# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2013-7042 |
264 |
|
+Priv |
2013-12-10 |
2017-08-29 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
SUSE Lifecycle Management Server (SLMS) before 1.3.7 uses world-readable permissions for the secret keys, which allows local users to gain privileges via unspecified vectors. |
2 |
CVE-2013-6886 |
264 |
|
+Priv |
2013-12-28 |
2013-12-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
RealVNC VNC 5.0.6 on Mac OS X, Linux, and UNIX allows local users to gain privileges via a crafted argument to the (1) vncserver, (2) vncserver-x11, or (3) Xvnc helper. |
3 |
CVE-2013-6863 |
264 |
|
+Priv |
2013-11-23 |
2013-11-27 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to gain privileges via unspecified vectors. |
4 |
CVE-2013-6859 |
287 |
|
+Priv |
2013-11-23 |
2013-11-25 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3. 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 does not properly perform authorization, which allows remote authenticated users to gain privileges via unspecified vectors. |
5 |
CVE-2013-6840 |
264 |
|
+Priv |
2013-12-10 |
2013-12-12 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and 10.1 before 10.1.0.0.2 allows local users to gain database privileges via unspecified vectors. |
6 |
CVE-2013-6831 |
264 |
|
+Priv |
2013-11-20 |
2013-11-25 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms has a sudoers file that does not properly restrict user specifications, which allows local users to gain privileges via a sudo command that leverages access to the qmailq account. |
7 |
CVE-2013-6763 |
119 |
|
DoS Overflow +Priv Mem. Corr. |
2013-11-12 |
2014-01-08 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
The uio_mmap_physical function in drivers/uio/uio.c in the Linux kernel before 3.12 does not validate the size of a memory block, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted mmap operations, a different vulnerability than CVE-2013-4511. |
8 |
CVE-2013-6685 |
264 |
|
+Priv |
2013-11-13 |
2013-11-14 |
6.6 |
None |
Local |
Medium |
??? |
Complete |
Complete |
Complete |
The firmware on Cisco Unified IP phones 8961, 9951, and 9971 uses weak permissions for memory block devices, which allows local users to gain privileges by mounting a device with a setuid file in its filesystem, aka Bug ID CSCui04382. |
9 |
CVE-2013-6617 |
264 |
|
+Priv |
2013-11-05 |
2013-11-06 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges. |
10 |
CVE-2013-6409 |
264 |
|
+Priv |
2013-12-07 |
2013-12-09 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
Debian adequate before 0.8.1, when run by root with the --user option, allows local users to hijack the tty and possibly gain privileges via the TIOCSTI ioctl. |
11 |
CVE-2013-6400 |
264 |
|
DoS +Priv |
2013-12-13 |
2017-01-07 |
6.8 |
None |
Local Network |
High |
Not required |
Complete |
Complete |
Complete |
Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been assigned, does not clear the flag that suppresses IOMMU TLB flushes when unspecified errors occur, which causes the TLB entries to not be flushed and allows local guest administrators to cause a denial of service (host crash) or gain privileges via unspecified vectors. |
12 |
CVE-2013-6391 |
269 |
|
+Priv |
2013-12-14 |
2020-06-02 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2tokens API request. |
13 |
CVE-2013-6375 |
264 |
|
DoS +Priv |
2013-11-23 |
2018-10-30 |
7.9 |
None |
Local Network |
Medium |
Not required |
Complete |
Complete |
Complete |
Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properly flush the TLB after clearing a present translation table entry, which allows local guest administrators to cause a denial of service or gain privileges via unspecified vectors related to an "inverted boolean parameter." |
14 |
CVE-2013-6368 |
20 |
|
DoS +Priv |
2013-12-14 |
2019-04-22 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. |
15 |
CVE-2013-6182 |
|
|
+Priv |
2013-12-28 |
2014-01-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Unquoted Windows search path vulnerability in EMC Replication Manager before 5.5 allows local users to gain privileges via a crafted application in a parent directory of an intended directory. |
16 |
CVE-2013-5972 |
264 |
|
+Priv |
2013-11-18 |
2013-11-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
VMware Workstation 9.x before 9.0.3 and VMware Player 5.x before 5.0.3 on Linux do not properly handle shared libraries, which allows host OS users to gain host OS privileges via unspecified vectors. |
17 |
CVE-2013-5971 |
264 |
|
+Priv |
2013-10-21 |
2017-08-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors. |
18 |
CVE-2013-5933 |
119 |
|
DoS Overflow +Priv Mem. Corr. |
2013-09-25 |
2013-09-25 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Stack-based buffer overflow in the sub_E110 function in init in a certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless allows local users to gain privileges or cause a denial of service (memory corruption) by writing a long string to the /dev/socket/init_runit socket that is inconsistent with a certain length value that was previously written to this socket. |
19 |
CVE-2013-5701 |
264 |
|
+Priv |
2013-10-03 |
2013-10-07 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Multiple untrusted search path vulnerabilities in (1) Watchguard Log Collector (wlcollector.exe) and (2) Watchguard WebBlocker Server (wbserver.exe) in WatchGuard Server Center 11.7.4, 11.7.3, and possibly earlier allow local users to gain privileges via a Trojan horse wgpr.dll file in the application's bin directory. |
20 |
CVE-2013-5691 |
264 |
|
DoS +Priv |
2013-09-23 |
2013-10-24 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
The (1) IPv6 and (2) ATM ioctl request handlers in the kernel in FreeBSD 8.3 through 9.2-STABLE do not validate SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR, and SIOCSIFNETMASK requests, which allows local users to perform link-layer actions, cause a denial of service (panic), or possibly gain privileges via a crafted application. |
21 |
CVE-2013-5556 |
264 |
|
Exec Code +Priv |
2013-11-18 |
2013-11-20 |
6.8 |
None |
Local |
Low |
??? |
Complete |
Complete |
Complete |
The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches allows local users to gain privileges and execute arbitrary commands via crafted "install all iso" arguments, aka Bug ID CSCui21340. |
22 |
CVE-2013-5533 |
20 |
|
+Priv |
2013-10-11 |
2016-09-22 |
6.0 |
None |
Local |
High |
??? |
Complete |
Complete |
Complete |
The image-upgrade functionality on Cisco 9900 Unified IP phones allows local users to gain privileges by placing shell commands in an unspecified parameter, aka Bug ID CSCuh10334. |
23 |
CVE-2013-5522 |
264 |
|
+Priv |
2013-10-25 |
2013-10-25 |
6.8 |
None |
Local |
Low |
??? |
Complete |
Complete |
Complete |
Cisco IOS on Catalyst 3750X switches has default Service Module credentials, which makes it easier for local users to gain privileges via a Service Module login, aka Bug ID CSCue92286. |
24 |
CVE-2013-5419 |
119 |
|
Overflow +Priv |
2013-10-04 |
2017-09-19 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Multiple buffer overflows in (1) mkque and (2) mkquedev in bos.rte.printers in IBM AIX 6.1 and 7.1 allow local users to gain privileges by leveraging printq group membership. |
25 |
CVE-2013-5416 |
|
|
+Priv |
2013-12-18 |
2017-08-29 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unknown vectors. |
26 |
CVE-2013-5415 |
119 |
|
Overflow +Priv |
2013-12-18 |
2017-08-29 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unspecified vectors. |
27 |
CVE-2013-5414 |
264 |
|
+Priv |
2013-11-18 |
2017-08-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
The migration functionality in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role and the adminsecmanager role, which allows remote authenticated users to gain privileges in opportunistic circumstances by accessing resources in between a migration and a role evaluation. |
28 |
CVE-2013-5383 |
264 |
|
+Priv |
2013-10-01 |
2017-08-29 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than CVE-2013-5382. |
29 |
CVE-2013-5382 |
|
|
+Priv |
2013-10-01 |
2017-08-29 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than CVE-2013-5383. |
30 |
CVE-2013-5381 |
|
|
+Priv |
2013-10-01 |
2017-08-29 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to gain privileges via unspecified vectors. |
31 |
CVE-2013-5373 |
264 |
|
+Priv |
2013-09-25 |
2017-08-29 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
The RemoteClient component in IBM Rational ClearCase 8.0.0.03 through 8.0.0.07, and 8.0.1, uses world-writable permissions for the rcleartool script, which allows local users to gain privileges by appending commands. |
32 |
CVE-2013-5065 |
20 |
|
+Priv |
2013-11-28 |
2018-10-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013. |
33 |
CVE-2013-5058 |
190 |
|
Overflow +Priv |
2013-12-11 |
2019-05-13 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Integer overflow in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows local users to gain privileges via a crafted application, aka "Win32k Integer Overflow Vulnerability." |
34 |
CVE-2013-5046 |
20 |
|
Exec Code +Priv Bypass |
2013-12-11 |
2018-10-12 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
Microsoft Internet Explorer 7 through 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka "Internet Explorer Elevation of Privilege Vulnerability." |
35 |
CVE-2013-5045 |
20 |
1
|
Exec Code +Priv Bypass |
2013-12-11 |
2018-10-12 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
Microsoft Internet Explorer 10 and 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka "Internet Explorer Elevation of Privilege Vulnerability." |
36 |
CVE-2013-4987 |
264 |
|
+Priv |
2013-11-08 |
2013-11-08 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
PineApp Mail-SeCure before 3.70 allows remote authenticated users to gain privileges by leveraging console access and providing shell metacharacters in a "system ping" command. |
37 |
CVE-2013-4984 |
264 |
|
+Priv |
2013-09-10 |
2016-11-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument. |
38 |
CVE-2013-4958 |
287 |
|
+Priv |
2013-08-20 |
2019-07-10 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation. |
39 |
CVE-2013-4943 |
264 |
|
+Priv Bypass |
2013-08-09 |
2013-08-13 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The client application in Siemens COMOS before 9.1 Update 458, 9.2 before 9.2.0.6.37, and 10.0 before 10.0.3.0.19 allows local users to gain privileges and bypass intended database-operation restrictions by leveraging COMOS project access. |
40 |
CVE-2013-4777 |
264 |
|
+Priv |
2013-09-25 |
2016-12-07 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
A certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless uses init to create a /dev/socket/init_runit socket that listens for shell commands, which allows local users to gain privileges by interacting with a LocalSocket object. |
41 |
CVE-2013-4740 |
362 |
|
DoS +Priv Mem. Corr. |
2013-11-12 |
2013-11-14 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, relies on user-space length values for kernel-memory copies of procfs file content, which allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that provides crafted values. |
42 |
CVE-2013-4697 |
|
|
+Priv |
2013-07-31 |
2013-07-31 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
Multiple unspecified vulnerabilities in Hitachi JP1/IT Desktop Management - Manager 09-50 through 09-50-03, 09-51 through 09-51-05, 10-00 through 10-00-02, and 10-01 through 10-01-02; Hitachi Job Management Partner 1/IT Desktop Management - Manager 09-50 through 09-50-03 and 10-01; and Hitachi IT Operations Director 02-50 through 02-50-07, 03-00 through 03-00-12, and 04-00 through 04-00-01 allow remote authenticated users to gain privileges via unknown vectors. |
43 |
CVE-2013-4679 |
119 |
|
Overflow +Priv |
2013-08-05 |
2013-10-07 |
6.6 |
None |
Local |
Medium |
??? |
Complete |
Complete |
Complete |
Symantec Workspace Virtualization before 6.x before 6.4.1953.0, when a virtual application layer is configured, allows local users to gain privileges via an application that performs crafted interaction with the operating system. |
44 |
CVE-2013-4633 |
264 |
|
+Priv |
2013-06-20 |
2013-06-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
Huawei Seco Versatile Security Manager (VSM) before V200R002C00SPC300 allows remote authenticated users to gain privileges via a certain change to a group configuration setting. |
45 |
CVE-2013-4588 |
119 |
|
Overflow +Priv |
2013-11-20 |
2020-08-04 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2.6.33, when CONFIG_IP_VS is used, allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability for (1) a getsockopt system call, related to the do_ip_vs_get_ctl function, or (2) a setsockopt system call, related to the do_ip_vs_set_ctl function. |
46 |
CVE-2013-4587 |
20 |
|
+Priv |
2013-12-14 |
2014-03-16 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. |
47 |
CVE-2013-4559 |
264 |
|
+Priv |
2013-11-20 |
2021-02-26 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached. |
48 |
CVE-2013-4554 |
264 |
|
+Priv |
2013-12-24 |
2017-01-07 |
5.2 |
None |
Local Network |
Low |
??? |
Partial |
Partial |
Partial |
Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2. |
49 |
CVE-2013-4511 |
189 |
|
Overflow +Priv |
2013-11-12 |
2014-03-06 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. |
50 |
CVE-2013-4482 |
|
|
+Priv |
2013-11-23 |
2019-04-22 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the (1) current working directory or (2) its parent directories. |