258771
|
- |
|
belkin
|
wemo_home_automation_firmware
|
The peerAddresses API in the Belkin WeMo Home Automation firmware before 3949 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunct…
|
CWE-94
Code Injection
|
CVE-2013-6948
|
2014-03-6 13:49 |
2014-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258772
|
- |
|
belkin
|
wemo_home_automation_firmware
|
The Belkin WeMo Home Automation firmware before 3949 does not properly use the STUN and TURN protocols, which allows remote attackers to hijack connections and possibly have unspecified other impact …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6949
|
2014-03-6 13:49 |
2014-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258773
|
- |
|
belkin
|
wemo_home_automation_firmware
|
The Belkin WeMo Home Automation firmware before 3949 does not use SSL for the distribution feed, which allows man-in-the-middle attackers to install arbitrary firmware by spoofing a distribution serv…
|
CWE-310
Cryptographic Issues
|
CVE-2013-6950
|
2014-03-6 13:49 |
2014-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258774
|
- |
|
belkin
|
wemo_home_automation_firmware
|
The Belkin WeMo Home Automation firmware before 3949 has a hardcoded GPG key, which makes it easier for remote attackers to spoof firmware updates and execute arbitrary code via crafted signed data.
|
CWE-310
Cryptographic Issues
|
CVE-2013-6952
|
2014-03-6 13:49 |
2014-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258775
|
- |
|
apple
|
iphone_os
|
The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-5139
|
2014-03-6 13:48 |
2013-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258776
|
- |
|
apple
|
iphone_os
|
Per: http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
"Executing a malicious application may result in arbitrary
code execution within the kernel"
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-5139
|
2014-03-6 13:48 |
2013-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258777
|
- |
|
apple
|
mac_os_x
|
LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filenames, which allows context-dependent attackers to spoof file extensions via a crafted character sequ…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-5178
|
2014-03-6 13:48 |
2013-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258778
|
- |
|
apple
|
mac_os_x
|
App Sandbox in Apple Mac OS X before 10.9 allows attackers to bypass intended sandbox restrictions via a crafted app that uses the LaunchServices interface to specify process arguments.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-5179
|
2014-03-6 13:48 |
2013-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258779
|
- |
|
oracle
|
database_server
|
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect availability via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2013-5764
|
2014-03-6 13:48 |
2014-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258780
|
- |
|
qemu
|
qemu
|
Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by "hot-unplugging" a virtio device.
|
CWE-399
Resource Management Errors
|
CVE-2013-4377
|
2014-03-6 13:47 |
2013-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|