| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
401 |
CVE-2013-1115 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-06 |
2013-09-06 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Cisco WebEx Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ARF file, aka Bug IDs CSCue74118, CSCub28371, CSCud23401, and CSCud31109. |
|
402 |
CVE-2013-1060 |
264 |
|
+Priv |
2013-09-25 |
2013-10-02 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A certain Ubuntu build procedure for perf, as distributed in the Linux kernel packages in Ubuntu 10.04 LTS, 12.04 LTS, 12.10, 13.04, and 13.10, sets the HOME environment variable to the ~buildd directory and consequently reads the system configuration file from the ~buildd directory, which allows local users to gain privileges by leveraging control over the buildd account. |
|
403 |
CVE-2013-1047 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-19 |
2016-11-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. |
|
404 |
CVE-2013-1046 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-19 |
2014-01-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. |
|
405 |
CVE-2013-1045 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-19 |
2014-01-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. |
|
406 |
CVE-2013-1044 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-19 |
2014-01-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. |
|
407 |
CVE-2013-1043 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-19 |
2014-01-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. |
|
408 |
CVE-2013-1042 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-19 |
2014-01-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. |
|
409 |
CVE-2013-1041 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-19 |
2016-11-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. |
|
410 |
CVE-2013-1040 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-19 |
2016-11-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. |
|
411 |
CVE-2013-1039 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-19 |
2016-11-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. |
|
412 |
CVE-2013-1038 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-19 |
2016-11-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. |
|
413 |
CVE-2013-1037 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-19 |
2016-11-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. |
|
414 |
CVE-2013-1036 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-19 |
2013-10-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Safari in Apple iOS before 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. |
|
415 |
CVE-2013-1035 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-19 |
2017-09-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The iTunes ActiveX control in Apple iTunes before 11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. |
|
416 |
CVE-2013-1034 |
79 |
|
XSS |
2013-09-19 |
2017-09-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Wiki Server in Apple Mac OS X Server before 2.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
417 |
CVE-2013-1033 |
264 |
|
Bypass |
2013-09-16 |
2013-09-18 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access. |
|
418 |
CVE-2013-1032 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-09-16 |
2014-03-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
QuickTime in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted idsc atom in a QuickTime movie file. |
|
419 |
CVE-2013-1031 |
264 |
|
Bypass |
2013-09-16 |
2013-09-19 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an unattended workstation on which a locking failure had prevented the startup of the screen saver. |
|
420 |
CVE-2013-1030 |
200 |
|
+Info |
2013-09-16 |
2013-09-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process. |
|
421 |
CVE-2013-1029 |
20 |
|
DoS |
2013-09-16 |
2013-09-18 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to cause a denial of service (panic) via crafted IGMP packets that leverage incorrect, extraneous code in the IGMP parser. |
|
422 |
CVE-2013-1028 |
20 |
|
+Info |
2013-09-16 |
2013-09-27 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a crafted certificate. |
|
423 |
CVE-2013-1027 |
264 |
|
Exec Code |
2013-09-16 |
2013-09-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a crafted package. |
|
424 |
CVE-2013-1026 |
119 |
|
DoS Exec Code Overflow |
2013-09-16 |
2013-09-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document. |
|
425 |
CVE-2013-1025 |
119 |
|
DoS Exec Code Overflow |
2013-09-16 |
2013-09-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document. |
|
426 |
CVE-2013-0957 |
264 |
|
Bypass |
2013-09-19 |
2013-10-11 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Data Protection in Apple iOS before 7 allows attackers to bypass intended limits on incorrect passcode entry, and consequently avoid a configured Erase Data setting, by leveraging the presence of an app in the third-party sandbox. |
|
427 |
CVE-2013-0810 |
94 |
|
Exec Code |
2013-09-11 |
2019-02-26 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2 allow remote attackers to execute arbitrary code via a crafted screensaver in a theme file, aka "Windows Theme File Remote Code Execution Vulnerability." |
|
428 |
CVE-2013-0598 |
352 |
|
CSRF |
2013-09-28 |
2017-08-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to hijack the authentication of arbitrary users. |
|
429 |
CVE-2013-0596 |
79 |
|
XSS |
2013-09-20 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
430 |
CVE-2013-0531 |
310 |
|
+Info |
2013-09-08 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The SSL implementation in IBM Security AppScan Enterprise before 8.7.0.1 enables cipher suites with weak encryption algorithms, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. |
|
431 |
CVE-2013-0211 |
189 |
|
DoS Overflow |
2013-09-30 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow. |
|
432 |
CVE-2013-0081 |
20 |
|
DoS |
2013-09-11 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 do not properly process unassigned workflows, which allows remote attackers to cause a denial of service (W3WP process hang) via a crafted URL, aka "SharePoint Denial of Service Vulnerability." |
|
433 |
CVE-2012-6087 |
20 |
|
|
2013-09-16 |
2020-12-01 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
repository/s3/S3.php in the Amazon S3 library in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to an incorrect CURLOPT_SSL_VERIFYHOST value. |
|
434 |
CVE-2012-5990 |
79 |
|
XSS |
2013-09-06 |
2013-09-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Health Monitor Login pages in Cisco Prime Network Control System (NCS) and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud18375. |
|
435 |
CVE-2012-5338 |
20 |
|
|
2013-09-23 |
2013-09-24 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Open redirect vulnerability in JForum 2.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnPath parameter in a validateLogin action to jforum.page. |
|
436 |
CVE-2012-4094 |
119 |
|
DoS Overflow |
2013-09-24 |
2017-08-29 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
Buffer overflow in the Smart Call Home feature in the fabric interconnect in Cisco Unified Computing System (UCS) allows remote attackers to cause a denial of service by reading and forging control messages associated with Smart Call Home reports, aka Bug ID CSCtl00198. |
|
437 |
CVE-2012-4093 |
20 |
|
DoS |
2013-09-20 |
2016-09-22 |
4.6 |
None |
Local |
Low |
??? |
None |
None |
Complete |
|
The Manager component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via an invalid Smart Call Home contact address, aka Bug ID CSCtl00186. |
|
438 |
CVE-2012-4092 |
20 |
|
|
2013-09-26 |
2016-09-22 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The management interface in the Central Software component in Cisco Unified Computing System (UCS) does not properly validate the identity of vCenter consoles, which allows man-in-the-middle attackers to read or modify an inter-device data stream by spoofing an identity, aka Bug ID CSCtk00683. |
|
439 |
CVE-2012-4089 |
20 |
|
Exec Code |
2013-09-24 |
2017-08-29 |
6.6 |
None |
Local |
Medium |
??? |
Complete |
Complete |
Complete |
|
MCTOOLS in the fabric interconnect in Cisco Unified Computing System (UCS) allows local users to execute arbitrary Baseboard Management Controller (BMC) commands by leveraging (1) local, (2) shell-level, or (3) debug-level privileges at the operating-system layer, aka Bug ID CSCtg76239. |
|
440 |
CVE-2012-4088 |
255 |
|
|
2013-09-26 |
2016-09-22 |
4.3 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
None |
|
The FTP server in Cisco Unified Computing System (UCS) has a hardcoded password for an unspecified user account, which makes it easier for remote attackers to read or modify files by leveraging knowledge of this password, aka Bug ID CSCtg20769. |
|
441 |
CVE-2012-4087 |
20 |
|
Exec Code |
2013-09-24 |
2017-08-29 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
A cluster setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20793. |
|
442 |
CVE-2012-4086 |
77 |
|
Exec Code |
2013-09-25 |
2017-08-29 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
A setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20790. |
|
443 |
CVE-2012-4085 |
20 |
|
|
2013-09-24 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Intelligent Platform Management Interface (IPMI) implementation in the Blade Management Controller in Cisco Unified Computing System (UCS) allows remote attackers to enumerate valid usernames by observing IPMI interface responses, aka Bug ID CSCtg20761. |
|
444 |
CVE-2012-4083 |
119 |
|
DoS Overflow Mem. Corr. |
2013-09-20 |
2017-08-29 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Multiple buffer overflows in the administrative web interface in Cisco Unified Computing System (UCS) allow remote authenticated users to cause a denial of service (memory corruption and session termination) via long string values for unspecified parameters, aka Bug ID CSCtg20751. |
|
445 |
CVE-2012-4082 |
20 |
|
+Priv |
2013-09-20 |
2017-08-29 |
6.8 |
None |
Local |
Low |
??? |
Complete |
Complete |
Complete |
|
MCTools in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to gain privileges by entering crafted command-line parameters on a Fabric Interconnect device, aka Bug ID CSCtg20749. |
|
446 |
CVE-2012-4081 |
119 |
|
DoS Overflow |
2013-09-20 |
2016-10-31 |
4.6 |
None |
Local |
Low |
??? |
None |
None |
Complete |
|
MCServer in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to cause a denial of service (application crash) via invalid MCTools parameters, aka Bug ID CSCtg20734. |
|
447 |
CVE-2012-4079 |
20 |
|
DoS |
2013-09-26 |
2016-09-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The XML API service in the Fabric Interconnect component in Cisco Unified Computing System (UCS) allows remote attackers to cause a denial of service (API service outage) via a malformed XML document in a packet, aka Bug ID CSCtg48206. |
|
448 |
CVE-2012-4078 |
287 |
|
Bypass |
2013-09-24 |
2017-08-29 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) does not properly handle SSH escape sequences, which allows remote authenticated users to bypass an unspecified authentication step via SSH port forwarding, aka Bug ID CSCtg17656. |
|
449 |
CVE-2012-4074 |
255 |
|
+Info |
2013-09-20 |
2016-09-23 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The Board Management Controller (BMC) in the Serial over LAN (SoL) subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded private key, which allows man-in-the-middle attackers to obtain sensitive information or modify the data stream by leveraging knowledge of this key, aka Bug ID CSCte90338. |
|
450 |
CVE-2012-4073 |
310 |
|
|
2013-09-20 |
2016-09-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The KVM subsystem in the client in Cisco Unified Computing System (UCS) does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, and read or modify KVM data, via a crafted certificate, aka Bug ID CSCte90332. |
