CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
15851 CVE-2013-0994 399 DoS Exec Code Mem. Corr. 2013-05-20 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
15852 CVE-2013-0993 399 DoS Exec Code Mem. Corr. 2013-05-20 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
15853 CVE-2013-0992 399 DoS Exec Code Mem. Corr. 2013-05-20 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
15854 CVE-2013-0991 399 DoS Exec Code Mem. Corr. 2013-05-20 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
15855 CVE-2013-0983 119 DoS Exec Code Overflow 2013-06-05 2013-06-05
6.8
None Remote Medium Not required Partial Partial Partial
Stack consumption vulnerability in CoreAnimation in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text glyph in a URL encountered by Safari.
15856 CVE-2013-0976 119 DoS Exec Code Overflow Mem. Corr. 2013-03-15 2013-06-05
6.8
None Remote Medium Not required Partial Partial Partial
IOAcceleratorFamily in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted graphics image.
15857 CVE-2013-0975 119 DoS Exec Code Overflow 2013-06-05 2013-06-05
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.
15858 CVE-2013-0973 Exec Code 2013-03-15 2013-03-18
6.8
None Remote Medium Not required Partial Partial Partial
Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream.
15859 CVE-2013-0971 399 DoS Exec Code 2013-03-15 2013-03-18
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted ink annotations in a PDF document.
15860 CVE-2013-0968 119 DoS Exec Code Overflow Mem. Corr. 2013-01-29 2013-02-05
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
15861 CVE-2013-0966 Bypass 2013-03-15 2013-03-18
6.4
None Remote Low Not required Partial Partial None
The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
15862 CVE-2013-0961 DoS Exec Code Mem. Corr. 2013-03-15 2013-03-18
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0960.
15863 CVE-2013-0960 DoS Exec Code Mem. Corr. 2013-03-15 2013-03-18
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0961.
15864 CVE-2013-0959 119 DoS Exec Code Overflow Mem. Corr. 2013-01-29 2013-03-16
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
15865 CVE-2013-0958 119 DoS Exec Code Overflow Mem. Corr. 2013-01-29 2013-03-16
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
15866 CVE-2013-0956 119 DoS Exec Code Overflow Mem. Corr. 2013-01-29 2013-03-16
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
15867 CVE-2013-0955 119 DoS Exec Code Overflow Mem. Corr. 2013-01-29 2013-03-16
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
15868 CVE-2013-0954 119 DoS Exec Code Overflow Mem. Corr. 2013-01-29 2013-03-16
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
15869 CVE-2013-0953 119 DoS Exec Code Overflow Mem. Corr. 2013-01-29 2013-03-16
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
15870 CVE-2013-0952 119 DoS Exec Code Overflow Mem. Corr. 2013-01-29 2013-03-16
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
15871 CVE-2013-0951 119 DoS Exec Code Overflow Mem. Corr. 2013-01-29 2013-03-16
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
15872 CVE-2013-0950 119 DoS Exec Code Overflow Mem. Corr. 2013-01-29 2013-03-16
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
15873 CVE-2013-0949 119 DoS Exec Code Overflow Mem. Corr. 2013-01-29 2013-03-16
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
15874 CVE-2013-0948 119 DoS Exec Code Overflow Mem. Corr. 2013-01-29 2013-03-16
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
15875 CVE-2013-0926 20 2013-03-28 2017-09-19
6.8
None Remote Medium Not required Partial Partial Partial
Google Chrome before 26.0.1410.43 does not properly handle active content in an EMBED element during a copy-and-paste operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site.
15876 CVE-2013-0921 264 Bypass 2013-03-28 2017-09-19
6.8
None Remote Medium Not required Partial Partial Partial
The Isolated Sites feature in Google Chrome before 26.0.1410.43 does not properly enforce the use of separate processes, which makes it easier for remote attackers to bypass intended access restrictions via a crafted web site.
15877 CVE-2013-0918 264 2013-03-28 2017-09-19
6.8
None Remote Medium Not required Partial Partial Partial
Google Chrome before 26.0.1410.43 does not prevent navigation to developer tools in response to a drag-and-drop operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site.
15878 CVE-2013-0900 362 DoS 2013-02-23 2017-09-19
6.8
None Remote Medium Not required Partial Partial Partial
Race condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
15879 CVE-2013-0893 362 DoS 2013-02-23 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Race condition in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media.
15880 CVE-2013-0889 264 Exec Code 2013-02-23 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly enforce a user gesture requirement before proceeding with a file download, which might make it easier for remote attackers to execute arbitrary code via a crafted file.
15881 CVE-2013-0871 362 +Priv 2013-02-18 2013-06-21
6.9
None Local Medium Not required Complete Complete Complete
Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death.
15882 CVE-2013-0836 399 DoS 2013-01-15 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.52, does not properly implement garbage collection, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code.
15883 CVE-2013-0829 264 Bypass 2013-01-15 2017-09-19
6.4
None Remote Low Not required Partial Partial None
Google Chrome before 24.0.1312.52 does not properly maintain database metadata, which allows remote attackers to bypass intended file-access restrictions via unspecified vectors.
15884 CVE-2013-0828 399 DoS 2013-01-15 2017-09-19
6.8
None Remote Medium Not required Partial Partial Partial
The PDF functionality in Google Chrome before 24.0.1312.52 does not properly perform a cast of an unspecified variable during processing of the root of the structure tree, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
15885 CVE-2013-0800 Exec Code 2013-04-03 2021-03-11
6.8
None Remote Medium Not required Partial Partial Partial
Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation.
15886 CVE-2013-0797 +Priv 2013-04-03 2017-09-19
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in the Mozilla Updater in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allows local users to gain privileges via a Trojan horse DLL file in an unspecified directory.
15887 CVE-2013-0747 20 2013-01-13 2020-08-10
6.8
None Remote Medium Not required Partial Partial Partial
The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same Origin Policy, which allows remote attackers to conduct clickjacking attacks via crafted JavaScript code that listens for a mutation event.
15888 CVE-2013-0736 352 XSS CSRF 2013-10-09 2013-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in the Mingle Forum plugin 1.0.34 and possibly earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) modify user privileges or (2) conduct cross-site scripting (XSS) attacks via unspecified vectors.
15889 CVE-2013-0727 +Priv 2013-04-26 2013-04-26
6.9
None Local Medium Not required Complete Complete Complete
Multiple untrusted search path vulnerabilities in Global Mapper 14.1.0 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) ibfs32.dll file in the current working directory, as demonstrated by a directory that contains a .gmc, .gmg, .gmp, .gms, .gmw, or .opt file.
15890 CVE-2013-0725 427 Exec Code 2020-01-30 2020-02-06
6.9
None Local Medium Not required Complete Complete Complete
ERDAS ER Viewer 13.0 has dwmapi.dll and irml.dll libraries arbitrary code execution vulnerabilities
15891 CVE-2013-0717 352 CSRF 2013-03-19 2013-03-21
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in the web-based management utility on the NEC AtermWR9500N, AtermWR8600N, AtermWR8370N, AtermWR8160N, AtermWM3600R, and AtermWM3450RN routers allow remote attackers to hijack the authentication of administrators for requests that (1) initialize settings or (2) reboot the device.
15892 CVE-2013-0713 20 DoS 2013-03-20 2013-05-21
6.8
None Remote Low ??? None None Complete
IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (daemon outage) via a crafted pty request.
15893 CVE-2013-0712 20 DoS 2013-03-20 2013-03-21
6.8
None Remote Low ??? None None Complete
IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (daemon outage) via a crafted packet.
15894 CVE-2013-0701 89 Exec Code Sql 2013-02-14 2013-02-14
6.0
None Remote Medium ??? Partial Partial Partial
SQL injection vulnerability in Cybozu Garoon 2.5.0 through 3.5.3 allows remote authenticated users to execute arbitrary SQL commands by leveraging a logging privilege.
15895 CVE-2013-0687 264 +Priv 2013-04-18 2013-04-18
6.6
None Local Medium ??? Complete Complete Complete
The installer routine in Schneider Electric MiCOM S1 Studio uses world-writable permissions for executable files, which allows local users to modify the service or the configuration files, and consequently gain privileges or trigger incorrect protective-relay operation, via a Trojan horse executable file.
15896 CVE-2013-0675 119 DoS Overflow 2013-03-21 2013-03-22
6.1
None Local Network Low Not required None None Complete
Buffer overflow in CCEServer (aka the central communications component) in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to cause a denial of service via a crafted packet.
15897 CVE-2013-0674 119 Exec Code Overflow 2013-03-21 2013-03-22
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the RegReader ActiveX control in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to execute arbitrary code via a long parameter.
15898 CVE-2013-0665 264 +Priv 2013-03-21 2013-03-21
6.2
None Local High Not required Complete Complete Complete
Schweitzer Engineering Laboratories (SEL) AcSELerator QuickSet before 5.12.0.1 uses weak permissions for its Program Files directory, which allows local users to replace executable files, and consequently gain privileges, via standard filesystem operations.
15899 CVE-2013-0663 352 Exec Code CSRF 2013-04-04 2018-05-24
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials.
15900 CVE-2013-0656 119 Exec Code Overflow 2013-01-21 2013-01-22
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in a third-party ActiveX component in Siemens SIMATIC RF-MANAGER 2008, and RF-MANAGER Basic 3.0 and earlier, allows remote attackers to execute arbitrary code via a crafted web site.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.