CVEs from 2013
Total
5,695
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
3.5%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-0772 | medium | — | 5.8 | 14y ago | The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory … | |||
| CVE-2013-0751 | medium | — | 5.8 | 14y ago | Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do not restrict a touch event to a single IFRAME element, which allows remote attackers to obtain sensitive information or possibly co… | |||
| CVE-2013-0013 | medium | — | 5.8 | 14y ago | The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle enc… | |||
| CVE-2013-6367 | medium | — | 5.7 | 13y ago | The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash)… | |||
| CVE-2013-4551 | medium | — | 5.7 | 13y ago | Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation paths for (1) VMLAUNCH and (2) VMRESUME, which allows local HVM guest users to cause a denial of ser… | |||
| CVE-2013-5184 | medium | — | 5.7 | 13y ago | The kernel in Apple Mac OS X before 10.9 does not properly check for errors during the processing of multicast Wi-Fi packets, which allows remote attackers to cause a denial of service (system crash)… | |||
| CVE-2013-5527 | medium | — | 5.7 | 13y ago | The OSPF functionality in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted options in an LSA type 11 packet, aka Bug ID CSCui21030. | |||
| CVE-2013-5499 | medium | — | 5.7 | 13y ago | The remember feature in the DHCP server in Cisco IOS allows remote attackers to cause a denial of service (device reload) by acquiring a lease and then sending a DHCPRELEASE message, aka Bug ID CSCuh… | |||
| CVE-2013-2212 | medium | — | 5.7 | 13y ago | The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling caches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly… | |||
| CVE-2013-1935 | medium | — | 5.7 | 13y ago | A certain Red Hat patch to the KVM subsystem in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux (RHEL) 6 does not properly implement the PV EOI feature, which allows guest O… | |||
| CVE-2013-1189 | medium | — | 5.7 | 13y ago | Cisco Universal Broadband (aka uBR) 10000 series routers, when an IPv4/IPv6 dual-stack modem is used, allow remote attackers to cause a denial of service (routing-engine reload) via unspecified chang… | |||
| CVE-2013-3630 | medium | — | 5.6 | 13y ago | Moodle Authenticated Spelling Binary Remote Code Execution | |||
| CVE-2013-7488 | medium | — | 5.5 | 2y ago | RHSA-2024:3049: perl-Convert-ASN1 security update (Moderate) | |||
| CVE-2013-2104 | medium | — | 5.5 | 4y ago | python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after i… | |||
| CVE-2013-7061 | medium | — | 5.5 | 4y ago | Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API. | |||
| CVE-2013-7461 | medium | 5.5 | 5.5 | 9y ago | A write protection and execution bypass vulnerability in McAfee (now Intel Security) Change Control (MCC) 6.1.0 for Linux and earlier allows authenticated users to change files that are part of write… | |||
| CVE-2013-7460 | medium | 5.5 | 5.5 | 9y ago | A write protection and execution bypass vulnerability in McAfee (now Intel Security) Application Control (MAC) 6.1.0 for Linux and earlier allows authenticated users to change binaries that are part … | |||
| CVE-2013-5653 | medium | 5.5 | 5.5 | 9y ago | The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file. | |||
| CVE-2013-4320 | medium | — | 5.5 | 12y ago | TYPO3 Improper Access Management in the File Abstraction Layer | |||
| CVE-2013-4431 | medium | — | 5.5 | 12y ago | Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly prevent access to blocks, which allows remote authenticated users to modify arbitrary blocks via the bock id in an e… | |||
| CVE-2013-4471 | medium | — | 5.5 | 12y ago | The Identity v3 API in OpenStack Dashboard (Horizon) before 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to chang… | |||
| CVE-2013-5459 | medium | — | 5.5 | 12y ago | Unspecified vulnerability in IBM Rational Software Architect (RSA) Design Manager and Rational Rhapsody Design Manager 3.x through 3.0.1 and 4.x before 4.0.6 allows remote authenticated users to modi… | |||
| CVE-2013-7196 | medium | — | 5.5 | 12y ago | static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote authenticated users to bypass intended "Only Me" restrictions and comment on a private publication via a request with a modified val[it… | |||
| CVE-2013-7195 | medium | — | 5.5 | 12y ago | PHPFox 3.7.3 and 3.7.4 allows remote authenticated users to bypass intended "Only Me" restrictions and "like" a publication via a request that specifies the ID for the publication. | |||
| CVE-2013-4197 | medium | — | 5.5 | 12y ago | member_portrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to modify or delete portraits of other users via unspecified vectors. | |||
| CVE-2013-6720 | medium | — | 5.5 | 12y ago | Directory traversal vulnerability in download.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authent… | |||
| CVE-2013-5890 | medium | — | 5.5 | 13y ago | Unspecified vulnerability in the Oracle Payroll component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, 12.1.3, and 12.2.2 allows remote authenticated users to affect confidentiality … | |||
| CVE-2013-5897 | medium | — | 5.5 | 13y ago | Unspecified vulnerability in the Oracle Agile Product Lifecycle Management for Process component in Oracle Supply Chain Products Suite 6.0, 6.1, and 6.1.1 allows remote authenticated users to affect … | |||
| CVE-2013-7108 | medium | — | 5.5 | 13y ago | Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information… | |||
| CVE-2013-2133 | medium | — | 5.5 | 13y ago | The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS S… | |||
| CVE-2013-6373 | medium | — | 5.5 | 13y ago | Jenkins Exclusion Plugin allows Access to Resource Locks | |||
| CVE-2013-5995 | medium | — | 5.5 | 13y ago | data/class/helper/SC_Helper_Address.php in the front-features implementation in LOCKON EC-CUBE 2.12.3 through 2.13.0 allows remote authenticated users to obtain sensitive information via unspecified … | |||
| CVE-2013-5688 | medium | — | 5.5 | 13y ago | Multiple directory traversal vulnerabilities in index.php in AjaXplorer 5.0.2 and earlier allow remote authenticated users to read arbitrary files via a ../%00 (dot dot backslash encoded null byte) i… | |||
| CVE-2013-5430 | medium | — | 5.5 | 13y ago | The Jazz Team Server component in IBM Security AppScan Enterprise 8.x before 8.8 has a default username and password, which makes it easier for remote authenticated users to obtain unspecified access… | |||
| CVE-2013-3831 | medium | — | 5.5 | 13y ago | Unspecified vulnerability in the Oracle Portal component in Oracle Fusion Middleware 11.1.1.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related t… | |||
| CVE-2013-3814 | medium | — | 5.5 | 13y ago | Unspecified vulnerability in the Oracle Retail Invoice Matching component in Oracle Industry Applications 10.2, 11.0, 12.0, 12.0IN, 12.1, 13.0, 13.1, and 13.2 allows remote authenticated users to aff… | |||
| CVE-2013-4831 | medium | — | 5.5 | 13y ago | HP Service Manager 9.30 through 9.32 does not properly manage privileges, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | |||
| CVE-2013-5517 | medium | — | 5.5 | 13y ago | SQL injection vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh… | |||
| CVE-2013-2296 | medium | — | 5.5 | 13y ago | Walrus in Eucalyptus before 3.2.2 does not verify authorization for the GetBucketLoggingStatus, SetBucketLoggingStatus, and SetBucketVersioningStatus bucket operations, which allows remote authentica… | |||
| CVE-2013-1033 | medium | — | 5.5 | 13y ago | Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access. | |||
| CVE-2013-1968 | medium | — | 5.5 | 13y ago | Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name. | |||
| CVE-2013-3784 | medium | — | 5.5 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors T… | |||
| CVE-2013-3770 | medium | — | 5.5 | 13y ago | Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, and 11.1.1.7.0 allows remote authenticated users to affect confidentiality and … | |||
| CVE-2013-3764 | medium | — | 5.5 | 13y ago | Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 7.4.0 and 7.5.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vec… | |||
| CVE-2013-3756 | medium | — | 5.5 | 13y ago | Unspecified vulnerability in the Oracle Landed Cost Management component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect confidentiality and integrit… | |||
| CVE-2013-4729 | medium | — | 5.5 | 13y ago | phpMyAdmin Global variables scope injection vulnerability | |||
| CVE-2013-2128 | medium | 5.5 | 5.5 | 13y ago | The tcp_read_sock function in net/ipv4/tcp.c in the Linux kernel before 2.6.34 does not properly manage skb consumption, which allows local users to cause a denial of service (system crash) via a cra… | |||
| CVE-2013-3504 | medium | — | 5.5 | 13y ago | Directory traversal vulnerability in monarch.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to overwrite arbitrary files by leveraging access to… | |||
| CVE-2013-3242 | medium | — | 5.5 | 13y ago | plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated use… | |||
| CVE-2013-2405 | medium | — | 5.5 | 13y ago | Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 7.0, 8.1, and 8.2 allows remote authenticated users to affect confid… | |||
| CVE-2013-2397 | medium | — | 5.5 | 13y ago | Unspecified vulnerability in the Oracle Retail Central Office component in Oracle Industry Applications 13.1, 13.2, 13.3, and 13.4 allows remote authenticated users to affect confidentiality and inte… | |||
| CVE-2013-1533 | medium | — | 5.5 | 13y ago | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 3.1.0, 5.1.0, 5.2.0, 5.3.1 through 5.3.3, and 6.0.1 through 12.0.0 allows… | |||
| CVE-2013-1520 | medium | — | 5.5 | 13y ago | Unspecified vulnerability in the Oracle Clinical Remote Data Capture Option component in Oracle Industry Applications 4.6.0 and 4.6.6 allows remote authenticated users to affect confidentiality and i… | |||
| CVE-2013-0505 | medium | — | 5.5 | 13y ago | IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to conduct XPath injection attacks, and re… | |||
| CVE-2013-0266 | medium | 5.5 | 5.5 | 13y ago | A flaw was found in the `puppetlabs-cinder` module, as used in PackStack. This vulnerability is due to incorrect file permissions, specifically world-readable permissions, on the `cinder.conf` and `a… | |||
| CVE-2013-0391 | medium | — | 5.5 | 14y ago | Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote authenticated users to affect confidentiality and integrity via unknown vectors rela… | |||
| CVE-2013-0369 | medium | — | 5.5 | 14y ago | Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect confidentiality and integrity via unknown vec… | |||
| CVE-2013-6465 | medium | 5.4 | 5.4 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs. | |||
| CVE-2013-5567 | medium | — | 5.4 | 12y ago | Cisco Adaptive Security Appliance (ASA) Software 8.4(.6) and earlier, when using an unsupported configuration with overlapping criteria for filtering and inspection, allows remote attackers to cause … | |||
| CVE-2013-7313 | medium | — | 5.4 | 13y ago | The OSPF implementation in Juniper Junos through 13.x, JunosE, and ScreenOS through 6.3.x does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets… | |||
| CVE-2013-7312 | medium | — | 5.4 | 13y ago | The OSPF implementation on Enterasys switches and routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on… | |||
| CVE-2013-7311 | medium | — | 5.4 | 13y ago | The OSPF implementation in Check Point Gaia OS R75.X and R76 and IPSO OS 6.2 R75.X and R76 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packet… | |||
| CVE-2013-7310 | medium | — | 5.4 | 13y ago | The OSPF implementation on Yamaha routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA databas… | |||
| CVE-2013-7309 | medium | — | 5.4 | 13y ago | The OSPF implementation in Extreme Networks EXOS does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA … | |||
| CVE-2013-7308 | medium | — | 5.4 | 13y ago | The OSPF implementation on the D-Link DES-3810-28 switch with firmware R2.20.B017 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before … | |||
| CVE-2013-7307 | medium | — | 5.4 | 13y ago | The OSPF implementation on the Brocade Vyatta vRouter with software before 6.6R1 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before p… | |||
| CVE-2013-7306 | medium | — | 5.4 | 13y ago | The OSPF implementation on Brocade routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA databa… | |||
| CVE-2013-5039 | medium | — | 5.4 | 13y ago | Cross-site request forgery (CSRF) vulnerability in goform/wlanBasicSecurity on the HOT HOTBOX router with software 2.1.11 allows remote attackers to hijack the authentication of administrators for re… | |||
| CVE-2013-6981 | medium | — | 5.4 | 13y ago | Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a denial of service (Packet Processor crash) via fragmented MPLS IP packets, aka Bug ID CSCul00709. | |||
| CVE-2013-6979 | medium | — | 5.4 | 13y ago | The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authenticat… | |||
| CVE-2013-6706 | medium | — | 5.4 | 13y ago | The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP he… | |||
| CVE-2013-6693 | medium | — | 5.4 | 13y ago | The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service (chunk corruption and device reload) by … | |||
| CVE-2013-5560 | medium | — | 5.4 | 13y ago | The IPv6 implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1.3 and earlier, when NAT64 or NAT66 is enabled, does not properly process NAT rules, which allows remote attackers to ca… | |||
| CVE-2013-5544 | medium | — | 5.4 | 13y ago | The VPN authentication functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to cause a denial of service (device reload) by sending many username-from-cert IKE re… | |||
| CVE-2013-0500 | medium | — | 5.4 | 13y ago | IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 does not properly handle device files that are created with the NFS protocol but accessed with a non-NFS protocol, which allows remote authen… | |||
| CVE-2013-4356 | medium | — | 5.4 | 13y ago | Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when live migration is performed on hosts with more than 5TB of RAM, which allows local 64-bit PV guests to read or write to invalid … | |||
| CVE-2013-4112 | medium | — | 5.4 | 13y ago | Exposure of Sensitive Information to an Unauthorized Actor in JGroup | |||
| CVE-2013-1121 | medium | — | 5.4 | 13y ago | The regex engine in the BGP implementation in Cisco NX-OS, when a complex regular expression is configured for inbound routes, allows remote attackers to cause a denial of service (device reload) via… | |||
| CVE-2013-5650 | medium | — | 5.4 | 13y ago | Junos Pulse Secure Access Service (IVE) 7.1 before 7.1r5, 7.2 before 7.2r10, 7.3 before 7.3r6, and 7.4 before 7.4r3 and Junos Pulse Access Control Service (UAC) 4.1 before 4.1r8.1, 4.2 before 4.2r5, … | |||
| CVE-2013-2895 | medium | — | 5.4 | 13y ago | drivers/hid/hid-logitech-dj.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LOGITECH_DJ is enabled, allows physically proximate attackers to cause a … | |||
| CVE-2013-3039 | medium | — | 5.4 | 13y ago | IBM Rational Requirements Composer before 4.0.4 does not properly perform authentication, which has unspecified impact and remote attack vectors. | |||
| CVE-2013-3038 | medium | — | 5.4 | 13y ago | Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for remote attackers to discover credentials via unknown vectors. | |||
| CVE-2013-5132 | medium | — | 5.4 | 13y ago | Apple AirPort Base Station Firmware before 7.6.4 does not properly handle incorrect frame lengths, which allows remote attackers to cause a denial of service (device crash) by associating with the ac… | |||
| CVE-2013-1717 | medium | — | 5.4 | 13y ago | Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access … | |||
| CVE-2013-3441 | medium | — | 5.4 | 13y ago | Cisco Aironet 3600 access points allow remote attackers to cause a denial of service (memory corruption and device crash) by disrupting Cisco Wireless LAN Controller communication and consequently fo… | |||
| CVE-2013-4125 | medium | — | 5.4 | 13y ago | The fib6_add_rt2node function in net/ipv6/ip6_fib.c in the IPv6 stack in the Linux kernel through 3.10.1 does not properly handle Router Advertisement (RA) messages in certain circumstances involving… | |||
| CVE-2013-2688 | medium | — | 5.4 | 13y ago | Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 in the QNX Software Development Platform allows remote attackers to cause a denial of service (application crash) or possi… | |||
| CVE-2013-2206 | medium | — | 5.4 | 13y ago | The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate… | |||
| CVE-2013-4669 | medium | — | 5.4 | 13y ago | FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and F… | |||
| CVE-2013-1203 | medium | — | 5.4 | 13y ago | Cisco ASA CX Context-Aware Security Software allows remote attackers to cause a denial of service (device reload) via crafted TCP packets that appear to have been forwarded by a Cisco Adaptive Securi… | |||
| CVE-2013-1210 | medium | — | 5.4 | 13y ago | Array index error in the Virtual Ethernet Module (VEM) kernel driver for VMware ESXi in Cisco NX-OS on the Nexus 1000V, when STUN debugging is enabled, allows remote attackers to cause a denial of se… | |||
| CVE-2013-2767 | medium | — | 5.4 | 13y ago | Unspecified vulnerability in Citrix NetScaler Access Gateway Enterprise Edition (AGEE) before 9.3.62.4 and 10.x through 10.0.74.4, and NetScaler AGEE Common Criteria build before 9.3.53.6, allows rem… | |||
| CVE-2013-0931 | medium | — | 5.4 | 13y ago | EMC RSA Authentication Agent 7.1.x before 7.1.2 on Windows does not enforce the Quick PIN Unlock timeout feature, which allows physically proximate attackers to bypass the passcode requirement for a … | |||
| CVE-2013-0465 | medium | — | 5.4 | 13y ago | Unspecified vulnerability in the IBM WebSphere Cast Iron physical and virtual appliance 6.0 and 6.1 before 6.1.0.15 and 6.3 before 6.3.0.1, when LDAP authentication is enabled, allows remote attacker… | |||
| CVE-2013-1100 | medium | — | 5.4 | 14y ago | The HTTP server in Cisco IOS on Catalyst switches does not properly handle TCP socket events, which allows remote attackers to cause a denial of service (device crash) via crafted packets on TCP port… | |||
| CVE-2013-0375 | medium | 5.4 | 5.4 | 14y ago | Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vec… | |||
| CVE-2013-4578 | medium | 5.3 | 5.3 | 9y ago | jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper fi… | |||
| CVE-2013-7431 | medium | 5.3 | 5.3 | 9y ago | Full path disclosure in the Googlemaps plugin before 3.1 for Joomla!. | |||
| CVE-2013-7446 | medium | 5.3 | 5.3 | 11y ago | Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted e… | |||
| CVE-2013-7389 | medium | — | 5.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid … |