| ID: CVE-2013-6981 |
Title: Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a denial of service (Packet Processor crash) via fragmented MPLS IP packets, aka Bug ID CSCul00709. |
Type: Hardware |
Bulletins:
CVE-2013-6981 SFBID64514 |
Severity: Medium |
| Description: Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a denial of service (Packet Processor crash) via fragmented MPLS IP packets, aka Bug ID CSCul00709. | ||||
| Applies to: |
Created: 2013-12-27 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-6979 |
Title: The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authentication by leveraging access to a 192.168.x.2 source... |
Type: Hardware |
Bulletins:
CVE-2013-6979 SFBID64502 |
Severity: Medium |
| Description: The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authentication by leveraging access to a 192.168.x.2 source IP address, aka Bug ID CSCuj90227. | ||||
| Applies to: |
Created: 2013-12-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-6978 |
Title: The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug... |
Type: Hardware |
Bulletins:
CVE-2013-6978 SFBID64421 |
Severity: Medium |
| Description: The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug ID CSCuj39249. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-12-21 |
Updated: 2025-10-08 |
||
| ID: CVE-2012-4131 |
Title: Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164. |
Type: Hardware |
Bulletins:
CVE-2012-4131 |
Severity: Medium |
| Description: Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164. | ||||
| Applies to: |
Created: 2013-12-21 |
Updated: 2025-10-08 |
||
| ID: CVE-2012-4135 |
Title: Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and earlier allows local users to access arbitrary files via crafted command-line arguments during a delete action, aka Bug IDs CSCty07270, CSCty07271, CSCty07273, and CSCty07275. |
Type: Hardware |
Bulletins:
CVE-2012-4135 |
Severity: Medium |
| Description: Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and earlier allows local users to access arbitrary files via crafted command-line arguments during a delete action, aka Bug IDs CSCty07270, CSCty07271, CSCty07273, and CSCty07275. | ||||
| Applies to: |
Created: 2013-12-21 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-4775 |
Title: NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware... |
Type: Hardware |
Bulletins:
CVE-2013-4775 |
Severity: High |
| Description: NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware 6.1.0.12 allows remote attackers to read encrypted administrator credentials and other startup configurations via a direct request to filesystem/startup-config. | ||||
| Applies to: GS716Tv2 Smart Switch GS724Tv3 Smart Switch GS728TPS Stack Smart Switch GS728TS Stack Smart Switch GS752TPS Stack Smart Switch |
Created: 2013-12-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-4776 |
Title: NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service (reboot or crash) via a crafted HTTP request to filesystem/. |
Type: Hardware |
Bulletins:
CVE-2013-4776 |
Severity: High |
| Description: NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service (reboot or crash) via a crafted HTTP request to filesystem/. | ||||
| Applies to: GS716Tv2 Smart Switch GS724Tv3 Smart Switch |
Created: 2013-12-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-6271 |
Title: Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the com.android.settings.ChooseLockGeneric class... |
Type: Mobile Devices |
Bulletins:
CVE-2013-6271 |
Severity: High |
| Description: Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the com.android.settings.ChooseLockGeneric class with the PASSWORD_QUALITY_UNSPECIFIED option. | ||||
| Applies to: |
Created: 2013-12-14 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-6958 |
Title: Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet. |
Type: Hardware |
Bulletins:
CVE-2013-6958 |
Severity: High |
| Description: Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet. | ||||
| Applies to: |
Created: 2013-12-13 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-6956 |
Title: Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web... |
Type: Hardware |
Bulletins:
CVE-2013-6956 |
Severity: Low |
| Description: Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web rewrite is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| Applies to: |
Created: 2013-12-13 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-2751 |
Title: Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to... |
Type: Hardware |
Bulletins:
CVE-2013-2751 |
Severity: High |
| Description: Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow." | ||||
| Applies to: |
Created: 2013-12-12 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-2752 |
Title: Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication of users. |
Type: Hardware |
Bulletins:
CVE-2013-2752 |
Severity: Medium |
| Description: Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication of users. | ||||
| Applies to: |
Created: 2013-12-12 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-7030 |
Title: ** DISPUTED ** The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential... |
Type: Hardware |
Bulletins:
CVE-2013-7030 |
Severity: Medium |
| Description: ** DISPUTED ** The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential field in an SPDefault.cnf.xml file. NOTE: the vendor reportedly disputes the significance of this report, stating that this is an expected default behavior, and that the product's documentation describes use of the TFTP Encrypted Config option in addressing this issue. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-12-12 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-6705 |
Title: The IP Device Tracking (IPDT) feature in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (IPDT AVL corruption and device reload) via a crafted sequence of ARP packets, aka Bug ID CSCuh38133. |
Type: Hardware |
Bulletins:
CVE-2013-6705 |
Severity: Medium |
| Description: The IP Device Tracking (IPDT) feature in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (IPDT AVL corruption and device reload) via a crafted sequence of ARP packets, aka Bug ID CSCuh38133. | ||||
| Applies to: |
Created: 2013-12-03 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-6704 |
Title: Cisco IOS XE does not properly manage memory for TFTP UDP flows, which allows remote attackers to cause a denial of service (memory consumption) via TFTP (1) client or (2) server traffic, aka Bug IDs CSCuh09324 and CSCty42686. |
Type: Hardware |
Bulletins:
CVE-2013-6704 |
Severity: High |
| Description: Cisco IOS XE does not properly manage memory for TFTP UDP flows, which allows remote attackers to cause a denial of service (memory consumption) via TFTP (1) client or (2) server traffic, aka Bug IDs CSCuh09324 and CSCty42686. | ||||
| Applies to: |
Created: 2013-12-03 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-6696 |
Title: Cisco Adaptive Security Appliance (ASA) Software does not properly handle errors during the processing of DNS responses, which allows remote attackers to cause a denial of service (device reload) via a malformed response, aka Bug ID CSCuj28861. |
Type: Hardware |
Bulletins:
CVE-2013-6696 |
Severity: High |
| Description: Cisco Adaptive Security Appliance (ASA) Software does not properly handle errors during the processing of DNS responses, which allows remote attackers to cause a denial of service (device reload) via a malformed response, aka Bug ID CSCuj28861. | ||||
| Applies to: |
Created: 2013-12-02 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-6700 |
Title: The SNMP module in Cisco IOS XR allows remote attackers to cause a denial of service (process reload) via a request for an unspecified MIB, aka Bug ID CSCuh43144. |
Type: Hardware |
Bulletins:
CVE-2013-6700 |
Severity: Medium |
| Description: The SNMP module in Cisco IOS XR allows remote attackers to cause a denial of service (process reload) via a request for an unspecified MIB, aka Bug ID CSCuh43144. | ||||
| Applies to: |
Created: 2013-11-28 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-6706 |
Title: The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP header validation, aka Bug ID CSCuj23992. |
Type: Hardware |
Bulletins:
CVE-2013-6706 SFBID63979 |
Severity: Medium |
| Description: The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP header validation, aka Bug ID CSCuj23992. | ||||
| Applies to: |
Created: 2013-11-28 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-6698 |
Title: The web interface on Cisco Wireless LAN Controller (WLC) devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site,... |
Type: Hardware |
Bulletins:
CVE-2013-6698 |
Severity: Medium |
| Description: The web interface on Cisco Wireless LAN Controller (WLC) devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuf77821. | ||||
| Applies to: |
Created: 2013-11-22 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-6694 |
Title: The IPSec implementation in Cisco IOS allows remote attackers to cause a denial of service (MTU change and tunnel-session drop) via crafted ICMP packets, aka Bug ID CSCul29918. |
Type: Hardware |
Bulletins:
CVE-2013-6694 |
Severity: Medium |
| Description: The IPSec implementation in Cisco IOS allows remote attackers to cause a denial of service (MTU change and tunnel-session drop) via crafted ICMP packets, aka Bug ID CSCul29918. | ||||
| Applies to: |
Created: 2013-11-22 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-6699 |
Title: The Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service via a crafted CAPWAP packet that triggers a buffer over-read,... |
Type: Hardware |
Bulletins:
CVE-2013-6699 |
Severity: Medium |
| Description: The Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service via a crafted CAPWAP packet that triggers a buffer over-read, aka Bug ID CSCuh81880. | ||||
| Applies to: |
Created: 2013-11-22 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-6693 |
Title: The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service (chunk corruption and device reload) by establishing many multicast flows, aka Bug ID... |
Type: Hardware |
Bulletins:
CVE-2013-6693 |
Severity: Medium |
| Description: The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service (chunk corruption and device reload) by establishing many multicast flows, aka Bug ID CSCue22345. | ||||
| Applies to: Cisco 7600 Series Routers |
Created: 2013-11-21 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-6692 |
Title: Cisco IOS XE 3.8S(.2) and earlier does not properly use a DHCP pool during assignment of an IP address, which allows remote authenticated users to cause a denial of service (device reload) via an AAA packet that triggers an address requirement, aka... |
Type: Hardware |
Bulletins:
CVE-2013-6692 |
Severity: Medium |
| Description: Cisco IOS XE 3.8S(.2) and earlier does not properly use a DHCP pool during assignment of an IP address, which allows remote authenticated users to cause a denial of service (device reload) via an AAA packet that triggers an address requirement, aka Bug ID CSCuh04949. | ||||
| Applies to: |
Created: 2013-11-21 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-6686 |
Title: The SSL VPN implementation in Cisco IOS 15.3(1)T2 and earlier allows remote authenticated users to cause a denial of service (interface queue wedge) via crafted DTLS packets in an SSL session, aka Bug IDs CSCuh97409 and CSCud90568. |
Type: Hardware |
Bulletins:
CVE-2013-6686 |
Severity: Medium |
| Description: The SSL VPN implementation in Cisco IOS 15.3(1)T2 and earlier allows remote authenticated users to cause a denial of service (interface queue wedge) via crafted DTLS packets in an SSL session, aka Bug IDs CSCuh97409 and CSCud90568. | ||||
| Applies to: |
Created: 2013-11-17 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5556 |
Title: The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches... |
Type: Hardware |
Bulletins:
CVE-2013-5556 |
Severity: Medium |
| Description: The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches allows local users to gain privileges and execute arbitrary commands via crafted "install all iso" arguments, aka Bug ID CSCui21340. | ||||
| Applies to: Cisco Nexus 1000V VSM |
Created: 2013-11-17 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5193 |
Title: The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous... |
Type: Mobile Devices |
Bulletins:
CVE-2013-5193 |
Severity: Medium |
| Description: The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous entry of Apple ID credentials. | ||||
| Applies to: |
Created: 2013-11-17 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-6688 |
Title: Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted... |
Type: Hardware |
Bulletins:
CVE-2013-6688 |
Severity: Medium |
| Description: Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-11-17 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-6689 |
Title: Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229. |
Type: Hardware |
Bulletins:
CVE-2013-6689 |
Severity: Medium |
| Description: Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-11-17 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-6684 |
Title: The web framework on Cisco Wireless LAN Controller (WLC) devices does not properly validate configuration parameters, which allows remote authenticated users to cause a denial of service via a crafted HTTP request, aka Bug ID CSCuh81011. |
Type: Hardware |
Bulletins:
CVE-2013-6684 |
Severity: Medium |
| Description: The web framework on Cisco Wireless LAN Controller (WLC) devices does not properly validate configuration parameters, which allows remote authenticated users to cause a denial of service via a crafted HTTP request, aka Bug ID CSCuh81011. | ||||
| Applies to: |
Created: 2013-11-13 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-6683 |
Title: The IPv6 implementation in Cisco NX-OS does not properly handle neighbor-table adjacencies, which allows remote attackers to cause a denial of service (NS processing outage) via a series of malformed packets, aka Bug ID CSCtd15904. |
Type: Hardware |
Bulletins:
CVE-2013-6683 |
Severity: Medium |
| Description: The IPv6 implementation in Cisco NX-OS does not properly handle neighbor-table adjacencies, which allows remote attackers to cause a denial of service (NS processing outage) via a series of malformed packets, aka Bug ID CSCtd15904. | ||||
| Applies to: |
Created: 2013-11-13 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5552 |
Title: Cisco IOS 12.4(24)MDB9 and earlier on Content Services Gateway (CSG) devices does not properly implement the "parse error drop" feature, which allows remote attackers to bypass intended access restrictions via a crafted series of packets, aka Bug ID... |
Type: Hardware |
Bulletins:
CVE-2013-5552 |
Severity: Medium |
| Description: Cisco IOS 12.4(24)MDB9 and earlier on Content Services Gateway (CSG) devices does not properly implement the "parse error drop" feature, which allows remote attackers to bypass intended access restrictions via a crafted series of packets, aka Bug ID CSCug90143. | ||||
| Applies to: |
Created: 2013-11-13 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5565 |
Title: The OSPFv3 functionality in Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (process crash) via a malformed LSA Type-1 packet, aka Bug ID CSCuj82176. |
Type: Hardware |
Bulletins:
CVE-2013-5565 |
Severity: Medium |
| Description: The OSPFv3 functionality in Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (process crash) via a malformed LSA Type-1 packet, aka Bug ID CSCuj82176. | ||||
| Applies to: |
Created: 2013-11-07 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5553 |
Title: Multiple memory leaks in Cisco IOS 15.1 before 15.1(4)M7 allow remote attackers to cause a denial of service (memory consumption or device reload) by sending a crafted SIP message over (1) IPv4 or (2) IPv6, aka Bug IDs CSCuc42558 and CSCug25383. |
Type: Hardware |
Bulletins:
CVE-2013-5553 |
Severity: High |
| Description: Multiple memory leaks in Cisco IOS 15.1 before 15.1(4)M7 allow remote attackers to cause a denial of service (memory consumption or device reload) by sending a crafted SIP message over (1) IPv4 or (2) IPv6, aka Bug IDs CSCuc42558 and CSCug25383. | ||||
| Applies to: |
Created: 2013-11-07 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5566 |
Title: Cisco NX-OS 5.0 and earlier on MDS 9000 devices allows remote attackers to cause a denial of service (supervisor CPU consumption) via Authentication Header (AH) authentication in a Virtual Router Redundancy Protocol (VRRP) frame, aka Bug ID CSCte27874. |
Type: Hardware |
Bulletins:
CVE-2013-5566 |
Severity: Medium |
| Description: Cisco NX-OS 5.0 and earlier on MDS 9000 devices allows remote attackers to cause a denial of service (supervisor CPU consumption) via Authentication Header (AH) authentication in a Virtual Router Redundancy Protocol (VRRP) frame, aka Bug ID CSCte27874. | ||||
| Applies to: |
Created: 2013-11-07 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-6618 |
Title: jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action. |
Type: Hardware |
Bulletins:
CVE-2013-6618 SFBID62305 |
Severity: High |
| Description: jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action. | ||||
| Applies to: |
Created: 2013-11-05 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5546 |
Title: The TCP reassembly feature in Cisco IOS XE 3.7 before 3.7.3S and 3.8 before 3.8.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via large TCP packets that are processed by the (1) NAT or (2) ALG component,... |
Type: Hardware |
Bulletins:
CVE-2013-5546 |
Severity: High |
| Description: The TCP reassembly feature in Cisco IOS XE 3.7 before 3.7.3S and 3.8 before 3.8.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via large TCP packets that are processed by the (1) NAT or (2) ALG component, aka Bug ID CSCud72509. | ||||
| Applies to: |
Created: 2013-10-31 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5545 |
Title: The PPTP ALG implementation in Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending many PPTP packets over NAT, aka Bug ID CSCuh19936. |
Type: Hardware |
Bulletins:
CVE-2013-5545 |
Severity: High |
| Description: The PPTP ALG implementation in Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending many PPTP packets over NAT, aka Bug ID CSCuh19936. | ||||
| Applies to: |
Created: 2013-10-31 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5548 |
Title: The IKEv2 implementation in Cisco IOS, when AES-GCM or AES-GMAC is used, allows remote attackers to bypass certain IPsec anti-replay features via IPsec tunnel traffic, aka Bug ID CSCuj47795. |
Type: Hardware |
Bulletins:
CVE-2013-5548 |
Severity: Medium |
| Description: The IKEv2 implementation in Cisco IOS, when AES-GCM or AES-GMAC is used, allows remote attackers to bypass certain IPsec anti-replay features via IPsec tunnel traffic, aka Bug ID CSCuj47795. | ||||
| Applies to: |
Created: 2013-10-31 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5555 |
Title: Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to cause a denial of service (service restart) via a crafted SIP message, aka Bug ID CSCub54349. |
Type: Hardware |
Bulletins:
CVE-2013-5555 |
Severity: Medium |
| Description: Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to cause a denial of service (service restart) via a crafted SIP message, aka Bug ID CSCub54349. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-10-31 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5547 |
Title: Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending malformed EoGRE packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuf08269. |
Type: Hardware |
Bulletins:
CVE-2013-5547 |
Severity: High |
| Description: Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending malformed EoGRE packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuf08269. | ||||
| Applies to: |
Created: 2013-10-31 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5543 |
Title: Cisco IOS XE 3.4 before 3.4.2S and 3.5 before 3.5.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via malformed ICMP error packets associated with a (1) TCP or (2) UDP session that is under inspection by... |
Type: Hardware |
Bulletins:
CVE-2013-5543 |
Severity: High |
| Description: Cisco IOS XE 3.4 before 3.4.2S and 3.5 before 3.5.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via malformed ICMP error packets associated with a (1) TCP or (2) UDP session that is under inspection by the Zone-Based Firewall (ZBFW) component, aka Bug ID CSCtt26470. | ||||
| Applies to: |
Created: 2013-10-31 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-6012 |
Title: Juniper Junos 12.1X44 before 12.1.X44-D20 and 12.1X45 before 12.1X45-D15, when the no-validate option is enabled, does not properly handle configuration validation errors during the config commit phase of the boot-up sequence, which allows remote... |
Type: Hardware |
Bulletins:
CVE-2013-6012 SFBID63389 |
Severity: High |
| Description: Juniper Junos 12.1X44 before 12.1.X44-D20 and 12.1X45 before 12.1X45-D15, when the no-validate option is enabled, does not properly handle configuration validation errors during the config commit phase of the boot-up sequence, which allows remote attackers to bypass authentication via unspecified vectors. | ||||
| Applies to: |
Created: 2013-10-28 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-6014 |
Title: Juniper Junos 10.4 before 10.4S15, 11.4 before 11.4R9, 11.4X27 before 11.4X27.44, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.2 before 12.2R6, 12.3 before 12.3R3, 13.1 before 13.1R3, and 13.2 before 13.2R1, when... |
Type: Hardware |
Bulletins:
CVE-2013-6014 |
Severity: Medium |
| Description: Juniper Junos 10.4 before 10.4S15, 11.4 before 11.4R9, 11.4X27 before 11.4X27.44, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.2 before 12.2R6, 12.3 before 12.3R3, 13.1 before 13.1R3, and 13.2 before 13.2R1, when Proxy ARP is enabled on an unnumbered interface, allows remote attackers to perform ARP poisoning attacks and possibly obtain sensitive information via a crafted ARP message. | ||||
| Applies to: |
Created: 2013-10-28 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5549 |
Title: Cisco IOS XR 3.8.1 through 4.2.0 does not properly process fragmented packets within the RP-A, RP-B, PRP, and DRP-B route-processor components, which allows remote attackers to cause a denial of service (transmission outage) via (1) IPv4 or (2) IPv6... |
Type: Hardware |
Bulletins:
CVE-2013-5549 |
Severity: High |
| Description: Cisco IOS XR 3.8.1 through 4.2.0 does not properly process fragmented packets within the RP-A, RP-B, PRP, and DRP-B route-processor components, which allows remote attackers to cause a denial of service (transmission outage) via (1) IPv4 or (2) IPv6 traffic, aka Bug ID CSCuh30380. | ||||
| Applies to: |
Created: 2013-10-24 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5522 |
Title: Cisco IOS on Catalyst 3750X switches has default Service Module credentials, which makes it easier for local users to gain privileges via a Service Module login, aka Bug ID CSCue92286. |
Type: Hardware |
Bulletins:
CVE-2013-5522 |
Severity: Medium |
| Description: Cisco IOS on Catalyst 3750X switches has default Service Module credentials, which makes it easier for local users to gain privileges via a Service Module login, aka Bug ID CSCue92286. | ||||
| Applies to: Cisco Catalyst 3750X |
Created: 2013-10-24 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5162 |
Title: Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app. |
Type: Mobile Devices |
Bulletins:
CVE-2013-5162 |
Severity: Low |
| Description: Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app. | ||||
| Applies to: |
Created: 2013-10-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5144 |
Title: Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain... |
Type: Mobile Devices |
Bulletins:
CVE-2013-5144 |
Severity: Low |
| Description: Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain notification and camera-pane state to trigger a NULL pointer dereference. | ||||
| Applies to: |
Created: 2013-10-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5164 |
Title: Multiple race conditions in the Phone app in Apple iOS before 7.0.3 allow physically proximate attackers to bypass the locked state, and dial the telephone numbers in arbitrary Contacts entries, by visiting the Contacts pane. |
Type: Mobile Devices |
Bulletins:
CVE-2013-5164 |
Severity: Low |
| Description: Multiple race conditions in the Phone app in Apple iOS before 7.0.3 allow physically proximate attackers to bypass the locked state, and dial the telephone numbers in arbitrary Contacts entries, by visiting the Contacts pane. | ||||
| Applies to: |
Created: 2013-10-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-6027 |
Title: Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/runtime/diagnostic/pingIp parameter to... |
Type: Hardware |
Bulletins:
CVE-2013-6027 |
Severity: High |
| Description: Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/runtime/diagnostic/pingIp parameter to Tools/tools_misc.xgi. | ||||
| Applies to: DIR-100 |
Created: 2013-10-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-6015 |
Title: Juniper Junos before 10.4S14, 11.4 before 11.4R5-S2, 12.1R before 12.1R3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D15 on SRX Series services gateways, when a plugin using TCP proxy is configured, allows remote attackers to cause a... |
Type: Hardware |
Bulletins:
CVE-2013-6015 |
Severity: Medium |
| Description: Juniper Junos before 10.4S14, 11.4 before 11.4R5-S2, 12.1R before 12.1R3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D15 on SRX Series services gateways, when a plugin using TCP proxy is configured, allows remote attackers to cause a denial of service (flow daemon crash) via an unspecified sequence of TCP packets. | ||||
| Applies to: |
Created: 2013-10-17 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-6170 |
Title: Juniper Junos 10.0 before 10.0S28, 10.4 before 10.4R7, 11.1 before 11.1R5, 11.2 before 11.2R2, and 11.4 before 11.4R1, when in a Next-Generation Multicast VPN (NGEN MVPN) environment, allows remote attackers to cause a denial of service (RPD routing... |
Type: Hardware |
Bulletins:
CVE-2013-6170 SFBID62973 |
Severity: Medium |
| Description: Juniper Junos 10.0 before 10.0S28, 10.4 before 10.4R7, 11.1 before 11.1R5, 11.2 before 11.2R2, and 11.4 before 11.4R1, when in a Next-Generation Multicast VPN (NGEN MVPN) environment, allows remote attackers to cause a denial of service (RPD routing daemon crash) via a large number of crafted PIM (S,G) join requests. | ||||
| Applies to: |
Created: 2013-10-17 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-4689 |
Title: J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1R before 12.1R6, 12.1X44 before 12.1X44-D15, 12.1x45 before 12.1X45-D10, 12.2 before 12.2R3, 12.3 before 12.3R2, and 13.1 before 13.1R3 allow remote attackers to bypass the cross-site... |
Type: Hardware |
Bulletins:
CVE-2013-4689 SFBID62940 |
Severity: Medium |
| Description: J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1R before 12.1R6, 12.1X44 before 12.1X44-D15, 12.1x45 before 12.1X45-D10, 12.2 before 12.2R3, 12.3 before 12.3R2, and 13.1 before 13.1R3 allow remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism and hijack the authentication of administrators for requests that (1) create new administrator accounts or (2) have other unspecified impacts. | ||||
| Applies to: |
Created: 2013-10-17 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-6013 |
Title: Buffer overflow in the flow daemon (flowd) in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7-S2, 12.1.X44 before 12.1X44-D15, 12.1X45 before 12.1X45-D10 on SRX devices, when using telnet pass-through authentication on the firewall, might... |
Type: Hardware |
Bulletins:
CVE-2013-6013 SFBID62962 |
Severity: Medium |
| Description: Buffer overflow in the flow daemon (flowd) in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7-S2, 12.1.X44 before 12.1X44-D15, 12.1X45 before 12.1X45-D10 on SRX devices, when using telnet pass-through authentication on the firewall, might allow remote attackers to execute arbitrary code via a crafted telnet message. | ||||
| Applies to: |
Created: 2013-10-17 |
Updated: 2025-10-08 |
||
| ID: CVE-2012-4097 |
Title: The BGP implementation in Cisco NX-OS does not properly filter segment types in AS paths, which allows remote attackers to cause a denial of service (BGP service reset) via a malformed UPDATE message, aka Bug ID CSCtn13043. |
Type: Hardware |
Bulletins:
CVE-2012-4097 |
Severity: Medium |
| Description: The BGP implementation in Cisco NX-OS does not properly filter segment types in AS paths, which allows remote attackers to cause a denial of service (BGP service reset) via a malformed UPDATE message, aka Bug ID CSCtn13043. | ||||
| Applies to: |
Created: 2013-10-13 |
Updated: 2025-10-08 |
||
| ID: CVE-2012-4099 |
Title: The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13065. |
Type: Hardware |
Bulletins:
CVE-2012-4099 |
Severity: Medium |
| Description: The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13065. | ||||
| Applies to: |
Created: 2013-10-13 |
Updated: 2025-10-08 |
||
| ID: CVE-2012-4121 |
Title: Cisco NX-OS allows local users to gain privileges, and read or modify arbitrary files, via the sed (1) r and (2) w commands, aka Bug IDs CSCts56559, CSCts56565, CSCts56570, and CSCts56574. |
Type: Hardware |
Bulletins:
CVE-2012-4121 |
Severity: Medium |
| Description: Cisco NX-OS allows local users to gain privileges, and read or modify arbitrary files, via the sed (1) r and (2) w commands, aka Bug IDs CSCts56559, CSCts56565, CSCts56570, and CSCts56574. | ||||
| Applies to: |
Created: 2013-10-13 |
Updated: 2025-10-08 |
||
| ID: CVE-2012-4077 |
Title: Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651. |
Type: Hardware |
Bulletins:
CVE-2012-4077 SFBID62849 |
Severity: Medium |
| Description: Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651. | ||||
| Applies to: |
Created: 2013-10-13 |
Updated: 2025-10-08 |
||
| ID: CVE-2012-4076 |
Title: Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in a command that calls the system library function, aka Bug IDs CSCtf23559 and CSCtf27780. |
Type: Hardware |
Bulletins:
CVE-2012-4076 SFBID62848 |
Severity: Medium |
| Description: Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in a command that calls the system library function, aka Bug IDs CSCtf23559 and CSCtf27780. | ||||
| Applies to: |
Created: 2013-10-13 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5499 |
Title: The remember feature in the DHCP server in Cisco IOS allows remote attackers to cause a denial of service (device reload) by acquiring a lease and then sending a DHCPRELEASE message, aka Bug ID CSCuh46822. |
Type: Hardware |
Bulletins:
CVE-2013-5499 |
Severity: Medium |
| Description: The remember feature in the DHCP server in Cisco IOS allows remote attackers to cause a denial of service (device reload) by acquiring a lease and then sending a DHCPRELEASE message, aka Bug ID CSCuh46822. | ||||
| Applies to: |
Created: 2013-10-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5527 |
Title: The OSPF functionality in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted options in an LSA type 11 packet, aka Bug ID CSCui21030. |
Type: Hardware |
Bulletins:
CVE-2013-5527 SFBID62904 |
Severity: Medium |
| Description: The OSPF functionality in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted options in an LSA type 11 packet, aka Bug ID CSCui21030. | ||||
| Applies to: |
Created: 2013-10-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5528 |
Title: Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug... |
Type: Hardware |
Bulletins:
CVE-2013-5528 SFBID62960 |
Severity: Medium |
| Description: Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-10-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2012-4091 |
Title: The RIP service engine in Cisco NX-OS allows remote attackers to cause a denial of service (engine restart) via a malformed (1) RIPv4 or (2) RIPv6 message, aka Bug ID CSCtj73415. |
Type: Hardware |
Bulletins:
CVE-2012-4091 SFBID62838 |
Severity: Medium |
| Description: The RIP service engine in Cisco NX-OS allows remote attackers to cause a denial of service (engine restart) via a malformed (1) RIPv4 or (2) RIPv6 message, aka Bug ID CSCtj73415. | ||||
| Applies to: |
Created: 2013-10-05 |
Updated: 2025-10-08 |
||
| ID: CVE-2012-4090 |
Title: The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089. |
Type: Hardware |
Bulletins:
CVE-2012-4090 SFBID62841 |
Severity: Medium |
| Description: The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089. | ||||
| Applies to: Cisco Nexus 7000 Cisco Nexus 7000-9slot Cisco Nexus 7010 Cisco Nexus 7018 |
Created: 2013-10-05 |
Updated: 2025-10-08 |
||
| ID: CVE-2012-4122 |
Title: The CLI parser in Cisco NX-OS allows local users to bypass intended access restrictions, and overwrite or create arbitrary files, via shell output redirection, aka Bug IDs CSCts56672 and CSCts56669. |
Type: Hardware |
Bulletins:
CVE-2012-4122 SFBID62843 |
Severity: Medium |
| Description: The CLI parser in Cisco NX-OS allows local users to bypass intended access restrictions, and overwrite or create arbitrary files, via shell output redirection, aka Bug IDs CSCts56672 and CSCts56669. | ||||
| Applies to: |
Created: 2013-10-05 |
Updated: 2025-10-08 |
||
| ID: CVE-2012-4098 |
Title: The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13055. |
Type: Hardware |
Bulletins:
CVE-2012-4098 |
Severity: Medium |
| Description: The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13055. | ||||
| Applies to: |
Created: 2013-10-05 |
Updated: 2025-10-08 |
||
| ID: CVE-2012-4141 |
Title: Directory traversal vulnerability in the CLI parser in Cisco NX-OS allows local users to create arbitrary script files via a relative pathname in the "file name" parameter, aka Bug IDs CSCua71557 and CSCua71551. |
Type: Hardware |
Bulletins:
CVE-2012-4141 SFBID62839 |
Severity: Medium |
| Description: Directory traversal vulnerability in the CLI parser in Cisco NX-OS allows local users to create arbitrary script files via a relative pathname in the "file name" parameter, aka Bug IDs CSCua71557 and CSCua71551. | ||||
| Applies to: |
Created: 2013-10-05 |
Updated: 2025-10-08 |
||
| ID: CVE-2012-4075 |
Title: Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in unspecified command parameters, aka Bug IDs CSCtf19827 and CSCtf27788. |
Type: Hardware |
Bulletins:
CVE-2012-4075 SFBID62837 |
Severity: High |
| Description: Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in unspecified command parameters, aka Bug IDs CSCtf19827 and CSCtf27788. | ||||
| Applies to: |
Created: 2013-10-05 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5519 |
Title: Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuf77810. |
Type: Hardware |
Bulletins:
CVE-2013-5519 SFBID62787 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuf77810. | ||||
| Applies to: |
Created: 2013-10-03 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5503 |
Title: The UDP process in Cisco IOS XR 4.3.1 does not free packet memory upon detecting full packet queues, which allows remote attackers to cause a denial of service (memory consumption) via UDP packets to listening ports, aka Bug ID CSCue69413. |
Type: Hardware |
Bulletins:
CVE-2013-5503 |
Severity: High |
| Description: The UDP process in Cisco IOS XR 4.3.1 does not free packet memory upon detecting full packet queues, which allows remote attackers to cause a denial of service (memory consumption) via UDP packets to listening ports, aka Bug ID CSCue69413. | ||||
| Applies to: |
Created: 2013-10-02 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5516 |
Title: The Media Snapshot implementation on Cisco TelePresence Multipoint Switch (CTMS) devices allows remote authenticated users to cause a denial of service (device reload) by sending many Media Snapshot requests at the time of a meeting termination, aka... |
Type: Hardware |
Bulletins:
CVE-2013-5516 |
Severity: Medium |
| Description: The Media Snapshot implementation on Cisco TelePresence Multipoint Switch (CTMS) devices allows remote authenticated users to cause a denial of service (device reload) by sending many Media Snapshot requests at the time of a meeting termination, aka Bug ID CSCuh44796. | ||||
| Applies to: Cisco Telepresence Multipoint Switch |
Created: 2013-09-30 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5476 |
Title: The Zone-Based Firewall (ZFW) feature in Cisco IOS 15.1 through 15.2, when content filtering or HTTP ALG inspection is enabled, allows remote attackers to cause a denial of service (device reload or hang) via crafted IPv4 HTTP traffic, aka Bug ID... |
Type: Hardware |
Bulletins:
CVE-2013-5476 |
Severity: High |
| Description: The Zone-Based Firewall (ZFW) feature in Cisco IOS 15.1 through 15.2, when content filtering or HTTP ALG inspection is enabled, allows remote attackers to cause a denial of service (device reload or hang) via crafted IPv4 HTTP traffic, aka Bug ID CSCtx56174. | ||||
| Applies to: |
Created: 2013-09-27 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5477 |
Title: The T1/E1 driver-queue functionality in Cisco IOS 12.2 and 15.0 through 15.3, when an HDLC32 driver is used, allows remote attackers to cause a denial of service (interface queue wedge) via bursty network traffic, aka Bug ID CSCub67465. |
Type: Hardware |
Bulletins:
CVE-2013-5477 |
Severity: High |
| Description: The T1/E1 driver-queue functionality in Cisco IOS 12.2 and 15.0 through 15.3, when an HDLC32 driver is used, allows remote attackers to cause a denial of service (interface queue wedge) via bursty network traffic, aka Bug ID CSCub67465. | ||||
| Applies to: |
Created: 2013-09-27 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5498 |
Title: The PPTP-ALG component in CRS Carrier Grade Services Engine (CGSE) and ASR 9000 Integrated Service Module (ISM) in Cisco IOS XR allows remote attackers to cause a denial of service (module reset) via crafted packet streams, aka Bug ID CSCue91963. |
Type: Hardware |
Bulletins:
CVE-2013-5498 SFBID62651 |
Severity: Medium |
| Description: The PPTP-ALG component in CRS Carrier Grade Services Engine (CGSE) and ASR 9000 Integrated Service Module (ISM) in Cisco IOS XR allows remote attackers to cause a denial of service (module reset) via crafted packet streams, aka Bug ID CSCue91963. | ||||
| Applies to: |
Created: 2013-09-27 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5481 |
Title: The PPTP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted TCP port-1723 packets, aka Bug ID CSCtq14817. |
Type: Hardware |
Bulletins:
CVE-2013-5481 |
Severity: High |
| Description: The PPTP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted TCP port-1723 packets, aka Bug ID CSCtq14817. | ||||
| Applies to: |
Created: 2013-09-27 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5472 |
Title: The NTP implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.1, and IOS XE 2.1 through 3.3, does not properly handle encapsulation of multicast NTP packets within MSDP SA messages, which allows remote attackers to cause a denial of... |
Type: Hardware |
Bulletins:
CVE-2013-5472 |
Severity: High |
| Description: The NTP implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.1, and IOS XE 2.1 through 3.3, does not properly handle encapsulation of multicast NTP packets within MSDP SA messages, which allows remote attackers to cause a denial of service (device reload) by leveraging an MSDP peer relationship, aka Bug ID CSCuc81226. | ||||
| Applies to: |
Created: 2013-09-27 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5480 |
Title: The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCuf28733. |
Type: Hardware |
Bulletins:
CVE-2013-5480 |
Severity: High |
| Description: The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCuf28733. | ||||
| Applies to: |
Created: 2013-09-27 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5479 |
Title: The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCtn53730. |
Type: Hardware |
Bulletins:
CVE-2013-5479 |
Severity: High |
| Description: The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCtn53730. | ||||
| Applies to: |
Created: 2013-09-27 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5474 |
Title: Race condition in the IPv6 virtual fragmentation reassembly (VFR) implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.3 allows remote attackers to cause a denial of service (device reload or hang) via fragmented IPv6 packets, aka Bug... |
Type: Hardware |
Bulletins:
CVE-2013-5474 |
Severity: High |
| Description: Race condition in the IPv6 virtual fragmentation reassembly (VFR) implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.3 allows remote attackers to cause a denial of service (device reload or hang) via fragmented IPv6 packets, aka Bug ID CSCud64812. | ||||
| Applies to: |
Created: 2013-09-27 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5160 |
Title: Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button... |
Type: Mobile Devices |
Bulletins:
CVE-2013-5160 |
Severity: Low |
| Description: Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button to trigger a NULL pointer dereference. | ||||
| Applies to: |
Created: 2013-09-27 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5161 |
Title: Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened... |
Type: Mobile Devices |
Bulletins:
CVE-2013-5161 |
Severity: Medium |
| Description: Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened apps, by leveraging unspecified transition errors. | ||||
| Applies to: |
Created: 2013-09-27 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5473 |
Title: Memory leak in Cisco IOS 12.2, 15.1, and 15.2; IOS XE 3.4.2S through 3.4.5S; and IOS XE 3.6.xS before 3.6.1S allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed IKEv1 packets, aka Bug ID CSCtx66011. |
Type: Hardware |
Bulletins:
CVE-2013-5473 |
Severity: High |
| Description: Memory leak in Cisco IOS 12.2, 15.1, and 15.2; IOS XE 3.4.2S through 3.4.5S; and IOS XE 3.6.xS before 3.6.1S allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed IKEv1 packets, aka Bug ID CSCtx66011. | ||||
| Applies to: |
Created: 2013-09-27 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5478 |
Title: Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via crafted UDP RSVP packets, aka Bug ID CSCuf17023. |
Type: Hardware |
Bulletins:
CVE-2013-5478 |
Severity: High |
| Description: Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via crafted UDP RSVP packets, aka Bug ID CSCuf17023. | ||||
| Applies to: |
Created: 2013-09-27 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5475 |
Title: Cisco IOS 12.2 through 12.4 and 15.0 through 15.3, and IOS XE 2.1 through 3.9, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets that are processed locally by a (1) server or (2) relay agent, aka Bug ID... |
Type: Hardware |
Bulletins:
CVE-2013-5475 |
Severity: High |
| Description: Cisco IOS 12.2 through 12.4 and 15.0 through 15.3, and IOS XE 2.1 through 3.9, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets that are processed locally by a (1) server or (2) relay agent, aka Bug ID CSCug31561. | ||||
| Applies to: |
Created: 2013-09-27 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1037 |
Title: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1037 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1038 |
Title: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1038 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1039 |
Title: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1039 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1040 |
Title: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1040 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1041 |
Title: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1041 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1042 |
Title: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1042 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1043 |
Title: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1043 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1044 |
Title: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1044 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1045 |
Title: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1045 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1046 |
Title: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1046 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1047 |
Title: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1047 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5125 |
Title: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... |
Type: Mobile Devices |
Bulletins:
CVE-2013-5125 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5126 |
Title: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... |
Type: Mobile Devices |
Bulletins:
CVE-2013-5126 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5127 |
Title: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... |
Type: Mobile Devices |
Bulletins:
CVE-2013-5127 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5128 |
Title: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs... |
Type: Mobile Devices |
Bulletins:
CVE-2013-5128 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5159 |
Title: WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element. |
Type: Mobile Devices |
Bulletins:
CVE-2013-5159 |
Severity: Medium |
| Description: WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5157 |
Title: The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon. |
Type: Mobile Devices |
Bulletins:
CVE-2013-5157 |
Severity: Medium |
| Description: The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5156 |
Title: The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct... |
Type: Mobile Devices |
Bulletins:
CVE-2013-5156 |
Severity: Medium |
| Description: The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct requests to the daemon. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5158 |
Title: The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified... |
Type: Mobile Devices |
Bulletins:
CVE-2013-5158 |
Severity: Low |
| Description: The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified vectors. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5154 |
Title: The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a... |
Type: Mobile Devices |
Bulletins:
CVE-2013-5154 |
Severity: Medium |
| Description: The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a crafted application. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5155 |
Title: The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random. |
Type: Mobile Devices |
Bulletins:
CVE-2013-5155 |
Severity: High |
| Description: The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1121 |
Title: The regex engine in the BGP implementation in Cisco NX-OS, when a complex regular expression is configured for inbound routes, allows remote attackers to cause a denial of service (device reload) via a crafted AS path set, aka Bug ID CSCuf49554. |
Type: Hardware |
Bulletins:
CVE-2013-1121 |
Severity: Medium |
| Description: The regex engine in the BGP implementation in Cisco NX-OS, when a complex regular expression is configured for inbound routes, allows remote attackers to cause a denial of service (device reload) via a crafted AS path set, aka Bug ID CSCuf49554. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5149 |
Title: The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification... |
Type: Mobile Devices |
Bulletins:
CVE-2013-5149 |
Severity: Medium |
| Description: The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification registration process. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5141 |
Title: The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer... |
Type: Mobile Devices |
Bulletins:
CVE-2013-5141 |
Severity: High |
| Description: The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer truncation vulnerability." | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5142 |
Title: The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API. |
Type: Mobile Devices |
Bulletins:
CVE-2013-5142 |
Severity: Medium |
| Description: The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5140 |
Title: The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment. |
Type: Mobile Devices |
Bulletins:
CVE-2013-5140 |
Severity: High |
| Description: The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2011-2391 |
Title: The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets. |
Type: Mobile Devices |
Bulletins:
CVE-2011-2391 |
Severity: Medium |
| Description: The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5139 |
Title: The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application. |
Type: Mobile Devices |
Bulletins:
CVE-2013-5139 |
Severity: High |
| Description: The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5150 |
Title: The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation. |
Type: Mobile Devices |
Bulletins:
CVE-2013-5150 |
Severity: Low |
| Description: The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5153 |
Title: Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors. |
Type: Mobile Devices |
Bulletins:
CVE-2013-5153 |
Severity: Low |
| Description: Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1036 |
Title: Safari in Apple iOS before 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. |
Type: Mobile Devices |
Bulletins:
CVE-2013-1036 |
Severity: Medium |
| Description: Safari in Apple iOS before 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5147 |
Title: Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of... |
Type: Mobile Devices |
Bulletins:
CVE-2013-5147 |
Severity: Low |
| Description: Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5129 |
Title: Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation. |
Type: Mobile Devices |
Bulletins:
CVE-2013-5129 |
Severity: Medium |
| Description: Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5151 |
Title: Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file. |
Type: Mobile Devices |
Bulletins:
CVE-2013-5151 |
Severity: Medium |
| Description: Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5152 |
Title: Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site. |
Type: Mobile Devices |
Bulletins:
CVE-2013-5152 |
Severity: Medium |
| Description: Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5145 |
Title: kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message. |
Type: Mobile Devices |
Bulletins:
CVE-2013-5145 |
Severity: Medium |
| Description: kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5137 |
Title: IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API. |
Type: Mobile Devices |
Bulletins:
CVE-2013-5137 |
Severity: Low |
| Description: IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5138 |
Title: IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application. |
Type: Mobile Devices |
Bulletins:
CVE-2013-5138 |
Severity: Medium |
| Description: IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-0957 |
Title: Data Protection in Apple iOS before 7 allows attackers to bypass intended limits on incorrect passcode entry, and consequently avoid a configured Erase Data setting, by leveraging the presence of an app in the third-party sandbox. |
Type: Mobile Devices |
Bulletins:
CVE-2013-0957 |
Severity: Medium |
| Description: Data Protection in Apple iOS before 7 allows attackers to bypass intended limits on incorrect passcode entry, and consequently avoid a configured Erase Data setting, by leveraging the presence of an app in the third-party sandbox. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5131 |
Title: Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. |
Type: Mobile Devices |
Bulletins:
CVE-2013-5131 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||
| Applies to: |
Created: 2013-09-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1028 |
Title: The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1028 |
Severity: Medium |
| Description: The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a crafted certificate. | ||||
| Applies to: |
Created: 2013-09-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5496 |
Title: Open Network Environment Platform (ONEP) in Cisco NX-OS allows remote authenticated users to cause a denial of service (network-element reload) via a crafted packet, aka Bug ID CSCui51551. |
Type: Hardware |
Bulletins:
CVE-2013-5496 |
Severity: Medium |
| Description: Open Network Environment Platform (ONEP) in Cisco NX-OS allows remote authenticated users to cause a denial of service (network-element reload) via a crafted packet, aka Bug ID CSCui51551. | ||||
| Applies to: |
Created: 2013-09-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1026 |
Title: Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document. |
Type: Mobile Devices |
Bulletins:
CVE-2013-1026 |
Severity: Medium |
| Description: Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document. | ||||
| Applies to: |
Created: 2013-09-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1025 |
Title: Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document. |
Type: Mobile Devices |
Bulletins:
CVE-2013-1025 |
Severity: Medium |
| Description: Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document. | ||||
| Applies to: |
Created: 2013-09-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5649 |
Title: Multiple cross-site scripting (XSS) vulnerabilities in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.1 before 7.1r15, 7.2 before 7.2r11, 7.3 before 7.3r6, and 7.4 before 7.4r3 allow (1) remote attackers to inject arbitrary... |
Type: Hardware |
Bulletins:
CVE-2013-5649 |
Severity: Medium |
| Description: Multiple cross-site scripting (XSS) vulnerabilities in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.1 before 7.1r15, 7.2 before 7.2r11, 7.3 before 7.3r6, and 7.4 before 7.4r3 allow (1) remote attackers to inject arbitrary web script or HTML via vectors involving login pages, and allow (2) remote authenticated users to inject arbitrary web script or HTML via vectors involving a support page. | ||||
| Applies to: |
Created: 2013-09-13 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-3458 |
Title: Cisco Adaptive Security Appliances (ASA) devices, when SMP is used, do not properly process X.509 certificates, which allows remote attackers to cause a denial of service (device crash) via a large volume of (1) SSL or (2) TLS traffic, aka Bug ID... |
Type: Hardware |
Bulletins:
CVE-2013-3458 |
Severity: High |
| Description: Cisco Adaptive Security Appliances (ASA) devices, when SMP is used, do not properly process X.509 certificates, which allows remote attackers to cause a denial of service (device crash) via a large volume of (1) SSL or (2) TLS traffic, aka Bug ID CSCuh19462. | ||||
| Applies to: |
Created: 2013-09-07 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-3474 |
Title: The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) devices allows remote authenticated users to cause a denial of service (device crash) by leveraging membership in the Full Manager managers group, Read Only managers group, or... |
Type: Hardware |
Bulletins:
CVE-2013-3474 SFBID62084 |
Severity: Medium |
| Description: The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) devices allows remote authenticated users to cause a denial of service (device crash) by leveraging membership in the Full Manager managers group, Read Only managers group, or Lobby Ambassador managers group, and sending a request that (1) lacks a parameter value or (2) contains a malformed parameter value, aka Bug IDs CSCuh14313, CSCuh14159, CSCuh14368, and CSCuh14436. | ||||
| Applies to: |
Created: 2013-08-30 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-5469 |
Title: The TCP implementation in Cisco IOS does not properly implement the transitions from the ESTABLISHED state to the CLOSED state, which allows remote attackers to cause a denial of service (flood of ACK packets) via a crafted series of ACK and FIN... |
Type: Hardware |
Bulletins:
CVE-2013-5469 SFBID62083 |
Severity: High |
| Description: The TCP implementation in Cisco IOS does not properly implement the transitions from the ESTABLISHED state to the CLOSED state, which allows remote attackers to cause a denial of service (flood of ACK packets) via a crafted series of ACK and FIN packets, aka Bug ID CSCtz14399. | ||||
| Applies to: |
Created: 2013-08-30 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-3470 |
Title: The RIP process in Cisco IOS XR allows remote attackers to cause a denial of service (process crash) via a crafted version-2 RIP packet, aka Bug ID CSCue46731. |
Type: Hardware |
Bulletins:
CVE-2013-3470 SFBID62066 |
Severity: Medium |
| Description: The RIP process in Cisco IOS XR allows remote attackers to cause a denial of service (process crash) via a crafted version-2 RIP packet, aka Bug ID CSCue46731. | ||||
| Applies to: |
Created: 2013-08-29 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-3463 |
Title: The protocol-inspection feature on Cisco Adaptive Security Appliances (ASA) devices does not properly implement the idle timeout, which allows remote attackers to cause a denial of service (connection-table exhaustion) via crafted requests that use... |
Type: Hardware |
Bulletins:
CVE-2013-3463 SFBID62068 |
Severity: Medium |
| Description: The protocol-inspection feature on Cisco Adaptive Security Appliances (ASA) devices does not properly implement the idle timeout, which allows remote attackers to cause a denial of service (connection-table exhaustion) via crafted requests that use an inspected protocol, aka Bug ID CSCuh13899. | ||||
| Applies to: |
Created: 2013-08-29 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-3472 |
Title: Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows remote attackers to hijack the authentication of arbitrary users for requests that make ELM modifications,... |
Type: Hardware |
Bulletins:
CVE-2013-3472 |
Severity: Medium |
| Description: Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows remote attackers to hijack the authentication of arbitrary users for requests that make ELM modifications, aka Bug ID CSCui58210. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-08-29 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-3460 |
Title: Memory leak in Cisco Unified Communications Manager (Unified CM) 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(1) allows remote attackers to cause a denial of service (service disruption) via a high rate of UDP packets, aka... |
Type: Hardware |
Bulletins:
CVE-2013-3460 |
Severity: High |
| Description: Memory leak in Cisco Unified Communications Manager (Unified CM) 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(1) allows remote attackers to cause a denial of service (service disruption) via a high rate of UDP packets, aka Bug ID CSCub85597. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-08-24 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-3461 |
Title: Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption,... |
Type: Hardware |
Bulletins:
CVE-2013-3461 |
Severity: High |
| Description: Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption, and service disruption) via a flood of UDP packets to port 5060, aka Bug ID CSCub35869. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-08-24 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-3459 |
Title: Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6a does not properly handle errors, which allows remote attackers to cause a denial of service (service disruption) via malformed registration messages, aka Bug ID CSCuf93466. |
Type: Hardware |
Bulletins:
CVE-2013-3459 |
Severity: High |
| Description: Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6a does not properly handle errors, which allows remote attackers to cause a denial of service (service disruption) via malformed registration messages, aka Bug ID CSCuf93466. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-08-24 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-3462 |
Title: Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(2) allows remote authenticated users to execute arbitrary code via unspecified... |
Type: Hardware |
Bulletins:
CVE-2013-3462 |
Severity: High |
| Description: Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(2) allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Bug ID CSCud54358. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-08-24 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-3453 |
Title: Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP... |
Type: Hardware |
Bulletins:
CVE-2013-3453 |
Severity: High |
| Description: Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP connections to port (1) 5060 or (2) 5061, aka Bug ID CSCud84959. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-08-22 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-3464 |
Title: Cisco IOS XR allows local users to cause a denial of service (Silicon Packet Processor memory corruption, improper mutex handling, and device reload) by starting an outbound flood of large ICMP Echo Request packets and stopping this with a CTRL-C... |
Type: Hardware |
Bulletins:
CVE-2013-3464 |
Severity: Medium |
| Description: Cisco IOS XR allows local users to cause a denial of service (Silicon Packet Processor memory corruption, improper mutex handling, and device reload) by starting an outbound flood of large ICMP Echo Request packets and stopping this with a CTRL-C sequence, aka Bug ID CSCui60347. | ||||
| Applies to: |
Created: 2013-08-13 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-4806 |
Title: The OSPF implementation on HP JD9##A routers; HP J4###A, J484#B, J8###A, JD3##A, JE###A, and JF55#A switches; HP 3COM routers and switches; and HP H3C routers and switches does not consider the possibility of duplicate Link State ID values in Link... |
Type: Hardware |
Bulletins:
CVE-2013-4806 |
Severity: High |
| Description: The OSPF implementation on HP JD9##A routers; HP J4###A, J484#B, J8###A, JD3##A, JE###A, and JF55#A switches; HP 3COM routers and switches; and HP H3C routers and switches does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote authenticated users to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. | ||||
| Applies to: ... 3Com Router 3012 3Com Router 3013 3Com Router 5012 3Com Router 5232 3Com Router 5642 3Com Router 5682 3Com Switch 5500-SI 24-Port 3Com Switch 5500G-48P-SI 3Com Switch 5500G-EI 24-Port 3Com Switch 5500G-EI 48-Port hh3c-s5600-26C |
Created: 2013-08-12 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-3454 |
Title: Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the... |
Type: Hardware |
Bulletins:
CVE-2013-3454 |
Severity: High |
| Description: Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the configuration or perform arbitrary actions via HTTPS requests, aka Bug ID CSCui43128. | ||||
| Applies to: Cisco TX 9000 Cisco TX 9200 Cisco TelePresence System 1300 Cisco TelePresence System 3000 Cisco TelePresence System 3010 Cisco TelePresence System 3200 Cisco TelePresence System 3210 |
Created: 2013-08-08 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-3442 |
Title: The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854. |
Type: Hardware |
Bulletins:
CVE-2013-3442 |
Severity: Medium |
| Description: The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-08-05 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-3451 |
Title: Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Unified Communications Manager (Unified CM) allow remote attackers to hijack the authentication of arbitrary users for requests that perform arbitrary Unified CM operations, aka Bug... |
Type: Hardware |
Bulletins:
CVE-2013-3451 |
Severity: Medium |
| Description: Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Unified Communications Manager (Unified CM) allow remote attackers to hijack the authentication of arbitrary users for requests that perform arbitrary Unified CM operations, aka Bug ID CSCui13033. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-08-05 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-3450 |
Title: Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028. |
Type: Hardware |
Bulletins:
CVE-2013-3450 |
Severity: Medium |
| Description: Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-08-05 |
Updated: 2025-10-08 |
||
| ID: CVE-2012-5460 |
Title: Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText... |
Type: Hardware |
Bulletins:
CVE-2012-5460 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter. | ||||
| Applies to: |
Created: 2013-08-01 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-3414 |
Title: Cross-site scripting (XSS) vulnerability in the WebVPN portal login page on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCug83080. |
Type: Hardware |
Bulletins:
CVE-2013-3414 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in the WebVPN portal login page on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCug83080. | ||||
| Applies to: |
Created: 2013-07-25 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-3436 |
Title: The default configuration of the Group Encrypted Transport VPN (GET VPN) feature on Cisco IOS uses an improper mechanism for enabling Group Domain of Interpretation (GDOI) traffic flow, which allows remote attackers to bypass the encryption policy... |
Type: Hardware |
Bulletins:
CVE-2013-3436 SFBID61362 |
Severity: Medium |
| Description: The default configuration of the Group Encrypted Transport VPN (GET VPN) feature on Cisco IOS uses an improper mechanism for enabling Group Domain of Interpretation (GDOI) traffic flow, which allows remote attackers to bypass the encryption policy via certain uses of UDP port 848, aka Bug ID CSCui07698. | ||||
| Applies to: |
Created: 2013-07-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-3433 |
Title: Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka... |
Type: Hardware |
Bulletins:
CVE-2013-3433 SFBID61297 |
Severity: Medium |
| Description: Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02276. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-07-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-3434 |
Title: Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka... |
Type: Hardware |
Bulletins:
CVE-2013-3434 SFBID61296 |
Severity: Medium |
| Description: Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02242. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-07-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-3412 |
Title: SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766. |
Type: Hardware |
Bulletins:
CVE-2013-3412 |
Severity: Medium |
| Description: SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-07-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-3404 |
Title: SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging... |
Type: Hardware |
Bulletins:
CVE-2013-3404 |
Severity: High |
| Description: SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-07-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-3403 |
Title: Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged... |
Type: Hardware |
Bulletins:
CVE-2013-3403 |
Severity: Medium |
| Description: Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCuh73454. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-07-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-3402 |
Title: An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440. |
Type: Hardware |
Bulletins:
CVE-2013-3402 |
Severity: Medium |
| Description: An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-07-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-4686 |
Title: The kernel in Juniper Junos 10.4 before 10.4R14, 11.4 before 11.4R8, 11.4X27 before 11.4X27.43, 12.1 before 12.1R6, 12.1X44 before 12.1X44-D20, 12.2 before 12.2R4, and 12.3 before 12.3R2, in certain VLAN configurations with unrestricted arp-resp and... |
Type: Hardware |
Bulletins:
CVE-2013-4686 SFBID61126 |
Severity: High |
| Description: The kernel in Juniper Junos 10.4 before 10.4R14, 11.4 before 11.4R8, 11.4X27 before 11.4X27.43, 12.1 before 12.1R6, 12.1X44 before 12.1X44-D20, 12.2 before 12.2R4, and 12.3 before 12.3R2, in certain VLAN configurations with unrestricted arp-resp and proxy-arp settings, allows remote attackers to cause a denial of service (device crash) via a crafted ARP request, aka PR 842091. | ||||
| Applies to: |
Created: 2013-07-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-4690 |
Title: Juniper Junos 10.4 before 10.4S13, 11.4 before 11.4R7-S1, 12.1 before 12.1R5-S3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on the SRX1400, SRX3400, and SRX3600 does not properly initialize memory locations used during padding of... |
Type: Hardware |
Bulletins:
CVE-2013-4690 SFBID61123 |
Severity: Medium |
| Description: Juniper Junos 10.4 before 10.4S13, 11.4 before 11.4R7-S1, 12.1 before 12.1R5-S3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on the SRX1400, SRX3400, and SRX3600 does not properly initialize memory locations used during padding of Ethernet packets, which allows remote attackers to obtain sensitive information by reading packet data, aka PR 829536, a related issue to CVE-2003-0001. | ||||
| Applies to: Juniper SRX1400 Juniper SRX3400 Juniper SRX3600 |
Created: 2013-07-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-4684 |
Title: flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R8, 12.1 before 12.1R7, and 12.1X44 before 12.1X44-D15 on SRX devices, when PIM and NAT are enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted PIM... |
Type: Hardware |
Bulletins:
CVE-2013-4684 SFBID61127 |
Severity: High |
| Description: flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R8, 12.1 before 12.1R7, and 12.1X44 before 12.1X44-D15 on SRX devices, when PIM and NAT are enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted PIM packets, aka PR 842253. | ||||
| Applies to: Juniper SRX100 Juniper SRX110 Juniper SRX1400 Juniper SRX210 Juniper SRX220 Juniper SRX240 Juniper SRX3400 Juniper SRX3600 Juniper SRX550 Juniper SRX5600 Juniper SRX5800 Juniper SRX650 |
Created: 2013-07-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-4687 |
Title: flowd in Juniper Junos 10.4 before 10.4S14, 11.2 and 11.4 before 11.4R6-S2, and 12.1 before 12.1R6 on SRX devices, when certain Application Layer Gateways (ALGs) are enabled, allows remote attackers to cause a denial of service (daemon crash) via... |
Type: Hardware |
Bulletins:
CVE-2013-4687 SFBID61122 |
Severity: High |
| Description: flowd in Juniper Junos 10.4 before 10.4S14, 11.2 and 11.4 before 11.4R6-S2, and 12.1 before 12.1R6 on SRX devices, when certain Application Layer Gateways (ALGs) are enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted TCP packets, aka PRs 727980, 806269, and 835593. | ||||
| Applies to: Juniper SRX100 Juniper SRX110 Juniper SRX1400 Juniper SRX210 Juniper SRX220 Juniper SRX240 Juniper SRX3400 Juniper SRX3600 Juniper SRX550 Juniper SRX5600 Juniper SRX5800 Juniper SRX650 |
Created: 2013-07-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-4688 |
Title: flowd in Juniper Junos 10.4 before 10.4R11 on SRX devices, when the MSRPC Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted MSRPC requests, aka PR 772834. |
Type: Hardware |
Bulletins:
CVE-2013-4688 SFBID61124 |
Severity: High |
| Description: flowd in Juniper Junos 10.4 before 10.4R11 on SRX devices, when the MSRPC Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted MSRPC requests, aka PR 772834. | ||||
| Applies to: Juniper SRX100 Juniper SRX110 Juniper SRX1400 Juniper SRX210 Juniper SRX220 Juniper SRX240 Juniper SRX3400 Juniper SRX3600 Juniper SRX550 Juniper SRX5600 Juniper SRX5800 Juniper SRX650 |
Created: 2013-07-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-4685 |
Title: Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R6, and 12.1X44 before 12.1X44-D15 on SRX devices, when Captive Portal is enabled with the UAC enforcer role, allows remote attackers to execute... |
Type: Hardware |
Bulletins:
CVE-2013-4685 SFBID61125 |
Severity: High |
| Description: Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R6, and 12.1X44 before 12.1X44-D15 on SRX devices, when Captive Portal is enabled with the UAC enforcer role, allows remote attackers to execute arbitrary code via crafted HTTP requests, aka PR 849100. | ||||
| Applies to: Juniper SRX100 Juniper SRX110 Juniper SRX1400 Juniper SRX210 Juniper SRX220 Juniper SRX240 Juniper SRX3400 Juniper SRX3600 Juniper SRX550 Juniper SRX5600 Juniper SRX5800 Juniper SRX650 |
Created: 2013-07-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-3400 |
Title: The license-installation module in Cisco NX-OS on Nexus 1000V devices allows local users to execute arbitrary commands via crafted "install license" arguments, aka Bug ID CSCuh30824. |
Type: Hardware |
Bulletins:
CVE-2013-3400 |
Severity: Medium |
| Description: The license-installation module in Cisco NX-OS on Nexus 1000V devices allows local users to execute arbitrary commands via crafted "install license" arguments, aka Bug ID CSCuh30824. | ||||
| Applies to: Cisco Nexus 1000V VSM |
Created: 2013-07-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-4787 |
Title: Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrary code via an application package file (APK) that is modified in a way that does... |
Type: Mobile Devices |
Bulletins:
CVE-2013-4787 SFBID60952 |
Severity: High |
| Description: Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrary code via an application package file (APK) that is modified in a way that does not violate the cryptographic signature, probably involving multiple entries in a Zip file with the same name in which one entry is validated but the other entry is installed, aka Android security bug 8219321 and the "Master Key" vulnerability. | ||||
| Applies to: |
Created: 2013-07-09 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-2341 |
Title: Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote authenticated users to... |
Type: Hardware |
Bulletins:
CVE-2013-2341 |
Severity: High |
| Description: Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote authenticated users to execute arbitrary code or obtain sensitive information via unknown vectors. | ||||
| Applies to: 3Com Router 3012 3Com Router 3013 3Com Router 3016 3Com Router 3036 3Com Router 3040 3Com Router 3041 3Com Router 5009 3Com Router 5012 3Com Router 5231 3Com Router 5232 3Com Router 5640 3Com Router 5642 3Com Router... |
Created: 2013-07-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-2340 |
Title: Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote attackers to execute... |
Type: Hardware |
Bulletins:
CVE-2013-2340 |
Severity: High |
| Description: Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors. | ||||
| Applies to: 3Com Router 3012 3Com Router 3013 3Com Router 3016 3Com Router 3036 3Com Router 3040 3Com Router 3041 3Com Router 5009 3Com Router 5012 3Com Router 5231 3Com Router 5232 3Com Router 5640 3Com Router 5642 3Com Router... |
Created: 2013-07-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-3382 |
Title: The Next-Generation Firewall (aka NGFW, formerly CX Context-Aware Security) module 9.x before 9.1.1.9 and 9.1.2.x before 9.1.2.12 for Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (device... |
Type: Hardware |
Bulletins:
CVE-2013-3382 |
Severity: High |
| Description: The Next-Generation Firewall (aka NGFW, formerly CX Context-Aware Security) module 9.x before 9.1.1.9 and 9.1.2.x before 9.1.2.12 for Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (device reload or traffic-processing outage) via fragmented (1) IPv4 or (2) IPv6 traffic, aka Bug ID CSCue88387. | ||||
| Applies to: |
Created: 2013-06-26 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-3397 |
Title: Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability component in Cisco Unified Communications Manager (CUCM) allows remote attackers to hijack the authentication of arbitrary users for requests that perform Unified... |
Type: Hardware |
Bulletins:
CVE-2013-3397 |
Severity: Medium |
| Description: Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability component in Cisco Unified Communications Manager (CUCM) allows remote attackers to hijack the authentication of arbitrary users for requests that perform Unified Serviceability actions, aka Bug ID CSCuh10298. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-06-26 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-3377 |
Title: Cisco TelePresence TC Software before 5.1.7 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCue01743. |
Type: Hardware |
Bulletins:
CVE-2013-3377 |
Severity: High |
| Description: Cisco TelePresence TC Software before 5.1.7 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCue01743. | ||||
| Applies to: Cisco Codec C40 Cisco Codec C60 Cisco Codec C90 Cisco Codec EX60 Cisco Codec EX90 |
Created: 2013-06-21 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-4616 |
Title: The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier... |
Type: Mobile Devices |
Bulletins:
CVE-2013-4616 |
Severity: Medium |
| Description: The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack that leverages the insufficient number of possible passphrases. | ||||
| Applies to: |
Created: 2013-06-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-3954 |
Title: The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is... |
Type: Mobile Devices |
Bulletins:
CVE-2013-3954 |
Severity: Medium |
| Description: The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with a header count field, or (2) obtain sensitive information from kernel heap memory via a certain size value in conjunction with a crafted buffer. | ||||
| Applies to: |
Created: 2013-06-05 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-3953 |
Title: The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory... |
Type: Mobile Devices |
Bulletins:
CVE-2013-3953 |
Severity: Medium |
| Description: The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call. | ||||
| Applies to: |
Created: 2013-06-05 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-3950 |
Title: Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR... |
Type: Mobile Devices |
Bulletins:
CVE-2013-3950 |
Severity: Medium |
| Description: Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR environment variable. | ||||
| Applies to: |
Created: 2013-06-05 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-3948 |
Title: Apple iOS 6.1.3 does not follow redirects during determination of the hostname to display in an iOS Enterprise Deployment installation dialog, which makes it easier for remote attackers to trigger installation of arbitrary... |
Type: Mobile Devices |
Bulletins:
CVE-2013-3948 |
Severity: Medium |
| Description: Apple iOS 6.1.3 does not follow redirects during determination of the hostname to display in an iOS Enterprise Deployment installation dialog, which makes it easier for remote attackers to trigger installation of arbitrary applications via a download-manifest itms-services:// URL that leverages an open redirect vulnerability within a trusted domain. | ||||
| Applies to: |
Created: 2013-06-05 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1212 |
Title: The SSL functionality in Cisco NX-OS on the Nexus 1000V does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof servers, and intercept or modify Virtual Supervisor Module (VSM) to VMware vCenter communication,... |
Type: Hardware |
Bulletins:
CVE-2013-1212 |
Severity: Medium |
| Description: The SSL functionality in Cisco NX-OS on the Nexus 1000V does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof servers, and intercept or modify Virtual Supervisor Module (VSM) to VMware vCenter communication, via a crafted certificate, aka Bug ID CSCud14837. | ||||
| Applies to: Cisco Nexus 1000V VSM |
Created: 2013-05-29 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1209 |
Title: The encryption functionality in the Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication component in Cisco NX-OS on the Nexus 1000V does not properly authenticate VSM/VEM packets, which allows remote attackers to disable... |
Type: Hardware |
Bulletins:
CVE-2013-1209 |
Severity: Medium |
| Description: The encryption functionality in the Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication component in Cisco NX-OS on the Nexus 1000V does not properly authenticate VSM/VEM packets, which allows remote attackers to disable packet-level encryption and integrity protection via crafted packets, aka Bug ID CSCud14710. | ||||
| Applies to: |
Created: 2013-05-29 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1208 |
Title: The encryption functionality in Cisco NX-OS on the Nexus 1000V does not properly handle Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication, which allows remote attackers to intercept or modify network traffic by... |
Type: Hardware |
Bulletins:
CVE-2013-1208 |
Severity: Medium |
| Description: The encryption functionality in Cisco NX-OS on the Nexus 1000V does not properly handle Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication, which allows remote attackers to intercept or modify network traffic by leveraging certain Layer 2 or Layer 3 access, aka Bug ID CSCud14691. | ||||
| Applies to: |
Created: 2013-05-29 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1211 |
Title: Cisco NX-OS on the Nexus 1000V does not properly handle authentication for Virtual Ethernet Module (VEM) to Virtual Supervisor Module (VSM) communication, which allows remote attackers to obtain VEM access via (1) spoofed STUN packets or (2) a... |
Type: Hardware |
Bulletins:
CVE-2013-1211 |
Severity: Medium |
| Description: Cisco NX-OS on the Nexus 1000V does not properly handle authentication for Virtual Ethernet Module (VEM) to Virtual Supervisor Module (VSM) communication, which allows remote attackers to obtain VEM access via (1) spoofed STUN packets or (2) a crafted VMware ESXi instance, aka Bug ID CSCud14832. | ||||
| Applies to: |
Created: 2013-05-29 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1213 |
Title: Cisco NX-OS on the Nexus 1000V does not assign the proper priority to heartbeat messages from a Virtual Ethernet Module (VEM) to a Virtual Supervisor Module (VSM), which allows remote attackers to cause a denial of service (false VEM unavailability... |
Type: Hardware |
Bulletins:
CVE-2013-1213 |
Severity: Medium |
| Description: Cisco NX-OS on the Nexus 1000V does not assign the proper priority to heartbeat messages from a Virtual Ethernet Module (VEM) to a Virtual Supervisor Module (VSM), which allows remote attackers to cause a denial of service (false VEM unavailability report) via a flood of UDP packets, aka Bug ID CSCud14840. | ||||
| Applies to: Cisco Nexus 1000V VSM |
Created: 2013-05-29 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1210 |
Title: Array index error in the Virtual Ethernet Module (VEM) kernel driver for VMware ESXi in Cisco NX-OS on the Nexus 1000V, when STUN debugging is enabled, allows remote attackers to cause a denial of service (ESXi crash and purple screen of death) by... |
Type: Hardware |
Bulletins:
CVE-2013-1210 |
Severity: Medium |
| Description: Array index error in the Virtual Ethernet Module (VEM) kernel driver for VMware ESXi in Cisco NX-OS on the Nexus 1000V, when STUN debugging is enabled, allows remote attackers to cause a denial of service (ESXi crash and purple screen of death) by sending crafted STUN packets to a VEM, aka Bug ID CSCud14825. | ||||
| Applies to: |
Created: 2013-05-29 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1019 |
Title: Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. |
Type: Mobile Devices |
Bulletins:
CVE-2013-1019 |
Severity: High |
| Description: Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. | ||||
| Applies to: |
Created: 2013-05-24 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1204 |
Title: Memory leak in the SNMP process in Cisco IOS XR allows remote attackers to cause a denial of service (memory consumption or process reload) by sending many port-162 UDP packets, aka Bug ID CSCug80345. |
Type: Hardware |
Bulletins:
CVE-2013-1204 |
Severity: Medium |
| Description: Memory leak in the SNMP process in Cisco IOS XR allows remote attackers to cause a denial of service (memory consumption or process reload) by sending many port-162 UDP packets, aka Bug ID CSCug80345. | ||||
| Applies to: |
Created: 2013-05-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-2842 |
Title: Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets. |
Type: Mobile Devices |
Bulletins:
CVE-2013-2842 |
Severity: High |
| Description: Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets. | ||||
| Applies to: |
Created: 2013-05-22 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1004 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1004 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: |
Created: 2013-05-20 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1005 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1005 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: |
Created: 2013-05-20 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-0999 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2013-0999 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: |
Created: 2013-05-20 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1000 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1000 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: |
Created: 2013-05-20 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1001 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1001 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: |
Created: 2013-05-20 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1002 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1002 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: |
Created: 2013-05-20 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1003 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1003 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: |
Created: 2013-05-20 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1006 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1006 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: |
Created: 2013-05-20 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1007 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1007 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: |
Created: 2013-05-20 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1008 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1008 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: |
Created: 2013-05-20 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1010 |
Title: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2013-1010 |
Severity: High |
| Description: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | ||||
| Applies to: |
Created: 2013-05-20 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1188 |
Title: Cisco Unified Communications Manager (CUCM) does not properly limit the rate of authentication attempts, which allows remote attackers to cause a denial of service (application slowdown) via a series of requests, aka Bug ID CSCud39515. |
Type: Hardware |
Bulletins:
CVE-2013-1188 |
Severity: Medium |
| Description: Cisco Unified Communications Manager (CUCM) does not properly limit the rate of authentication attempts, which allows remote attackers to cause a denial of service (application slowdown) via a series of requests, aka Bug ID CSCud39515. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-05-15 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1136 |
Title: The crypto engine process in Cisco IOS on Aggregation Services Router (ASR) Route Processor 2 does not properly manage memory, which allows local users to cause a denial of service (route processor crash) by creating multiple tunnels and then... |
Type: Hardware |
Bulletins:
CVE-2013-1136 |
Severity: Medium |
| Description: The crypto engine process in Cisco IOS on Aggregation Services Router (ASR) Route Processor 2 does not properly manage memory, which allows local users to cause a denial of service (route processor crash) by creating multiple tunnels and then examining encryption statistics, aka Bug ID CSCuc52193. | ||||
| Applies to: |
Created: 2013-05-13 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1234 |
Title: The SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (process restart) via crafted SNMP packets, aka Bug ID CSCue69472. |
Type: Hardware |
Bulletins:
CVE-2013-1234 |
Severity: Medium |
| Description: The SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (process restart) via crafted SNMP packets, aka Bug ID CSCue69472. | ||||
| Applies to: |
Created: 2013-05-03 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1240 |
Title: The command-line interface in Cisco Unified Communications Manager (CUCM) does not properly validate input, which allows local users to read arbitrary files via unspecified vectors, aka Bug ID CSCue25770. |
Type: Hardware |
Bulletins:
CVE-2013-1240 |
Severity: Medium |
| Description: The command-line interface in Cisco Unified Communications Manager (CUCM) does not properly validate input, which allows local users to read arbitrary files via unspecified vectors, aka Bug ID CSCue25770. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-05-03 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1235 |
Title: Cisco Wireless LAN Controller (WLC) devices do not properly address the resource consumption of terminated TELNET sessions, which allows remote attackers to cause a denial of service (TELNET outage) by making many TELNET connections and improperly... |
Type: Hardware |
Bulletins:
CVE-2013-1235 |
Severity: Medium |
| Description: Cisco Wireless LAN Controller (WLC) devices do not properly address the resource consumption of terminated TELNET sessions, which allows remote attackers to cause a denial of service (TELNET outage) by making many TELNET connections and improperly ending these connections, aka Bug ID CSCug35507. | ||||
| Applies to: Cisco WLC 2000 Cisco WLC 2100 Cisco WLC 4100 Cisco WLC 4400 |
Created: 2013-05-03 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1226 |
Title: The Ethernet frame-forwarding implementation in Cisco NX-OS on Nexus 7000 devices allows remote attackers to cause a denial of service (forwarding loop and service outage) via a crafted frame, aka Bug ID CSCug47098. |
Type: Hardware |
Bulletins:
CVE-2013-1226 |
Severity: Medium |
| Description: The Ethernet frame-forwarding implementation in Cisco NX-OS on Nexus 7000 devices allows remote attackers to cause a denial of service (forwarding loop and service outage) via a crafted frame, aka Bug ID CSCug47098. | ||||
| Applies to: Cisco Nexus 7000 Cisco Nexus 7000-9slot Cisco Nexus 7010 Cisco Nexus 7018 |
Created: 2013-04-29 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1216 |
Title: Memory leak in the SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (memory consumption and process restart) via crafted SNMP packets, aka Bug ID CSCue31546. |
Type: Hardware |
Bulletins:
CVE-2013-1216 |
Severity: Medium |
| Description: Memory leak in the SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (memory consumption and process restart) via crafted SNMP packets, aka Bug ID CSCue31546. | ||||
| Applies to: |
Created: 2013-04-29 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1215 |
Title: The vpnclient program in the Easy VPN component on Cisco Adaptive Security Appliances (ASA) 5505 devices allows local users to gain privileges via unspecified vectors, aka Bug ID CSCuf85295. |
Type: Hardware |
Bulletins:
CVE-2013-1215 |
Severity: Medium |
| Description: The vpnclient program in the Easy VPN component on Cisco Adaptive Security Appliances (ASA) 5505 devices allows local users to gain privileges via unspecified vectors, aka Bug ID CSCuf85295. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance |
Created: 2013-04-25 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1192 |
Title: The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows client machines via a crafted element-manager.jnlp... |
Type: Hardware |
Bulletins:
CVE-2013-1192 |
Severity: High |
| Description: The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows client machines via a crafted element-manager.jnlp file, aka Bug IDs CSCty17417 and CSCty10802. | ||||
| Applies to: Cisco Nexus 5000 Series Cisco Nexus 5010 Cisco Nexus 5020 Cisco Nexus 5020p Cisco Nexus 5548p Cisco Nexus 5548up Cisco Nexus 5596UP Cisco Nexus C5010P-BF |
Created: 2013-04-25 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1178 |
Title: Multiple buffer overflows in the Cisco Discovery Protocol (CDP) implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(4) and 6.x before 6.1(1), Nexus 5000 and 5500 devices 4.x and 5.x before 5.1(3)N1(1), Nexus 4000 devices... |
Type: Hardware |
Bulletins:
CVE-2013-1178 |
Severity: High |
| Description: Multiple buffer overflows in the Cisco Discovery Protocol (CDP) implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(4) and 6.x before 6.1(1), Nexus 5000 and 5500 devices 4.x and 5.x before 5.1(3)N1(1), Nexus 4000 devices before 4.1(2)E1(1h), Nexus 3000 devices 5.x before 5.0(3)U3(1), Nexus 1000V devices 4.x before 4.2(1)SV1(5.1), MDS 9000 devices 4.x and 5.x before 5.2(4), Unified Computing System (UCS) 6100 and 6200 devices before 2.0(2m), and Connected Grid Router (CGR) 1000 devices before CG4(1) allow remote attackers to execute arbitrary code via malformed CDP packets, aka Bug IDs CSCtu10630, CSCtu10551, CSCtu10550, CSCtw56581, CSCtu10548, CSCtu10544, and CSCuf61275. | ||||
| Applies to: Cisco Nexus 1000V VSM Cisco Nexus 5000 Series Cisco Nexus 5010 Cisco Nexus 5020 Cisco Nexus 5548p Cisco Nexus 5548up Cisco Nexus 5596UP Cisco Nexus 7000 Cisco Nexus 7000-9slot Cisco Nexus 7010 Cisco Nexus 7018 |
Created: 2013-04-25 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1179 |
Title: Multiple buffer overflows in the (1) SNMP and (2) License Manager implementations in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allow remote authenticated users to... |
Type: Hardware |
Bulletins:
CVE-2013-1179 |
Severity: High |
| Description: Multiple buffer overflows in the (1) SNMP and (2) License Manager implementations in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allow remote authenticated users to execute arbitrary code via a crafted SNMP request, aka Bug ID CSCtx54830. | ||||
| Applies to: Cisco Nexus 7000 Cisco Nexus 7000-9slot Cisco Nexus 7010 Cisco Nexus 7018 |
Created: 2013-04-25 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1181 |
Title: Cisco NX-OS on Nexus 5500 devices 4.x and 5.x before 5.0(3)N2(2), Nexus 3000 devices 5.x before 5.0(3)U3(2), and Unified Computing System (UCS) 6200 devices before 2.0(1w) allows remote attackers to cause a denial of service (device reload) by... |
Type: Hardware |
Bulletins:
CVE-2013-1181 |
Severity: High |
| Description: Cisco NX-OS on Nexus 5500 devices 4.x and 5.x before 5.0(3)N2(2), Nexus 3000 devices 5.x before 5.0(3)U3(2), and Unified Computing System (UCS) 6200 devices before 2.0(1w) allows remote attackers to cause a denial of service (device reload) by sending a jumbo packet to the management interface, aka Bug IDs CSCtx17544, CSCts10593, and CSCtx95389. | ||||
| Applies to: Cisco Nexus 5548p Cisco Nexus 5548up Cisco Nexus 5596UP |
Created: 2013-04-25 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1180 |
Title: Buffer overflow in the SNMP implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allows remote authenticated users to execute arbitrary code via a crafted... |
Type: Hardware |
Bulletins:
CVE-2013-1180 |
Severity: High |
| Description: Buffer overflow in the SNMP implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allows remote authenticated users to execute arbitrary code via a crafted SNMP request, aka Bug ID CSCtx54822. | ||||
| Applies to: Cisco Nexus 7000 Cisco Nexus 7000-9slot Cisco Nexus 7010 Cisco Nexus 7018 |
Created: 2013-04-25 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1217 |
Title: The generic input/output control implementation in Cisco IOS does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) by sending many SNMP requests at the same time, aka Bug ID CSCub41105. |
Type: Hardware |
Bulletins:
CVE-2013-1217 |
Severity: Medium |
| Description: The generic input/output control implementation in Cisco IOS does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) by sending many SNMP requests at the same time, aka Bug ID CSCub41105. | ||||
| Applies to: |
Created: 2013-04-24 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1194 |
Title: The ISAKMP implementation on Cisco Adaptive Security Appliances (ASA) devices generates different responses for IKE aggressive-mode messages depending on whether invalid VPN groups are specified, which allows remote attackers to enumerate groups via... |
Type: Hardware |
Bulletins:
CVE-2013-1194 |
Severity: Medium |
| Description: The ISAKMP implementation on Cisco Adaptive Security Appliances (ASA) devices generates different responses for IKE aggressive-mode messages depending on whether invalid VPN groups are specified, which allows remote attackers to enumerate groups via a series of messages, aka Bug ID CSCue73708. | ||||
| Applies to: |
Created: 2013-04-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1199 |
Title: Race condition in the CIFS implementation in the rewriter module in the Clientless SSL VPN component on Cisco Adaptive Security Appliances (ASA) devices allows remote authenticated users to cause a denial of service (device reload) by accessing... |
Type: Hardware |
Bulletins:
CVE-2013-1199 |
Severity: Medium |
| Description: Race condition in the CIFS implementation in the rewriter module in the Clientless SSL VPN component on Cisco Adaptive Security Appliances (ASA) devices allows remote authenticated users to cause a denial of service (device reload) by accessing resources within multiple sessions, aka Bug ID CSCub58996. | ||||
| Applies to: |
Created: 2013-04-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2012-5415 |
Title: Race condition on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing multiple connections, leading to improper handling of hash lookups for... |
Type: Hardware |
Bulletins:
CVE-2012-5415 |
Severity: Medium |
| Description: Race condition on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing multiple connections, leading to improper handling of hash lookups for secondary flows, aka Bug IDs CSCue31622 and CSCuc71272. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance |
Created: 2013-04-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1150 |
Title: The authentication-proxy implementation on Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.31), 8.1 and 8.2 before 8.2(5.38), 8.3 before 8.3(2.37), 8.4 before 8.4(5.3), 8.5 and 8.6 before... |
Type: Hardware |
Bulletins:
CVE-2013-1150 |
Severity: High |
| Description: The authentication-proxy implementation on Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.31), 8.1 and 8.2 before 8.2(5.38), 8.3 before 8.3(2.37), 8.4 before 8.4(5.3), 8.5 and 8.6 before 8.6(1.10), 8.7 before 8.7(1.4), 9.0 before 9.0(1.1), and 9.1 before 9.1(1.2) allows remote attackers to cause a denial of service (device reload) via a crafted URL, aka Bug ID CSCud16590. | ||||
| Applies to: |
Created: 2013-04-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-2779 |
Title: Cisco IOS XE 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a... |
Type: Hardware |
Bulletins:
CVE-2013-2779 |
Severity: High |
| Description: Cisco IOS XE 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a denial of service (card reload) via fragmented IPv6 MVPN (aka MVPNv6) packets, aka Bug ID CSCub34945, a different vulnerability than CVE-2013-1164. | ||||
| Applies to: |
Created: 2013-04-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1164 |
Title: Cisco IOS XE 3.4 before 3.4.4S, 3.5, and 3.6 on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a denial of service (card... |
Type: Hardware |
Bulletins:
CVE-2013-1164 |
Severity: High |
| Description: Cisco IOS XE 3.4 before 3.4.4S, 3.5, and 3.6 on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a denial of service (card reload) via fragmented IPv6 multicast packets, aka Bug ID CSCtz97563. | ||||
| Applies to: |
Created: 2013-04-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1166 |
Title: Cisco IOS XE 3.2 through 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR), when VRF-aware NAT and SIP ALG are enabled, allows remote attackers to cause a denial of service (card reload) by... |
Type: Hardware |
Bulletins:
CVE-2013-1166 |
Severity: High |
| Description: Cisco IOS XE 3.2 through 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR), when VRF-aware NAT and SIP ALG are enabled, allows remote attackers to cause a denial of service (card reload) by sending many SIP packets, aka Bug ID CSCuc65609. | ||||
| Applies to: |
Created: 2013-04-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1167 |
Title: Cisco IOS XE 3.2 through 3.4 before 3.4.2S, and 3.5, on 1000 series Aggregation Services Routers (ASR), when bridge domain interface (BDI) is enabled, allows remote attackers to cause a denial of service (card reload) via packets that are not... |
Type: Hardware |
Bulletins:
CVE-2013-1167 |
Severity: High |
| Description: Cisco IOS XE 3.2 through 3.4 before 3.4.2S, and 3.5, on 1000 series Aggregation Services Routers (ASR), when bridge domain interface (BDI) is enabled, allows remote attackers to cause a denial of service (card reload) via packets that are not properly handled during the processing of encapsulation, aka Bug ID CSCtt11558. | ||||
| Applies to: |
Created: 2013-04-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1165 |
Title: Cisco IOS XE 2.x and 3.x before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) allows remote attackers to cause a denial of service (card reload) by sending many crafted L2TP packets, aka Bug ID CSCtz23293. |
Type: Hardware |
Bulletins:
CVE-2013-1165 |
Severity: High |
| Description: Cisco IOS XE 2.x and 3.x before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) allows remote attackers to cause a denial of service (card reload) by sending many crafted L2TP packets, aka Bug ID CSCtz23293. | ||||
| Applies to: |
Created: 2013-04-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1152 |
Title: Cisco Adaptive Security Appliances (ASA) devices with software 9.0 before 9.0(1.2) allow remote attackers to cause a denial of service (device reload) via a crafted field in a DNS message, aka Bug ID CSCuc80080. |
Type: Hardware |
Bulletins:
CVE-2013-1152 |
Severity: High |
| Description: Cisco Adaptive Security Appliances (ASA) devices with software 9.0 before 9.0(1.2) allow remote attackers to cause a denial of service (device reload) via a crafted field in a DNS message, aka Bug ID CSCuc80080. | ||||
| Applies to: |
Created: 2013-04-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1149 |
Title: Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.28), 8.1 and 8.2 before 8.2(5.35), 8.3 before 8.3(2.34), 8.4 before 8.4(4.11), 8.6 before 8.6(1.10), and 8.7 before 8.7(1.3), and Cisco Firewall... |
Type: Hardware |
Bulletins:
CVE-2013-1149 |
Severity: High |
| Description: Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.28), 8.1 and 8.2 before 8.2(5.35), 8.3 before 8.3(2.34), 8.4 before 8.4(4.11), 8.6 before 8.6(1.10), and 8.7 before 8.7(1.3), and Cisco Firewall Services Module (FWSM) software 3.1 and 3.2 before 3.2(24.1) and 4.0 and 4.1 before 4.1(11.1), allow remote attackers to cause a denial of service (device reload) via a crafted IKEv1 message, aka Bug IDs CSCub85692 and CSCud20267. | ||||
| Applies to: Cisco ASA 5500 Adaptive Security Appliance |
Created: 2013-04-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1146 |
Title: The Smart Install client functionality in Cisco IOS 12.2 and 15.0 through 15.3 on Catalyst switches allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in Smart Install packets, aka Bug ID CSCub55790. |
Type: Hardware |
Bulletins:
CVE-2013-1146 |
Severity: High |
| Description: The Smart Install client functionality in Cisco IOS 12.2 and 15.0 through 15.3 on Catalyst switches allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in Smart Install packets, aka Bug ID CSCub55790. | ||||
| Applies to: |
Created: 2013-03-28 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1143 |
Title: The RSVP protocol implementation in Cisco IOS 12.2 and 15.0 through 15.2 and IOS XE 3.1.xS through 3.4.xS before 3.4.5S and 3.5.xS through 3.7.xS before 3.7.2S, when MPLS-TE is enabled, allows remote attackers to cause a denial of service (incorrect... |
Type: Hardware |
Bulletins:
CVE-2013-1143 |
Severity: High |
| Description: The RSVP protocol implementation in Cisco IOS 12.2 and 15.0 through 15.2 and IOS XE 3.1.xS through 3.4.xS before 3.4.5S and 3.5.xS through 3.7.xS before 3.7.2S, when MPLS-TE is enabled, allows remote attackers to cause a denial of service (incorrect memory access and device reload) via a traffic engineering PATH message in an RSVP packet, aka Bug ID CSCtg39957. | ||||
| Applies to: |
Created: 2013-03-28 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1147 |
Title: The Protocol Translation (PT) functionality in Cisco IOS 12.3 through 12.4 and 15.0 through 15.3, when one-step port-23 translation or a Telnet-to-PAD ruleset is configured, does not properly validate TCP connection information, which allows remote... |
Type: Hardware |
Bulletins:
CVE-2013-1147 |
Severity: High |
| Description: The Protocol Translation (PT) functionality in Cisco IOS 12.3 through 12.4 and 15.0 through 15.3, when one-step port-23 translation or a Telnet-to-PAD ruleset is configured, does not properly validate TCP connection information, which allows remote attackers to cause a denial of service (device reload) via an attempted connection to a PT resource, aka Bug ID CSCtz35999. | ||||
| Applies to: |
Created: 2013-03-28 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1148 |
Title: The General Responder implementation in the IP Service Level Agreement (SLA) feature in Cisco IOS 15.2 and IOS XE 3.1.xS through 3.4.xS before 3.4.5S and 3.5.xS through 3.7.xS before 3.7.2S allows remote attackers to cause a denial of service... |
Type: Hardware |
Bulletins:
CVE-2013-1148 |
Severity: High |
| Description: The General Responder implementation in the IP Service Level Agreement (SLA) feature in Cisco IOS 15.2 and IOS XE 3.1.xS through 3.4.xS before 3.4.5S and 3.5.xS through 3.7.xS before 3.7.2S allows remote attackers to cause a denial of service (device reload) via crafted (1) IPv4 or (2) IPv6 IP SLA packets on UDP port 1167, aka Bug ID CSCuc72594. | ||||
| Applies to: |
Created: 2013-03-28 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1142 |
Title: Race condition in the VRF-aware NAT feature in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 allows remote attackers to cause a denial of service (memory consumption) via IPv4 packets, aka Bug IDs CSCtg47129 and CSCtz96745. |
Type: Hardware |
Bulletins:
CVE-2013-1142 |
Severity: High |
| Description: Race condition in the VRF-aware NAT feature in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 allows remote attackers to cause a denial of service (memory consumption) via IPv4 packets, aka Bug IDs CSCtg47129 and CSCtz96745. | ||||
| Applies to: |
Created: 2013-03-28 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1144 |
Title: Memory leak in the IKEv1 implementation in Cisco IOS 15.1 allows remote attackers to cause a denial of service (memory consumption) via unspecified (1) IPv4 or (2) IPv6 IKE packets, aka Bug ID CSCth81055. |
Type: Hardware |
Bulletins:
CVE-2013-1144 |
Severity: High |
| Description: Memory leak in the IKEv1 implementation in Cisco IOS 15.1 allows remote attackers to cause a denial of service (memory consumption) via unspecified (1) IPv4 or (2) IPv6 IKE packets, aka Bug ID CSCth81055. | ||||
| Applies to: |
Created: 2013-03-28 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1145 |
Title: Memory leak in Cisco IOS 12.2, 12.4, 15.0, and 15.1, when Zone-Based Policy Firewall SIP application layer gateway inspection is enabled, allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed SIP... |
Type: Hardware |
Bulletins:
CVE-2013-1145 |
Severity: High |
| Description: Memory leak in Cisco IOS 12.2, 12.4, 15.0, and 15.1, when Zone-Based Policy Firewall SIP application layer gateway inspection is enabled, allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed SIP messages, aka Bug ID CSCtl99174. | ||||
| Applies to: |
Created: 2013-03-28 |
Updated: 2025-10-08 |
||
| ID: CVE-2012-5216 |
Title: Cross-site request forgery (CSRF) vulnerability on HP ProCurve 1700-8 (aka J9079A) switches with software before VA.02.09 and 1700-24 (aka J9080A) switches with software before VB.02.09 allows remote attackers to hijack the authentication of... |
Type: Hardware |
Bulletins:
CVE-2012-5216 |
Severity: Medium |
| Description: Cross-site request forgery (CSRF) vulnerability on HP ProCurve 1700-8 (aka J9079A) switches with software before VA.02.09 and 1700-24 (aka J9080A) switches with software before VB.02.09 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| Applies to: |
Created: 2013-03-28 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1162 |
Title: The traffic engineering (TE) processing subsystem in Cisco IOS XR allows remote attackers to cause a denial of service (process restart) via crafted TE packets, aka Bug ID CSCue04000. |
Type: Hardware |
Bulletins:
CVE-2013-1162 |
Severity: Medium |
| Description: The traffic engineering (TE) processing subsystem in Cisco IOS XR allows remote attackers to cause a denial of service (process restart) via crafted TE packets, aka Bug ID CSCue04000. | ||||
| Applies to: |
Created: 2013-03-25 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-0980 |
Title: The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call... |
Type: Mobile Devices |
Bulletins:
CVE-2013-0980 |
Severity: Low |
| Description: The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call feature. | ||||
| Applies to: |
Created: 2013-03-20 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-0979 |
Title: lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that... |
Type: Mobile Devices |
Bulletins:
CVE-2013-0979 |
Severity: Low |
| Description: lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that contains a pathname with a symlink. | ||||
| Applies to: |
Created: 2013-03-20 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1141 |
Title: The mDNS snooping functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.4.1.54 and earlier does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) via crafted mDNS... |
Type: Hardware |
Bulletins:
CVE-2013-1141 |
Severity: Medium |
| Description: The mDNS snooping functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.4.1.54 and earlier does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) via crafted mDNS packets, aka Bug ID CSCue04153. | ||||
| Applies to: |
Created: 2013-02-28 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1134 |
Title: The Location Bandwidth Manager (LBM) Intracluster-communication feature in Cisco Unified Communications Manager (CUCM) 9.x before 9.1(1) does not require authentication from the remote LBM Hub node, which allows remote attackers to conduct... |
Type: Hardware |
Bulletins:
CVE-2013-1134 |
Severity: High |
| Description: The Location Bandwidth Manager (LBM) Intracluster-communication feature in Cisco Unified Communications Manager (CUCM) 9.x before 9.1(1) does not require authentication from the remote LBM Hub node, which allows remote attackers to conduct cache-poisoning attacks against transaction records, and cause a denial of service (bandwidth-pool consumption and call outage), via unspecified vectors, aka Bug ID CSCub28920. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-02-27 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1133 |
Title: Cisco Unified Communications Manager (CUCM) 8.6 before 8.6(2a)su2, 8.6 BE3k before 8.6(4) BE3k, and 9.x before 9.0(1) allows remote attackers to cause a denial of service (CPU consumption and GUI and voice outages) via malformed packets to unused... |
Type: Hardware |
Bulletins:
CVE-2013-1133 |
Severity: High |
| Description: Cisco Unified Communications Manager (CUCM) 8.6 before 8.6(2a)su2, 8.6 BE3k before 8.6(4) BE3k, and 9.x before 9.0(1) allows remote attackers to cause a denial of service (CPU consumption and GUI and voice outages) via malformed packets to unused UDP ports, aka Bug ID CSCtx43337. | ||||
| Applies to: Unified Communications Manager |
Created: 2013-02-27 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1138 |
Title: The NAT process on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (connections-table memory consumption) via crafted packets, aka Bug ID CSCue46386. |
Type: Hardware |
Bulletins:
CVE-2013-1138 |
Severity: Medium |
| Description: The NAT process on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (connections-table memory consumption) via crafted packets, aka Bug ID CSCue46386. | ||||
| Applies to: |
Created: 2013-02-25 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-0120 |
Title: The web interface on Dell PowerConnect 6248P switches allows remote attackers to cause a denial of service (device crash) via a malformed request. |
Type: Hardware |
Bulletins:
CVE-2013-0120 |
Severity: High |
| Description: The web interface on Dell PowerConnect 6248P switches allows remote attackers to cause a denial of service (device crash) via a malformed request. | ||||
| Applies to: PowerConnect 6248P |
Created: 2013-02-24 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-0879 |
Title: Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly implement web audio nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have... |
Type: Mobile Devices |
Bulletins:
CVE-2013-0879 |
Severity: High |
| Description: Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly implement web audio nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | ||||
| Applies to: |
Created: 2013-02-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1100 |
Title: The HTTP server in Cisco IOS on Catalyst switches does not properly handle TCP socket events, which allows remote attackers to cause a denial of service (device crash) via crafted packets on TCP port (1) 80 or (2) 443, aka Bug ID CSCuc53853. |
Type: Hardware |
Bulletins:
CVE-2013-1100 |
Severity: Medium |
| Description: The HTTP server in Cisco IOS on Catalyst switches does not properly handle TCP socket events, which allows remote attackers to cause a denial of service (device crash) via crafted packets on TCP port (1) 80 or (2) 443, aka Bug ID CSCuc53853. | ||||
| Applies to: |
Created: 2013-02-13 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1122 |
Title: Cisco NX-OS on the Nexus 7000, when a certain Overlay Transport Virtualization (OTV) configuration is used, allows remote attackers to cause a denial of service (M1-Series module reload) via crafted packets, aka Bug ID CSCud15673. |
Type: Hardware |
Bulletins:
CVE-2013-1122 |
Severity: Medium |
| Description: Cisco NX-OS on the Nexus 7000, when a certain Overlay Transport Virtualization (OTV) configuration is used, allows remote attackers to cause a denial of service (M1-Series module reload) via crafted packets, aka Bug ID CSCud15673. | ||||
| Applies to: Cisco Nexus 7000 |
Created: 2013-02-13 |
Updated: 2025-10-08 |
||
| ID: CVE-2011-5262 |
Title: SQL injection vulnerability in prodpage.cfm in SonicWALL Aventail allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter. |
Type: Hardware |
Bulletins:
CVE-2011-5262 SFBID50702 |
Severity: High |
| Description: SQL injection vulnerability in prodpage.cfm in SonicWALL Aventail allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter. | ||||
| Applies to: SonicWall SSL-VPN 6000 SonicWall SSL-VPN 7000 SonicWall SSL-VPN 9000 |
Created: 2013-02-12 |
Updated: 2025-10-08 |
||
| ID: CVE-2011-1350 |
Title: The PowerVR SGX driver in Android before 2.3.6 allows attackers to obtain potentially sensitive information from kernel stack memory via an application that uses a crafted length parameter in a request to the pvrsrvkm device. |
Type: Mobile Devices |
Bulletins:
CVE-2011-1350 |
Severity: High |
| Description: The PowerVR SGX driver in Android before 2.3.6 allows attackers to obtain potentially sensitive information from kernel stack memory via an application that uses a crafted length parameter in a request to the pvrsrvkm device. | ||||
| Applies to: |
Created: 2013-02-05 |
Updated: 2025-10-08 |
||
| ID: CVE-2011-1352 |
Title: The PowerVR SGX driver in Android before 2.3.6 allows attackers to gain root privileges via an application that triggers kernel memory corruption using crafted user data to the pvrsrvkm device. |
Type: Mobile Devices |
Bulletins:
CVE-2011-1352 |
Severity: Medium |
| Description: The PowerVR SGX driver in Android before 2.3.6 allows attackers to gain root privileges via an application that triggers kernel memory corruption using crafted user data to the pvrsrvkm device. | ||||
| Applies to: |
Created: 2013-02-05 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-0948 |
Title: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Mobile Devices |
Bulletins:
CVE-2013-0948 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. | ||||
| Applies to: |
Created: 2013-01-29 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-0949 |
Title: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Mobile Devices |
Bulletins:
CVE-2013-0949 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. | ||||
| Applies to: |
Created: 2013-01-29 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-0950 |
Title: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Mobile Devices |
Bulletins:
CVE-2013-0950 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. | ||||
| Applies to: |
Created: 2013-01-29 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-0951 |
Title: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Mobile Devices |
Bulletins:
CVE-2013-0951 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. | ||||
| Applies to: |
Created: 2013-01-29 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-0952 |
Title: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Mobile Devices |
Bulletins:
CVE-2013-0952 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. | ||||
| Applies to: |
Created: 2013-01-29 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-0953 |
Title: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Mobile Devices |
Bulletins:
CVE-2013-0953 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. | ||||
| Applies to: |
Created: 2013-01-29 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-0954 |
Title: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Mobile Devices |
Bulletins:
CVE-2013-0954 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. | ||||
| Applies to: |
Created: 2013-01-29 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-0955 |
Title: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Mobile Devices |
Bulletins:
CVE-2013-0955 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. | ||||
| Applies to: |
Created: 2013-01-29 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-0956 |
Title: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Mobile Devices |
Bulletins:
CVE-2013-0956 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. | ||||
| Applies to: |
Created: 2013-01-29 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-0958 |
Title: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Mobile Devices |
Bulletins:
CVE-2013-0958 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. | ||||
| Applies to: |
Created: 2013-01-29 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-0959 |
Title: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Mobile Devices |
Bulletins:
CVE-2013-0959 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. | ||||
| Applies to: |
Created: 2013-01-29 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-0968 |
Title: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Mobile Devices |
Bulletins:
CVE-2013-0968 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. | ||||
| Applies to: |
Created: 2013-01-29 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-0974 |
Title: StoreKit in Apple iOS before 6.1 does not properly handle the disabling of JavaScript within the preferences configuration of Mobile Safari, which allows remote attackers to bypass intended access restrictions and execute JavaScript... |
Type: Mobile Devices |
Bulletins:
CVE-2013-0974 |
Severity: Medium |
| Description: StoreKit in Apple iOS before 6.1 does not properly handle the disabling of JavaScript within the preferences configuration of Mobile Safari, which allows remote attackers to bypass intended access restrictions and execute JavaScript code via a web site with a Smart App Banner. | ||||
| Applies to: |
Created: 2013-01-29 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-0963 |
Title: Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment of an... |
Type: Mobile Devices |
Bulletins:
CVE-2013-0963 |
Severity: Low |
| Description: Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment of an empty string value to an AppleID. | ||||
| Applies to: |
Created: 2013-01-29 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-0962 |
Title: Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 6.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted content that is not properly handled during a copy-and-paste operation. |
Type: Mobile Devices |
Bulletins:
CVE-2013-0962 |
Severity: Low |
| Description: Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 6.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted content that is not properly handled during a copy-and-paste operation. | ||||
| Applies to: |
Created: 2013-01-29 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1102 |
Title: The Wireless Intrusion Prevention System (wIPS) component on Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.0, 7.1 and 7.2 before 7.2.110.0, and 7.3 before 7.3.101.0 allows remote attackers to cause a denial of service... |
Type: Hardware |
Bulletins:
CVE-2013-1102 SFBID57524 |
Severity: High |
| Description: The Wireless Intrusion Prevention System (wIPS) component on Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.0, 7.1 and 7.2 before 7.2.110.0, and 7.3 before 7.3.101.0 allows remote attackers to cause a denial of service (device reload) via crafted IP packets, aka Bug ID CSCtx80743. | ||||
| Applies to: Cisco WLC 2000 Cisco WLC 2100 Cisco WLC 4100 Cisco WLC 4400 |
Created: 2013-01-24 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1104 |
Title: The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent header, aka Bug ID CSCuc15636. |
Type: Hardware |
Bulletins:
CVE-2013-1104 SFBID57524 |
Severity: High |
| Description: The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent header, aka Bug ID CSCuc15636. | ||||
| Applies to: Cisco WLC 2000 Cisco WLC 2100 Cisco WLC 4100 Cisco WLC 4400 |
Created: 2013-01-24 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1105 |
Title: Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.3, 7.1 and 7.2 before 7.2.111.3, and 7.3 before 7.3.101.0 allow remote authenticated users to bypass wireless-management settings and read or modify the device... |
Type: Hardware |
Bulletins:
CVE-2013-1105 SFBID57524 |
Severity: High |
| Description: Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.3, 7.1 and 7.2 before 7.2.111.3, and 7.3 before 7.3.101.0 allow remote authenticated users to bypass wireless-management settings and read or modify the device configuration via an SNMP request, aka Bug ID CSCua60653. | ||||
| Applies to: Cisco WLC 2000 Cisco WLC 2100 |
Created: 2013-01-24 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-1103 |
Title: Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (Access Point reload) via crafted SIP packets, aka Bug ID CSCts87659. |
Type: Hardware |
Bulletins:
CVE-2013-1103 SFBID57524 |
Severity: High |
| Description: Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (Access Point reload) via crafted SIP packets, aka Bug ID CSCts87659. | ||||
| Applies to: Cisco WLC 2000 Cisco WLC 2100 Cisco WLC 4100 Cisco WLC 4400 |
Created: 2013-01-24 |
Updated: 2025-10-08 |
||
| ID: CVE-2012-6396 |
Title: Cisco NX-OS on Nexus 7000 series switches does not properly handle certain line-card replacements, which might allow remote authenticated users to cause a denial of service (memory consumption) via a crafted configuration that references interfaces... |
Type: Hardware |
Bulletins:
CVE-2012-6396 |
Severity: Medium |
| Description: Cisco NX-OS on Nexus 7000 series switches does not properly handle certain line-card replacements, which might allow remote authenticated users to cause a denial of service (memory consumption) via a crafted configuration that references interfaces that do not exist on the new card, aka Bug ID CSCud44300. | ||||
| Applies to: Cisco Nexus 7000 Cisco Nexus 7000-9slot Cisco Nexus 7010 Cisco Nexus 7018 |
Created: 2013-01-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2012-5717 |
Title: Cisco Adaptive Security Appliances (ASA) devices with firmware 8.x through 8.4(1) do not properly manage SSH sessions, which allows remote authenticated users to cause a denial of service (device crash) by establishing multiple sessions, aka Bug ID... |
Type: Hardware |
Bulletins:
CVE-2012-5717 |
Severity: Medium |
| Description: Cisco Adaptive Security Appliances (ASA) devices with firmware 8.x through 8.4(1) do not properly manage SSH sessions, which allows remote authenticated users to cause a denial of service (device crash) by establishing multiple sessions, aka Bug ID CSCtc59462. | ||||
| Applies to: |
Created: 2013-01-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2012-6395 |
Title: Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do not properly validate unspecified input related to UNC share pathnames, which allows remote authenticated users to cause a denial of service (device crash) via unknown vectors,... |
Type: Hardware |
Bulletins:
CVE-2012-6395 |
Severity: Medium |
| Description: Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do not properly validate unspecified input related to UNC share pathnames, which allows remote authenticated users to cause a denial of service (device crash) via unknown vectors, aka Bug ID CSCuc65775. | ||||
| Applies to: |
Created: 2013-01-18 |
Updated: 2025-10-08 |
||
