| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
22451 |
CVE-2013-5841 |
|
|
|
2013-10-16 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Portal, a different vulnerability than CVE-2013-5794. |
|
22452 |
CVE-2013-5840 |
|
|
|
2013-10-16 |
2022-05-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries. |
|
22453 |
CVE-2013-5836 |
|
|
|
2013-10-16 |
2013-11-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Business Interlink. |
|
22454 |
CVE-2013-5831 |
|
|
|
2013-10-16 |
2022-05-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5818 and CVE-2013-5819. |
|
22455 |
CVE-2013-5826 |
|
|
|
2013-10-16 |
2016-05-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.3 and 6.3.1 allows remote attackers to affect availability via unknown vectors related to Install / Installation. |
|
22456 |
CVE-2013-5825 |
|
|
|
2013-10-16 |
2022-05-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JAXP. |
|
22457 |
CVE-2013-5823 |
|
|
|
2013-10-16 |
2022-05-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via unknown vectors related to Security. |
|
22458 |
CVE-2013-5820 |
|
|
|
2013-10-16 |
2022-05-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to JAX-WS. |
|
22459 |
CVE-2013-5819 |
|
|
|
2013-10-16 |
2022-05-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5818 and CVE-2013-5831. |
|
22460 |
CVE-2013-5818 |
|
|
|
2013-10-16 |
2022-05-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5819 and CVE-2013-5831. |
|
22461 |
CVE-2013-5816 |
|
|
|
2013-10-16 |
2013-10-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2 allows remote attackers to affect availability via unknown vectors related to Metro. |
|
22462 |
CVE-2013-5801 |
|
|
|
2013-10-16 |
2022-05-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D. |
|
22463 |
CVE-2013-5795 |
|
|
|
2014-01-15 |
2014-01-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.1, 12.2.2, and 12.2.3 allows remote attackers to affect confidentiality via unknown vectors related to DM Others. |
|
22464 |
CVE-2013-5794 |
|
|
|
2013-10-16 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Portal, a different vulnerability than CVE-2013-5841. |
|
22465 |
CVE-2013-5792 |
|
|
|
2013-10-16 |
2013-10-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the Techstack component in Oracle E-Business Suite 12.1 allows remote attackers to affect confidentiality via unknown vectors related to Apache. |
|
22466 |
CVE-2013-5778 |
|
|
|
2013-10-16 |
2022-05-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D. |
|
22467 |
CVE-2013-5776 |
|
|
|
2013-10-16 |
2022-05-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment. |
|
22468 |
CVE-2013-5774 |
|
|
|
2013-10-16 |
2022-05-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries. |
|
22469 |
CVE-2013-5765 |
|
|
|
2013-10-16 |
2013-10-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect availability via vectors related to XML Publisher. |
|
22470 |
CVE-2013-5761 |
|
|
|
2013-10-16 |
2013-10-16 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in the Siebel Core - Server BizLogic Script component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Integration - Scripting. |
|
22471 |
CVE-2013-5760 |
200 |
|
+Info |
2014-06-09 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
QNAP Photo Station before firmware 4.0.3 build0912 allows remote attackers to list OS user accounts via a request to photo/p/api/list.php. |
|
22472 |
CVE-2013-5751 |
22 |
|
Dir. Trav. |
2013-09-16 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors. |
|
22473 |
CVE-2013-5750 |
399 |
|
DoS |
2013-09-25 |
2013-10-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The login form in the FriendsOfSymfony FOSUserBundle bundle before 1.3.3 for Symfony allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation. |
|
22474 |
CVE-2013-5725 |
264 |
|
|
2013-10-01 |
2013-10-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The Metaclassy Byword app 2.x before 2.1 for iOS does not require confirmation of Replace file actions, which allows remote attackers to overwrite arbitrary files via the name and text parameters in a byword://replace URL. |
|
22475 |
CVE-2013-5720 |
119 |
|
DoS Overflow |
2013-09-16 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. |
|
22476 |
CVE-2013-5705 |
|
|
Bypass |
2014-04-15 |
2021-02-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header. |
|
22477 |
CVE-2013-5704 |
|
|
Bypass |
2014-04-15 |
2022-04-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such." |
|
22478 |
CVE-2013-5700 |
189 |
|
DoS |
2013-09-10 |
2020-03-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Bloom Filter implementation in bitcoind and Bitcoin-Qt 0.8.x before 0.8.4rc1 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted sequence of messages. |
|
22479 |
CVE-2013-5688 |
22 |
|
Dir. Trav. |
2013-11-05 |
2013-11-06 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
Multiple directory traversal vulnerabilities in index.php in AjaXplorer 5.0.2 and earlier allow remote authenticated users to read arbitrary files via a ../%00 (dot dot backslash encoded null byte) in the file parameter in a (1) download or (2) get_content action, or (3) upload arbitrary files via a ../%00 (dot dot backslash encoded null byte) in the dir parameter in an upload action. |
|
22480 |
CVE-2013-5687 |
200 |
|
+Info |
2020-02-14 |
2020-02-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
RiskNet Acquirer before hotfix 6.0 b7+ADHOC-443 ApplicationServiceBean contains a service information disclosure. |
|
22481 |
CVE-2013-5659 |
787 |
|
|
2020-01-27 |
2020-01-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Wiz 5.0.3 has a user mode write access violation |
|
22482 |
CVE-2013-5657 |
|
|
|
2020-01-07 |
2020-01-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
AultWare pwStore 2010.8.30.0 has DoS via an empty HTTP request |
|
22483 |
CVE-2013-5651 |
119 |
|
DoS Overflow |
2013-09-30 |
2015-01-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as demonstrated by a large nodeset value to numatune. |
|
22484 |
CVE-2013-5650 |
20 |
|
DoS |
2013-09-16 |
2017-08-29 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
Junos Pulse Secure Access Service (IVE) 7.1 before 7.1r5, 7.2 before 7.2r10, 7.3 before 7.3r6, and 7.4 before 7.4r3 and Junos Pulse Access Control Service (UAC) 4.1 before 4.1r8.1, 4.2 before 4.2r5, 4.3 before 4.3r6 and 4.4 before 4.4r3, when a hardware SSL acceleration card is enabled, allows remote attackers to cause a denial of service (device hang) via a crafted packet. |
|
22485 |
CVE-2013-5642 |
20 |
|
DoS |
2013-09-09 |
2013-09-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request. |
|
22486 |
CVE-2013-5641 |
119 |
|
DoS Overflow |
2013-09-09 |
2013-09-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an ACK with SDP to a previously terminated channel. NOTE: some of these details are obtained from third party information. |
|
22487 |
CVE-2013-5611 |
|
|
|
2013-12-11 |
2018-10-30 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation. |
|
22488 |
CVE-2013-5606 |
264 |
|
Bypass |
2013-11-18 |
2018-10-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate. |
|
22489 |
CVE-2013-5567 |
400 |
|
DoS |
2014-07-14 |
2022-06-02 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
Cisco Adaptive Security Appliance (ASA) Software 8.4(.6) and earlier, when using an unsupported configuration with overlapping criteria for filtering and inspection, allows remote attackers to cause a denial of service (traffic loop and device crash) via a packet that triggers multiple matches, aka Bug ID CSCui45606. |
|
22490 |
CVE-2013-5566 |
119 |
|
DoS Overflow |
2013-11-08 |
2013-11-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco NX-OS 5.0 and earlier on MDS 9000 devices allows remote attackers to cause a denial of service (supervisor CPU consumption) via Authentication Header (AH) authentication in a Virtual Router Redundancy Protocol (VRRP) frame, aka Bug ID CSCte27874. |
|
22491 |
CVE-2013-5564 |
119 |
|
DoS Overflow |
2013-11-04 |
2013-11-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Java process in the Impact server in Cisco Prime Central for Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (process crash) via a flood of TCP packets, aka Bug ID CSCug57345. |
|
22492 |
CVE-2013-5562 |
119 |
|
DoS Overflow |
2013-11-06 |
2013-11-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The ITM web server in Cisco Prime Central for Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (temporary HTTP service outage) via a flood of TCP packets, aka Bug ID CSCuh36313. |
|
22493 |
CVE-2013-5561 |
20 |
|
Bypass |
2013-11-04 |
2013-11-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Safe Search enforcement feature in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security Software does not properly perform filtering, which allows remote attackers to bypass intended policy restrictions via unspecified vectors, aka Bug ID CSCui94622. |
|
22494 |
CVE-2013-5560 |
20 |
|
DoS |
2013-11-13 |
2013-11-14 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
The IPv6 implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1.3 and earlier, when NAT64 or NAT66 is enabled, does not properly process NAT rules, which allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCue34342. |
|
22495 |
CVE-2013-5544 |
399 |
|
DoS |
2013-10-22 |
2013-10-22 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
The VPN authentication functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to cause a denial of service (device reload) by sending many username-from-cert IKE requests, aka Bug ID CSCua91108. |
|
22496 |
CVE-2013-5538 |
264 |
|
|
2013-10-16 |
2013-10-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Sponsor Portal in Cisco Identity Services Engine (ISE) uses weak permissions for uploaded files, which allows remote attackers to read arbitrary files via a direct request, aka Bug ID CSCui67506. |
|
22497 |
CVE-2013-5536 |
20 |
|
DoS |
2013-10-24 |
2013-10-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco Secure Access Control System (ACS) does not properly implement an incoming-packet firewall rule, which allows remote attackers to cause a denial of service (process crash) via a flood of crafted packets, aka Bug ID CSCui51521. |
|
22498 |
CVE-2013-5532 |
20 |
|
DoS Overflow |
2013-10-11 |
2016-09-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in the web-application interface on Cisco 9900 IP phones allows remote attackers to cause a denial of service (webapp interface outage) via long values in unspecified fields, aka Bug ID CSCuh10343. |
|
22499 |
CVE-2013-5531 |
287 |
|
Bypass |
2013-10-25 |
2013-10-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405. |
|
22500 |
CVE-2013-5527 |
20 |
|
DoS |
2013-10-10 |
2017-08-29 |
5.7 |
None |
Local Network |
Medium |
Not required |
None |
None |
Complete |
|
The OSPF functionality in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted options in an LSA type 11 packet, aka Bug ID CSCui21030. |
