CVEs from 2013
Total
5,738
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.0%
% with KEV
0.7%
% with exploit
0.9%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2013-5547 | high | — | 7.8 | 13y ago | Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending malformed EoGRE packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuf0… | |
| CVE-2013-5546 | high | — | 7.8 | 13y ago | The TCP reassembly feature in Cisco IOS XE 3.7 before 3.7.3S and 3.8 before 3.8.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via large TCP packets that … | |
| CVE-2013-5545 | high | — | 7.8 | 13y ago | The PPTP ALG implementation in Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending many PPTP packets over NAT, aka Bug I… | |
| CVE-2013-5543 | high | — | 7.8 | 13y ago | Cisco IOS XE 3.4 before 3.4.2S and 3.5 before 3.5.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via malformed ICMP error packets associated with a (1) TC… | |
| CVE-2013-5741 | high | — | 7.8 | 13y ago | Triangle Research International (aka Tri) Nano-10 PLC devices with firmware r81 and earlier do not properly handle large length values in MODBUS data, which allows remote attackers to cause a denial … | |
| CVE-2013-6016 | high | — | 7.8 | 13y ago | The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, APM, ASM, Edge Gateway, GTM, Link Controller, and WOM 10.0.0 through 10.2.2 and 11.0.0; Analytics 11.0.0; PSM 9.4.0 through 9.4.8, 10.0.0 th… | |
| CVE-2013-5537 | high | — | 7.8 | 13y ago | The web framework on Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) devices does not properly manage the state of HTTP and HTTPS s… | |
| CVE-2013-5515 | high | — | 7.8 | 13y ago | The Clientless SSL VPN feature in Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.44), 8.3.x before 8.3(2.39), 8.4.x before 8.4(5.7), 8.6.x before 8.6(1.12), 9.0.x before 9.0(2.6), … | |
| CVE-2013-3415 | high | — | 7.8 | 13y ago | Cisco Adaptive Security Appliance (ASA) Software 8.4.x before 8.4(3) and 8.6.x before 8.6(1.3) does not properly manage memory upon an AnyConnect SSL VPN client disconnection, which allows remote att… | |
| CVE-2013-2787 | high | — | 7.8 | 13y ago | Alstom e-terracontrol 3.5, 3.6, and 3.7 allows remote attackers to cause a denial of service (infinite loop) via crafted DNP3 packets. | |
| CVE-2013-3687 | high | — | 7.8 | 13y ago | AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models use cleartext to store sensitive information, which allows attackers to obtain passwo… | |
| CVE-2013-2581 | high | — | 7.8 | 13y ago | cgi-bin/firmwareupgrade in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to modify the fir… | |
| CVE-2013-3861 | high | — | 7.8 | 13y ago | Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 allows remote attackers to cause a denial of service (application crash or hang) via crafted character sequences in JSON data, aka "J… | |
| CVE-2013-3860 | high | — | 7.8 | 13y ago | Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly parse a DTD during XML digital-signature validation, which allows remote attackers to cause a denial of service (ap… | |
| CVE-2013-3689 | high | — | 7.8 | 13y ago | Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.0.6.16C1 and earlier, do not properly restrict access to configfile.dump, which… | |
| CVE-2013-3541 | high | — | 7.8 | 13y ago | Directory traversal vulnerability in cgi-bin/admin/fileread in AirLive WL2600CAM and possibly other camera models allows remote attackers to read arbitrary files via a .. (dot dot) in the READ.filePa… | |
| CVE-2013-6011 | high | — | 7.8 | 13y ago | Citrix NetScaler Application Delivery Controller (ADC) 10.0 before 10.0-76.7 allows remote attackers to cause a denial of service (nsconfigd crash and appliance reboot) via a crafted request. | |
| CVE-2013-3625 | high | — | 7.8 | 13y ago | An unspecified DLL file in Baramundi Management Suite 7.5 through 8.9 uses a hardcoded encryption key, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging … | |
| CVE-2013-3624 | high | — | 7.8 | 13y ago | The OS deployment feature in Baramundi Management Suite 7.5 through 8.9 stores credentials in cleartext on deployed machines, which allows remote attackers to obtain sensitive information by reading … | |
| CVE-2013-3593 | high | — | 7.8 | 13y ago | Baramundi Management Suite 7.5 through 8.9 uses cleartext for (1) client-server communication and (2) data storage, which allows remote attackers to obtain sensitive information by sniffing the netwo… | |
| CVE-2013-5503 | high | — | 7.8 | 13y ago | The UDP process in Cisco IOS XR 4.3.1 does not free packet memory upon detecting full packet queues, which allows remote attackers to cause a denial of service (memory consumption) via UDP packets to… | |
| CVE-2013-1839 | high | — | 7.8 | 13y ago | The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a ",… | |
| CVE-2013-5480 | high | — | 7.8 | 13y ago | The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka … | |
| CVE-2013-5479 | high | — | 7.8 | 13y ago | The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka … | |
| CVE-2013-5478 | high | — | 7.8 | 13y ago | Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via crafted UDP RSVP packets, aka Bug… | |
| CVE-2013-5477 | high | — | 7.8 | 13y ago | The T1/E1 driver-queue functionality in Cisco IOS 12.2 and 15.0 through 15.3, when an HDLC32 driver is used, allows remote attackers to cause a denial of service (interface queue wedge) via bursty ne… | |
| CVE-2013-5476 | high | — | 7.8 | 13y ago | The Zone-Based Firewall (ZFW) feature in Cisco IOS 15.1 through 15.2, when content filtering or HTTP ALG inspection is enabled, allows remote attackers to cause a denial of service (device reload or … | |
| CVE-2013-5475 | high | — | 7.8 | 13y ago | Cisco IOS 12.2 through 12.4 and 15.0 through 15.3, and IOS XE 2.1 through 3.9, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets that are processed locally… | |
| CVE-2013-5474 | high | — | 7.8 | 13y ago | Race condition in the IPv6 virtual fragmentation reassembly (VFR) implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.3 allows remote attackers to cause a denial of service (device relo… | |
| CVE-2013-5473 | high | — | 7.8 | 13y ago | Memory leak in Cisco IOS 12.2, 15.1, and 15.2; IOS XE 3.4.2S through 3.4.5S; and IOS XE 3.6.xS before 3.6.1S allows remote attackers to cause a denial of service (memory consumption or device reload)… | |
| CVE-2013-5490 | high | — | 7.8 | 13y ago | Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, relat… | |
| CVE-2013-5487 | high | — | 7.8 | 13y ago | DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary files via unspecified vectors, aka Bug ID CSCue77029. | |
| CVE-2013-3473 | high | — | 7.8 | 13y ago | The web framework in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance before 9.1.1 does not properly determine the existence of an authenticated session, which allows remote atta… | |
| CVE-2013-5140 | high | — | 7.8 | 13y ago | The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment. | |
| CVE-2013-3615 | high | — | 7.8 | 13y ago | Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack. | |
| CVE-2013-3613 | high | — | 7.8 | 13y ago | Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port. | |
| CVE-2013-1342 | high | 7.8 | 7.8 | 13y ago | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 201… | |
| CVE-2013-2793 | high | — | 7.8 | 13y ago | Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow remote attacker… | |
| CVE-2013-5209 | high | — | 7.8 | 13y ago | The sctp_send_initiate_ack function in sys/netinet/sctp_output.c in the SCTP implementation in the kernel in FreeBSD 8.3 through 9.2-PRERELEASE does not properly initialize the state-cookie data stru… | |
| CVE-2013-3468 | high | — | 7.8 | 13y ago | The Cisco Unified IP Phone 8945 with software 9.3(2) allows remote attackers to cause a denial of service (device hang) via a malformed PNG file, aka Bug ID CSCud04270. | |
| CVE-2013-2353 | high | — | 7.8 | 13y ago | Unspecified vulnerability in HP StoreOnce D2D Backup System 1.x before 1.2.19 and 2.x before 2.3.0 allows remote attackers to cause a denial of service via unknown vectors. | |
| CVE-2013-4247 | high | — | 7.8 | 13y ago | Off-by-one error in the build_unc_path_to_root function in fs/cifs/connect.c in the Linux kernel before 3.9.6 allows remote attackers to cause a denial of service (memory corruption and system crash)… | |
| CVE-2013-3460 | high | — | 7.8 | 13y ago | Memory leak in Cisco Unified Communications Manager (Unified CM) 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(1) allows remote attackers to cause a denial of service (service… | |
| CVE-2013-3459 | high | — | 7.8 | 13y ago | Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6a does not properly handle errors, which allows remote attackers to cause a denial of service (service disruption) via malfor… | |
| CVE-2013-3390 | high | — | 7.8 | 13y ago | Memory leak in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (memory consumption) via a flood of… | |
| CVE-2013-3389 | high | — | 7.8 | 13y ago | Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets to… | |
| CVE-2013-3388 | high | — | 7.8 | 13y ago | Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets to… | |
| CVE-2013-3387 | high | — | 7.8 | 13y ago | Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (disk consumption) via a flood of TCP packets to p… | |
| CVE-2013-3453 | high | — | 7.8 | 13y ago | Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (m… | |
| CVE-2013-2789 | high | — | 7.8 | 13y ago | The Kepware DNP Master Driver for the KEPServerEX Communications Platform before 5.12.140.0 allows remote attackers to cause a denial of service (master-station infinite loop) via crafted DNP3 packet… | |
| CVE-2013-5301 | high | — | 7.8 | 13y ago | Directory traversal vulnerability in help.php in Trustport Webfilter 5.5.0.2232 allows remote attackers to read arbitrary files via a .. (dot dot) in the hf parameter. | |
| CVE-2013-3183 | high | — | 7.8 | 13y ago | The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly perform memory allocation… | |
| CVE-2013-3182 | high | — | 7.8 | 13y ago | The Windows NAT Driver (aka winnat) service in Microsoft Windows Server 2012 does not properly validate memory addresses during the processing of ICMP packets, which allows remote attackers to cause … | |
| CVE-2013-2790 | high | — | 7.8 | 13y ago | The master-station DNP3 driver before driver19.exe, and Beta2041.exe, in IOServer allows remote attackers to cause a denial of service (infinite loop) via crafted DNP3 packets to TCP port 20000. | |
| CVE-2013-4807 | high | — | 7.8 | 13y ago | Unspecified vulnerability on the HP LaserJet Pro P1102w, P1606dn, M1212nf MFP, M1213nf MFP, M1214nfh MFP, M1216nfh MFP, M1217nfw MFP, M1218nfs MFP, and CP1025nw with firmware before 2013-07-26 201307… | |
| CVE-2013-2112 | high | — | 7.8 | 13y ago | The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection. | |
| CVE-2013-4929 | high | — | 7.8 | 13y ago | The parseFields function in epan/dissectors/packet-dis-pdus.c in the DIS dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not terminate packet-data processing after finding zer… | |
| CVE-2013-4928 | high | — | 7.8 | 13y ago | Integer signedness error in the dissect_headers function in epan/dissectors/packet-btobex.c in the Bluetooth OBEX dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial… | |
| CVE-2013-4927 | high | — | 7.8 | 13y ago | Integer signedness error in the get_type_length function in epan/dissectors/packet-btsdp.c in the Bluetooth SDP dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attack… | |
| CVE-2013-4854 | high | — | 7.8 | 13y ago | The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remo… | |
| CVE-2013-3431 | high | — | 7.8 | 13y ago | Cisco Video Surveillance Manager (VSM) before 7.0.0 does not require authentication for access to VSMC monitoring pages, which allows remote attackers to obtain sensitive configuration, archive, and … | |
| CVE-2013-3429 | high | — | 7.8 | 13y ago | Multiple directory traversal vulnerabilities in Cisco Video Surveillance Manager (VSM) before 7.0.0 allow remote attackers to read system files via a crafted URL, related to the Cisco_VSBWT (aka Broa… | |
| CVE-2013-4890 | high | — | 7.8 | 13y ago | The DMCRUIS/0.1 web server on the Samsung PS50C7700 TV allows remote attackers to cause a denial of service (daemon crash) via a long URI to TCP port 5600. | |
| CVE-2013-4780 | high | — | 7.8 | 13y ago | core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to read arbitrary f… | |
| CVE-2013-4778 | high | — | 7.8 | 13y ago | core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to obtain sensitive… | |
| CVE-2013-3411 | high | — | 7.8 | 13y ago | The IDSM-2 drivers in Cisco Intrusion Prevention System (IPS) Software on Cisco Catalyst 6500 devices with an IDSM-2 module allow remote attackers to cause a denial of service (device hang) via malfo… | |
| CVE-2013-3410 | high | — | 7.8 | 13y ago | Cisco Intrusion Prevention System (IPS) Software on IPS NME devices before 7.0(9)E4 allows remote attackers to cause a denial of service (device reload) via malformed IPv4 packets that trigger incorr… | |
| CVE-2013-1243 | high | — | 7.8 | 13y ago | The IP stack in Cisco Intrusion Prevention System (IPS) Software in ASA 5500-X IPS-SSP software and hardware modules before 7.1(5)E4, IPS 4500 sensors before 7.1(6)E4, and IPS 4300 sensors before 7.1… | |
| CVE-2013-1218 | high | — | 7.8 | 13y ago | Cisco Intrusion Prevention System (IPS) Software in ASA 5500-X IPS-SSP software modules before 7.1(7)sp1E4 allows remote attackers to cause a denial of service (Analysis Engine process hang or device… | |
| CVE-2013-3753 | high | — | 7.8 | 13y ago | Unspecified vulnerability in Oracle Solaris 11 allows remote attackers to affect availability via vectors related to Kernel/STREAMS framework. | |
| CVE-2013-3748 | high | — | 7.8 | 13y ago | Unspecified vulnerability in Oracle Solaris 11 allows remote attackers to affect availability via vectors related to Driver/IDM (iSCSI Data Mover). | |
| CVE-2013-1943 | high | 7.8 | 7.8 | 13y ago | The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows loca… | |
| CVE-2013-2687 | high | — | 7.8 | 13y ago | Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Pla… | |
| CVE-2013-4688 | high | — | 7.8 | 13y ago | flowd in Juniper Junos 10.4 before 10.4R11 on SRX devices, when the MSRPC Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted M… | |
| CVE-2013-4687 | high | — | 7.8 | 13y ago | flowd in Juniper Junos 10.4 before 10.4S14, 11.2 and 11.4 before 11.4R6-S2, and 12.1 before 12.1R6 on SRX devices, when certain Application Layer Gateways (ALGs) are enabled, allows remote attackers … | |
| CVE-2013-4684 | high | — | 7.8 | 13y ago | flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R8, 12.1 before 12.1R7, and 12.1X44 before 12.1X44-D15 on SRX devices, when PIM and NAT are enabled, allows remote attackers to cause a den… | |
| CVE-2013-2784 | high | — | 7.8 | 13y ago | Triangle Research International (aka Tri) Nano-10 PLC devices with firmware before r81 use an incorrect algorithm for bounds checking of data in Modbus/TCP packets, which allows remote attackers to c… | |
| CVE-2013-3129 | high | 7.8 | 7.8 | 13y ago | Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3, Windo… | |
| CVE-2013-1059 | high | — | 7.8 | 13y ago | net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an… | |
| CVE-2013-4733 | high | — | 7.8 | 13y ago | The web server on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 allows remote attackers to obtain sensitive configuration an… | |
| CVE-2013-3386 | high | — | 7.8 | 13y ago | The IronPort Spam Quarantine (ISQ) component in the web framework in IronPort AsyncOS on Cisco Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019 and Content Sec… | |
| CVE-2013-3385 | high | — | 7.8 | 13y ago | The management GUI in the web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-602; Email Security Appliance devices … | |
| CVE-2013-3382 | high | — | 7.8 | 13y ago | The Next-Generation Firewall (aka NGFW, formerly CX Context-Aware Security) module 9.x before 9.1.1.9 and 9.1.2.x before 9.1.2.12 for Cisco Adaptive Security Appliances (ASA) devices allows remote at… | |
| CVE-2013-3378 | high | — | 7.8 | 13y ago | Cisco TelePresence TC Software before 6.1 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (temporary device hang) via crafted SIP packets, aka Bug ID CSCuf89557. | |
| CVE-2013-3377 | high | — | 7.8 | 13y ago | Cisco TelePresence TC Software before 5.1.7 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCue01743. | |
| CVE-2013-4632 | high | — | 7.8 | 13y ago | The Huawei Access Router (AR) before V200R002SPC003 allows remote attackers to cause a denial of service (device reset) via a crafted field in a DHCP request, as demonstrated by a request from an IP … | |
| CVE-2013-4631 | high | — | 7.8 | 13y ago | Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 is enabled, allow remote attackers to cause a denial of service (device crash) via malformed SNMPv3 requests that leverage unspecified ov… | |
| CVE-2013-2445 | high | — | 7.8 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remo… | |
| CVE-2013-3574 | high | — | 7.8 | 13y ago | Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full path… | |
| CVE-2013-3919 | high | — | 7.8 | 13y ago | resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, and 9.6-ESV-R9 before 9.6-ESV-R9-P1, when a recursive resolver is configured, allows remote attackers to cause a denial of service… | |
| CVE-2013-3561 | high | — | 7.8 | 13y ago | Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket … | |
| CVE-2013-1236 | high | — | 7.8 | 13y ago | Cisco TelePresence Supervisor MSE 8050 before 2.3(1.31) allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing TCP connections at a high rate, aka Bug… | |
| CVE-2013-1305 | high | — | 7.8 | 13y ago | HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vu… | |
| CVE-2013-1225 | high | — | 7.8 | 13y ago | Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to read arbitrary files via a Resource Manager (1) HTTP or (2) HTTPS request containing an external entit… | |
| CVE-2013-1224 | high | — | 7.8 | 13y ago | Directory traversal vulnerability in the Resource Manager in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to overwrite arbitrary files via a crafted (… | |
| CVE-2013-1223 | high | — | 7.8 | 13y ago | The log viewer in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly validate an unspecified parameter, which allows remote attackers to read arbitrary files via … | |
| CVE-2013-1222 | high | — | 7.8 | 13y ago | The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to launch arbit… | |
| CVE-2013-1220 | high | — | 7.8 | 13y ago | The CallServer component in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to cause a denial of service (call-acceptance outage) via malformed SIP INVIT… | |
| CVE-2013-2017 | high | — | 7.8 | 13y ago | The veth (aka virtual Ethernet) driver in the Linux kernel before 2.6.34 does not properly manage skbs during congestion, which allows remote attackers to cause a denial of service (system crash) by … | |
| CVE-2013-1184 | high | — | 7.8 | 13y ago | The management API in the XML API management service in the Manager component in Cisco Unified Computing System (UCS) 1.x before 1.2(1b) allows remote attackers to cause a denial of service (service … |