvMC and libchromeXvMCPro in openChrome 0.3.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) uniDRIOpenConnection and (2) uniDRIGetClientDriverName functions.
15719 CVE-2013-1993 189 Overflow 2013-06-15 2014-01-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XF86DRIOpenConnection and (2) XF86DRIGetClientDriverName functions.
15720 CVE-2013-1992 189 Overflow 2013-06-15 2013-11-25
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in X.org libdmx 1.1.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) DMXGetScreenAttributes, (2) DMXGetWindowAttributes, and (3) DMXGetInputAttributes functions.
15721 CVE-2013-1991 189 Overflow 2013-06-15 2013-11-25
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XDGAQueryModes and (2) XDGASetMode functions.
15722 CVE-2013-1990 189 Overflow 2013-06-15 2013-11-25
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in X.org libXvMC 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvMCListSurfaceTypes and (2) XvMCListSubpictureTypes functions.
15723 CVE-2013-1989 189 Overflow 2013-06-15 2013-11-25
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in X.org libXv 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvQueryPortAttributes, (2) XvListImageFormats, and (3) XvCreateImage function.
15724 CVE-2013-1988 189 Overflow 2013-06-15 2013-11-25
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in X.org libXRes 1.0.6 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XResQueryClients and (2) XResQueryClientResources functions.
15725 CVE-2013-1987 189 Overflow 2013-06-15 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in X.org libXrender 0.9.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRenderQueryFilters, (2) XRenderQueryFormats, and (3) XRenderQueryPictIndexValues functions.
15726 CVE-2013-1986 189 Overflow 2013-06-15 2013-12-01
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in X.org libXrandr 1.4.0 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRRQueryOutputProperty and (2) XRRQueryProviderProperty functions.
15727 CVE-2013-1985 20 Overflow 2013-06-15 2013-12-01
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in X.org libXinerama 1.1.2 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XineramaQueryScreens function.
15728 CVE-2013-1984 189 Overflow 2013-06-15 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4) XGetDeviceMotionEvents, (5) XIGetProperty, (6) XIGetSelectedEvents, (7) XGetDeviceProperties, and (8) XListInputDevices functions.
15729 CVE-2013-1983 189 Overflow 2013-06-15 2013-12-01
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in X.org libXfixes 5.0 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XFixesGetCursorImage function.
15730 CVE-2013-1982 189 Overflow 2013-06-15 2013-06-21
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in X.org libXext 1.3.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XcupGetReservedColormapEntries, (2) XcupStoreColors, (3) XdbeGetVisualInfo, (4) XeviGetVisualInfo, (5) XShapeGetRectangles, and (6) XSyncListSystemCounters functions.
15731 CVE-2013-1981 189 Overflow 2013-06-15 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XQueryFont, (2) _XF86BigfontQueryFont, (3) XListFontsWithInfo, (4) XGetMotionEvents, (5) XListHosts, (6) XGetModifierMapping, (7) XGetPointerMapping, (8) XGetKeyboardMapping, (9) XGetWindowProperty, (10) XGetImage, (11) LoadColornameDB, (12) XrmGetFileDatabase, (13) _XimParseStringFile, or (14) TransFileName functions.
15732 CVE-2013-1980 119 Exec Code Overflow 2014-02-11 2014-02-12
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the get_dsmp function in loaders/masi_load.c in libxmp before 4.1.0 allows remote attackers to execute arbitrary code via a crafted MASI file.
15733 CVE-2013-1979 264 +Priv 2013-05-03 2017-11-29
6.9
None Local Medium Not required Complete Complete Complete
The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application.
15734 CVE-2013-1978 119 DoS Exec Code Overflow 2013-12-12 2019-04-22
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries.
15735 CVE-2013-1976 59 2013-07-09 2019-04-22
6.9
None Local Medium Not required Complete Complete Complete
The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.
15736 CVE-2013-1964 264 DoS +Info 2013-05-21 2017-06-30
6.9
None Local Medium Not required Complete Complete Complete
Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possibly have other impacts via unspecified vectors.
15737 CVE-2013-1954 119 DoS Exec Code Overflow 2013-07-10 2017-09-19
6.8
None Remote Medium Not required Partial Partial Partial
The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ASF movie that triggers an out-of-bounds read.
15738 CVE-2013-1953 189 Overflow 2013-12-09 2013-12-13
6.8
None Remote Medium Not required Partial Partial Partial
Integer underflow in the input_bmp_reader function in input-bmp.c in AutoTrace 0.31.1 allows context-dependent attackers to have an unspecified impact via a small value in the biSize field in the header of a BMP file, which triggers a buffer overflow.
15739 CVE-2013-1927 Exec Code 2013-04-29 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."
15740 CVE-2013-1913 189 DoS Exec Code Overflow 2013-12-12 2019-04-22
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large color entries value in an X Window System (XWD) image dump.
15741 CVE-2013-1911 20 Exec Code 2013-04-03 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
lib/ldoce/word.rb in the ldoce 0.0.2 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in (1) an mp3 URL or (2) file name.
15742 CVE-2013-1899 94 DoS Exec Code Sql 2013-04-04 2013-12-01
6.5
None Remote Low ??? Partial Partial Partial
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen).
15743 CVE-2013-1893 89 Exec Code Sql 2014-03-09 2017-08-29
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in addressbookprovider.php in ownCloud Server before 5.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to the contacts application.
15744 CVE-2013-1892 20 2 DoS Exec Code 2013-10-01 2013-12-01
6.0
None Remote Medium ??? Partial Partial Partial
MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument.
15745 CVE-2013-1872 119 DoS Exec Code Overflow 2013-08-19 2019-04-22
6.8
None Remote Medium Not required Partial Partial Partial
The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d graphics that trigger an out-of-bounds array access, related to the fs_visitor::remove_dead_constants function. NOTE: this issue might be related to CVE-2013-0796.
15746 CVE-2013-1867 59 2020-01-30 2020-02-03
6.3
None Local Medium Not required None Complete Complete
Gemalto Tokend 2013 has an Arbitrary File Creation/Overwrite Vulnerability
15747 CVE-2013-1866 59 2020-01-30 2020-02-03
6.3
None Local Medium Not required None Complete Complete
OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability
15748 CVE-2013-1865 287 Bypass 2013-03-22 2013-12-01
6.8
None Remote Medium Not required Partial Partial Partial
OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token.
15749 CVE-2013-1863 264 2013-03-19 2013-03-21
6.0
None Remote Medium ??? Partial Partial Partial
Samba 4.x before 4.0.4, when configured as an Active Directory domain controller, uses world-writable permissions on non-default CIFS shares, which allows remote authenticated users to read, modify, create, or delete arbitrary files via standard filesystem operations.
15750 CVE-2013-1860 119 DoS Exec Code Overflow 2013-03-22 2016-12-08
6.9
None Local Medium Not required Complete Complete Complete
Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted cdc-wdm USB device.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.