CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2013

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2013-5510 287 Bypass 2013-10-13 2016-11-01
4.3
None Remote Medium Not required Partial None None
The remote-access VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 7.x before 7.2(5.12), 8.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.6.x before 8.6(1.12), 9.0.x before 9.0(3.1), and 9.1.x before 9.1(2.5), when an override-account-disable option is enabled, does not properly parse AAA LDAP responses, which allows remote attackers to bypass authentication via a VPN connection attempt, aka Bug ID CSCug83401.
202 CVE-2013-5509 264 Bypass 2013-10-13 2016-11-01
10.0
None Remote Low Not required Complete Complete Complete
The SSL implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0 before 9.0(2.6) and 9.1 before 9.1(2) allows remote attackers to bypass authentication, and obtain VPN access or administrative access, via a crafted X.509 client certificate, aka Bug ID CSCuf52468.
203 CVE-2013-5508 20 DoS 2013-10-13 2016-11-01
7.1
None Remote Medium Not required None None Complete
The SQL*Net inspection engine in Cisco Adaptive Security Appliance (ASA) Software 7.x before 7.2(5.12), 8.x before 8.2(5.44), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.5.x before 8.5(1.18), 8.6.x before 8.6(1.12), 8.7.x before 8.7(1.6), 9.0.x before 9.0(2.10), and 9.1.x before 9.1(2) and Firewall Services Module (FWSM) 3.1.x and 3.2.x before 3.2(27) and 4.x before 4.1(14) allows remote attackers to cause a denial of service (device reload) via crafted segmented Transparent Network Substrate (TNS) packets, aka Bug ID CSCub98434.
204 CVE-2013-5507 310 DoS 2013-10-13 2016-11-01
7.1
None Remote Medium Not required None None Complete
The IPsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1(1.7), when an IPsec VPN tunnel is enabled, allows remote attackers to cause a denial of service (device reload) via a (1) ICMP or (2) ICMPv6 packet that is improperly handled during decryption, aka Bug ID CSCue18975.
205 CVE-2013-5506 264 2013-10-13 2013-10-15
6.6
None Local Medium ??? Complete Complete Complete
The authorization functionality in Cisco Firewall Services Module (FWSM) 3.1.x and 3.2.x before 3.2(25) and 4.x before 4.1(13), when multiple-context mode is enabled, allows local users to read or modify any context's configuration via unspecified commands, aka Bug ID CSCue46080.
206 CVE-2013-5503 399 DoS 2013-10-02 2013-10-03
7.8
None Remote Low Not required None None Complete
The UDP process in Cisco IOS XR 4.3.1 does not free packet memory upon detecting full packet queues, which allows remote attackers to cause a denial of service (memory consumption) via UDP packets to listening ports, aka Bug ID CSCue69413.
207 CVE-2013-5499 DoS 2013-10-10 2013-10-10
5.7
None Local Network Medium Not required None None Complete
The remember feature in the DHCP server in Cisco IOS allows remote attackers to cause a denial of service (device reload) by acquiring a lease and then sending a DHCPRELEASE message, aka Bug ID CSCuh46822.
208 CVE-2013-5446 2013-10-22 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
The console on IBM WebSphere DataPower XC10 appliances 2.1.0 and 2.5.0 does not properly process logoff actions, which has unspecified impact and remote attack vectors.
209 CVE-2013-5430 255 +Info 2013-10-28 2017-08-29
5.5
None Remote Low ??? Partial Partial None
The Jazz Team Server component in IBM Security AppScan Enterprise 8.x before 8.8 has a default username and password, which makes it easier for remote authenticated users to obtain unspecified access to this component by leveraging this credential information in an environment with applicable component installation details.
210 CVE-2013-5428 264 DoS 2013-10-22 2017-08-29
7.1
None Remote Medium Not required None None Complete
IBM WebSphere DataPower XC10 appliances 2.5.0 do not require authentication for all administrative actions, which allows remote attackers to cause a denial of service via unspecified vectors.
211 CVE-2013-5424 264 Bypass 2013-10-25 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
IBM Flex System Manager (FSM) 1.3.0 allows remote attackers to bypass intended access restrictions, and create new user accounts or execute tasks, by leveraging an expired password for the system-level account.
212 CVE-2013-5419 119 Overflow +Priv 2013-10-04 2017-09-19
6.9
None Local Medium Not required Complete Complete Complete
Multiple buffer overflows in (1) mkque and (2) mkquedev in bos.rte.printers in IBM AIX 6.1 and 7.1 allow local users to gain privileges by leveraging printq group membership.
213 CVE-2013-5395 Bypass 2013-10-01 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote attackers to bypass intended access restrictions via unspecified vectors.
214 CVE-2013-5394 20 2013-10-16 2017-08-29
4.9
None Remote Medium ??? Partial Partial None
The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows remote authenticated users to conduct phishing attacks via unspecified vectors.
215 CVE-2013-5393 2013-10-16 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 does not properly process logoff actions, which has unspecified impact and remote attack vectors.
216 CVE-2013-5390 79 XSS 2013-10-16 2017-08-29
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
217 CVE-2013-5389 79 XSS 2013-10-22 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9AYK2X.
218 CVE-2013-5388 79 XSS 2013-10-22 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9AYK5F.
219 CVE-2013-5383 264 +Priv 2013-10-01 2017-08-29
4.0
None Remote Low ??? Partial None None
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than CVE-2013-5382.
220 CVE-2013-5382 +Priv 2013-10-01 2017-08-29
4.0
None Remote Low ??? Partial None None
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than CVE-2013-5383.
221 CVE-2013-5381 +Priv 2013-10-01 2017-08-29
6.5
None Remote Low ??? Partial Partial Partial
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to gain privileges via unspecified vectors.
222 CVE-2013-5380 200 +Info 2013-10-01 2017-08-29
2.1
None Local Low Not required Partial None None
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows local users to obtain sensitive information via unspecified vectors.
223 CVE-2013-5376 79 XSS 2013-10-17 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, related to a "cross frame scripting" attack against an administrative user.
224 CVE-2013-5372 399 DoS 2013-10-19 2017-08-29
4.3
None Remote Medium Not required None None Partial
The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document that triggers expansion for many entities.
225 CVE-2013-5370 Exec Code 2013-10-01 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 and 5.0 through FP2 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-4042.
226 CVE-2013-5327 119 DoS Exec Code Overflow Mem. Corr. 2013-10-09 2013-10-10
10.0
None Remote Low Not required Complete Complete Complete
MDBMS.dll in Adobe RoboHelp 10 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
227 CVE-2013-5325 94 Exec Code 2013-10-09 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 11.x before 11.0.05 on Windows allow remote attackers to execute arbitrary JavaScript code in a javascript: URL via a crafted PDF document.
228 CVE-2013-5208 310 Bypass 2013-10-16 2013-10-16
4.1
None Local Medium ??? Partial Partial Partial
HR Systems Strategies info:HR HRIS 7.9 does not properly protect the database password, which allows local users to bypass intended database restrictions by accessing the USERPW registry key and bypassing an unspecified obfuscation technique.
229 CVE-2013-5192 20 DoS 2013-10-24 2013-10-24
4.9
None Local Low Not required None None Complete
The USB hub controller in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a request with a crafted (1) port or (2) port number.
230 CVE-2013-5191 264 +Info 2013-10-24 2013-10-24
2.1
None Local Low Not required Partial None None
The syslog implementation in Apple Mac OS X before 10.9 allows local users to obtain sensitive information by leveraging access to the Guest account and reading console-log messages from previous Guest sessions.
231 CVE-2013-5190 264 DoS 2013-10-24 2013-10-24
4.3
None Remote Medium Not required None None Partial
Smart Card Services in Apple Mac OS X before 10.9 does not properly implement certificate-revocation checks, which allows remote attackers to cause a denial of service (Smart Card usage outage) by interfering with the revocation-check procedure.
232 CVE-2013-5189 264 Bypass 2013-10-24 2013-10-24
5.8
None Remote Medium Not required Partial Partial None
Apple Mac OS X before 10.9 does not preserve a certain administrative system-preferences setting across software updates, which allows context-dependent attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended security configuration after the completion of an update.
233 CVE-2013-5188 264 2013-10-24 2013-10-24
4.0
None Local High Not required Complete None None
The Screen Lock implementation in Apple Mac OS X before 10.9, when hibernation and autologin are enabled, does not require a password for a transition out of hibernation, which allows physically proximate attackers to obtain access by visiting an unattended workstation in the hibernating state.
234 CVE-2013-5187 264 +Info 2013-10-24 2013-10-24
1.9
None Local Medium Not required Partial None None
The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state.
235 CVE-2013-5186 264 +Info 2013-10-24 2013-10-24
2.1
None Local Low Not required Partial None None
Power Management in Apple Mac OS X before 10.9 does not properly handle the interaction between locking and power assertions, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state.
236 CVE-2013-5185 310 +Info 2013-10-24 2013-10-24
4.3
None Remote Medium Not required Partial None None
The ldapsearch command-line program in OpenLDAP in Apple Mac OS X before 10.9 does not properly process the minssf configuration setting, which allows remote attackers to obtain sensitive information by leveraging unintended weak encryption and sniffing the network.
237 CVE-2013-5184 399 DoS 2013-10-24 2013-10-24
5.7
None Local Network Medium Not required None None Complete
The kernel in Apple Mac OS X before 10.9 does not properly check for errors during the processing of multicast Wi-Fi packets, which allows remote attackers to cause a denial of service (system crash) by leveraging presence in an 802.11 network's coverage area.
238 CVE-2013-5183 200 +Info 2013-10-24 2013-10-24
2.6
None Remote High Not required Partial None None
Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled, sends invalid cleartext data, which allows remote attackers to obtain sensitive information by sniffing the network.
239 CVE-2013-5182 310 2013-10-24 2013-10-24
5.0
None Remote Low Not required None Partial None
Mail in Apple Mac OS X before 10.9 allows remote attackers to spoof the existence of a cryptographic signature for an e-mail message by using the multipart/signed content type within an unsigned message.
240 CVE-2013-5181 310 +Info 2013-10-24 2013-10-24
4.3
None Remote Medium Not required Partial None None
The auto-configuration feature in Mail in Apple Mac OS X before 10.9 selects plaintext authentication for unspecified servers that support CRAM-MD5 authentication, which allows remote attackers to obtain sensitive information by sniffing the network.
241 CVE-2013-5180 310 2013-10-24 2013-10-24
4.3
None Remote Medium Not required Partial None None
The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of these values, related to a compiler-optimization issue.
242 CVE-2013-5179 264 Bypass 2013-10-24 2014-03-06
7.5
None Remote Low Not required Partial Partial Partial
App Sandbox in Apple Mac OS X before 10.9 allows attackers to bypass intended sandbox restrictions via a crafted app that uses the LaunchServices interface to specify process arguments.
243 CVE-2013-5178 264 2013-10-24 2014-03-06
5.0
None Remote Low Not required None Partial None
LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filenames, which allows context-dependent attackers to spoof file extensions via a crafted character sequence.
244 CVE-2013-5177 189 DoS 2013-10-24 2013-10-24
4.9
None Local Low Not required None None Complete
The kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (panic) via an invalid iovec structure.
245 CVE-2013-5176 189 DoS 2013-10-24 2013-10-24
4.9
None Local Low Not required None None Complete
The kernel in Apple Mac OS X before 10.9 does not properly handle integer values during unspecified tty device operations, which allows local users to cause a denial of service (system hang) by triggering a truncation error.
246 CVE-2013-5175 20 DoS +Info 2013-10-24 2013-10-25
6.6
None Local Low Not required Complete None Complete
The kernel in Apple Mac OS X before 10.9 allows local users to obtain sensitive information or cause a denial of service (out-of-bounds read and system crash) via a crafted Mach-O file.
247 CVE-2013-5174 189 DoS 2013-10-24 2013-10-24
4.9
None Local Low Not required None None Complete
Integer signedness error in the kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a crafted tty read operation.
248 CVE-2013-5173 310 DoS 2013-10-24 2013-10-25
2.1
None Local Low Not required None None Partial
The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive access for processing of large requests, which allows local users to cause a denial of service (temporary generator outage) via an application that requires many random numbers.
249 CVE-2013-5172 189 DoS 2013-10-24 2013-10-24
7.1
None Remote Medium Not required None None Complete
The kernel in Apple Mac OS X before 10.9 does not properly determine the output length for SHA-2 digest function calls, which allows context-dependent attackers to cause a denial of service (panic) by triggering a digest operation, as demonstrated by an IPSec connection.
250 CVE-2013-5171 264 Bypass 2013-10-24 2013-10-24
3.3
None Local Medium Not required Partial Partial None
CoreGraphics in Apple Mac OS X before 10.9 allows local users to bypass secure input mode and log an arbitrary application's keystrokes via a hotkey event registration.
Total number of vulnerabilities : 583   Page : 1 2 3 4 5 (This Page)6 7 8 9 10 11 12
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.