# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
44101 |
CVE-2013-7018 |
119 |
|
DoS Overflow |
2013-12-09 |
2016-12-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the use of valid code-block dimension values, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data. |
44102 |
CVE-2013-7017 |
|
|
DoS |
2013-12-09 |
2016-12-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
libavcodec/jpeg2000.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via crafted JPEG2000 data. |
44103 |
CVE-2013-7016 |
119 |
|
DoS Overflow |
2013-12-09 |
2016-12-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the expected sample separation, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data. |
44104 |
CVE-2013-7015 |
20 |
|
DoS |
2013-12-09 |
2016-12-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg before 2.1 does not properly validate a certain height value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Flash Screen Video data. |
44105 |
CVE-2013-7014 |
189 |
|
DoS |
2013-12-09 |
2016-12-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Integer signedness error in the add_bytes_l2_c function in libavcodec/pngdsp.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted PNG data. |
44106 |
CVE-2013-7013 |
189 |
|
DoS |
2013-12-09 |
2016-12-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 uses an incorrect ordering of arithmetic operations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data. |
44107 |
CVE-2013-7012 |
119 |
|
DoS Overflow |
2013-12-09 |
2016-12-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not prevent attempts to use non-zero image offsets, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data. |
44108 |
CVE-2013-7011 |
119 |
|
DoS Overflow |
2013-12-09 |
2016-12-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not prevent changes to global parameters, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data. |
44109 |
CVE-2013-7010 |
189 |
|
DoS |
2013-12-09 |
2016-12-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg before 2.1 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data. |
44110 |
CVE-2013-7009 |
119 |
|
DoS Overflow |
2013-12-09 |
2016-12-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before 2.1 does not properly maintain a pointer to pixel data, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Apple RPZA data. |
44111 |
CVE-2013-7008 |
|
|
DoS |
2013-12-09 |
2016-12-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The decode_slice_header function in libavcodec/h264.c in FFmpeg before 2.1 incorrectly relies on a certain droppable field, which allows remote attackers to cause a denial of service (deadlock) or possibly have unspecified other impact via crafted H.264 data. |
44112 |
CVE-2013-7005 |
200 |
1
|
+Info |
2013-12-18 |
2013-12-19 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 stores account passwords in cleartext, which allows local users to obtain sensitive information by reading the Users[#]["Password"] fields in /tmp/teamf1.cfg.ascii. |
44113 |
CVE-2013-7003 |
79 |
|
XSS |
2014-05-05 |
2014-06-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) full name field, (2) company field, or (3) filename to chat.php. |
44114 |
CVE-2013-7002 |
79 |
|
XSS |
2013-12-20 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in mobile/php/translation/index.php in LiveZilla before 5.1.1.0 allows remote attackers to inject arbitrary web script or HTML via the g_language parameter. |
44115 |
CVE-2013-7001 |
20 |
|
DoS |
2013-12-07 |
2013-12-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The Multimedia Messaging Centre (MMSC) in NowSMS Now SMS & MMS Gateway before 2013.11.15 allows remote attackers to cause a denial of service via a malformed MM1 message that is routed to a (1) MM4 or (2) MM7 connection. |
44116 |
CVE-2013-7000 |
20 |
|
DoS |
2013-12-07 |
2013-12-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The Multimedia Messaging Centre (MMSC) in NowSMS Now SMS & MMS Gateway 2013.09.26 allows remote attackers to cause a denial of service via a malformed message to a MM4 connection. |
44117 |
CVE-2013-6999 |
|
|
DoS |
2013-12-06 |
2013-12-19 |
4.0 |
None |
Local |
High |
Not required |
None |
None |
Complete |
** DISPUTED ** The IsHandleEntrySecure function in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 SP2 does not properly validate the tagPROCESSINFO pW32Job field, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted NtUserValidateHandleSecure call for an owned object. NOTE: the vendor reportedly disputes the significance of this report, stating that "it appears to be a local DOS ... we don't consider it a security vulnerability." |
44118 |
CVE-2013-6998 |
79 |
|
XSS |
2014-12-27 |
2014-12-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. |
44119 |
CVE-2013-6997 |
79 |
|
XSS |
2014-01-08 |
2018-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an HTML email with crafted CSS code containing wildcards or (2) office documents containing "crafted hyperlinks with script URL handlers." |
44120 |
CVE-2013-6994 |
310 |
|
|
2014-05-19 |
2014-05-19 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
OpenText Exceed OnDemand (EoD) 8 transmits the session ID in cleartext, which allows remote attackers to perform session fixation attacks by sniffing the network. |
44121 |
CVE-2013-6993 |
79 |
|
XSS |
2014-01-03 |
2018-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the Ad-minister plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the key parameter in a delete action to wp-admin/tools.php. |
44122 |
CVE-2013-6992 |
352 |
|
XSS CSRF |
2014-01-03 |
2018-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site request forgery (CSRF) vulnerability in askapache-firefox-adsense.php in the AskApache Firefox Adsense plugin 3.0 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the aafireadcode parameter to wp-admin/options-general.php. |
44123 |
CVE-2013-6991 |
79 |
|
XSS |
2014-01-03 |
2018-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the WP-Cron Dashboard plugin 1.1.5 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the procname parameter to wp-admin/tools.php. |
44124 |
CVE-2013-6986 |
310 |
|
Bypass +Info |
2013-12-12 |
2013-12-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The ZippyYum Subway CA Kiosk app 3.4 for iOS uses cleartext storage in SQLite cache databases, which allows attackers to obtain sensitive information by reading data elements, as demonstrated by password elements. |
44125 |
CVE-2013-6983 |
89 |
|
Exec Code Sql |
2013-12-31 |
2017-08-28 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
SQL injection vulnerability in the web interface in Cisco Unified Presence Server allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh35615. |
44126 |
CVE-2013-6982 |
20 |
|
DoS |
2014-01-08 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The BGP implementation in Cisco NX-OS 6.2(2a) and earlier does not properly handle the interaction of UPDATE messages with IPv6, VPNv4, and VPNv6 labeled unicast-address families, which allows remote attackers to cause a denial of service (peer reset) via a crafted message, aka Bug ID CSCuj03174. |
44127 |
CVE-2013-6981 |
20 |
|
DoS |
2013-12-27 |
2016-09-15 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a denial of service (Packet Processor crash) via fragmented MPLS IP packets, aka Bug ID CSCul00709. |
44128 |
CVE-2013-6979 |
287 |
|
Bypass |
2013-12-23 |
2017-08-28 |
5.4 |
None |
Remote |
High |
Not required |
Complete |
None |
None |
The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authentication by leveraging access to a 192.168.x.2 source IP address, aka Bug ID CSCuj90227. |
44129 |
CVE-2013-6978 |
200 |
|
+Info |
2013-12-21 |
2017-08-28 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug ID CSCuj39249. |
44130 |
CVE-2013-6976 |
352 |
1
|
CSRF |
2013-12-19 |
2016-09-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup on Cisco EPC3925 devices allows remote attackers to hijack the authentication of administrators for requests that change a password via the Password and PasswordReEnter parameters, aka Bug ID CSCuh37496. |
44131 |
CVE-2013-6975 |
22 |
|
Dir. Trav. |
2014-05-20 |
2015-10-13 |
4.6 |
None |
Local |
Low |
Single system |
Complete |
None |
None |
Directory traversal vulnerability in the command-line interface in Cisco NX-OS 6.2(2a) and earlier allows local users to read arbitrary files via unspecified input, aka Bug ID CSCul05217. |
44132 |
CVE-2013-6974 |
79 |
|
XSS |
2014-01-10 |
2016-09-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud89431. |
44133 |
CVE-2013-6973 |
200 |
|
+Info |
2013-12-14 |
2017-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Cisco WebEx Training Center allows remote attackers to discover registration IDs via a crafted URL, aka Bug ID CSCul57121. |
44134 |
CVE-2013-6972 |
200 |
|
Bypass +Info |
2013-12-14 |
2017-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Cisco WebEx Training Center allows remote attackers to discover session numbers, and bypass host approval for audio-conference attendance, by reading HTML source code, aka Bug ID CSCul57126. |
44135 |
CVE-2013-6971 |
20 |
|
|
2013-12-14 |
2017-11-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul57140. |
44136 |
CVE-2013-6970 |
200 |
|
+Info |
2013-12-14 |
2017-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information by reading verbose error messages within server responses, aka Bug ID CSCul35928. |
44137 |
CVE-2013-6969 |
20 |
|
|
2013-12-14 |
2017-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The training-registration page in Cisco WebEx Training Center allows remote attackers to modify unspecified fields via unknown vectors, aka Bug ID CSCul35990. |
44138 |
CVE-2013-6968 |
200 |
|
+Info |
2013-12-14 |
2017-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Cisco WebEx Training Center provides different error messages for registration attempts depending on whether the e-mail address exists, which allows remote attackers to enumerate attendees via a series of requests, aka Bug ID CSCul36003. |
44139 |
CVE-2013-6967 |
20 |
|
|
2013-12-14 |
2017-11-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Open redirect vulnerability in the mobile-browser subsystem in Cisco WebEx Sales Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36020. |
44140 |
CVE-2013-6966 |
20 |
|
|
2013-12-16 |
2017-11-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36031. |
44141 |
CVE-2013-6965 |
264 |
|
Bypass |
2013-12-14 |
2017-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The registration component in Cisco WebEx Training Center provides the training-session URL before e-mail confirmation is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul36183. |
44142 |
CVE-2013-6964 |
264 |
|
Bypass |
2013-12-14 |
2017-11-28 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Cisco WebEx Meeting Center allows remote authenticated users to bypass access control and inject content from a different WebEx site via unspecified vectors, aka Bug ID CSCul36197. |
44143 |
CVE-2013-6963 |
79 |
|
XSS |
2013-12-14 |
2017-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the registration component in Cisco WebEx Training Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36207. |
44144 |
CVE-2013-6962 |
79 |
|
XSS |
2013-12-14 |
2017-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the mobile-browser subsystem in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36228. |
44145 |
CVE-2013-6961 |
79 |
|
XSS |
2013-12-14 |
2017-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the Collaboration Partner Access Console (CPAC) in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36237. |
44146 |
CVE-2013-6960 |
79 |
|
XSS |
2013-12-14 |
2017-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meeting Center allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36248. |
44147 |
CVE-2013-6959 |
20 |
|
|
2013-12-14 |
2017-11-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Open redirect vulnerability in Cisco WebEx Sales Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul25557. |
44148 |
CVE-2013-6957 |
79 |
|
XSS |
2013-12-13 |
2014-01-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the web administrative component in Juniper IDP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the ACM web server. |
44149 |
CVE-2013-6956 |
79 |
|
XSS |
2013-12-13 |
2014-01-03 |
2.1 |
None |
Remote |
High |
Single system |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web rewrite is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
44150 |
CVE-2013-6954 |
|
|
DoS |
2014-01-12 |
2018-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c. |