| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2010-5290 |
255 |
|
|
2013-09-20 |
2017-08-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash is known, which makes it easier for context-dependent attackers to obtain administrative privileges by leveraging read access to the configuration file, a different vulnerability than CVE-2010-2861. |
|
2 |
CVE-2011-2391 |
20 |
|
DoS |
2013-09-19 |
2017-08-29 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets. |
|
3 |
CVE-2012-1313 |
264 |
|
+Priv |
2013-09-27 |
2016-11-04 |
6.5 |
None |
Local |
Low |
??? |
Complete |
Complete |
Complete |
|
The remote debug shell on the PALO adapter card in Cisco Unified Computing System (UCS) allows local users to gain privileges via malformed show-macstats parameters, aka Bug ID CSCub13772. |
|
4 |
CVE-2012-2624 |
119 |
|
DoS Overflow |
2013-09-23 |
2013-09-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Stack-based buffer overflow in Logica HotScan allows remote attackers to cause a denial of service (crash) via a crafted packet. |
|
5 |
CVE-2012-4067 |
399 |
|
DoS |
2013-09-17 |
2013-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Walrus in Eucalyptus before 3.2.2 allows remote attackers to cause a denial of service (memory, thread, and CPU consumption) via a crafted XML message containing a DTD, as demonstrated by a bucket-logging request. |
|
6 |
CVE-2012-4072 |
20 |
|
|
2013-09-20 |
2016-09-23 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The KVM subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers, and read keyboard and mouse events, by leveraging knowledge of this certificate's private key, aka Bug ID CSCte90327. |
|
7 |
CVE-2012-4073 |
310 |
|
|
2013-09-20 |
2016-09-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The KVM subsystem in the client in Cisco Unified Computing System (UCS) does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, and read or modify KVM data, via a crafted certificate, aka Bug ID CSCte90332. |
|
8 |
CVE-2012-4074 |
255 |
|
+Info |
2013-09-20 |
2016-09-23 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The Board Management Controller (BMC) in the Serial over LAN (SoL) subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded private key, which allows man-in-the-middle attackers to obtain sensitive information or modify the data stream by leveraging knowledge of this key, aka Bug ID CSCte90338. |
|
9 |
CVE-2012-4078 |
287 |
|
Bypass |
2013-09-24 |
2017-08-29 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) does not properly handle SSH escape sequences, which allows remote authenticated users to bypass an unspecified authentication step via SSH port forwarding, aka Bug ID CSCtg17656. |
|
10 |
CVE-2012-4079 |
20 |
|
DoS |
2013-09-26 |
2016-09-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The XML API service in the Fabric Interconnect component in Cisco Unified Computing System (UCS) allows remote attackers to cause a denial of service (API service outage) via a malformed XML document in a packet, aka Bug ID CSCtg48206. |
|
11 |
CVE-2012-4081 |
119 |
|
DoS Overflow |
2013-09-20 |
2016-10-31 |
4.6 |
None |
Local |
Low |
??? |
None |
None |
Complete |
|
MCServer in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to cause a denial of service (application crash) via invalid MCTools parameters, aka Bug ID CSCtg20734. |
|
12 |
CVE-2012-4082 |
20 |
|
+Priv |
2013-09-20 |
2017-08-29 |
6.8 |
None |
Local |
Low |
??? |
Complete |
Complete |
Complete |
|
MCTools in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to gain privileges by entering crafted command-line parameters on a Fabric Interconnect device, aka Bug ID CSCtg20749. |
|
13 |
CVE-2012-4083 |
119 |
|
DoS Overflow Mem. Corr. |
2013-09-20 |
2017-08-29 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Multiple buffer overflows in the administrative web interface in Cisco Unified Computing System (UCS) allow remote authenticated users to cause a denial of service (memory corruption and session termination) via long string values for unspecified parameters, aka Bug ID CSCtg20751. |
|
14 |
CVE-2012-4085 |
20 |
|
|
2013-09-24 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Intelligent Platform Management Interface (IPMI) implementation in the Blade Management Controller in Cisco Unified Computing System (UCS) allows remote attackers to enumerate valid usernames by observing IPMI interface responses, aka Bug ID CSCtg20761. |
|
15 |
CVE-2012-4086 |
77 |
|
Exec Code |
2013-09-25 |
2017-08-29 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
A setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20790. |
|
16 |
CVE-2012-4087 |
20 |
|
Exec Code |
2013-09-24 |
2017-08-29 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
A cluster setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20793. |
|
17 |
CVE-2012-4088 |
255 |
|
|
2013-09-26 |
2016-09-22 |
4.3 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
None |
|
The FTP server in Cisco Unified Computing System (UCS) has a hardcoded password for an unspecified user account, which makes it easier for remote attackers to read or modify files by leveraging knowledge of this password, aka Bug ID CSCtg20769. |
|
18 |
CVE-2012-4089 |
20 |
|
Exec Code |
2013-09-24 |
2017-08-29 |
6.6 |
None |
Local |
Medium |
??? |
Complete |
Complete |
Complete |
|
MCTOOLS in the fabric interconnect in Cisco Unified Computing System (UCS) allows local users to execute arbitrary Baseboard Management Controller (BMC) commands by leveraging (1) local, (2) shell-level, or (3) debug-level privileges at the operating-system layer, aka Bug ID CSCtg76239. |
|
19 |
CVE-2012-4092 |
20 |
|
|
2013-09-26 |
2016-09-22 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The management interface in the Central Software component in Cisco Unified Computing System (UCS) does not properly validate the identity of vCenter consoles, which allows man-in-the-middle attackers to read or modify an inter-device data stream by spoofing an identity, aka Bug ID CSCtk00683. |
|
20 |
CVE-2012-4093 |
20 |
|
DoS |
2013-09-20 |
2016-09-22 |
4.6 |
None |
Local |
Low |
??? |
None |
None |
Complete |
|
The Manager component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via an invalid Smart Call Home contact address, aka Bug ID CSCtl00186. |
|
21 |
CVE-2012-4094 |
119 |
|
DoS Overflow |
2013-09-24 |
2017-08-29 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
Buffer overflow in the Smart Call Home feature in the fabric interconnect in Cisco Unified Computing System (UCS) allows remote attackers to cause a denial of service by reading and forging control messages associated with Smart Call Home reports, aka Bug ID CSCtl00198. |
|
22 |
CVE-2012-5338 |
20 |
|
|
2013-09-23 |
2013-09-24 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Open redirect vulnerability in JForum 2.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnPath parameter in a validateLogin action to jforum.page. |
|
23 |
CVE-2012-5990 |
79 |
|
XSS |
2013-09-06 |
2013-09-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Health Monitor Login pages in Cisco Prime Network Control System (NCS) and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud18375. |
|
24 |
CVE-2012-6087 |
20 |
|
|
2013-09-16 |
2020-12-01 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
repository/s3/S3.php in the Amazon S3 library in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to an incorrect CURLOPT_SSL_VERIFYHOST value. |
|
25 |
CVE-2013-0081 |
20 |
|
DoS |
2013-09-11 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 do not properly process unassigned workflows, which allows remote attackers to cause a denial of service (W3WP process hang) via a crafted URL, aka "SharePoint Denial of Service Vulnerability." |
|
26 |
CVE-2013-0211 |
189 |
|
DoS Overflow |
2013-09-30 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow. |
|
27 |
CVE-2013-0531 |
310 |
|
+Info |
2013-09-08 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The SSL implementation in IBM Security AppScan Enterprise before 8.7.0.1 enables cipher suites with weak encryption algorithms, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. |
|
28 |
CVE-2013-0596 |
79 |
|
XSS |
2013-09-20 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
29 |
CVE-2013-0598 |
352 |
|
CSRF |
2013-09-28 |
2017-08-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to hijack the authentication of arbitrary users. |
|
30 |
CVE-2013-0810 |
94 |
|
Exec Code |
2013-09-11 |
2019-02-26 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2 allow remote attackers to execute arbitrary code via a crafted screensaver in a theme file, aka "Windows Theme File Remote Code Execution Vulnerability." |
|
31 |
CVE-2013-0957 |
264 |
|
Bypass |
2013-09-19 |
2013-10-11 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Data Protection in Apple iOS before 7 allows attackers to bypass intended limits on incorrect passcode entry, and consequently avoid a configured Erase Data setting, by leveraging the presence of an app in the third-party sandbox. |
|
32 |
CVE-2013-1025 |
119 |
|
DoS Exec Code Overflow |
2013-09-16 |
2013-09-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document. |
|
33 |
CVE-2013-1026 |
119 |
|
DoS Exec Code Overflow |
2013-09-16 |
2013-09-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document. |
|
34 |
CVE-2013-1027 |
264 |
|
Exec Code |
2013-09-16 |
2013-09-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a crafted package. |
|
35 |
CVE-2013-1028 |
20 |
|
+Info |
2013-09-16 |
2013-09-27 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a crafted certificate. |
|
36 |
CVE-2013-1029 |
20 |
|
DoS |
2013-09-16 |
2013-09-18 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to cause a denial of service (panic) via crafted IGMP packets that leverage incorrect, extraneous code in the IGMP parser. |
|
37 |
CVE-2013-1030 |
200 |
|
+Info |
2013-09-16 |
2013-09-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process. |
|
38 |
CVE-2013-1031 |
264 |
|
Bypass |
2013-09-16 |
2013-09-19 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an unattended workstation on which a locking failure had prevented the startup of the screen saver. |
|
39 |
CVE-2013-1032 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-16 |
2014-03-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
QuickTime in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted idsc atom in a QuickTime movie file. |
|
40 |
CVE-2013-1033 |
264 |
|
Bypass |
2013-09-16 |
2013-09-18 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access. |
|
41 |
CVE-2013-1034 |
79 |
|
XSS |
2013-09-19 |
2017-09-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Wiki Server in Apple Mac OS X Server before 2.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
42 |
CVE-2013-1035 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-19 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The iTunes ActiveX control in Apple iTunes before 11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. |
|
43 |
CVE-2013-1036 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-19 |
2013-10-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Safari in Apple iOS before 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. |
|
44 |
CVE-2013-1037 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-19 |
2016-11-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. |
|
45 |
CVE-2013-1038 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-19 |
2016-11-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. |
|
46 |
CVE-2013-1039 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-19 |
2016-11-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. |
|
47 |
CVE-2013-1040 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-19 |
2016-11-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. |
|
48 |
CVE-2013-1041 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-19 |
2016-11-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. |
|
49 |
CVE-2013-1042 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-19 |
2014-01-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. |
|
50 |
CVE-2013-1043 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-19 |
2014-01-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. |
