CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4301 CVE-2013-5908 2014-01-15 2019-12-17
2.6
None Remote High Not required None None Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.
4302 CVE-2013-5875 2014-01-15 2017-08-29
2.7
None Local Medium ??? None Partial Partial
Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect integrity and availability via vectors related to Role Based Access Control (RBAC).
4303 CVE-2013-5872 2014-01-15 2017-08-29
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to Name Service Cache Daemon (NSCD).
4304 CVE-2013-5854 2013-10-16 2017-09-19
2.6
None Remote High Not required Partial None None
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality via unknown vectors.
4305 CVE-2013-5837 2013-10-16 2013-11-03
2.1
None Remote High ??? Partial None None
Unspecified vulnerability in the Oracle Health Sciences InForm component in Oracle Industry Applications 4.6 SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5.0 SP0a, 5.0 SP1, 5.0 SP1a-b, 5.0.3, and 5.0.4 allows remote authenticated users to affect confidentiality via unknown vectors related to Cognos.
4306 CVE-2013-5808 2014-01-15 2014-02-07
2.6
None Remote High Not required Partial None None
Unspecified vulnerability in the Oracle iPlanet Web Proxy Server component in Oracle Fusion Middleware 4.0 allows remote attackers to affect confidentiality via unknown vectors related to Administration.
4307 CVE-2013-5803 2013-10-16 2018-01-05
2.6
None Remote High Not required None None Partial
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JGSS.
4308 CVE-2013-5772 2013-10-16 2018-01-05
2.6
None Remote High Not required None Partial None
Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat.
4309 CVE-2013-5770 2013-10-16 2017-01-07
2.1
None Remote High ??? None None Partial
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.
4310 CVE-2013-5762 2013-10-16 2013-10-16
2.4
None Local High ??? Partial None Partial
Unspecified vulnerability in the Oracle Siebel CTMS component in Oracle Industry Applications 8.1.1.x allows local users to affect confidentiality and availability via unknown vectors related to SC-OC Integration.
4311 CVE-2013-5724 264 2013-09-12 2013-09-23
2.1
None Local Low Not required None Partial None
Phpbb3 before 3.0.11-4 for Debian GNU/Linux uses world-writable permissions for cache files, which allows local users to modify the file contents via standard filesystem write operations.
4312 CVE-2013-5679 310 Bypass 2013-09-30 2016-05-06
2.6
None Local High Not required Partial Partial None
The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protection mechanisms via an attack against authenticity in the default configuration, involving a null MAC and a zero MAC length.
4313 CVE-2013-5661 290 2019-11-05 2019-11-08
2.6
None Remote High Not required None Partial None
Cache Poisoning issue exists in DNS Response Rate Limiting.
4314 CVE-2013-5587 79 XSS 2013-08-23 2013-08-26
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket. NOTE: this issue has been SPLIT from CVE-2013-3371 due to different affected versions.
4315 CVE-2013-5571 119 Overflow Mem. Corr. 2020-01-07 2020-01-08
2.6
None Remote High Not required None None Partial
HMailServer 5.3.x and prior: Memory Corruption which could cause DOS
4316 CVE-2013-5440 200 +Info 2013-12-18 2017-08-29
2.1
None Local Low Not required Partial None None
IBM InfoSphere Information Server 8.0, 8.1, 8.5, 8.7, and 9.1 allows local users to obtain sensitive information in opportunistic circumstances by leveraging the presence of file content after a failed installation.
4317 CVE-2013-5429 287 2014-01-21 2017-08-29
2.1
None Remote High ??? None Partial None
The Risk Based Access functionality in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.2 before FP9 does not prevent reuse of One Time Password (OTP) tokens, which makes it easier for remote authenticated users to complete transactions by leveraging access to an already-used token.
4318 CVE-2013-5380 200 +Info 2013-10-01 2017-08-29
2.1
None Local Low Not required Partial None None
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows local users to obtain sensitive information via unspecified vectors.
4319 CVE-2013-5371 264 Bypass 2014-01-23 2017-08-29
2.1
None Local Low Not required Partial None None
The client in IBM Tivoli Storage Manager (TSM) 6.3.1 and 6.4.0 on Windows does not preserve permissions of Resilient File System (ReFS) files across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.
4320 CVE-2013-5315 79 XSS 2013-08-19 2017-08-29
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Resource Manager in the MEE submodule (mee.module) in the Scald module 6.x-1.x before 6.x-1.0-beta3 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the atom title, a different vector than CVE-2013-4174.
4321 CVE-2013-5309 79 XSS 2013-08-16 2019-11-25
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. NOTE: some of these details are obtained from third party information.
4322 CVE-2013-5218 79 XSS 2013-12-30 2013-12-30
2.9
None Local Network Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to inject arbitrary web script or HTML via a crafted DHCP Host Name option, which is not properly handled during rendering of the DHCP table in wlanAccess.asp.
4323 CVE-2013-5191 264 +Info 2013-10-24 2013-10-24
2.1
None Local Low Not required Partial None None
The syslog implementation in Apple Mac OS X before 10.9 allows local users to obtain sensitive information by leveraging access to the Guest account and reading console-log messages from previous Guest sessions.
4324 CVE-2013-5186 264 +Info 2013-10-24 2013-10-24
2.1
None Local Low Not required Partial None None
Power Management in Apple Mac OS X before 10.9 does not properly handle the interaction between locking and power assertions, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state.
4325 CVE-2013-5183 200 +Info 2013-10-24 2013-10-24
2.6
None Remote High Not required Partial None None
Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled, sends invalid cleartext data, which allows remote attackers to obtain sensitive information by sniffing the network.
4326 CVE-2013-5173 310 DoS 2013-10-24 2013-10-25
2.1
None Local Low Not required None None Partial
The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive access for processing of large requests, which allows local users to cause a denial of service (temporary generator outage) via an application that requires many random numbers.
4327 CVE-2013-5162 264 Bypass 2013-10-24 2013-10-24
2.1
None Local Low Not required Partial None None
Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app.
4328 CVE-2013-5158 264 +Info 2013-09-19 2013-10-22
2.1
None Local Low Not required Partial None None
The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified vectors.
4329 CVE-2013-5153 264 2013-09-19 2013-10-22
2.1
None Local Low Not required Partial None None
Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors.
4330 CVE-2013-5137 264 2013-09-19 2013-10-22
2.6
None Remote High Not required None None Partial
IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API.
4331 CVE-2013-5112 287 2020-01-31 2020-02-10
2.1
None Local Low Not required Partial None None
Evernote before 5.5.1 has insecure PIN storage
4332 CVE-2013-5099 79 1 XSS 2013-08-09 2017-08-29
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in article.php in Anchor CMS 0.9.1, when comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Name field. NOTE: some sources have reported that comments.php is vulnerable, but certain functions from comments.php are used by article.php.
4333 CVE-2013-4969 59 2014-01-07 2019-07-10
2.1
None Local Low Not required None Partial None
Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.
4334 CVE-2013-4959 200 +Info 2013-08-20 2019-07-10
2.1
None Local Low Not required Partial None None
Puppet Enterprise before 3.0.1 uses HTTP responses that contain sensitive information without the "no-cache" setting, which might allow local users to obtain sensitive information such as (1) host name, (2) MAC address, and (3) SSH keys via the web browser cache.
4335 CVE-2013-4954 79 XSS 2013-07-29 2017-08-29
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before 1.31 for WordPress, when "Allow New Registrations to set their own Password" is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pass1 or (2) pass2 parameter in a register action. NOTE: some of these details are obtained from third party information.
4336 CVE-2013-4944 79 XSS 2013-07-29 2017-08-29
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in the BuddyPress Extended Friendship Request plugin before 1.0.2 for WordPress, when the "Friend Connections" component is enabled, allows remote attackers to inject arbitrary web script or HTML via the friendship_request_message parameter to wp-admin/admin-ajax.php. NOTE: some of these details are obtained from third party information.
4337 CVE-2013-4877 287 2013-07-18 2013-08-22
2.6
None Local High Not required Partial Partial None
The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets.
4338 CVE-2013-4856 200 +Info 2019-10-25 2019-10-29
2.9
None Local Network Medium Not required Partial None None
D-Link DIR-865L has Information Disclosure.
4339 CVE-2013-4820 +Info 2013-09-23 2018-05-10
2.1
None Remote High ??? Partial None None
Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, IceWall SSO SAML2 Agent Option 8.0, IceWall SSO JAVA Agent Library 8.0 through 10.0, IceWall Federation Agent 3.0, and IceWall File Manager 3.0 through SP4 allows remote authenticated users to obtain sensitive information via unknown vectors.
4340 CVE-2013-4764 276 2019-12-27 2020-01-10
2.1
None Local Low Not required None Partial None
Samsung Galaxy S3/S4 exposes an unprotected component allowing an unprivileged app to send arbitrary SMS texts to arbitrary destinations without permission.
4341 CVE-2013-4763 276 2019-12-27 2020-01-10
2.1
None Local Low Not required None Partial None
Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission.
4342 CVE-2013-4678 200 +Info 2013-08-05 2013-08-09
2.7
None Local Network Low ??? Partial None None
The NDMP protocol implementation in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote authenticated users to obtain sensitive host-version information via unspecified vectors.
4343 CVE-2013-4614 255 +Info 2013-06-21 2013-06-24
2.1
None Local Low Not required Partial None None
English/pages_MacUS/wls_set_content.html on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers shows the Wi-Fi PSK passphrase in cleartext, which allows physically proximate attackers to obtain sensitive information by reading the screen of an unattended workstation.
4344 CVE-2013-4577 264 2014-05-12 2014-05-12
2.1
None Local Low Not required Partial None None
A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file.
4345 CVE-2013-4576 255 2013-12-20 2017-08-29
2.1
None Local Low Not required Partial None None
GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE.
4346 CVE-2013-4518 200 +Info 2019-11-04 2019-11-06
2.1
None Local Low Not required Partial None None
RHUI (Red Hat Update Infrastructure) 2.1.3 has world readable PKI entitlement certificates
4347 CVE-2013-4505 264 DoS Bypass 2013-12-07 2013-12-20
2.6
None Remote High Not required None None Partial
The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request.
4348 CVE-2013-4504 264 2014-05-13 2014-05-14
2.6
None Remote High Not required Partial None None
The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL.
4349 CVE-2013-4503 79 XSS 2014-05-13 2014-05-14
2.1
None Remote High ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Feed Element Mapper module for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via vectors related to options.
4350 CVE-2013-4498 264 +Info 2014-05-17 2014-05-19
2.1
None Remote High ??? Partial None None
The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes the content to be "orphaned" and allows remote authenticated users with the "access content" permission to obtain sensitive information via vectors involving a rebuild access for the site or content.
Total number of vulnerabilities : 4561   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 (This Page)88 89 90 91 92
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.