CVEs from 2013
Total
5,695
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-7386 | medium | — | 5.0 | 12y ago | Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly ex… | |||
| CVE-2013-6470 | medium | — | 5.0 | 12y ago | The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid… | |||
| CVE-2013-1818 | medium | — | 5.0 | 12y ago | maintenance/mwdoc-filter.php in MediaWiki before 1.20.3 allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2013-5919 | medium | — | 5.0 | 12y ago | Suricata before 1.4.6 allows remote attackers to cause a denial of service (crash) via a malformed SSL record. | |||
| CVE-2013-4178 | medium | — | 5.0 | 12y ago | The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to obtain access by replaying the username, password, and one-time password … | |||
| CVE-2013-4177 | medium | — | 5.0 | 12y ago | The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal does not properly identify user account names, which might allow remote attackers to bypass the two-… | |||
| CVE-2013-0199 | medium | — | 5.0 | 12y ago | The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-… | |||
| CVE-2013-4598 | medium | — | 5.0 | 12y ago | The Groups, Communities and Co (GCC) module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permission, which allows remote attackers to access the configuration pages via unspecified vecto… | |||
| CVE-2013-2125 | medium | — | 5.0 | 12y ago | OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service (connection blocking) by keeping a connection open. | |||
| CVE-2013-2111 | medium | — | 5.0 | 12y ago | The IMAP functionality in Dovecot before 2.2.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via invalid APPEND parameters. | |||
| CVE-2013-1883 | medium | — | 5.0 | 12y ago | Mantis Bug Tracker (aka MantisBT) 1.2.12 before 1.2.15 allows remote attackers to cause a denial of service (resource consumption) via a filter using a criteria, text search, and the "any condition" … | |||
| CVE-2013-3981 | medium | — | 5.0 | 12y ago | The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to download avatar photos of arbitrary users via unspecified vectors. | |||
| CVE-2013-3980 | medium | — | 5.0 | 12y ago | The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to cause a denial of service (room unusability) by generating a large number of fictitious users… | |||
| CVE-2013-4223 | medium | — | 5.0 | 12y ago | The Gentoo Nullmailer package before 1.11-r2 uses world-readable permissions for /etc/nullmailer/remotes, which allows local users to obtain SMTP authentication credentials by reading the file. | |||
| CVE-2013-2758 | medium | — | 5.0 | 12y ago | Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers… | |||
| CVE-2013-2756 | medium | — | 5.0 | 12y ago | Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging … | |||
| CVE-2013-7384 | medium | — | 5.0 | 12y ago | UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors, related to SSL. NOTE: this issue was SPLIT from C… | |||
| CVE-2013-6805 | medium | — | 5.0 | 12y ago | OpenText Exceed OnDemand (EoD) 8 uses weak encryption for passwords, which makes it easier for (1) remote attackers to discover credentials by sniffing the network or (2) local users to discover cred… | |||
| CVE-2013-6413 | medium | — | 5.0 | 12y ago | Use-after-free vulnerability in UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due t… | |||
| CVE-2013-4406 | medium | — | 5.0 | 12y ago | The Quick Tabs module 6.x-2.x before 6.x-2.2, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.6 for Drupal does not properly check block permissions, which allows remote attackers to obtain sensitiv… | |||
| CVE-2013-4501 | medium | — | 5.0 | 12y ago | The default views in the Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote attackers to obtain sensitive quiz results via unspecified vectors. | |||
| CVE-2013-6472 | medium | — | 5.0 | 12y ago | MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain information about deleted page via the (1) log API, (2) enhanced RecentChanges, and (3) user w… | |||
| CVE-2013-4570 | medium | — | 5.0 | 12y ago | The zend_inline_hash_func function in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to cause a denial of… | |||
| CVE-2013-0174 | medium | — | 5.0 | 12y ago | The external node classifier (ENC) API in Foreman before 1.1 allows remote attackers to obtain the hashed root password via an API request. | |||
| CVE-2013-0173 | medium | — | 5.0 | 12y ago | Foreman before 1.1 uses a salt of "foreman" to hash root passwords, which makes it easier for attackers to guess the password via a brute force attack. | |||
| CVE-2013-7060 | medium | — | 5.0 | 12y ago | Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initial… | |||
| CVE-2013-6445 | medium | — | 5.0 | 12y ago | Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, uses the DES-based crypt function to hash passwords, which makes it easier for attackers to obtain sensitive information via… | |||
| CVE-2013-7372 | medium | — | 5.0 | 12y ago | The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apache … | |||
| CVE-2013-7063 | medium | — | 5.0 | 12y ago | The Invitation module 7.x-2.x for Drupal does not properly check permissions, which allows remote attackers to obtain sensitive information via unspecified default views. | |||
| CVE-2013-6053 | medium | — | 5.0 | 12y ago | OpenJPEG 1.5.1 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read. | |||
| CVE-2013-6371 | medium | — | 5.0 | 12y ago | The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions. | |||
| CVE-2013-6370 | medium | — | 5.0 | 12y ago | Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors. | |||
| CVE-2013-4279 | medium | — | 5.0 | 12y ago | imapsync 1.564 and earlier performs a release check by default, which sends sensitive information (imapsync, operating system, and Perl version) to the developer's site. | |||
| CVE-2013-4768 | medium | — | 5.0 | 12y ago | The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote attackers to cause a denial of service via vectors related to the "network connection clean up code" and (1) Cloud Controller (CLC),… | |||
| CVE-2013-5705 | medium | — | 5.0 | 12y ago | apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header. | |||
| CVE-2013-5704 | medium | — | 5.0 | 12y ago | The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfe… | |||
| CVE-2013-7366 | medium | — | 5.0 | 12y ago | The SAP Software Deployment Manager (SDM), in certain unspecified conditions, allows remote attackers to cause a denial of service via vectors related to failed authentications. | |||
| CVE-2013-7361 | medium | — | 5.0 | 12y ago | Directory traversal vulnerability in SAP CMS and CM Services allows attackers to upload arbitrary files via unspecified vectors. | |||
| CVE-2013-7359 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in SAP Mobile Infrastructure allows remote attackers to obtain sensitive port information via unknown vectors, related to an "internal port scanning" issue. | |||
| CVE-2013-7358 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in SAP Guided Procedures Archive Monitor allows remote attackers to obtain usernames, roles, profiles, and possibly other identity information via unknown vectors. | |||
| CVE-2013-7357 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in the configuration service in SAP J2EE Engine allows remote attackers to obtain credential information via unknown vectors. | |||
| CVE-2013-7356 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in the SAP CCMS / Database Monitors for Oracle allows attackers to obtain the database password via unknown vectors. | |||
| CVE-2013-6768 | medium | — | 5.0 | 12y ago | Untrusted search path vulnerability in the CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier allows attackers to trigger the launch of a Trojan horse app_process … | |||
| CVE-2013-5445 | medium | — | 5.0 | 12y ago | IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows local users to obtain sensitive cleartext information by leveraging knowledge of a static dec… | |||
| CVE-2013-5444 | medium | — | 5.0 | 12y ago | The server in IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows remote attackers to read encrypted credentials via unspecified vectors. | |||
| CVE-2013-7345 | medium | — | 5.0 | 12y ago | The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to ca… | |||
| CVE-2013-5401 | medium | — | 5.0 | 12y ago | The command-port listener in IBM WebSphere MQ Internet Pass-Thru (MQIPT) 2.x before 2.1.0.1 allows remote attackers to cause a denial of service (remote-administration outage) via unspecified vectors. | |||
| CVE-2013-6401 | medium | — | 5.0 | 12y ago | Jansson, possibly 2.4 and earlier, does not restrict the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a … | |||
| CVE-2013-6438 | medium | — | 5.0 | 12y ago | The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote atta… | |||
| CVE-2013-2086 | medium | — | 5.0 | 12y ago | The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file. | |||
| CVE-2013-1939 | medium | — | 5.0 | 12y ago | SabreDAV Directory Traversal vulnerability | |||
| CVE-2013-4846 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in HP System Management Homepage (SMH) before 7.3 allows remote attackers to obtain sensitive information via unknown vectors. | |||
| CVE-2013-4496 | medium | — | 5.0 | 12y ago | Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obta… | |||
| CVE-2013-4196 | medium | — | 5.0 | 12y ago | The object manager implementation (objectmanager.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote … | |||
| CVE-2013-6943 | medium | — | 5.0 | 12y ago | Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to conduct an LDAP injection attack via vectors… | |||
| CVE-2013-6939 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows attackers to cause a denial of serv… | |||
| CVE-2013-6940 | medium | — | 5.0 | 12y ago | Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 logs user credentials, which allows attackers to obtain sensitive infor… | |||
| CVE-2013-6938 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in the Service VM in Citrix NetScaler SDX 9.3 before 9.3-64.4 and 10.0 before 10.0-77.5 and Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.… | |||
| CVE-2013-4971 | medium | — | 5.0 | 12y ago | Puppet Enterprise before 3.2.0 does not properly restrict access to node endpoints in the console, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2013-3706 | medium | — | 5.0 | 12y ago | Directory traversal vulnerability in the PreBoot service in Novell ZENworks Configuration Management (ZCM) 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a preboot update … | |||
| CVE-2013-5468 | medium | — | 5.0 | 12y ago | IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, does not encrypt… | |||
| CVE-2013-7332 | medium | — | 5.0 | 12y ago | The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memor… | |||
| CVE-2013-6660 | medium | — | 5.0 | 12y ago | The drag-and-drop implementation in Google Chrome before 33.0.1750.117 does not properly restrict the information in WebDropData data structures, which allows remote attackers to discover full pathna… | |||
| CVE-2013-6656 | medium | — | 5.0 | 12y ago | The XSSAuditor::init function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, processes POST requests by using the body of a redirecting… | |||
| CVE-2013-6440 | medium | — | 5.0 | 13y ago | Exposure of Sensitive Information to an Unauthorized Actor in OpenSAML | |||
| CVE-2013-3978 | medium | — | 5.0 | 13y ago | The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not send the appropriate HTTP response headers to prevent unwanted caching by a web browser, which allows remote … | |||
| CVE-2013-2055 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Apache Wicket 1.4.x before 1.4.23, 1.5.x before 1.5.11, and 6.x before 6.8.0 allows remote attackers to obtain sensitive information via vectors that cause raw HTML templ… | |||
| CVE-2013-1904 | medium | — | 5.0 | 13y ago | Absolute path traversal vulnerability in steps/mail/sendmail.inc in Roundcube Webmail before 0.7.3 and 0.8.x before 0.8.6 allows remote attackers to read arbitrary files via a full pathname in the _v… | |||
| CVE-2013-6489 | medium | — | 5.0 | 13y ago | Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (segmentation fault) via a crafted emoticon value, which triggers an in… | |||
| CVE-2013-6482 | medium | — | 5.0 | 13y ago | Pidgin before 2.10.8 allows remote MSN servers to cause a denial of service (NULL pointer dereference and crash) via a crafted (1) SOAP response, (2) OIM XML response, or (3) Content-Length header. | |||
| CVE-2013-6481 | medium | — | 5.0 | 13y ago | libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (crash) via a Yahoo! P2P message with a crafted length field, which triggers a buffer … | |||
| CVE-2013-6485 | medium | — | 5.0 | 13y ago | Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid chu… | |||
| CVE-2013-6484 | medium | — | 5.0 | 13y ago | The STUN protocol implementation in libpurple in Pidgin before 2.10.8 allows remote STUN servers to cause a denial of service (out-of-bounds write operation and application crash) by triggering a soc… | |||
| CVE-2013-6479 | medium | — | 5.0 | 13y ago | util.c in libpurple in Pidgin before 2.10.8 does not properly allocate memory for HTTP responses that are inconsistent with the Content-Length header, which allows remote HTTP servers to cause a deni… | |||
| CVE-2013-6477 | medium | — | 5.0 | 13y ago | Multiple integer signedness errors in libpurple in Pidgin before 2.10.8 allow remote attackers to cause a denial of service (application crash) via a crafted timestamp value in an XMPP message. | |||
| CVE-2013-2074 | medium | — | 5.0 | 13y ago | kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and pa… | |||
| CVE-2013-7301 | medium | — | 5.0 | 13y ago | Cantata before 1.2.2 does not restrict access to files in the play queue, which allows remote attackers to obtain sensitive information by reading the songs in the queue. | |||
| CVE-2013-7300 | medium | — | 5.0 | 13y ago | Absolute path traversal vulnerability in cantata before 1.2.2 allows local users to read arbitrary files via a full pathname in a request to the internal httpd server. NOTE: this vulnerability can b… | |||
| CVE-2013-7177 | medium | — | 5.0 | 13y ago | config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches… | |||
| CVE-2013-7176 | medium | — | 5.0 | 13y ago | config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an im… | |||
| CVE-2013-4043 | medium | — | 5.0 | 13y ago | The server in IBM SPSS Collaboration and Deployment Services 4.x before 4.2.1.3 IF3, 5.x before 5.0 FP3, and 6.x before 6.0 IF1 allows remote attackers to read arbitrary files via an unspecified HTTP… | |||
| CVE-2013-6143 | medium | — | 5.0 | 13y ago | The Schneider Electric Telvent SAGE 3030 RTU with firmware C3413-500-001D3_P4 and C3413-500-001F0_PB allows remote attackers to cause a denial of service (temporary outage and CPU consumption) via ma… | |||
| CVE-2013-6727 | medium | — | 5.0 | 13y ago | The Connect client in IBM Sametime 8.5.2 through 8.5.2.1 and 9.0 before HF1 does not properly restrict unsigned Java plugins, which allows remote attackers to obtain sensitive information via unspeci… | |||
| CVE-2013-6141 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in op5 Monitor before 6.1.3 allows attackers to read arbitrary files via unknown vectors related to lack of authorization. | |||
| CVE-2013-7299 | medium | — | 5.0 | 13y ago | framework/common/messageheaderparser.cpp in Tntnet before 2.2.1 allows remote attackers to obtain sensitive information via a header that ends in \n instead of \r\n, which prevents a null terminator … | |||
| CVE-2013-7298 | medium | — | 5.0 | 13y ago | query_params.cpp in cxxtools before 2.2.1 allows remote attackers to cause a denial of service (infinite recursion and crash) via an HTTP query that contains %% (double percent) characters. | |||
| CVE-2013-6467 | medium | — | 5.0 | 13y ago | Libreswan 3.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. | |||
| CVE-2013-6466 | medium | — | 5.0 | 13y ago | Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. | |||
| CVE-2013-7296 | medium | — | 5.0 | 13y ago | The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial o… | |||
| CVE-2013-6030 | medium | — | 5.0 | 13y ago | Directory traversal vulnerability on the Emerson Network Power Avocent MergePoint Unity 2016 (aka MPU2016) KVM switch with firmware 1.9.16473 allows remote attackers to read arbitrary files via unspe… | |||
| CVE-2013-6448 | medium | — | 5.0 | 13y ago | The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation restr… | |||
| CVE-2013-6447 | medium | — | 5.0 | 13y ago | Multiple XML External Entity (XXE) vulnerabilities in the (1) ExecutionHandler, (2) PollHandler, and (3) SubscriptionHandler classes in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier… | |||
| CVE-2013-4160 | medium | — | 5.0 | 13y ago | Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) c… | |||
| CVE-2013-1769 | medium | — | 5.0 | 13y ago | A certain hashing algorithm in Telepathy Gabble 0.16.x before 0.16.5 and 0.17.x before 0.17.3 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted m… | |||
| CVE-2013-6425 | medium | — | 5.0 | 13y ago | Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) v… | |||
| CVE-2013-6424 | medium | — | 5.0 | 13y ago | Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. | |||
| CVE-2013-6642 | medium | — | 5.0 | 13y ago | Google Chrome through 32.0.1700.23 on Android allows remote attackers to spoof the address bar via unspecified vectors. | |||
| CVE-2013-7294 | medium | — | 5.0 | 13y ago | The ikev2parent_inI1outR1 function in pluto/ikev2_parent.c in libreswan before 3.7 allows remote attackers to cause a denial of service (restart) via an IKEv2 I1 notification without a KE payload. | |||
| CVE-2013-7293 | medium | — | 5.0 | 13y ago | The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always re… | |||
| CVE-2013-5887 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect availability via unknown vectors related to Deployment. |