Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2013-4548 The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows r... | N/A | NONE | — | 0 |
| CVE-2013-0537 The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to spoof the origin of shared links by leveraging meeting-attendance privileges. | N/A | NONE | — | 0 |
| CVE-2013-3044 The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to spoof the origin of chat messages, or compose anonymous chat messages, by leveraging meeting-... | N/A | NONE | — | 0 |
| CVE-2013-3045 The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to share crafted links via the Library function. | N/A | NONE | — | 0 |
| CVE-2013-3985 The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 does not properly restrict application cookies, which allows remote attackers to read session variables by leveraging a weak setti... | N/A | NONE | — | 0 |
| CVE-2013-0082 Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "WPD File Format Memory Corruption Vulnerability." | N/A | NONE | — | 0 |
| CVE-2013-2239 vzkernel before 042stab080.2 in the OpenVZ modification for the Linux kernel 2.6.32 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel s... | N/A | NONE | — | 0 |
| CVE-2013-4511 Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequent... | N/A | NONE | — | 0 |
| CVE-2013-4512 Buffer overflow in the exitcode_proc_write function in arch/um/kernel/exitcode.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other impa... | N/A | NONE | — | 0 |
| CVE-2013-4513 Buffer overflow in the oz_cdev_write function in drivers/staging/ozwpan/ozcdev.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other impa... | N/A | NONE | — | 0 |
| CVE-2013-4514 Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging... | N/A | NONE | — | 0 |
| CVE-2013-4740 goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, relies on user-spa... | N/A | NONE | — | 0 |
| CVE-2013-6122 goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly ... | N/A | NONE | — | 0 |
| CVE-2013-6763 The uio_mmap_physical function in drivers/uio/uio.c in the Linux kernel before 3.12 does not validate the size of a memory block, which allows local users to cause a denial of service (memory corrupti... | N/A | NONE | — | 0 |
| CVE-2013-5726 Tweetbot 1.3.3 for Mac, and 2.8.5 for iPad and iPhone, does not require confirmation of (1) follow or (2) favorite actions, which allows remote attackers to automatically force the user to perform und... | N/A | NONE | — | 0 |
| CVE-2013-6623 The SVG implementation in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging the use of tree order, rather tha... | N/A | NONE | — | 0 |
| CVE-2013-1324 Stack-based buffer overflow in Microsoft Office 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file... | N/A | NONE | — | 0 |
| CVE-2013-1325 Heap-based buffer overflow in Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "Word Heap Overwrite Vulnerab... | N/A | NONE | — | 0 |
| CVE-2013-2653 security/MemberLoginForm.php in SilverStripe 3.0.3 supports login using a GET request, which makes it easier for remote attackers to conduct phishing attacks without detection by the victim. | N/A | NONE | — | 0 |
| CVE-2013-3869 Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT... | N/A | NONE | — | 0 |
| CVE-2013-3887 The Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Wi... | N/A | NONE | — | 0 |
| CVE-2013-3909 Microsoft Internet Explorer 6 through 8 allows remote attackers to read content from a different (1) domain or (2) zone via crafted characters in Cascading Style Sheets (CSS) token sequences, aka "Int... | N/A | NONE | — | 0 |
| CVE-2013-3910 Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrupt... | N/A | NONE | — | 0 |
| CVE-2013-3911 Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption... | N/A | NONE | — | 0 |
| CVE-2013-3912 Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrup... | N/A | NONE | — | 0 |
| CVE-2013-6624 Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the string values... | N/A | NONE | — | 0 |
| CVE-2013-3916 Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrup... | N/A | NONE | — | 0 |
| CVE-2013-3917 Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrup... | N/A | NONE | — | 0 |
| CVE-2013-3940 Integer overflow in the Graphics Device Interface (GDI) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, W... | N/A | NONE | — | 0 |
| CVE-2013-6789 security/MemberLoginForm.php in SilverStripe 3.0.3 supports credentials in a GET request, which allows remote or local attackers to obtain sensitive information by reading web-server access logs, web-... | N/A | NONE | — | 0 |
| CVE-2013-5326 Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 12, 9.0.1 before Update 11, 9.0.2 before Update 6, and 10 before Update 12, when the CFIDE directory is available, allows... | N/A | NONE | — | 0 |
| CVE-2013-5329 Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows and Mac OS X and before 11.2.202.327 on Linux, Adobe AIR before 3.9.0.1210, Adobe AIR SDK before 3.9.0.1210,... | N/A | NONE | — | 0 |
| CVE-2013-5330 Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows and Mac OS X and before 11.2.202.327 on Linux, Adobe AIR before 3.9.0.1210, Adobe AIR SDK before 3.9.0.1210,... | N/A | NONE | — | 0 |
| CVE-2013-2931 Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.48 allow attackers to execute arbitrary code or possibly have other impact via unknown vectors. | N/A | NONE | — | 0 |
| CVE-2013-4475 Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictio... | N/A | NONE | — | 0 |
| CVE-2013-4476 Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by... | N/A | NONE | — | 0 |
| CVE-2013-5378 Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging incorrect IBM Connections... | N/A | NONE | — | 0 |
| CVE-2013-5379 Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.x before 7.0.0.2 CF25 and 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveragi... | N/A | NONE | — | 0 |
| CVE-2013-5442 Cross-site scripting (XSS) vulnerability in the Local Management Interface (LMI) in IBM Security Network Protection on XGS 5100 devices with firmware 5.1 before 5.1.0.6 and 5.1.1 before 5.1.1.1 allows... | N/A | NONE | — | 0 |
| CVE-2013-5450 IBM Security AppScan Enterprise 8.5 through 8.7.0.1, when Jazz authentication is enabled, allows man-in-the-middle attackers to obtain sensitive information or modify data by leveraging an improperly ... | N/A | NONE | — | 0 |
| CVE-2013-5453 IBM Security AppScan Enterprise 5.6 through 8.7.0.1 allows remote authenticated users to read arbitrary report files by leveraging knowledge of filenames that cannot be easily predicted. | N/A | NONE | — | 0 |
| CVE-2013-5560 The IPv6 implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1.3 and earlier, when NAT64 or NAT66 is enabled, does not properly process NAT rules, which allows remote attackers to cau... | N/A | NONE | — | 0 |
| CVE-2013-5568 The auto-update implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0.3.6 and earlier allows remote attackers to cause a denial of service (device reload) via crafted update data, aka... | N/A | NONE | — | 0 |
| CVE-2013-5990 Unspecified vulnerability in JustSystems Ichitaro 2006 through 2011; Ichitaro Government 6, 7, and 2006 through 2010; Ichitaro 2011 Sou; Ichitaro 2012 Shou; Ichitaro 2013 Gen and Gen Trial Edition; Ic... | N/A | NONE | — | 0 |
| CVE-2013-6357 Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that ... | N/A | NONE | — | 0 |
| CVE-2013-6621 Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the x-webkit-spe... | N/A | NONE | — | 0 |
| CVE-2013-6622 Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument function in core/html/HTMLMediaElement.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to... | N/A | NONE | — | 0 |
| CVE-2013-6780 Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via the allowedDomai... | N/A | NONE | — | 0 |
| CVE-2013-6058 SQL injection vulnerability in appRain CMF 3.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to blog-by-cat/. | N/A | NONE | — | 0 |
| CVE-2013-6163 Multiple cross-site scripting (XSS) vulnerabilities in ProjeQtOr (formerly Project'Or RIA) before 4.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to view... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.