Lucene search
K

4425 matches found

NVD
NVD
added 2013/11/18 3:55 a.m.18 views

CVE-2013-4843

Unspecified vulnerability in HP Integrated Lights-Out 4 iLO4 with firmware before 1.32 allows remote authenticated users to obtain sensitive information via unknown vectors...

6.8CVSS5.7AI score0.01825EPSS
Exploits0References1
Prion
Prion
added 2013/11/18 3:55 a.m.18 views

Directory traversal

Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager ELM component in Cisco Unified Communications Manager 9.11 and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222...

6.3CVSS6.7AI score0.02127EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2013/11/16 3:0 p.m.32 views

CVE-2013-5418

Cross-site scripting XSS vulnerability in the Administrative console in IBM WebSphere Application Server WAS 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

5AI score0.01449EPSS
Exploits0References4
Cvelist
Cvelist
added 2013/11/16 2:0 a.m.16 views

CVE-2013-3406

The "Files Available for Download" implementation in the Cisco Intelligent Automation for Cloud component in Cisco Services Portal 9.41 allows remote authenticated users to read arbitrary files via a crafted request, aka Bug ID CSCug65687...

6.2AI score0.01128EPSS
Exploits0References2
CVE
CVE
added 2013/11/16 2:0 a.m.95 views

CVE-2013-4843

HP Integrated Lights-Out 4 (iLO4) vulnerability CVE-2013-4843 affects firmware before 1.32. Remote authenticated users may disclose sensitive information via unknown vectors over the network; impact is information disclosure with no confidentiality/integrity changes stated. HP's security bulletin...

6.8CVSS5.8AI score0.01825EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2013/11/16 2:0 a.m.37 views

CVE-2013-3406

The CVE-2013-3406 issue affects Cisco Services Portal’s Cisco Intelligent Automation for Cloud component (9.4(1)). The vulnerability, tracked as Bug CSCug65687, allows remote authenticated users to read arbitrary files via crafted requests due to insufficient server-side input validation in the "...

6.8CVSS6.4AI score0.01128EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2013/11/09 1:55 a.m.15 views

Code injection

The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to spoof the origin of chat messages, or compose anonymous chat messages, by leveraging meeting-attendance privileges...

3.5CVSS6.5AI score0.00772EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2013/11/09 1:0 a.m.49 views

CVE-2013-3045

IBM Lotus Sametime Enterprise Meeting Server versions 8.5.2 and 8.5.2.1 are described as vulnerable to remote-authenticated users who can share crafted links via the Library function. The available documents identify the affected product and feature but do not disclose the underlying root cause d...

3.5CVSS6.2AI score0.00772EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2013/11/08 2:0 a.m.62 views

CVE-2013-4050

IBM Domino Web Administrator (webadmin.nsf) on Domino 8.5.x and 9.0.x is affected by a Cross-Site Request Forgery (CSRF) vulnerability that allows a remote authenticated user to hijack the authentication of unspecified victims via unknown vectors. The initial sources do not provide a concrete exp...

6CVSS6.7AI score0.00661EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2013/11/08 2:0 a.m.59 views

CVE-2013-4987

CVE-2013-4987 affects PineApp Mail-SeCure pre-3.70. It is a local privilege-escalation via an access-control failure: a non-privileged user can obtain a root shell by sending a crafted command in the Mail-SeCure console (example: pa_cli system ping /bin/sh). Root access is achieved locally; all v...

8.5CVSS6.5AI score0.02992EPSS
Exploits6References1Affected Software1
RedHat Linux
RedHat Linux
added 2013/11/07 4:46 p.m.1 views

OpenJDK: insufficient escaping of window title string (Javadoc, 8016675)

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and JavaFX 2.2.40 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Javadoc...

3.5CVSS6.8AI score0.02633EPSS
Exploits0References5
NVD
NVD
added 2013/11/05 6:55 p.m.21 views

CVE-2013-4439

Salt aka SaltStack before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key...

4.9CVSS6.2AI score0.01473EPSS
Exploits0References3
PyPA
PyPA
added 2013/11/05 6:55 p.m.4 views

PYSEC-2013-12

Salt aka SaltStack 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine...

6CVSS7.3AI score0.01515EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2013/11/05 6:55 p.m.20 views

CVE-2013-4435

Salt aka SaltStack 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine...

6CVSS5.9AI score0.01515EPSS
Exploits0References4
Cvelist
Cvelist
added 2013/11/05 6:0 p.m.27 views

CVE-2013-4439

Salt aka SaltStack before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key...

6.1AI score0.01473EPSS
Exploits0References3
CVE
CVE
added 2013/11/05 6:0 p.m.51 views

CVE-2013-4435

Salt (SaltStack) CVE-2013-4435 affects versions 0.15.0–0.17.0 where remote authenticated users with external authentication or client ACLs can embed a routine inside another to execute restricted routines. The vulnerability stems from insufficient access control/argument handling in multiple modu...

6CVSS6.7AI score0.01515EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2013/11/05 6:0 p.m.68 views

CVE-2013-4439

Salt (SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key. Affected versions: up to 0.17.0. Impact: impersonation by an authenticated minion. Remediation: upgrade to 0.17.1 or later (e.g., Fedora adviso...

4.9CVSS6.2AI score0.01473EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2013/11/02 7:55 p.m.33 views

CVE-2013-3285

The NetWorker Management Console NMC in EMC NetWorker 8.0.x before 8.0.2.3, when using Active Directory/LDAP for authentication, allows remote authenticated users to discover cleartext administrator passwords via 1 unspecified NMC audit reports or 2 requests to RAP resources...

3.5CVSS6.3AI score0.00998EPSS
Exploits0References4
Prion
Prion
added 2013/11/02 7:55 p.m.14 views

Authentication flaw

The NetWorker Management Console NMC in EMC NetWorker 8.0.x before 8.0.2.3, when using Active Directory/LDAP for authentication, allows remote authenticated users to discover cleartext administrator passwords via 1 unspecified NMC audit reports or 2 requests to RAP resources...

3.5CVSS6.8AI score0.00998EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2013/10/29 10:55 p.m.2 views

DEBIAN-CVE-2013-4185

Algorithmic complexity vulnerability in OpenStack Compute Nova before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service nova-network consumption via a large number of...

4CVSS6.5AI score0.02087EPSS
Exploits1References1
Rows per page
Query Builder