| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
201 |
CVE-2013-4202 |
399 |
|
DoS |
2013-09-16 |
2018-11-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The (1) backup (api/contrib/backups.py) and (2) volume transfer (contrib/volume_transfer.py) APIs in OpenStack Cinder Grizzly 2013.1.3 and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664. |
|
202 |
CVE-2013-4183 |
200 |
|
+Info |
2013-09-16 |
2013-10-31 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The clear_volume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive information via unspecified vectors. |
|
203 |
CVE-2013-4182 |
264 |
|
|
2013-09-16 |
2013-09-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request. |
|
204 |
CVE-2013-4181 |
79 |
|
XSS |
2013-09-16 |
2013-09-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the addAlert function in the RedirectServlet servlet in oVirt Engine and Red Hat Enterprise Virtualization Manager (RHEV-M), as used in Red Hat Enterprise Virtualization 3 and 3.2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
205 |
CVE-2013-4180 |
20 |
|
DoS |
2013-09-16 |
2013-09-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol. |
|
206 |
CVE-2013-4179 |
119 |
|
DoS Overflow |
2013-09-16 |
2013-10-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664. |
|
207 |
CVE-2013-4169 |
59 |
|
|
2013-09-10 |
2013-09-12 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/. |
|
208 |
CVE-2013-4154 |
|
|
DoS |
2013-09-30 |
2013-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to "agent based cpu (un)plug," as demonstrated by the "virsh vcpucount foobar --guest" command. |
|
209 |
CVE-2013-4153 |
399 |
|
DoS |
2013-09-30 |
2013-10-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemu_agent.c in libvirt 1.0.6 through 1.1.0 allows remote attackers to cause a denial of service (daemon crash) via a cpu count request, as demonstrated by the "virsh vcpucount dom --guest" command. |
|
210 |
CVE-2013-4136 |
59 |
|
+Priv |
2013-09-30 |
2013-10-10 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/. |
|
211 |
CVE-2013-4132 |
310 |
|
DoS |
2013-09-16 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass. |
|
212 |
CVE-2013-4123 |
20 |
|
DoS |
2013-09-16 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header. |
|
213 |
CVE-2013-4112 |
200 |
|
Exec Code +Info |
2013-09-28 |
2014-03-08 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials. |
|
214 |
CVE-2013-4068 |
119 |
|
Exec Code Overflow |
2013-09-20 |
2017-08-29 |
7.1 |
None |
Remote |
High |
??? |
Complete |
Complete |
Complete |
|
Buffer overflow in iNotes in IBM Domino 8.5.3 before FP5 IF1 and 9.0 before IF4 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka SPR PTHN9ADPA8. |
|
215 |
CVE-2013-4062 |
310 |
|
+Info |
2013-09-09 |
2017-08-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IBM Rational Policy Tester 8.5 before 8.5.0.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof Jazz Team servers, obtain sensitive information, and modify the client-server data stream via a crafted certificate. |
|
216 |
CVE-2013-4061 |
287 |
|
|
2013-09-09 |
2017-08-29 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
IBM Rational Policy Tester 8.5 before 8.5.0.5 does not properly check authorization for changes to the set of authentication hosts, which allows remote authenticated users to perform spoofing attacks involving an HTTP redirect via unspecified vectors. |
|
217 |
CVE-2013-4053 |
20 |
|
|
2013-09-20 |
2017-08-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The WS-Security implementation in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1, and WAS Feature Pack for Web Services 6.1 before 6.1.0.47, when a trust store is configured for XML Digital Signatures, does not properly verify X.509 certificates, which allows remote attackers to obtain privileged access via unspecified vectors. |
|
218 |
CVE-2013-4052 |
79 |
|
XSS |
2013-09-20 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the UDDI Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
219 |
CVE-2013-4049 |
|
|
Exec Code |
2013-09-16 |
2017-08-29 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
Unrestricted file upload vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote authenticated users to execute arbitrary code by uploading and accessing a JSP file. |
|
220 |
CVE-2013-4048 |
79 |
|
XSS |
2013-09-16 |
2017-08-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving addition of script to a page. |
|
221 |
CVE-2013-4047 |
79 |
|
XSS |
2013-09-16 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote attackers to inject arbitrary web script or HTML via a crafted link. |
|
222 |
CVE-2013-4025 |
264 |
|
|
2013-09-25 |
2017-08-29 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x do not have an off autocomplete attribute for the login-password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. |
|
223 |
CVE-2013-4024 |
200 |
|
+Info |
2013-09-25 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x support HTTP access to the Web Console, which allows remote attackers to read session cookies by sniffing the network. |
|
224 |
CVE-2013-4022 |
255 |
|
Bypass |
2013-09-25 |
2017-08-29 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x store unspecified authentication information in a cookie, which allows remote authenticated users to bypass intended access restrictions via unknown vectors. |
|
225 |
CVE-2013-3934 |
119 |
|
Exec Code Overflow |
2013-09-10 |
2013-09-10 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in Kingsoft Writer 2012 8.1.0.3030, as used in Kingsoft Office 2013 before 9.1.0.4256, allows remote attackers to execute arbitrary code via a long font name in a WPS file. |
|
226 |
CVE-2013-3893 |
399 |
|
Exec Code |
2013-09-18 |
2021-05-17 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll. |
|
227 |
CVE-2013-3870 |
399 |
|
Exec Code |
2013-09-11 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Double free vulnerability in Microsoft Outlook 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to execute arbitrary code by including many nested S/MIME certificates in an e-mail message, aka "Message Certificate Vulnerability." |
|
228 |
CVE-2013-3868 |
20 |
|
DoS |
2013-09-11 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Microsoft Active Directory Lightweight Directory Service (AD LDS) on Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows 8 and Active Directory Services on Windows Server 2008 SP2 and R2 SP1 and Server 2012 allow remote attackers to cause a denial of service (LDAP directory-service outage) via a crafted LDAP query, aka "Remote Anonymous DoS Vulnerability." |
|
229 |
CVE-2013-3866 |
119 |
|
Overflow +Priv |
2013-09-11 |
2018-10-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." |
|
230 |
CVE-2013-3865 |
119 |
|
Overflow +Priv |
2013-09-11 |
2018-10-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Multiple Fetch Vulnerability," a different vulnerability than CVE-2013-1342, CVE-2013-1343, CVE-2013-1344, and CVE-2013-3864. |
|
231 |
CVE-2013-3864 |
119 |
|
Overflow +Priv |
2013-09-11 |
2018-10-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Multiple Fetch Vulnerability," a different vulnerability than CVE-2013-1342, CVE-2013-1343, CVE-2013-1344, and CVE-2013-3865. |
|
232 |
CVE-2013-3863 |
119 |
|
Exec Code Overflow |
2013-09-11 |
2019-02-26 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via a crafted OLE object in a file, aka "OLE Property Vulnerability." |
|
233 |
CVE-2013-3862 |
399 |
|
+Priv |
2013-09-11 |
2018-10-12 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Double free vulnerability in Microsoft Windows 7 and Server 2008 R2 SP1 allows local users to gain privileges via a crafted service description that is not properly handled by services.exe in the Service Control Manager (SCM), aka "Service Control Manager Double Free Vulnerability." |
|
234 |
CVE-2013-3859 |
264 |
|
+Priv |
2013-09-11 |
2018-10-12 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Pinyin IME 2010, when used in conjunction with Microsoft Office 2010 SP1, does not properly restrict configuration options, which allows local users to gain privileges by starting Internet Explorer from the IME toolbar, aka "Chinese IME Vulnerability." |
|
235 |
CVE-2013-3858 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-11 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3849. |
|
236 |
CVE-2013-3857 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-11 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Word Automation Services in SharePoint Server 2010 SP1 and SP2, Word Web App 2010 SP1 and SP2 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1 and SP2, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability." |
|
237 |
CVE-2013-3856 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-11 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability." |
|
238 |
CVE-2013-3855 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-11 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability." |
|
239 |
CVE-2013-3854 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-11 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Office 2007 SP3 and Word 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3853. |
|
240 |
CVE-2013-3853 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-11 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Office 2007 SP3 and Word 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3854. |
|
241 |
CVE-2013-3852 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-11 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Word 2003 SP3, 2007 SP3, and 2010 SP1; Office Compatibility Pack SP3; and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability." |
|
242 |
CVE-2013-3851 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-11 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Office 2003 SP3 and 2007 SP3, Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability." |
|
243 |
CVE-2013-3850 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-11 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Word 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability." |
|
244 |
CVE-2013-3849 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-11 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3858. |
|
245 |
CVE-2013-3848 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-11 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3849, and CVE-2013-3858. |
|
246 |
CVE-2013-3847 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-11 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3848, CVE-2013-3849, and CVE-2013-3858. |
|
247 |
CVE-2013-3845 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-11 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." |
|
248 |
CVE-2013-3658 |
22 |
|
Dir. Trav. |
2013-09-10 |
2013-09-12 |
9.4 |
None |
Remote |
Low |
Not required |
None |
Complete |
Complete |
|
Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to delete arbitrary host OS files via unspecified vectors. |
|
249 |
CVE-2013-3657 |
119 |
|
DoS Exec Code Overflow |
2013-09-10 |
2013-09-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors. |
|
250 |
CVE-2013-3616 |
79 |
|
XSS |
2013-09-24 |
2013-10-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the KnowledgeView Editorial and Management application allows remote attackers to inject arbitrary web script or HTML via the username parameter. |
