# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2013-6918 |
264 |
|
Bypass |
2013-11-30 |
2014-03-05 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
The web interface on the Satechi travel router 1.5, when Wi-Fi is used for WAN access, exposes the console without authentication on the WAN IP address regardless of the "Web Management via WAN" setting, which allows remote attackers to bypass intended access restrictions via HTTP requests. |
2 |
CVE-2013-6885 |
399 |
|
DoS |
2013-11-28 |
2017-12-15 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue. |
3 |
CVE-2013-6875 |
89 |
|
Exec Code Sql |
2013-11-26 |
2013-11-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in functions/prepend_adm.php in Nagios Core Config Manager in Nagios XI before 2012R2.4 allows remote attackers to execute arbitrary SQL commands via the tfPassword parameter to nagiosql/index.php. |
4 |
CVE-2013-6874 |
119 |
1
|
Exec Code Overflow |
2013-11-26 |
2013-11-27 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Stack-based buffer overflow in Vortex Light Alloy before 4.7.4 allows remote attackers to execute arbitrary code via a long URL in a .m3u file. |
5 |
CVE-2013-6873 |
89 |
|
Exec Code Sql |
2013-11-26 |
2017-08-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in Testa Online Test Management System (OTMS) 2.0.0.2 allows remote attackers to execute arbitrary SQL commands via the test_id parameter. |
6 |
CVE-2013-6870 |
79 |
|
XSS |
2013-11-25 |
2013-11-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
7 |
CVE-2013-6869 |
89 |
|
Exec Code Sql |
2013-11-23 |
2018-12-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
8 |
CVE-2013-6868 |
200 |
|
+Info |
2013-11-23 |
2013-11-25 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows local users to obtain sensitive information via unspecified vectors. |
9 |
CVE-2013-6867 |
|
|
DoS |
2013-11-23 |
2013-11-25 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.7 before 15.7 SP50 or 15.7 SP100 allows remote attackers to cause a denial of service via unspecified vectors. |
10 |
CVE-2013-6866 |
94 |
|
Exec Code |
2013-11-23 |
2013-11-27 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka CR736689. |
11 |
CVE-2013-6865 |
94 |
|
Exec Code |
2013-11-23 |
2013-11-25 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka CR732989. |
12 |
CVE-2013-6864 |
22 |
|
Dir. Trav. |
2013-11-23 |
2013-11-27 |
6.1 |
None |
Remote |
High |
Single system |
Complete |
Partial |
Partial |
Directory traversal vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to affect confidentiality, integrity, and availability via unspecified vectors. |
13 |
CVE-2013-6863 |
264 |
|
+Priv |
2013-11-23 |
2013-11-27 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to gain privileges via unspecified vectors. |
14 |
CVE-2013-6862 |
|
|
DoS |
2013-11-23 |
2013-11-27 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote attackers to cause a denial of service via unspecified vectors. |
15 |
CVE-2013-6861 |
|
|
+Info |
2013-11-23 |
2013-11-27 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows local users to obtain sensitive information via unspecified vectors. |
16 |
CVE-2013-6860 |
|
|
+Info |
2013-11-23 |
2013-11-27 |
6.8 |
None |
Remote |
Low |
Single system |
Complete |
None |
None |
Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to obtain sensitive information via unspecified vectors. |
17 |
CVE-2013-6859 |
287 |
|
+Priv |
2013-11-23 |
2013-11-25 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3. 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 does not properly perform authorization, which allows remote authenticated users to gain privileges via unspecified vectors. |
18 |
CVE-2013-6858 |
79 |
|
XSS |
2013-11-23 |
2018-10-30 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page. |
19 |
CVE-2013-6852 |
352 |
1
|
CSRF |
2013-11-21 |
2013-11-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site request forgery (CSRF) vulnerability in html/json.html on HP 2620 switches allows remote attackers to hijack the authentication of administrators for requests that change an administrative password via the setPassword method. |
20 |
CVE-2013-6834 |
20 |
|
+Info |
2013-11-20 |
2014-03-04 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
The ql_eioctl function in sys/dev/qlxgbe/ql_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call. |
21 |
CVE-2013-6833 |
20 |
|
+Info |
2013-11-20 |
2013-11-24 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
The qls_eioctl function in sys/dev/qlxge/qls_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call. |
22 |
CVE-2013-6832 |
200 |
|
+Info |
2013-11-20 |
2013-11-24 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
The nand_ioctl function in sys/dev/nand/nand_geom.c in the nand driver in the kernel in FreeBSD 10 and earlier does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call. |
23 |
CVE-2013-6831 |
264 |
|
+Priv |
2013-11-20 |
2013-11-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms has a sudoers file that does not properly restrict user specifications, which allows local users to gain privileges via a sudo command that leverages access to the qmailq account. |
24 |
CVE-2013-6830 |
94 |
|
Exec Code |
2013-11-20 |
2013-11-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
admin/confnetworking.html in PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms allows remote attackers to execute arbitrary commands via shell metacharacters in the nsserver parameter during an nslookup operation. |
25 |
CVE-2013-6829 |
94 |
|
Exec Code |
2013-11-20 |
2013-11-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
admin/confnetworking.html in PineApp Mail-SeCure allows remote attackers to execute arbitrary commands via shell metacharacters in the pinghost parameter during a ping operation. |
26 |
CVE-2013-6828 |
287 |
|
Bypass |
2013-11-20 |
2013-11-21 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
admin/management.html in PineApp Mail-SeCure allows remote attackers to bypass authentication and perform a sys_usermng operation via the it parameter. |
27 |
CVE-2013-6827 |
22 |
|
Dir. Trav. |
2013-11-20 |
2013-11-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Absolute path traversal vulnerability in admin/viewmsg.php in PineApp Mail-SeCure allows remote attackers to read arbitrary files via a full pathname in the msg parameter. |
28 |
CVE-2013-6826 |
352 |
|
CSRF |
2013-11-20 |
2013-11-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks. |
29 |
CVE-2013-6823 |
264 |
|
Bypass |
2013-11-20 |
2018-12-10 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors. |
30 |
CVE-2013-6822 |
|
|
|
2013-11-20 |
2018-12-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
GRMGApp in SAP NetWeaver allows remote attackers to have unspecified impact and attack vectors, related to an XML External Entity (XXE) issue. |
31 |
CVE-2013-6821 |
22 |
|
Dir. Trav. |
2013-11-20 |
2018-12-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors. |
32 |
CVE-2013-6820 |
|
|
Exec Code |
2013-11-20 |
2018-12-10 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Unrestricted file upload vulnerability in the SAP NetWeaver Development Infrastructure (NWDI) allows remote attackers to execute arbitrary code by uploading a file with an executable extension via unspecified vectors. |
33 |
CVE-2013-6819 |
79 |
|
XSS |
2013-11-20 |
2018-12-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
34 |
CVE-2013-6818 |
264 |
|
Bypass |
2013-11-20 |
2018-12-10 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
SAP NetWeaver Logviewer 6.30, when running on Windows, allows remote attackers to bypass intended access restrictions via unspecified vectors. |
35 |
CVE-2013-6817 |
119 |
|
DoS Exec Code Overflow |
2013-11-20 |
2018-12-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Heap-based buffer overflow in SAP Network Interface Router (SAProuter) 7.30 allows remote attackers to cause a denial of service and execute arbitrary code via crafted NI Route messages. |
36 |
CVE-2013-6816 |
79 |
|
XSS |
2013-11-20 |
2018-12-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in the (1) JavaDumpService and (2) DataCollector servlets in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
37 |
CVE-2013-6815 |
20 |
|
DoS |
2013-11-20 |
2018-12-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue. |
38 |
CVE-2013-6814 |
20 |
|
+Info |
2013-11-20 |
2018-12-10 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors. |
39 |
CVE-2013-6802 |
264 |
|
Bypass |
2013-11-18 |
2018-12-13 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Google Chrome before 31.0.1650.57 allows remote attackers to bypass intended sandbox restrictions by leveraging access to a renderer process, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013, a different vulnerability than CVE-2013-6632. |
40 |
CVE-2013-6801 |
399 |
|
DoS |
2013-11-18 |
2013-11-19 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
Microsoft Word 2003 SP2 and SP3 on Windows XP SP3 allows remote attackers to cause a denial of service (CPU consumption) via a malformed .doc file containing an embedded image, as demonstrated by word2003forkbomb.doc, related to a "fork bomb" issue. |
41 |
CVE-2013-6800 |
|
|
DoS |
2013-11-17 |
2017-01-06 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request, a different vulnerability than CVE-2013-1418. |
42 |
CVE-2013-6799 |
119 |
|
DoS Overflow Mem. Corr. |
2013-11-17 |
2013-11-19 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
Apple Mac OS X 10.9 allows local users to cause a denial of service (memory corruption or panic) by creating a hard link to a directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-0105. |
43 |
CVE-2013-6798 |
264 |
|
Bypass |
2013-11-17 |
2017-08-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not properly determine the user account for execution of Peer Manager in certain situations involving successive logins with different accounts, which allows context-dependent attackers to bypass intended restrictions on remote file-access folders via IPv6 WebDAV requests, a different vulnerability than CVE-2013-3694. |
44 |
CVE-2013-6797 |
352 |
|
CSRF |
2013-11-18 |
2013-11-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site request forgery (CSRF) vulnerability in bluewrench-video-widget.php in the Blue Wrench Video Widget plugin before 2.0.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that embed arbitrary URLs via the bw_url parameter in the bw-videos page to wp-admin/admin.php, as demonstrated by embedding a URL to a JavaScript file. |
45 |
CVE-2013-6794 |
79 |
|
XSS |
2013-11-14 |
2013-11-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the Calendar module in Olat 7.8.0.1 (b20130821 N1) allows remote attackers to inject arbitrary web script or HTML via the Location field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
46 |
CVE-2013-6793 |
79 |
1
|
XSS |
2013-11-14 |
2013-11-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in the Calendar module in Olat 7.8.0.1 (b20130821 N1) allow remote attackers to inject arbitrary web script or HTML via the (1) event name or (2) date field. |
47 |
CVE-2013-6791 |
200 |
|
+Info |
2013-11-29 |
2013-12-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Microsoft Enhanced Mitigation Experience Toolkit (EMET) before 4.0 uses predictable addresses for hooked functions, which makes it easier for context-dependent attackers to defeat the ASLR protection mechanism via a return-oriented programming (ROP) attack. |
48 |
CVE-2013-6789 |
200 |
|
+Info |
2013-11-12 |
2013-11-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
security/MemberLoginForm.php in SilverStripe 3.0.3 supports credentials in a GET request, which allows remote or local attackers to obtain sensitive information by reading web-server access logs, web-server Referer logs, or the browser history, a similar vulnerability to CVE-2013-2653. |
49 |
CVE-2013-6780 |
79 |
|
XSS |
2013-11-13 |
2015-07-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via the allowedDomain parameter. |
50 |
CVE-2013-6763 |
119 |
|
DoS Overflow +Priv Mem. Corr. |
2013-11-12 |
2014-01-07 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
The uio_mmap_physical function in drivers/uio/uio.c in the Linux kernel before 3.12 does not validate the size of a memory block, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted mmap operations, a different vulnerability than CVE-2013-4511. |