CVEs from 2013
Total
5,695
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-7294 | medium | — | 5.0 | 13y ago | The ikev2parent_inI1outR1 function in pluto/ikev2_parent.c in libreswan before 3.7 allows remote attackers to cause a denial of service (restart) via an IKEv2 I1 notification without a KE payload. | |||
| CVE-2013-7293 | medium | — | 5.0 | 13y ago | The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always re… | |||
| CVE-2013-5887 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect availability via unknown vectors related to Deployment. | |||
| CVE-2013-5884 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the pre… | |||
| CVE-2013-5873 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related … | |||
| CVE-2013-5869 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.6.0, 11.1.1.7.0, and 11.1.1.8.0 allows remote attackers to affect confidentiality via unknown vec… | |||
| CVE-2013-5853 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect availability via unknown vectors. | |||
| CVE-2013-5910 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Security. NOTE: the previou… | |||
| CVE-2013-5899 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. | |||
| CVE-2013-5896 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect availability via vectors related to CORBA. NOTE: the previo… | |||
| CVE-2013-5895 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect confidentiality via unknown vectors related to JavaFX. | |||
| CVE-2013-7138 | medium | — | 5.0 | 13y ago | Directory traversal vulnerability in lib/functions/d-load.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in t… | |||
| CVE-2013-4564 | medium | — | 5.0 | 13y ago | Libreswan 3.6 allows remote attackers to cause a denial of service (crash) via a small length value and (1) no version or (2) an invalid major number in an IKE packet. | |||
| CVE-2013-6953 | medium | — | 5.0 | 13y ago | BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file. | |||
| CVE-2013-4358 | medium | — | 5.0 | 13y ago | libavcodec/h264.c in FFmpeg before 0.11.4 allows remote attackers to cause a denial of service (crash) via vectors related to alternating bit depths in H.264 data. | |||
| CVE-2013-7224 | medium | — | 5.0 | 13y ago | Fat Free CRM allows remote attackers to obtain sensitive information via a direct request | |||
| CVE-2013-7222 | medium | — | 5.0 | 13y ago | Fat Free CRM has fixed token value | |||
| CVE-2013-7249 | medium | — | 5.0 | 13y ago | Fat Free CRM vulnerable to Exposure of Sensitive Information | |||
| CVE-2013-4549 | medium | — | 5.0 | 13y ago | QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack. | |||
| CVE-2013-2629 | medium | — | 5.0 | 13y ago | Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the (1) importForm, (2) importFeed, (3) addFavorite, or (4) removeFavorite action… | |||
| CVE-2013-6735 | medium | — | 5.0 | 13y ago | IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allow… | |||
| CVE-2013-6723 | medium | — | 5.0 | 13y ago | IBM WebSphere Portal 8.0.0.1 before CF09 does not properly handle references in compute="always" Web Content Manager (WCM) navigator components, which allows remote attackers to obtain sensitive comp… | |||
| CVE-2013-4070 | medium | — | 5.0 | 13y ago | The Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to discover an internal password via unspecified vectors. | |||
| CVE-2013-4069 | medium | — | 5.0 | 13y ago | The Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to read arbitrary files via an XML external entity declara… | |||
| CVE-2013-7114 | medium | — | 5.0 | 13y ago | Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote … | |||
| CVE-2013-7113 | medium | — | 5.0 | 13y ago | epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service (applicatio… | |||
| CVE-2013-7112 | medium | — | 5.0 | 13y ago | The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote atta… | |||
| CVE-2013-7100 | medium | — | 5.0 | 13y ago | Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones … | |||
| CVE-2013-6701 | medium | — | 5.0 | 13y ago | The tNetTaskLimit process on the Transport Node Controller (TNC) on Cisco ONS 15454 devices with software 9.6 and earlier does not properly prioritize health pings, which allows remote attackers to c… | |||
| CVE-2013-6193 | medium | — | 5.0 | 13y ago | Unspecified vulnerability on HP LaserJet M1522n and M2727; LaserJet Pro 100, 300, 400, CM1415fnw, CP1*, M121*, M1536dnf, and P1*; Color LaserJet CM* and CP*; and TopShot LaserJet Pro M275 printers al… | |||
| CVE-2013-6972 | medium | — | 5.0 | 13y ago | Cisco WebEx Training Center allows remote attackers to discover session numbers, and bypass host approval for audio-conference attendance, by reading HTML source code, aka Bug ID CSCul57126. | |||
| CVE-2013-6970 | medium | — | 5.0 | 13y ago | Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information by reading verbose error messages within server responses, aka Bug ID CSCul35928. | |||
| CVE-2013-6968 | medium | — | 5.0 | 13y ago | Cisco WebEx Training Center provides different error messages for registration attempts depending on whether the e-mail address exists, which allows remote attackers to enumerate attendees via a seri… | |||
| CVE-2013-6965 | medium | — | 5.0 | 13y ago | The registration component in Cisco WebEx Training Center provides the training-session URL before e-mail confirmation is completed, which allows remote attackers to bypass intended access restrictio… | |||
| CVE-2013-6709 | medium | — | 5.0 | 13y ago | The registration component in Cisco WebEx Training Center provides the training-session URL before payment is completed, which allows remote attackers to bypass intended access restrictions and join … | |||
| CVE-2013-6411 | medium | — | 5.0 | 13y ago | The HandleCrashedAircraft function in aircraft_cmd.cpp in OpenTTD 0.3.6 through 1.3.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) by crashing an aircraft outsi… | |||
| CVE-2013-5107 | medium | — | 5.0 | 13y ago | Directory traversal vulnerability in RockMongo 1.1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the ROCK_LANG cookie, as demonstrated in a login.index action to… | |||
| CVE-2013-1364 | medium | — | 5.0 | 13y ago | The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to override LDAP configuration via the cnf parameter. | |||
| CVE-2013-7111 | medium | — | 5.0 | 13y ago | Exposure of Sensitive Information in bio-basespace-sdk | |||
| CVE-2013-7093 | medium | — | 5.0 | 13y ago | SAP Network Interface Router (SAProuter) 39.3 SP4 allows remote attackers to bypass authentication and modify the configuration via unspecified vectors. | |||
| CVE-2013-6809 | medium | — | 5.0 | 13y ago | Format string vulnerability in the client in Tftpd32 before 4.50 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the Remo… | |||
| CVE-2013-6048 | medium | — | 5.0 | 13y ago | The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) … | |||
| CVE-2013-5676 | medium | — | 5.0 | 13y ago | Jenkins SonarQube Plugin Stores Passwords in Cleartext | |||
| CVE-2013-6052 | medium | — | 5.0 | 13y ago | OpenJPEG 1.3 and earlier allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read. | |||
| CVE-2013-4458 | medium | — | 5.0 | 13y ago | Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (cra… | |||
| CVE-2013-1447 | medium | — | 5.0 | 13y ago | OpenJPEG 1.3 and earlier allows remote attackers to cause a denial of service (memory consumption or crash) via unspecified vectors related to NULL pointer dereferences, division-by-zero, and other e… | |||
| CVE-2013-6708 | medium | — | 5.0 | 13y ago | Cisco Cloud Portal 9.4 allows remote attackers to read files of unspecified types via a direct request, aka Bug IDs CSCuj08426 and CSCui60889. | |||
| CVE-2013-3921 | medium | — | 5.0 | 13y ago | Directory traversal vulnerability in Easytime Studio Easy File Manager 1.1 for iOS allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) to the default URI. | |||
| CVE-2013-6002 | medium | — | 5.0 | 13y ago | The server in Cybozu Garoon before 3.7 SP1 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. | |||
| CVE-2013-6000 | medium | — | 5.0 | 13y ago | Directory traversal vulnerability in Tattyan HP TOWN before 5_10_1 allows remote attackers to read arbitrary files via a .. (dot dot) in a request. | |||
| CVE-2013-3708 | medium | — | 5.0 | 13y ago | The id1.GetPrinterURLList function in Novell iPrint Client before 5.93 allows remote attackers to cause a denial of service via unspecified vectors. | |||
| CVE-2013-6700 | medium | — | 5.0 | 13y ago | The SNMP module in Cisco IOS XR allows remote attackers to cause a denial of service (process reload) via a request for an unspecified MIB, aka Bug ID CSCuh43144. | |||
| CVE-2013-6712 | medium | — | 5.0 | 13y ago | The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of servi… | |||
| CVE-2013-4617 | medium | — | 5.0 | 13y ago | Jahia xCM before 6.6.2 does not include the HTTPOnly flag in a Set-Cookie header for the JSESSIONID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via … | |||
| CVE-2013-3923 | medium | — | 5.0 | 13y ago | Directory traversal vulnerability in SavySoda WiFi HD Free before 7.0 allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) in a GET request. | |||
| CVE-2013-4522 | medium | — | 5.0 | 13y ago | Moodle vulnerable to Exposure of Sensitive Information to an Unauthorized Actor | |||
| CVE-2013-0861 | medium | — | 5.0 | 13y ago | The avcodec_decode_audio4 function in libavcodec/utils.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 allows remote attackers to trigger memory corruption via vectors related to the channel layout. | |||
| CVE-2013-6699 | medium | — | 5.0 | 13y ago | The Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service via a craft… | |||
| CVE-2013-6312 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in IBM Rational Service Tester 8.3.x and 8.5.x before 8.5.1 and Rational Performance Tester 8.3.x and 8.5.x before 8.5.1 allows remote attackers to read arbitrary files via … | |||
| CVE-2013-5994 | medium | — | 5.0 | 13y ago | data/class/pages/mypage/LC_Page_Mypage_DeliveryAddr.php in LOCKON EC-CUBE 2.11.2 through 2.13.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the full pa… | |||
| CVE-2013-6827 | medium | — | 5.0 | 13y ago | Absolute path traversal vulnerability in admin/viewmsg.php in PineApp Mail-SeCure allows remote attackers to read arbitrary files via a full pathname in the msg parameter. | |||
| CVE-2013-6821 | medium | — | 5.0 | 13y ago | Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2013-6815 | medium | — | 5.0 | 13y ago | The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to a… | |||
| CVE-2013-4560 | medium | — | 5.0 | 13y ago | Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory fai… | |||
| CVE-2013-4487 | medium | — | 5.0 | 13y ago | Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a r… | |||
| CVE-2013-4466 | medium | — | 5.0 | 13y ago | Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruptio… | |||
| CVE-2013-6630 | medium | — | 5.0 | 13y ago | The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during t… | |||
| CVE-2013-6629 | medium | — | 5.0 | 13y ago | The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain dup… | |||
| CVE-2013-4034 | medium | — | 5.0 | 13y ago | IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote authenticated users to read arbitr… | |||
| CVE-2013-3407 | medium | — | 5.0 | 13y ago | The web interface in Cisco Server Provisioner 6.4.0 Patch 5-1301292331 and earlier does not require authentication for unspecified pages, which allows remote attackers to obtain sensitive information… | |||
| CVE-2013-3030 | medium | — | 5.0 | 13y ago | The servlet gateway in IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote attackers t… | |||
| CVE-2013-2032 | medium | — | 5.0 | 13y ago | MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attacke… | |||
| CVE-2013-6789 | medium | — | 5.0 | 13y ago | security/MemberLoginForm.php in SilverStripe 3.0.3 supports credentials in a GET request, which allows remote or local attackers to obtain sensitive information by reading web-server access logs, web… | |||
| CVE-2013-3905 | medium | — | 5.0 | 13y ago | Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does not properly expand metadata contained in S/MIME certificates, which allows remote attackers to obtain sensitive network configura… | |||
| CVE-2013-3869 | medium | — | 5.0 | 13y ago | Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows R… | |||
| CVE-2013-5566 | medium | — | 5.0 | 13y ago | Cisco NX-OS 5.0 and earlier on MDS 9000 devices allows remote attackers to cause a denial of service (supervisor CPU consumption) via Authentication Header (AH) authentication in a Virtual Router Red… | |||
| CVE-2013-5562 | medium | — | 5.0 | 13y ago | The ITM web server in Cisco Prime Central for Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (temporary HTTP service outage) via a flood of TCP packets, aka … | |||
| CVE-2013-5564 | medium | — | 5.0 | 13y ago | The Java process in the Impact server in Cisco Prime Central for Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (process crash) via a flood of TCP packets, a… | |||
| CVE-2013-5561 | medium | — | 5.0 | 13y ago | The Safe Search enforcement feature in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security Software does not properly perform filtering, which allows remote attackers to bypass intended… | |||
| CVE-2013-4282 | medium | — | 5.0 | 13y ago | Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket. | |||
| CVE-2013-1084 | medium | — | 5.0 | 13y ago | Directory traversal vulnerability in the GetFle method in the umaninv service in Novell ZENworks Configuration Management (ZCM) 11.2.3 allows remote attackers to read arbitrary files via a .. (dot do… | |||
| CVE-2013-6076 | medium | — | 5.0 | 13y ago | strongSwan 5.0.2 through 5.1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and charon daemon crash) via a crafted IKEv1 fragmentation packet. | |||
| CVE-2013-6075 | medium | — | 5.0 | 13y ago | The compare_dn function in utils/identification.c in strongSwan 4.3.3 through 5.1.1 allows (1) remote attackers to cause a denial of service (out-of-bounds read, NULL pointer dereference, and daemon … | |||
| CVE-2013-4484 | medium | — | 5.0 | 13y ago | Varnish before 3.0.5 allows remote attackers to cause a denial of service (child-process crash and temporary caching outage) via a GET request with trailing whitespace characters and no URI. | |||
| CVE-2013-4402 | medium | — | 5.0 | 13y ago | The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message. | |||
| CVE-2013-4392 | medium | 5.0 | 5.0 | 13y ago | systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files. | |||
| CVE-2013-6285 | medium | — | 5.0 | 13y ago | The search component in the Treasurer application in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to obtain sensitive query-structure information via an invalid search request, a differ… | |||
| CVE-2013-4302 | medium | — | 5.0 | 13y ago | (1) ApiBlock.php, (2) ApiCreateAccount.php, (3) ApiLogin.php, (4) ApiMain.php, (5) ApiQueryDeletedrevs.php, (6) ApiTokens.php, and (7) ApiUnblock.php in includes/api/ in MediaWiki 1.19.x before 1.19.… | |||
| CVE-2013-4301 | medium | — | 5.0 | 13y ago | includes/resourceloader/ResourceLoaderContext.php in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote attackers to obtain sensitive information via a "<" (… | |||
| CVE-2013-4965 | medium | — | 5.0 | 13y ago | Puppet Enterprise before 3.1.0 does not properly restrict the number of authentication attempts by a console account, which makes it easier for remote attackers to bypass intended access restrictions… | |||
| CVE-2013-4434 | medium | — | 5.0 | 13y ago | Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to discov… | |||
| CVE-2013-4421 | medium | — | 5.0 | 13y ago | The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service (memory consumption) via a compressed packet that has a large size w… | |||
| CVE-2013-5531 | medium | — | 5.0 | 13y ago | Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 4… | |||
| CVE-2013-5521 | medium | — | 5.0 | 13y ago | Cisco Identity Services Engine does not properly restrict the creation of guest accounts, which allows remote attackers to cause a denial of service (exhaustion of the account supply) via a series of… | |||
| CVE-2013-5536 | medium | — | 5.0 | 13y ago | Cisco Secure Access Control System (ACS) does not properly implement an incoming-packet firewall rule, which allows remote attackers to cause a denial of service (process crash) via a flood of crafte… | |||
| CVE-2013-5130 | medium | — | 5.0 | 13y ago | WebKit in Apple Safari before 6.1 disables the Private Browsing feature upon a launch of the Web Inspector, which makes it easier for context-dependent attackers to obtain browsing information by lev… | |||
| CVE-2013-5182 | medium | — | 5.0 | 13y ago | Mail in Apple Mac OS X before 10.9 allows remote attackers to spoof the existence of a cryptographic signature for an e-mail message by using the multipart/signed content type within an unsigned mess… | |||
| CVE-2013-5178 | medium | — | 5.0 | 13y ago | LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filenames, which allows context-dependent attackers to spoof file extensions via a crafted character sequ… | |||
| CVE-2013-5167 | medium | — | 5.0 | 13y ago | CFNetwork in Apple Mac OS X before 10.9 does not properly support Safari's deletion of session cookies in response to a reset operation, which makes it easier for remote web servers to track users vi… | |||
| CVE-2013-6244 | medium | — | 5.0 | 13y ago | The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML doc… |