|
258961
|
- |
|
apple
canonical
|
cups
ubuntu_linux
|
lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cup…
|
CWE-59
Link Following
|
CVE-2013-6891
|
2014-03-6 13:49 |
2014-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258962
|
- |
|
belkin
|
wemo_home_automation_firmware
|
The peerAddresses API in the Belkin WeMo Home Automation firmware before 3949 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunct…
|
CWE-94
Code Injection
|
CVE-2013-6948
|
2014-03-6 13:49 |
2014-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258963
|
- |
|
belkin
|
wemo_home_automation_firmware
|
The Belkin WeMo Home Automation firmware before 3949 does not properly use the STUN and TURN protocols, which allows remote attackers to hijack connections and possibly have unspecified other impact …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6949
|
2014-03-6 13:49 |
2014-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258964
|
- |
|
belkin
|
wemo_home_automation_firmware
|
The Belkin WeMo Home Automation firmware before 3949 does not use SSL for the distribution feed, which allows man-in-the-middle attackers to install arbitrary firmware by spoofing a distribution serv…
|
CWE-310
Cryptographic Issues
|
CVE-2013-6950
|
2014-03-6 13:49 |
2014-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258965
|
- |
|
belkin
|
wemo_home_automation_firmware
|
The Belkin WeMo Home Automation firmware before 3949 has a hardcoded GPG key, which makes it easier for remote attackers to spoof firmware updates and execute arbitrary code via crafted signed data.
|
CWE-310
Cryptographic Issues
|
CVE-2013-6952
|
2014-03-6 13:49 |
2014-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258966
|
- |
|
apple
|
iphone_os
|
The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-5139
|
2014-03-6 13:48 |
2013-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258967
|
- |
|
apple
|
iphone_os
|
Per: http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
"Executing a malicious application may result in arbitrary
code execution within the kernel"
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-5139
|
2014-03-6 13:48 |
2013-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258968
|
- |
|
apple
|
mac_os_x
|
LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filenames, which allows context-dependent attackers to spoof file extensions via a crafted character sequ…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-5178
|
2014-03-6 13:48 |
2013-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258969
|
- |
|
apple
|
mac_os_x
|
App Sandbox in Apple Mac OS X before 10.9 allows attackers to bypass intended sandbox restrictions via a crafted app that uses the LaunchServices interface to specify process arguments.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-5179
|
2014-03-6 13:48 |
2013-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258970
|
- |
|
oracle
|
database_server
|
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect availability via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2013-5764
|
2014-03-6 13:48 |
2014-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
