CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2013

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2013-1903 264 2013-04-04 2017-10-20
10.0
None Remote Low Not required Complete Complete Complete
PostgreSQL, possibly 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 incorrectly provides the superuser password to scripts related to "graphical installers for Linux and Mac OS X," which has unspecified impact and attack vectors.
152 CVE-2013-1902 2013-04-04 2017-10-20
10.0
None Remote Low Not required Complete Complete Complete
PostgreSQL, 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 generates insecure temporary files with predictable filenames, which has unspecified impact and attack vectors related to "graphical installers for Linux and Mac OS X."
153 CVE-2013-1901 264 Bypass 2013-04-04 2013-12-01
4.0
None Remote Low ??? None Partial None
PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.
154 CVE-2013-1900 189 2013-04-04 2017-10-20
8.5
None Remote Medium ??? Complete Complete Complete
PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions."
155 CVE-2013-1899 94 DoS Exec Code Sql 2013-04-04 2013-12-01
6.5
None Remote Low ??? Partial Partial Partial
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen).
156 CVE-2013-1898 94 Exec Code 2013-04-09 2013-04-10
7.5
None Remote Low Not required Partial Partial Partial
lib/thumbshooter.rb in the Thumbshooter 0.1.5 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
157 CVE-2013-1858 264 +Priv 2013-04-05 2013-04-08
7.2
None Local Low Not required Complete Complete Complete
The clone system-call implementation in the Linux kernel before 3.8.3 does not properly handle a combination of the CLONE_NEWUSER and CLONE_FS flags, which allows local users to gain privileges by calling chroot and leveraging the sharing of the / directory between a parent process and a child process.
158 CVE-2013-1823 79 XSS 2013-04-02 2013-04-03
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Notifications form in Red Hat Subscription Asset Manager before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the username field.
159 CVE-2013-1821 20 DoS 2013-04-09 2016-12-08
5.0
None Remote Low Not required None None Partial
lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.
160 CVE-2013-1815 255 2013-04-10 2017-08-29
4.4
None Local Medium Not required Partial Partial Partial
PackStack 2012.2.3 in Red Hat OpenStack Essex and Folsom can create the answer file in insecure directories such as /tmp or the current working directory, which allows local users to modify deployed systems by changing this file.
161 CVE-2013-1808 79 XSS 2013-04-02 2014-04-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is might be the same vulnerability as CVE-2013-1463. If so, it is likely that CVE-2013-1463 will be REJECTed.
162 CVE-2013-1802 264 DoS Exec Code 2013-04-09 2013-04-10
7.5
None Remote Low Not required Partial Partial Partial
The extlib gem 0.9.15 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.
163 CVE-2013-1801 264 DoS Exec Code 2013-04-09 2013-04-10
7.5
None Remote Low Not required Partial Partial Partial
The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for YAML type conversion, a similar vulnerability to CVE-2013-0156.
164 CVE-2013-1800 264 DoS Exec Code 2013-04-09 2013-04-10
7.5
None Remote Low Not required Partial Partial Partial
The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.
165 CVE-2013-1799 310 +Info 2013-04-02 2013-04-02
4.3
None Remote Medium Not required Partial None None
Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not properly validate SSL certificates when creating accounts for providers who use the libsoup library, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. NOTE: this issue exists because of an incomplete fix for CVE-2013-0240.
166 CVE-2013-1790 119 Overflow 2013-04-09 2014-01-28
6.8
None Remote Medium Not required Partial Partial Partial
poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function.
167 CVE-2013-1789 DoS 2013-04-09 2013-04-10
4.3
None Remote Medium Not required None None Partial
splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions.
168 CVE-2013-1788 119 DoS Exec Code Overflow 2013-04-09 2014-01-28
6.8
None Remote Medium Not required Partial Partial Partial
poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc.
169 CVE-2013-1776 264 2013-04-08 2017-08-29
4.4
None Local Medium Not required Partial Partial Partial
sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.
170 CVE-2013-1749 79 XSS 2013-04-18 2013-04-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via the Address field.
171 CVE-2013-1748 89 Exec Code Sql 2013-04-18 2013-04-18
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php. NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by CVE-2008-2565.2.
172 CVE-2013-1665 200 +Info 2013-04-03 2013-05-15
5.0
None Remote Low Not required Partial None None
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.
173 CVE-2013-1664 119 DoS Overflow 2013-04-03 2013-05-15
5.0
None Remote Low Not required None None Partial
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.
174 CVE-2013-1570 2013-04-17 2014-02-21
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote attackers to affect availability via unknown vectors related to MemCached.
175 CVE-2013-1569 2013-04-17 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "checking of [a] glyph table" in the International Components for Unicode (ICU) Layout Engine before 51.2.
176 CVE-2013-1568 2013-04-17 2013-10-11
4.0
None Remote Low ??? None None Partial
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 5.3.3, 6.0.1, and 6.2.0 allows remote authenticated users to affect availability via unknown vectors related to CB.
177 CVE-2013-1567 2013-04-17 2014-02-21
3.5
None Remote Medium ??? None None Partial
Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-2395.
178 CVE-2013-1566 2013-04-17 2014-02-21
3.5
None Remote Medium ??? None None Partial
Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
179 CVE-2013-1565 2013-04-17 2013-10-11
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the Oracle GoldenGate Veridata component in Oracle Fusion Middleware 3.0.0.11 allows remote attackers to affect availability via unknown vectors.
180 CVE-2013-1564 2013-04-17 2017-09-19
5.0
None Remote Low Not required None Partial None
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect integrity via unknown vectors related to JavaFX.
181 CVE-2013-1563 2013-04-17 2017-09-19
7.6
None Remote High Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install.
182 CVE-2013-1562 2013-04-17 2013-10-11
4.0
None Remote Low ??? None Partial None
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect integrity via vectors related to HELP.
183 CVE-2013-1561 2013-04-17 2017-09-19
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality via unknown vectors related to JavaFX.
184 CVE-2013-1560 2013-04-17 2017-09-09
2.1
None Remote High ??? Partial None None
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect confidentiality via vectors related to BASE, a different vulnerability than CVE-2013-2385.
185 CVE-2013-1559 2013-04-17 2013-10-11
4.0
None Remote Low ??? None None Partial
Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote authenticated users to affect availability via unknown vectors related to Content Server.
186 CVE-2013-1558 2013-04-17 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans.
187 CVE-2013-1557 2013-04-17 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "missing security restrictions" in the LogStream.setDefaultStream method.
188 CVE-2013-1556 2013-04-17 2013-10-11
3.5
None Remote Medium ??? None Partial None
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 12.0.1 allows remote authenticated users to affect integrity via vectors related to OTH.
189 CVE-2013-1555 2013-04-17 2019-12-17
4.0
None Remote Low ??? None None Partial
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and 5.5.29 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
190 CVE-2013-1554 2013-04-17 2013-10-11
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to affect availability via unknown vectors.
191 CVE-2013-1553 2013-04-17 2013-10-11
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.6.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Services Security.
192 CVE-2013-1552 2013-04-17 2019-12-17
6.0
None Remote Medium ??? Partial Partial Partial
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
193 CVE-2013-1551 2013-04-17 2013-10-11
6.0
None Remote Medium ??? Partial Partial Partial
Unspecified vulnerability in the Siebel Enterprise Application Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Integration Business Services.
194 CVE-2013-1550 2013-04-17 2013-10-11
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via unknown vectors related to WorkCenter.
195 CVE-2013-1549 2013-04-17 2013-10-11
3.5
None Remote Medium ??? None Partial None
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 5.3.3, 6.0.1, and 12.0.0 allows remote authenticated users to affect integrity via vectors related to BASE.
196 CVE-2013-1548 2013-04-17 2019-12-17
3.5
None Remote Medium ??? None None Partial
Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.
197 CVE-2013-1547 2013-04-17 2013-10-11
3.5
None Remote Medium ??? None Partial None
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 12.0.1 allows remote authenticated users to affect integrity via vectors related to BASE.
198 CVE-2013-1546 2013-04-17 2013-10-11
1.5
None Local Medium ??? Partial None None
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 3.1.0 and 5.0.2 through 12.0.1 allows local users to affect confidentiality via vectors related to BASE.
199 CVE-2013-1545 2013-04-17 2013-10-11
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.5.0, and 11.1.1.6.0 allows remote attackers to affect availability via unknown vectors related to Web Listener.
200 CVE-2013-1544 2013-04-17 2018-12-06
4.0
None Remote Low ??? None None Partial
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
Total number of vulnerabilities : 438   Page : 1 2 3 4 (This Page)5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.