LiveActive security incident?Get immediate response
CVE archive

November 2013

Browse CVE records published in November 2013, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 505 matching CVEs · Page 3 of 11.

Unknown · CVSS Not scored

CVE-2013-5990: Unspecified vulnerability in JustSystems Ichitaro 2006 through 2011; Ichitaro Government 6, 7, and 2006 thr...

Unspecified vulnerability in JustSystems Ichitaro 2006 through 2011; Ichitaro Government 6, 7, and 2006 through 2010; Ichitaro 2011 Sou; Ichitaro 2012 Shou; Ichitaro 2013 Gen and Gen Trial Edition; Ichitaro Pro; Ichitaro Pro 2 and Pro 2 Trial Edition; Ichitaro Viewer; and Ichitaro Portable with oreplug allows remote attackers to execute arbitrary code via a crafted document.

Published Nov 13, 2013 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2013-6357: Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earl...

Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI. NOTE: the vendor disputes the significance of this report, stating that "the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator.

Published Nov 13, 2013 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2013-5695: Multiple cross-site scripting (XSS) vulnerabilities in Opsview before 4.4.1 allow remote attackers to injec...

Multiple cross-site scripting (XSS) vulnerabilities in Opsview before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/auditlog/, (2) PATH_INFO to info/host/ or (3) viewport/, (4) back parameter to login, or (5) "from" parameter to status/service/recheck.

Published Nov 5, 2013 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2013-5551: Cisco Adaptive Security Appliance (ASA) Software, when certain same-security-traffic and management-access...

Cisco Adaptive Security Appliance (ASA) Software, when certain same-security-traffic and management-access options are enabled, allows remote authenticated users to cause a denial of service (stack overflow and device reload) by using the clientless SSL VPN portal for internal-resource browsing, aka Bug ID CSCui51199.

Published Nov 1, 2013 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2013-6763: The uio_mmap_physical function in drivers/uio/uio.c in the Linux kernel before 3.12 does not validate the s...

The uio_mmap_physical function in drivers/uio/uio.c in the Linux kernel before 3.12 does not validate the size of a memory block, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted mmap operations, a different vulnerability than CVE-2013-4511.

Published Nov 12, 2013 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2013-6798: BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not properly determin...

BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not properly determine the user account for execution of Peer Manager in certain situations involving successive logins with different accounts, which allows context-dependent attackers to bypass intended restrictions on remote file-access folders via IPv6 WebDAV requests, a different vulnerability than CVE-2013-3694.

Published Nov 16, 2013 · Updated Aug 6, 2024