Total
5466 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4033 | 1 Ibm | 2 Db2, Db2 Connect | 2017-08-29 | 4.6 MEDIUM | N/A |
| IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 allow remote authenticated users to execute DML statements by leveraging EXPLAIN authority. | |||||
| CVE-2013-4027 | 1 Ibm | 1 Maximo Asset Management | 2017-08-29 | 6.5 MEDIUM | N/A |
| IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2013-4025 | 1 Ibm | 4 Data Studio Web Console, Db2 Recovery Expert, Infosphere Optim Configuration Manager and 1 more | 2017-08-29 | 1.9 LOW | N/A |
| IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x do not have an off autocomplete attribute for the login-password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | |||||
| CVE-2013-4012 | 1 Ibm | 2 Content Template Catalog, Websphere Portal | 2017-08-29 | 4.9 MEDIUM | N/A |
| IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF09, when Content Template Catalog 4.0 is used, does not require administrative privileges for Portal Application Archive (PAA) file installation, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. | |||||
| CVE-2013-3993 | 1 Ibm | 1 Infosphere Biginsights | 2017-08-29 | 3.5 LOW | N/A |
| IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or access untrusted data or code, via crafted parameters in unspecified API calls. | |||||
| CVE-2013-3985 | 1 Ibm | 1 Lotus Sametime | 2017-08-29 | 2.9 LOW | N/A |
| The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 does not properly restrict application cookies, which allows remote attackers to read session variables by leveraging a weak setting of the Domain variable. | |||||
| CVE-2013-3981 | 1 Ibm | 1 Sametime | 2017-08-29 | 5.0 MEDIUM | N/A |
| The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to download avatar photos of arbitrary users via unspecified vectors. | |||||
| CVE-2013-3978 | 1 Ibm | 1 Sametime | 2017-08-29 | 5.0 MEDIUM | N/A |
| The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not send the appropriate HTTP response headers to prevent unwanted caching by a web browser, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation. | |||||
| CVE-2013-3976 | 1 Ibm | 4 Data Protection, Flashcopy Manager, Tivoli Storage Flashcopy Manager and 1 more | 2017-08-29 | 2.1 LOW | N/A |
| The (1) Data Protection for Exchange component 6.1 before 6.1.3.4 and 6.3 before 6.3.1 in IBM Tivoli Storage Manager for Mail and the (2) FlashCopy Manager for Exchange component 2.2 and 3.1 before 3.1.1 in IBM Tivoli Storage FlashCopy Manager do not properly constrain mailbox contents during certain PST restore operations, which allows remote authenticated users to read the personal e-mail of other users in opportunistic circumstances by launching an e-mail client after an administrator performs a multiple-mailbox restore. | |||||
| CVE-2013-3971 | 1 Ibm | 1 Maximo Asset Management | 2017-08-29 | 4.0 MEDIUM | N/A |
| IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-3049. | |||||
| CVE-2013-3692 | 1 Blackberry | 2 Blackberry Os, Z10 | 2017-08-29 | 6.2 MEDIUM | N/A |
| BlackBerry 10 OS before 10.0.10.648 on BlackBerry Z10 smartphones uses weak permissions for a BlackBerry Protect object, which allows physically proximate attackers to bypass intended access restrictions by leveraging a user's BlackBerry Protect password-reset request and a user's installation of a crafted application. | |||||
| CVE-2013-3425 | 1 Cisco | 1 Webex | 2017-08-29 | 4.0 MEDIUM | N/A |
| The Meeting Center component in Cisco WebEx 11 generates different error messages for invalid file-access attempts depending on whether a file exists, which allows remote authenticated users to enumerate files via a series of SPI calls, aka Bug ID CSCuc35965. | |||||
| CVE-2013-3044 | 1 Ibm | 1 Lotus Sametime | 2017-08-29 | 3.5 LOW | N/A |
| The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to spoof the origin of chat messages, or compose anonymous chat messages, by leveraging meeting-attendance privileges. | |||||
| CVE-2013-3037 | 1 Ibm | 1 Rational Requirements Composer | 2017-08-29 | 4.4 MEDIUM | N/A |
| Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for local users to gain privileges via unknown vectors. | |||||
| CVE-2013-3016 | 1 Ibm | 1 Websphere Portal | 2017-08-29 | 5.0 MEDIUM | N/A |
| IBM WebSphere Portal 6.1, 7.0, and 8.0 allows remote attackers to access the user directory via a crafted request for a servlet, related to the serveServletsByClassnameEnabled setting. | |||||
| CVE-2013-2997 | 1 Ibm | 1 Security Appscan | 2017-08-29 | 1.7 LOW | N/A |
| IBM Security AppScan Enterprise before 8.7 does not invalidate the session context upon a logout action, which allows remote attackers to hijack sessions by leveraging an unattended workstation. | |||||
| CVE-2013-2989 | 1 Ibm | 1 Sterling Connect | 2017-08-29 | 6.8 MEDIUM | N/A |
| The file-copying functionality in IBM Sterling Connect:Direct 3.8.00, 4.0.00, and 4.1.0 for UNIX on AIX 6.1 through 7.1 uses incorrect privileges, which allows local users to bypass filesystem read permissions and write permissions by leveraging authentication to the Connect:Direct product. | |||||
| CVE-2013-2974 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2017-08-29 | 7.5 HIGH | N/A |
| The BIRT viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.x before 7.2.1.5 allows remote authenticated users to bypass authorization checks and obtain report-administration privileges, and consequently create or delete reports or conduct SQL injection attacks, via crafted parameters to the BIRT reporting URL. | |||||
| CVE-2013-2777 | 2 Apple, Todd Miller | 2 Mac Os X, Sudo | 2017-08-29 | 4.4 MEDIUM | N/A |
| sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions. | |||||
| CVE-2013-2776 | 2 Apple, Todd Miller | 2 Mac Os X, Sudo | 2017-08-29 | 4.4 MEDIUM | N/A |
| sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions. | |||||