| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
47101 |
CVE-2013-1093 |
20 |
|
|
2013-06-17 |
2013-11-06 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Open redirect vulnerability in the fwdToURL function in the ZCC login page in zcc-framework.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the directToPage parameter. |
|
47102 |
CVE-2013-1088 |
352 |
|
CSRF |
2013-04-24 |
2013-05-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container. |
|
47103 |
CVE-2013-1087 |
79 |
|
XSS |
2013-07-15 |
2013-07-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the client in Novell GroupWise through 8.0.3 HP3, and 2012 through SP2, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML via the body of an e-mail message. |
|
47104 |
CVE-2013-1086 |
79 |
|
XSS |
2013-04-19 |
2017-09-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute. |
|
47105 |
CVE-2013-1084 |
22 |
|
Dir. Trav. |
2013-11-02 |
2013-11-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in the GetFle method in the umaninv service in Novell ZENworks Configuration Management (ZCM) 11.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename parameter in a GetFile action to zenworks-unmaninv/. |
|
47106 |
CVE-2013-1079 |
22 |
|
Dir. Trav. |
2013-03-29 |
2013-04-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in the ISCreateObject method in an ActiveX control in InstallShield\ISProxy.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.3 through 11.2 allows remote attackers to execute arbitrary local DLL files via a crafted web page that also calls the Initialize method. |
|
47107 |
CVE-2013-1070 |
79 |
|
XSS |
2014-02-17 |
2015-10-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the API in Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the op parameter to nodes/. |
|
47108 |
CVE-2013-1069 |
264 |
|
|
2014-02-17 |
2014-02-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 uses world-readable permissions for txlongpoll.yaml, which allows local users to obtain RabbitMQ authentication credentials by reading the file. |
|
47109 |
CVE-2013-1068 |
264 |
|
+Priv |
2014-06-19 |
2014-06-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properly set the sudo configuration, which makes it easier for attackers to gain privileges by leveraging another vulnerability. |
|
47110 |
CVE-2013-1067 |
264 |
|
+Info |
2013-10-25 |
2013-10-28 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Apport 2.12.5 and earlier uses weak permissions for core dump files created by setuid binaries, which allows local users to obtain sensitive information by reading the file. |
|
47111 |
CVE-2013-1066 |
264 |
|
Bypass |
2013-10-03 |
2017-08-28 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
language-selector 0.110.x before 0.110.1, 0.90.x before 0.90.1, and 0.79.x before 0.79.4 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. |
|
47112 |
CVE-2013-1065 |
264 |
|
Bypass |
2013-10-03 |
2013-10-04 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
backend.py in Jockey before 0.9.7-0ubuntu7.11 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. |
|
47113 |
CVE-2013-1064 |
264 |
|
Bypass |
2013-10-03 |
2019-07-18 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. |
|
47114 |
CVE-2013-1063 |
264 |
|
Bypass |
2013-10-03 |
2013-10-04 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and 0.2.38 before 0.2.38.2 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. |
|
47115 |
CVE-2013-1062 |
264 |
|
Bypass |
2013-10-03 |
2013-10-08 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
ubuntu-system-service 0.2.4 before 0.2.4.1. 0.2.3 before 0.2.3.1, and 0.2.2 before 0.2.2.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. |
|
47116 |
CVE-2013-1061 |
264 |
|
Bypass |
2013-10-03 |
2017-08-28 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
dbus/SoftwarePropertiesDBus.py in Software Properties 0.92.17 before 0.92.17.3, 0.92.9 before 0.92.9.3, and 0.82.7 before 0.82.7.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. |
|
47117 |
CVE-2013-1060 |
264 |
|
+Priv |
2013-09-25 |
2013-10-02 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A certain Ubuntu build procedure for perf, as distributed in the Linux kernel packages in Ubuntu 10.04 LTS, 12.04 LTS, 12.10, 13.04, and 13.10, sets the HOME environment variable to the ~buildd directory and consequently reads the system configuration file from the ~buildd directory, which allows local users to gain privileges by leveraging control over the buildd account. |
|
47118 |
CVE-2013-1058 |
310 |
|
|
2013-11-23 |
2013-11-25 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
maas-import-pxe-files in MAAS before 13.10 does not verify the integrity of downloaded files, which allows remote attackers to modify these files via a man-in-the-middle (MITM) attack. |
|
47119 |
CVE-2013-1057 |
20 |
|
Exec Code |
2013-11-17 |
2013-11-21 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Untrusted search path vulnerability in maas-import-pxe-files in MAAS before 13.10 allows local users to execute arbitrary code via a Trojan horse import_pxe_files configuration file in the current working directory. |
|
47120 |
CVE-2013-1056 |
|
|
DoS +Priv |
2013-10-28 |
2013-10-29 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
X.org X server 1.13.3 and earlier, when not run as root, allows local users to cause a denial of service (crash) or possibly gain privileges via vectors involving cached xkb files. |
|
47121 |
CVE-2013-1051 |
20 |
|
|
2013-03-21 |
2013-03-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories. |
|
47122 |
CVE-2013-1048 |
264 |
|
+Priv |
2013-03-06 |
2013-03-06 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack. |
|
47123 |
CVE-2013-1047 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-19 |
2016-11-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. |
|
47124 |
CVE-2013-1046 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-19 |
2014-01-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. |
|
47125 |
CVE-2013-1045 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-19 |
2014-01-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. |
|
47126 |
CVE-2013-1044 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-19 |
2014-01-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. |
|
47127 |
CVE-2013-1043 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-19 |
2014-01-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. |
|
47128 |
CVE-2013-1042 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-19 |
2014-01-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. |
|
47129 |
CVE-2013-1041 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-19 |
2016-11-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. |
|
47130 |
CVE-2013-1040 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-19 |
2016-11-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. |
|
47131 |
CVE-2013-1039 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-19 |
2016-11-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. |
|
47132 |
CVE-2013-1038 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-19 |
2016-11-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. |
|
47133 |
CVE-2013-1037 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-19 |
2016-11-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. |
|
47134 |
CVE-2013-1036 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-19 |
2013-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Safari in Apple iOS before 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. |
|
47135 |
CVE-2013-1034 |
79 |
|
XSS |
2013-09-19 |
2017-09-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Wiki Server in Apple Mac OS X Server before 2.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
47136 |
CVE-2013-1033 |
264 |
|
Bypass |
2013-09-16 |
2013-09-18 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access. |
|
47137 |
CVE-2013-1032 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-16 |
2014-03-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
QuickTime in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted idsc atom in a QuickTime movie file. |
|
47138 |
CVE-2013-1031 |
264 |
|
Bypass |
2013-09-16 |
2013-09-19 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an unattended workstation on which a locking failure had prevented the startup of the screen saver. |
|
47139 |
CVE-2013-1030 |
200 |
|
+Info |
2013-09-16 |
2013-09-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process. |
|
47140 |
CVE-2013-1029 |
20 |
|
DoS |
2013-09-16 |
2013-09-18 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to cause a denial of service (panic) via crafted IGMP packets that leverage incorrect, extraneous code in the IGMP parser. |
|
47141 |
CVE-2013-1028 |
20 |
|
+Info |
2013-09-16 |
2013-09-26 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a crafted certificate. |
|
47142 |
CVE-2013-1027 |
264 |
|
Exec Code |
2013-09-16 |
2013-09-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a crafted package. |
|
47143 |
CVE-2013-1026 |
119 |
|
DoS Exec Code Overflow |
2013-09-16 |
2013-09-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document. |
|
47144 |
CVE-2013-1025 |
119 |
|
DoS Exec Code Overflow |
2013-09-16 |
2013-09-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document. |
|
47145 |
CVE-2013-1024 |
20 |
|
DoS Exec Code |
2013-06-05 |
2014-01-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. |
|
47146 |
CVE-2013-1023 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-06-05 |
2013-06-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2013-1009. |
|
47147 |
CVE-2013-1014 |
20 |
|
|
2013-05-20 |
2018-10-30 |
4.3 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
None |
|
Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate. |
|
47148 |
CVE-2013-1013 |
20 |
|
XSS |
2013-06-05 |
2013-06-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
XSS Auditor in WebKit in Apple Safari before 6.0.5 does not properly rewrite URLs, which allows remote attackers to trigger unintended form submissions via unspecified vectors. |
|
47149 |
CVE-2013-1012 |
79 |
|
XSS |
2013-06-05 |
2013-09-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements. |
|
47150 |
CVE-2013-1011 |
399 |
|
DoS Exec Code Mem. Corr. |
2013-05-20 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. |
