Weekly Vulnerabilities Reports > October 14 to 20, 2013
Overview
161 new vulnerabilities reported during this period, including 17 critical vulnerabilities and 8 high severity vulnerabilities. This weekly summary report vulnerabilities in 96 products from 25 vendors including Oracle, SUN, Cisco, IBM, and HP. Vulnerabilities are notably categorized as "Improper Input Validation", "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Cryptographic Issues", and "Resource Management Errors".
- 139 reported vulnerabilities are remotely exploitables.
- 3 reported vulnerabilities have public exploit available.
- 8 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 119 reported vulnerabilities are exploitable by an anonymous user.
- Oracle has the most reported vulnerabilities, with 109 reported vulnerabilities.
- Oracle has the most reported critical vulnerabilities, with 16 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
17 Critical Vulnerabilities
8 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-10-16 | CVE-2013-5852 | Oracle SUN | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5787, CVE-2013-5789, CVE-2013-5824, and CVE-2013-5832. | 7.6 |
2013-10-19 | CVE-2013-6129 | Vbulletin | Permissions, Privileges, and Access Controls vulnerability in Vbulletin 4.1/5.0.0 The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid, htmldata[password], htmldata[confirmpassword], and htmldata[email] parameters, as exploited in the wild in October 2013. | 7.5 |
2013-10-16 | CVE-2013-5815 | Oracle | Remote Security vulnerability in Oracle Identity Analytics Unspecified vulnerability in the Oracle Identity Analytics component in Oracle Fusion Middleware Oracle Identity Analytics 11.1.1.5 and Sun Role Manager 4.1 and 5.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. | 7.5 |
2013-10-16 | CVE-2013-5802 | SUN Oracle | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP. | 7.5 |
2013-10-16 | CVE-2013-5775 | Oracle | Unspecified vulnerability in Oracle Javafx, JDK and JRE Unspecified vulnerability in the Java SE and JavaFX components in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-5777. | 7.5 |
2013-10-16 | CVE-2013-5393 | IBM | Unspecified vulnerability in IBM Websphere Extreme Scale The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 does not properly process logoff actions, which has unspecified impact and remote attack vectors. | 7.5 |
2013-10-16 | CVE-2013-4830 | HP | Code Injection vulnerability in HP Service Manager 9.30/9.31/9.32 HP Service Manager 9.30 through 9.32 allows remote attackers to execute arbitrary code via an unspecified "injection" approach. | 7.5 |
2013-10-16 | CVE-2013-5030 | Ruckuswireless | Permissions, Privileges, and Access Controls vulnerability in Ruckuswireless Zoneflex 2942 and Zoneflex 2942 Firmware Ruckus Wireless Zoneflex 2942 devices with firmware 9.6.0.0.267 allow remote attackers to bypass authentication, and subsequently access certain configuration/ and maintenance/ scripts, by constructing a crafted URI after receiving an authentication error for an arbitrary login attempt. | 7.2 |
115 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-10-16 | CVE-2013-5781 | Oracle | Local SPARC Enterprise T4 Servers vulnerability in Oracle Sun Products Suite Unspecified vulnerability in Oracle PARC Enterprise T4 Servers running Sun System Firmware before 8.3.0.b allows local users to affect confidentiality, integrity, and availability via vectors related to Sun System Firmware/Integrated Lights Out Manager (ILOM). | 6.9 |
2013-10-19 | CVE-2013-4712 | Iodata | Resource Management Errors vulnerability in Iodata products I-O DATA DEVICE HDL-A and HDL2-A devices with firmware 1.07 and earlier do not properly manage sessions, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors. | 6.8 |
2013-10-19 | CVE-2012-4112 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Computing System The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary commands via crafted command parameters within the command-line interface, aka Bug ID CSCtr43330. | 6.8 |
2013-10-17 | CVE-2013-6013 | Juniper | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Juniper Junos Buffer overflow in the flow daemon (flowd) in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7-S2, 12.1.X44 before 12.1X44-D15, 12.1X45 before 12.1X45-D10 on SRX devices, when using telnet pass-through authentication on the firewall, might allow remote attackers to execute arbitrary code via a crafted telnet message. | 6.8 |
2013-10-16 | CVE-2013-5835 | Oracle | Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Open_UI. | 6.8 |
2013-10-16 | CVE-2013-5822 | Oracle | Remote Security vulnerability in Oracle Ilearning 5.2.1/6.0 Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 5.2.1 and 6.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Learner Administration. | 6.8 |
2013-10-16 | CVE-2013-5540 | Cisco | Resource Management Errors vulnerability in Cisco products The file-upload feature in Cisco Identity Services Engine (ISE) allows remote authenticated users to cause a denial of service (disk consumption and administration-interface outage) by uploading many files, aka Bug ID CSCui67519. | 6.8 |
2013-10-16 | CVE-2013-5529 | Cisco | Improper Input Validation vulnerability in Cisco Webex Meetings Server The deployment module in the server in Cisco WebEx Meeting Center does not properly validate the passphrase, which allows remote attackers to launch a deployment or cause a denial of service (deployment interruption) via a direct request, aka Bug ID CSCuf52200. | 6.8 |
2013-10-14 | CVE-2012-4121 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Nx-Os Cisco NX-OS allows local users to gain privileges, and read or modify arbitrary files, via the sed (1) r and (2) w commands, aka Bug IDs CSCts56559, CSCts56565, CSCts56570, and CSCts56574. | 6.8 |
2013-10-14 | CVE-2012-4077 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Nx-Os Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651. | 6.8 |
2013-10-14 | CVE-2012-4076 | Cisco | Improper Input Validation vulnerability in Cisco Nx-Os Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in a command that calls the system library function, aka Bug IDs CSCtf23559 and CSCtf27780. | 6.8 |
2013-10-16 | CVE-2013-5813 | Oracle | Remote Security vulnerability in Oracle WebCenter Content Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, 11.1.1.7.0, and 11.1.1.8.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Content Server. | 6.4 |
2013-10-16 | CVE-2013-5812 | SUN Oracle | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment. | 6.4 |
2013-10-16 | CVE-2013-5804 | Oracle SUN | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and JRockit R27.7.6 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Javadoc. | 6.4 |
2013-10-16 | CVE-2013-5783 | SUN Oracle | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Swing. | 6.4 |
2013-10-16 | CVE-2013-5771 | Oracle | XML Parser Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the XML Parser component in Oracle Database Server 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect confidentiality and availability via unknown vectors. | 6.4 |
2013-10-16 | CVE-2013-3829 | Oracle SUN | Unspecified vulnerability in the Java SE, Java SE Embedded component in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. | 6.4 |
2013-10-16 | CVE-2013-5535 | Cisco | Credentials Management vulnerability in Cisco products The analytics page on Cisco Video Surveillance 4000 IP cameras has hardcoded credentials, which allows remote attackers to watch the video feed by leveraging knowledge of the password, aka Bug IDs CSCuj70402 and CSCuj70419. | 6.4 |
2013-10-16 | CVE-2013-5539 | Cisco | Improper Input Validation vulnerability in Cisco products The upload-dialog implementation in Cisco Identity Services Engine (ISE) allows remote authenticated users to upload files with an arbitrary file type, and consequently conduct attacks against unspecified other systems, via a crafted file, aka Bug ID CSCui67511. | 6.0 |
2013-10-19 | CVE-2012-4117 | Cisco | Improper Input Validation vulnerability in Cisco Unified Computing System The fabric-interconnect component in Cisco Unified Computing System (UCS) does not properly verify X.509 certificates, which allows man-in-the-middle attackers to watch SSL KVM video-channel traffic or modify this traffic via a crafted certificate, aka Bug ID CSCtr73033. | 5.8 |
2013-10-19 | CVE-2012-4114 | Cisco | Cryptographic Issues vulnerability in Cisco Unified Computing System The fabric-interconnect KVM module in Cisco Unified Computing System (UCS) does not encrypt video data, which allows man-in-the-middle attackers to watch KVM display content by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug ID CSCtr72949. | 5.8 |
2013-10-16 | CVE-2013-5761 | Oracle | Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel Core - Server BizLogic Script component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Integration - Scripting. | 5.8 |
2013-10-16 | CVE-2013-3831 | Oracle | SQL Injection vulnerability in Oracle Fusion Middleware 11.1.1.6.0 Unspecified vulnerability in the Oracle Portal component in Oracle Fusion Middleware 11.1.1.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Demos. | 5.5 |
2013-10-16 | CVE-2013-3814 | Oracle | Remote Security vulnerability in Oracle Industry Applications Unspecified vulnerability in the Oracle Retail Invoice Matching component in Oracle Industry Applications 10.2, 11.0, 12.0, 12.0IN, 12.1, 13.0, 13.1, and 13.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to System Administration. | 5.5 |
2013-10-16 | CVE-2013-4831 | HP | Unspecified vulnerability in HP Service Manager 9.30/9.31/9.32 HP Service Manager 9.30 through 9.32 does not properly manage privileges, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | 5.5 |
2013-10-17 | CVE-2013-0500 | IBM | Improper Input Validation vulnerability in IBM products IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 does not properly handle device files that are created with the NFS protocol but accessed with a non-NFS protocol, which allows remote authenticated users to obtain sensitive information, modify programs or files, or cause a denial of service (device crash) via a (1) CIFS, (2) HTTPS, (3) SCP, or (4) SFTP operation. | 5.4 |
2013-10-16 | CVE-2013-5866 | Oracle | Local Security vulnerability in Oracle Sunos 5.11.1 Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel. | 5.2 |
2013-10-17 | CVE-2013-4689 | Juniper | Cross-Site Request Forgery (CSRF) vulnerability in Juniper Junos J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1R before 12.1R6, 12.1X44 before 12.1X44-D15, 12.1x45 before 12.1X45-D10, 12.2 before 12.2R3, 12.3 before 12.3R2, and 13.1 before 13.1R3 allow remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism and hijack the authentication of administrators for requests that (1) create new administrator accounts or (2) have other unspecified impacts. | 5.1 |
2013-10-17 | CVE-2013-2254 | Apache | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apache Org.Apache.Sling.Servlets.Post 2.2.0/2.3.0 The deepGetOrCreateNode function in impl/operations/AbstractCreateOperation.java in org.apache.sling.servlets.post.bundle 2.2.0 and 2.3.0 in Apache Sling does not properly handle a NULL value that returned when the session does not have permissions to the root node, which allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors. | 5.0 |
2013-10-16 | CVE-2013-3279 | EMC | Credentials Management vulnerability in EMC Atmos 2.1.3 EMC Atmos before 2.1.4 has a blank password for the PostgreSQL account, which allows remote attackers to obtain sensitive administrative information via a database-server connection. | 5.0 |
2013-10-16 | CVE-2013-5867 | Oracle | Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel Core - Server Infrastructure component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via vectors related to SISNAPI & Network Infrastructure. | 5.0 |
2013-10-16 | CVE-2013-5859 | Oracle | Remote Security vulnerability in Oracle Primavera products Suite 8.0.6/8.5 Unspecified vulnerability in the Instantis EnterpriseTrack component in Oracle Primavera Products Suite 8.0.6 and 8.5 allows remote attackers to affect confidentiality via unknown vectors. | 5.0 |
2013-10-16 | CVE-2013-5851 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JAXP. | 5.0 |
2013-10-16 | CVE-2013-5848 | Oracle | Unspecified vulnerability in Oracle Javafx, JDK and JRE Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and JavaFX 2.2.40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment. | 5.0 |
2013-10-16 | CVE-2013-5841 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.51/8.52/8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Portal, a different vulnerability than CVE-2013-5794. | 5.0 |
2013-10-16 | CVE-2013-5840 | SUN Oracle | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries. | 5.0 |
2013-10-16 | CVE-2013-5836 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.51/8.52/8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Business Interlink. | 5.0 |
2013-10-16 | CVE-2013-5831 | Oracle SUN | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5818 and CVE-2013-5819. | 5.0 |
2013-10-16 | CVE-2013-5826 | Oracle | Remote Security vulnerability in Oracle Supply Chain products Suite 6.3.0/6.3.1 Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.3 and 6.3.1 allows remote attackers to affect availability via unknown vectors related to Install / Installation. | 5.0 |
2013-10-16 | CVE-2013-5825 | SUN Oracle | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JAXP. | 5.0 |
2013-10-16 | CVE-2013-5823 | Oracle SUN | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via unknown vectors related to Security. | 5.0 |
2013-10-16 | CVE-2013-5820 | Oracle SUN | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to JAX-WS. | 5.0 |
2013-10-16 | CVE-2013-5819 | Oracle SUN | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5818 and CVE-2013-5831. | 5.0 |
2013-10-16 | CVE-2013-5818 | Oracle SUN | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5819 and CVE-2013-5831. | 5.0 |
2013-10-16 | CVE-2013-5816 | Oracle | Remote Security vulnerability in Oracle GlassFish Server Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2 allows remote attackers to affect availability via unknown vectors related to Metro. | 5.0 |
2013-10-16 | CVE-2013-5801 | SUN Oracle | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D. | 5.0 |
2013-10-16 | CVE-2013-5794 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.51/8.52/8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Portal, a different vulnerability than CVE-2013-5841. | 5.0 |
2013-10-16 | CVE-2013-5792 | Oracle | Techstack Remote Security vulnerability in Oracle E-Business Suite 12.1 Unspecified vulnerability in the Techstack component in Oracle E-Business Suite 12.1 allows remote attackers to affect confidentiality via unknown vectors related to Apache. | 5.0 |
2013-10-16 | CVE-2013-5778 | SUN Oracle | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D. | 5.0 |
2013-10-16 | CVE-2013-5776 | Oracle SUN | Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment. | 5.0 |
2013-10-16 | CVE-2013-5774 | SUN Oracle | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries. | 5.0 |
2013-10-16 | CVE-2013-5765 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.51/8.52/8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect availability via vectors related to XML Publisher. | 5.0 |
2013-10-16 | CVE-2013-3841 | Oracle | Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Web Services. | 5.0 |
2013-10-16 | CVE-2013-3835 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.51/8.52/8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Integration Broker. | 5.0 |
2013-10-16 | CVE-2013-3834 | Oracle | Remote Security vulnerability in Oracle Virtualization 5.0 Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5 allows remote attackers to affect availability via unknown vectors related to ttaauxserv. | 5.0 |
2013-10-16 | CVE-2013-3828 | Oracle | Remote Security vulnerability in Oracle Web Services Unspecified vulnerability in the Oracle Web Services component in Oracle Fusion Middleware 10.1.3.5.0 and 11.1.1.6.0 allows remote attackers to affect confidentiality via unknown vectors related to Test Page. | 5.0 |
2013-10-16 | CVE-2013-3827 | Oracle | Directory Traversal vulnerability in Oracle JavaServer Faces Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container. | 5.0 |
2013-10-16 | CVE-2013-3826 | Oracle | Core RDBMS Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect confidentiality via unknown vectors. | 5.0 |
2013-10-16 | CVE-2013-5538 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco products The Sponsor Portal in Cisco Identity Services Engine (ISE) uses weak permissions for uploaded files, which allows remote attackers to read arbitrary files via a direct request, aka Bug ID CSCui67506. | 5.0 |
2013-10-16 | CVE-2013-5864 | Oracle SUN | Local Security vulnerability in Oracle Solaris Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to USB hub driver. | 4.9 |
2013-10-16 | CVE-2013-5862 | Oracle SUN | Local Security vulnerability in Oracle Solaris Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to CPU performance counters (CPC) drivers, a different vulnerability than CVE-2014-4215. | 4.9 |
2013-10-16 | CVE-2013-5807 | Oracle Mariadb Debian Canonical Redhat | Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication. | 4.9 |
2013-10-16 | CVE-2013-5394 | IBM | Improper Input Validation vulnerability in IBM Websphere Extreme Scale The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows remote authenticated users to conduct phishing attacks via unspecified vectors. | 4.9 |
2013-10-19 | CVE-2012-4113 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Computing System The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and read arbitrary files via crafted command parameters within the command-line interface, aka Bug ID CSCtr43374. | 4.6 |
2013-10-17 | CVE-2013-4370 | XEN | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in XEN The ocaml binding for the xc_vcpu_getaffinity function in Xen 4.2.x and 4.3.x frees certain memory that may still be intended for use, which allows local users to cause a denial of service (heap corruption and crash) and possibly execute arbitrary code via unspecified vectors that trigger a (1) use-after-free or (2) double free. | 4.6 |
2013-10-17 | CVE-2013-4371 | XEN | Resource Management Errors vulnerability in XEN Use-after-free vulnerability in the libxl_list_cpupool function in the libxl toolstack library in Xen 4.2.x and 4.3.x, when running "under memory pressure," returns the original pointer when the realloc function fails, which allows local users to cause a denial of service (heap corruption and crash) and possibly execute arbitrary code via unspecified vectors. | 4.4 |
2013-10-19 | CVE-2013-5702 | Watchguard | Cross-Site Scripting vulnerability in Watchguard Fireware and Watchguard System Manager Multiple cross-site scripting (XSS) vulnerabilities in WebCenter in WatchGuard WSM and Fireware before 11.8 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 4.3 |
2013-10-19 | CVE-2013-5372 | IBM | Resource Management Errors vulnerability in IBM Websphere Message Broker The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document that triggers expansion for many entities. | 4.3 |
2013-10-19 | CVE-2012-4116 | Cisco | Information Exposure vulnerability in Cisco Unified Computing System The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM media traffic, which allows remote attackers to obtain sensitive information, and consequently complete the authentication process for a server connection, by sniffing the network, aka Bug ID CSCtr72970. | 4.3 |
2013-10-17 | CVE-2013-6170 | Juniper | Improper Input Validation vulnerability in Juniper Junos Juniper Junos 10.0 before 10.0S28, 10.4 before 10.4R7, 11.1 before 11.1R5, 11.2 before 11.2R2, and 11.4 before 11.4R1, when in a Next-Generation Multicast VPN (NGEN MVPN) environment, allows remote attackers to cause a denial of service (RPD routing daemon crash) via a large number of crafted PIM (S,G) join requests. | 4.3 |
2013-10-17 | CVE-2013-6169 | Process ONE | Cryptographic Issues vulnerability in Process-One Ejabberd The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2) weak SSL ciphers, which makes it easier for remote attackers to obtain sensitive information via a brute-force attack. | 4.3 |
2013-10-17 | CVE-2013-6015 | Juniper | Improper Input Validation vulnerability in Juniper Junos Juniper Junos before 10.4S14, 11.4 before 11.4R5-S2, 12.1R before 12.1R3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D15 on SRX Series services gateways, when a plugin using TCP proxy is configured, allows remote attackers to cause a denial of service (flow daemon crash) via an unspecified sequence of TCP packets. | 4.3 |
2013-10-17 | CVE-2013-4363 | Rubygems Ruby Lang | Cryptographic Issues vulnerability in multiple products Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. | 4.3 |
2013-10-17 | CVE-2013-4287 | Redhat Rubygems Ruby Lang | Cryptographic Issues vulnerability in multiple products Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. | 4.3 |
2013-10-17 | CVE-2013-5376 | IBM | Cross-Site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, related to a "cross frame scripting" attack against an administrative user. | 4.3 |
2013-10-17 | CVE-2013-3025 | IBM | Cross-Site Scripting vulnerability in IBM Rational Focal Point Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational Focal Point 6.5.x and 6.6.x before 6.6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-10-16 | CVE-2013-5863 | Oracle | Remote Security vulnerability in Oracle Sunos 5.11.1 Unspecified vulnerability in Oracle Solaris 11.1 allows remote attackers to affect integrity via vectors related to IPS repository daemon. | 4.3 |
2013-10-16 | CVE-2013-5861 | Oracle | Remote Security vulnerability in Oracle Sunos 5.11.1 Unspecified vulnerability in Oracle Solaris 11.1 allows remote attackers to affect availability via vectors related to Kernel/KSSL. | 4.3 |
2013-10-16 | CVE-2013-5849 | Oracle SUN | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to AWT. | 4.3 |
2013-10-16 | CVE-2013-5845 | Oracle | Remote Security vulnerability in Oracle Ilearning 5.2.1/6.0 Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 5.2.1 and 6.0 allows remote attackers to affect integrity via unknown vectors related to Learner Administration. | 4.3 |
2013-10-16 | CVE-2013-5839 | SUN | Remote Security vulnerability in SUN Sunos 5.10 Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Oracle Java Web Console. | 4.3 |
2013-10-16 | CVE-2013-5828 | Oracle | Remote Security vulnerability in Oracle products Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.2 and 12.1.0.3 allows remote attackers to affect integrity via unknown vectors related to Storage Management. | 4.3 |
2013-10-16 | CVE-2013-5827 | Oracle | Remote Security vulnerability in Oracle products Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Storage Management. | 4.3 |
2013-10-16 | CVE-2013-5800 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JGSS. | 4.3 |
2013-10-16 | CVE-2013-5799 | Oracle | Remote Security vulnerability in Oracle Supply Chain products Suite 9.3.2 Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.2 allows remote attackers to affect integrity via unknown vectors related to Security. | 4.3 |
2013-10-16 | CVE-2013-5798 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 11.1.2.0/11.1.2.1.0 Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.2.0.0 and 11.1.2.1.0 allows remote attackers to affect integrity via unknown vectors related to End User Self Service. | 4.3 |
2013-10-16 | CVE-2013-5796 | Oracle | Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to Web Services. | 4.3 |
2013-10-16 | CVE-2013-5790 | SUN Oracle | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to BEANS. | 4.3 |
2013-10-16 | CVE-2013-5784 | Oracle SUN | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to SCRIPTING. | 4.3 |
2013-10-16 | CVE-2013-5780 | SUN Oracle | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries. | 4.3 |
2013-10-16 | CVE-2013-5773 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.5 Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5.0 allows remote attackers to affect integrity via unknown vectors related to Servlet Runtime. | 4.3 |
2013-10-16 | CVE-2013-5766 | Oracle | Remote Security vulnerability in Oracle products Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.2 and 12.1.0.3 allows remote attackers to affect integrity via unknown vectors related to DB Performance Advisories/UIs. | 4.3 |
2013-10-16 | CVE-2013-3837 | Oracle SUN | Remote Security vulnerability in Oracle Solaris Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows remote attackers to affect availability via unknown vectors related to Cacao. | 4.3 |
2013-10-16 | CVE-2013-3833 | Oracle | Remote Security vulnerability in Oracle Access Manager Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5.0 and 11.1.2.0.0 allows remote attackers to affect integrity via unknown vectors related to Authentication Engine. | 4.3 |
2013-10-16 | CVE-2013-3762 | Oracle | Remote Security vulnerability in Oracle products Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.2, 12.1.0.3, and 12.1.0.4 allows remote attackers to affect integrity via unknown vectors related to Schema Management. | 4.3 |
2013-10-16 | CVE-2013-4833 | HP | Cross-Site Scripting vulnerability in HP Service Manager 9.30/9.31/9.32 Cross-site scripting (XSS) vulnerability in HP Service Manager 9.30 through 9.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-10-15 | CVE-2013-5913 | Oxid Esales | Cross-Site Scripting vulnerability in Oxid-Esales Eshop Cross-site scripting (XSS) vulnerability in the getRecommSearch function in recommlist.php in OXID eShop before 4.6.7, Professional and Community Edition 4.7.x before 4.7.8, and Enterprise Edition 5.x before 5.0.8 allows remote attackers to inject arbitrary web script or HTML via the searchrecomm parameter. | 4.3 |
2013-10-14 | CVE-2012-4099 | Cisco | Improper Input Validation vulnerability in Cisco Nx-Os The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13065. | 4.3 |
2013-10-14 | CVE-2012-4097 | Cisco | Improper Input Validation vulnerability in Cisco Nx-Os The BGP implementation in Cisco NX-OS does not properly filter segment types in AS paths, which allows remote attackers to cause a denial of service (BGP service reset) via a malformed UPDATE message, aka Bug ID CSCtn13043. | 4.3 |
2013-10-16 | CVE-2013-5208 | Infohr | Cryptographic Issues vulnerability in Infohr HR Human Resource Information System 7.9 HR Systems Strategies info:HR HRIS 7.9 does not properly protect the database password, which allows local users to bypass intended database restrictions by accessing the USERPW registry key and bypassing an unspecified obfuscation technique. | 4.1 |
2013-10-19 | CVE-2013-6025 | Sybase | Code Injection vulnerability in Sybase Adaptive Server Enterprise 15.7 The XMLParse procedure in SAP Sybase Adaptive Server Enterprise (ASE) 15.7 ESD 2 allows remote authenticated users to read arbitrary files via a SQL statement containing an XML document with an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 4.0 |
2013-10-19 | CVE-2013-5534 | Cisco | Path Traversal vulnerability in Cisco Unity Connection Directory traversal vulnerability in the attachment service in the Voice Message Web Service (aka VMWS or Cisco Unity Web Service) in Cisco Unity Connection allows remote authenticated users to create files, and consequently execute arbitrary JSP code, via a crafted pathname for a file that is not a valid audio file, aka Bug ID CSCuj22948. | 4.0 |
2013-10-16 | CVE-2013-5847 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 9.1/9.2 Unspecified vulnerability in the PeopleSoft Enterprise HRMS eCompensation component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to eCompensation. | 4.0 |
2013-10-16 | CVE-2013-5786 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5793. | 4.0 |
2013-10-16 | CVE-2013-5779 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.51/8.52/8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote authenticated users to affect confidentiality via vectors related to PIA Core Technology. | 4.0 |
2013-10-16 | CVE-2013-5769 | Oracle | Remote Security vulnerability in Oracle Siebel CRM 8.1.1 Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 allows remote authenticated users to affect availability via unknown vectors related to Web Services. | 4.0 |
2013-10-16 | CVE-2013-5768 | Oracle | Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect integrity via unknown vectors related to ActiveX Controls. | 4.0 |
2013-10-16 | CVE-2013-5767 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. | 4.0 |
2013-10-16 | CVE-2013-3840 | Oracle | Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Web Services. | 4.0 |
2013-10-16 | CVE-2013-3839 | Oracle Mariadb Canonical Redhat Debian | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. | 4.0 |
2013-10-16 | CVE-2013-3838 | Oracle | SPARC Enterprise T & M Series Servers Security vulnerability in Oracle Sun Products Suite Unspecified vulnerability in Oracle SPARC Enterprise T & M Series Servers running Sun System Firmware before 6.7.13 for SPARC T1, 7.4.6.c for SPARC T2, 8.3.0.b for SPARC T3 & T4, 9.0.0.d for SPARC T5 and 9.0.1.e for SPARC M5 allows local users to affect availability via unknown vectors related to Sun System Firmware/Hypervisor. | 4.0 |
2013-10-16 | CVE-2013-3832 | Oracle | Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel Server Remote component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect integrity via unknown vectors related to File System Management. | 4.0 |
2013-10-16 | CVE-2013-3785 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 9.1 Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Career's Home. | 4.0 |
2013-10-16 | CVE-2013-3766 | Oracle | Remote Security vulnerability in Oracle Primavera products Suite 8.1/8.2/8.3 Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.1, 8.2, and 8.3 allows remote authenticated users to affect integrity via unknown vectors related to Web Access. | 4.0 |
2013-10-16 | CVE-2013-4832 | HP | Information Exposure vulnerability in HP Service Manager 9.30/9.31/9.32 HP Service Manager 9.30 through 9.32 allows remote authenticated users to obtain sensitive information via unspecified vectors. | 4.0 |
21 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-10-16 | CVE-2013-3792 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.18, 4.0.20, 4.1.28, and 4.2.18 allows local users to affect availability via unknown vectors related to Core. | 3.8 |
2013-10-16 | CVE-2013-5857 | Oracle | Remote Security vulnerability in Oracle Industry Applications 4.5/4.6/5.0 Unspecified vulnerability in the Oracle Health Sciences InForm component in Oracle Industry Applications 4.5 SP3, 4.5 SP3a-k, 4.6 SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5.0 SP0a, 5.0 SP1, and 5.0 SP1a-b allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web. | 3.6 |
2013-10-16 | CVE-2013-5856 | Oracle | Remote Security vulnerability in Oracle Industry Applications Unspecified vulnerability in the Oracle Health Sciences InForm component in Oracle Industry Applications 4.5 SP3, 4.5 SP3a-k, 4.6 SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5.0 SP0a, 5.0 SP1, 5.0 SP1a-b, 5.5 SP0, 5.5 SP0b, 5.5.1, and 6.0.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web. | 3.6 |
2013-10-16 | CVE-2013-5811 | Oracle | Remote Security vulnerability in Oracle Industry Applications 4.5/4.6/5.0 Unspecified vulnerability in the Oracle Health Sciences InForm component in Oracle Industry Applications 4.5 SP3, 4.5 SP3a-k, 4.6 SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5.0 SP0a, 5.0 SP1, and 5.0 SP1a-b allows remote authenticated users to affect confidentiality via unknown vectors related to Web. | 3.5 |
2013-10-16 | CVE-2013-5797 | SUN Oracle | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and JavaFX 2.2.40 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Javadoc. | 3.5 |
2013-10-16 | CVE-2013-5793 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5786. | 3.5 |
2013-10-16 | CVE-2013-3836 | Oracle | Remote Security vulnerability in Oracle Web Cache Unspecified vulnerability in the Oracle Web Cache component in Oracle Fusion Middleware 11.1.1.6 and 11.1.1.7 allows remote authenticated users to affect confidentiality via vectors related to ESI/Partial Page Caching. | 3.5 |
2013-10-16 | CVE-2013-5541 | Cisco | Cross-Site Scripting vulnerability in Cisco products Cross-site scripting (XSS) vulnerability in the file-upload interface in Cisco Identity Services Engine (ISE) allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename, aka Bug ID CSCui67495. | 3.5 |
2013-10-16 | CVE-2013-5390 | IBM | Cross-Site Scripting vulnerability in IBM Websphere Extreme Scale Cross-site scripting (XSS) vulnerability in the monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2013-10-16 | CVE-2013-5854 | Oracle | Unspecified vulnerability in Oracle Javafx, JDK and JRE Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality via unknown vectors. | 2.6 |
2013-10-16 | CVE-2013-5803 | Oracle SUN | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JGSS. | 2.6 |
2013-10-16 | CVE-2013-5772 | SUN Oracle | Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat. | 2.6 |
2013-10-16 | CVE-2013-5762 | Oracle | Local Security vulnerability in Oracle Industry Applications 8.1.1.0 Unspecified vulnerability in the Oracle Siebel CTMS component in Oracle Industry Applications 8.1.1.x allows local users to affect confidentiality and availability via unknown vectors related to SC-OC Integration. | 2.4 |
2013-10-17 | CVE-2013-2190 | Clutter Project Opensuse | Permissions, Privileges, and Access Controls vulnerability in multiple products The translate_hierarchy_event function in x11/clutter-device-manager-xi2.c in Clutter, when resuming the system, does not properly handle XIQueryDevice errors when a device has "disappeared," which causes the gnome-shell to crash and allows physically proximate attackers to access the previous gnome-shell session via unspecified vectors. | 2.1 |
2013-10-16 | CVE-2013-5837 | Oracle | Remote Security vulnerability in Oracle Industry Applications Unspecified vulnerability in the Oracle Health Sciences InForm component in Oracle Industry Applications 4.6 SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5.0 SP0a, 5.0 SP1, 5.0 SP1a-b, 5.0.3, and 5.0.4 allows remote authenticated users to affect confidentiality via unknown vectors related to Cognos. | 2.1 |
2013-10-16 | CVE-2013-5770 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking. | 2.1 |
2013-10-16 | CVE-2013-3842 | SUN | Local Security vulnerability in SUN Sunos 5.10 Unspecified vulnerability Oracle Solaris 10 allows local users to affect confidentiality via vectors related to Oracle Configuration Manager (OCM). | 2.1 |
2013-10-17 | CVE-2013-4369 | XEN | NULL pointer Dereference Remote Denial of Service vulnerability in Xen The xlu_vif_parse_rate function in the libxlu library in Xen 4.2.x and 4.3.x allows local users to cause a denial of service (NULL pointer dereference) by using the "@" character as the VIF rate configuration. | 1.9 |
2013-10-17 | CVE-2013-4368 | XEN | Information Exposure vulnerability in XEN The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information (hypervisor stack content) via unspecified vectors related to stale data in a segment register. | 1.9 |
2013-10-16 | CVE-2013-5865 | Oracle | Local Security vulnerability in Oracle Sunos 5.11.1 Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect availability via unknown vectors related to Utility/User administration. | 1.7 |
2013-10-16 | CVE-2013-5791 | Oracle | Stack Buffer Overflow vulnerability in Oracle Fusion Middleware 8.4/8.4.1 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | 1.5 |