CVEs from 2013
Total
5,694
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-1739 | medium | — | 5.0 | 13y ago | Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possib… | |||
| CVE-2013-6025 | medium | — | 5.0 | 13y ago | The XMLParse procedure in SAP Sybase Adaptive Server Enterprise (ASE) 15.7 ESD 2 allows remote authenticated users to read arbitrary files via a SQL statement containing an XML document with an exter… | |||
| CVE-2013-2254 | medium | — | 5.0 | 13y ago | Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Sling | |||
| CVE-2013-3279 | medium | — | 5.0 | 13y ago | EMC Atmos before 2.1.4 has a blank password for the PostgreSQL account, which allows remote attackers to obtain sensitive administrative information via a database-server connection. | |||
| CVE-2013-5867 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Siebel Core - Server Infrastructure component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via vectors related to SISNAPI & Net… | |||
| CVE-2013-5859 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Instantis EnterpriseTrack component in Oracle Primavera Products Suite 8.0.6 and 8.5 allows remote attackers to affect confidentiality via unknown vectors. | |||
| CVE-2013-5851 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JAXP. | |||
| CVE-2013-5848 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and JavaFX 2.2.40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deploy… | |||
| CVE-2013-5841 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality via unknown vectors r… | |||
| CVE-2013-5840 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentia… | |||
| CVE-2013-5836 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality via unknown vectors r… | |||
| CVE-2013-5831 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related t… | |||
| CVE-2013-5826 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.3 and 6.3.1 allows remote attackers to affect availability via unknown vectors rela… | |||
| CVE-2013-5825 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40… | |||
| CVE-2013-5823 | medium | — | 5.0 | 13y ago | Apache XML Security For Java vulnerable to Infinite Loop | |||
| CVE-2013-5820 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to JAX-WS. | |||
| CVE-2013-5819 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related t… | |||
| CVE-2013-5818 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related t… | |||
| CVE-2013-5816 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2 allows remote attackers to affect availability via unknown vectors related to Me… | |||
| CVE-2013-5801 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentia… | |||
| CVE-2013-5794 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality via unknown vectors r… | |||
| CVE-2013-5792 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Techstack component in Oracle E-Business Suite 12.1 allows remote attackers to affect confidentiality via unknown vectors related to Apache. | |||
| CVE-2013-5778 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors… | |||
| CVE-2013-5776 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote atta… | |||
| CVE-2013-5774 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors relat… | |||
| CVE-2013-5765 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect availability via vectors related to X… | |||
| CVE-2013-3841 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Web Services. | |||
| CVE-2013-3835 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality via unknown vectors r… | |||
| CVE-2013-3834 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5 allows remote attackers to affect availability via unknown vectors related to ttaauxserv. | |||
| CVE-2013-3828 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Oracle Web Services component in Oracle Fusion Middleware 10.1.3.5.0 and 11.1.1.6.0 allows remote attackers to affect confidentiality via unknown vectors related to T… | |||
| CVE-2013-3826 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect confidentiality via unknown vectors. | |||
| CVE-2013-5538 | medium | — | 5.0 | 13y ago | The Sponsor Portal in Cisco Identity Services Engine (ISE) uses weak permissions for uploaded files, which allows remote attackers to read arbitrary files via a direct request, aka Bug ID CSCui67506. | |||
| CVE-2013-4173 | medium | — | 5.0 | 13y ago | Directory traversal vulnerability in the trend-data daemon (xymond_rrd) in Xymon 4.x before 4.3.12 allows remote attackers to delete arbitrary files via a .. (dot dot) in the host name in a "drophost… | |||
| CVE-2013-5532 | medium | — | 5.0 | 13y ago | Buffer overflow in the web-application interface on Cisco 9900 IP phones allows remote attackers to cause a denial of service (webapp interface outage) via long values in unspecified fields, aka Bug … | |||
| CVE-2013-5528 | medium | — | 5.0 | 13y ago | Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal … | |||
| CVE-2013-2241 | medium | — | 5.0 | 13y ago | modules/gallery/helpers/data_rest.php in Gallery 3 before 3.0.9 allows remote attackers to bypass intended access restrictions and obtain sensitive information (image files) via the "full" string in … | |||
| CVE-2013-4284 | medium | — | 5.0 | 13y ago | Cumin, as used in Red Hat Enterprise MRG 2.4, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted Ajax update request. | |||
| CVE-2013-4413 | medium | — | 5.0 | 13y ago | Wicked gem contains Path traversal vulnerability | |||
| CVE-2013-3627 | medium | — | 5.0 | 13y ago | FrameworkService.exe in McAfee Framework Service in McAfee Managed Agent (MA) before 4.5.0.1927 and 4.6 before 4.6.0.3258 allows remote attackers to cause a denial of service (service crash) via a ma… | |||
| CVE-2013-4032 | medium | — | 5.0 | 13y ago | The Fast Communications Manager (FCM) in IBM DB2 Enterprise Server Edition and Advanced Enterprise Server Edition 10.1 before FP3 and 10.5, when a multi-node configuration is used, allows remote atta… | |||
| CVE-2013-2920 | medium | — | 5.0 | 13y ago | The DoResolveRelativeHost function in url/url_canon_relative.cc in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service (out-of-bounds read) via a relative URL conta… | |||
| CVE-2013-2917 | medium | — | 5.0 | 13y ago | The ReverbConvolverStage::ReverbConvolverStage function in core/platform/audio/ReverbConvolverStage.cpp in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows … | |||
| CVE-2013-2908 | medium | — | 5.0 | 13y ago | Google Chrome before 30.0.1599.66 uses incorrect function calls to determine the values of NavigationEntry objects, which allows remote attackers to spoof the address bar via vectors involving a resp… | |||
| CVE-2013-2907 | medium | — | 5.0 | 13y ago | The Window.prototype object implementation in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||
| CVE-2013-4210 | medium | — | 5.0 | 13y ago | The org.jboss.remoting.transport.socket.ServerThread class in Red Hat JBoss Remoting for Red Hat JBoss SOA Platform 5.3.1 GA, Web Platform 5.2.0, Enterprise Application Platform 5.2.0, and other prod… | |||
| CVE-2013-2269 | medium | — | 5.0 | 13y ago | The Sponsorship Confirmation functionality in Aruba Networks ClearPass 5.x, 6.0.1, and 6.0.2, and Amigopod/ClearPass Guest 3.0 through 3.9.7, allows remote attackers to bypass intended access restric… | |||
| CVE-2013-4013 | medium | — | 5.0 | 13y ago | IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2013-5725 | medium | — | 5.0 | 13y ago | The Metaclassy Byword app 2.x before 2.1 for iOS does not require confirmation of Replace file actions, which allows remote attackers to overwrite arbitrary files via the name and text parameters in … | |||
| CVE-2013-0211 | medium | — | 5.0 | 13y ago | Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers … | |||
| CVE-2013-5651 | medium | — | 5.0 | 13y ago | The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as demonst… | |||
| CVE-2013-4153 | medium | — | 5.0 | 13y ago | Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemu_agent.c in libvirt 1.0.6 through 1.1.0 allows remote attackers to cause a denial of service (daemon crash) via a cpu count req… | |||
| CVE-2013-5965 | medium | — | 5.0 | 13y ago | The Node View Permissions module 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the hook_query_alter function, which might allow remote attackers to obtain sensitive information by rea… | |||
| CVE-2013-4359 | medium | — | 5.0 | 13y ago | Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 allows remote attackers to cause a denial of service (memory consumption) via a large response count value in an authentication … | |||
| CVE-2013-3417 | medium | — | 5.0 | 13y ago | The administrative web interface in Cisco Video Surveillance Operations Manager does not properly perform authentication, which allows remote attackers to watch video feeds via a crafted URL, aka Bug… | |||
| CVE-2013-5498 | medium | — | 5.0 | 13y ago | The PPTP-ALG component in CRS Carrier Grade Services Engine (CGSE) and ASR 9000 Integrated Service Module (ISM) in Cisco IOS XR allows remote attackers to cause a denial of service (module reset) via… | |||
| CVE-2013-5750 | medium | — | 5.0 | 13y ago | FriendsOfSymfony FOSUserBundle denial of service via login form | |||
| CVE-2013-4350 | medium | — | 5.0 | 13y ago | The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended configuration of IPsec encryption, which all… | |||
| CVE-2013-5502 | medium | — | 5.0 | 13y ago | The web interface in Cisco MediaSense does not properly protect the client-server communication channel, which allows remote attackers to obtain sensitive query string or cookie information via unspe… | |||
| CVE-2013-4818 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, and IceWall File Manager 3.0 through SP4 allows remote a… | |||
| CVE-2013-4817 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote attackers to obtain sensitive information via unknown vectors. | |||
| CVE-2013-5157 | medium | — | 5.0 | 13y ago | The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests… | |||
| CVE-2013-1737 | medium | — | 5.0 | 13y ago | Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during u… | |||
| CVE-2013-1727 | medium | — | 5.0 | 13y ago | Mozilla Firefox before 24.0 on Android allows attackers to bypass the Same Origin Policy, and consequently conduct cross-site scripting (XSS) attacks or obtain password or cookie information, by usin… | |||
| CVE-2013-5751 | medium | — | 5.0 | 13y ago | Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2013-4315 | medium | — | 5.0 | 13y ago | Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x before 1.5.3, and 1.6.x before 1.6 beta 3 allows remote attackers to read arbitrary files via a file path in the ALLOWED_INCLUDE_… | |||
| CVE-2013-4180 | medium | — | 5.0 | 13y ago | The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted … | |||
| CVE-2013-4132 | medium | — | 5.0 | 13y ago | KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer d… | |||
| CVE-2013-5720 | medium | — | 5.0 | 13y ago | Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||
| CVE-2013-5492 | medium | — | 5.0 | 13y ago | administration.jsp in Cisco SocialMiner allows remote attackers to obtain sensitive information by sniffing the network for HTTP client-server traffic, aka Bug ID CSCuh76780. | |||
| CVE-2013-5489 | medium | — | 5.0 | 13y ago | The gadget implementation in Cisco SocialMiner does not properly restrict the content of GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access l… | |||
| CVE-2013-5216 | medium | — | 5.0 | 13y ago | Directory traversal vulnerability in logreader/uploadreader.jsp in CapaSystems Performance Guard before 6.2.102 allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2013-5488 | medium | — | 5.0 | 13y ago | Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact wi… | |||
| CVE-2013-3868 | medium | — | 5.0 | 13y ago | Microsoft Active Directory Lightweight Directory Service (AD LDS) on Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows 8 and Active Directory Services on Windows Serve… | |||
| CVE-2013-3160 | medium | — | 5.0 | 13y ago | Microsoft Office 2003 SP3 and 2007 SP3, Word 2003 SP3 and 2007 SP3, and Word Viewer allow remote attackers to read arbitrary files via an XML document containing an external entity declaration in con… | |||
| CVE-2013-0081 | medium | — | 5.0 | 13y ago | Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 do not properly process unassigned workflows, which allows remote attackers to cause a denial of… | |||
| CVE-2013-4283 | medium | — | 5.0 | 13y ago | ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request. | |||
| CVE-2013-5700 | medium | — | 5.0 | 13y ago | The Bloom Filter implementation in bitcoind and Bitcoin-Qt 0.8.x before 0.8.4rc1 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted sequence of… | |||
| CVE-2013-5642 | medium | — | 5.0 | 13y ago | The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before … | |||
| CVE-2013-5641 | medium | — | 5.0 | 13y ago | The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and … | |||
| CVE-2013-0531 | medium | — | 5.0 | 13y ago | The SSL implementation in IBM Security AppScan Enterprise before 8.7.0.1 enables cipher suites with weak encryption algorithms, which makes it easier for remote attackers to obtain sensitive informat… | |||
| CVE-2013-2582 | medium | — | 5.0 | 13y ago | CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6.22.0 rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allows remote attackers to … | |||
| CVE-2013-1645 | medium | — | 5.0 | 13y ago | Directory traversal vulnerability in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allows remote authenticated users to read arbitrary files via a .. (dot dot)… | |||
| CVE-2013-5470 | medium | — | 5.0 | 13y ago | Cisco Secure Access Control System (ACS) does not properly handle requests to read from the TACACS+ socket, which allows remote attackers to cause a denial of service (process crash) via malformed TC… | |||
| CVE-2013-3469 | medium | — | 5.0 | 13y ago | Cisco Mobility Services Engine does not properly set up the Oracle SSL service, which allows remote attackers to obtain an unauthenticated session to the database-replication port, and consequently o… | |||
| CVE-2013-4702 | medium | — | 5.0 | 13y ago | Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SC_Api_Operation.php in LOCKON EC-CUBE 2.12.0 through 2.12.5 on Windows allow remote attackers to read arbit… | |||
| CVE-2013-3470 | medium | — | 5.0 | 13y ago | The RIP process in Cisco IOS XR allows remote attackers to cause a denial of service (process crash) via a crafted version-2 RIP packet, aka Bug ID CSCue46731. | |||
| CVE-2013-2178 | medium | — | 5.0 | 13y ago | The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block… | |||
| CVE-2013-4139 | medium | — | 5.0 | 13y ago | The Stage File Proxy module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to cause a denial of service (file operations performance degradation and failure) via a large number of requests. | |||
| CVE-2013-3271 | medium | — | 5.0 | 13y ago | EMC RSA Authentication Agent for PAM 7.0 before 7.0.2.1 enforces the maximum number of login attempts within the PAM-enabled application codebase, instead of within the Agent codebase, which makes it… | |||
| CVE-2013-3598 | medium | — | 5.0 | 13y ago | Directory traversal vulnerability in servlet/CreateTemplateServlet in SearchBlox before 7.5 build 1 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the name parameter. | |||
| CVE-2013-3373 | medium | — | 5.0 | 13y ago | CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks v… | |||
| CVE-2013-2801 | medium | — | 5.0 | 13y ago | The OSIsoft PI Interface for IEEE C37.118 before 1.0.6.158 allows remote attackers to cause a denial of service (instance shutdown and data-collection outage) via crafted C37.118 configuration packet… | |||
| CVE-2013-2800 | medium | — | 5.0 | 13y ago | The OSIsoft PI Interface for IEEE C37.118 before 1.0.6.158 allows remote attackers to cause a denial of service (memory consumption or memory corruption, instance shutdown, and data-collection outage… | |||
| CVE-2013-3016 | medium | — | 5.0 | 13y ago | IBM WebSphere Portal 6.1, 7.0, and 8.0 allows remote attackers to access the user directory via a crafted request for a servlet, related to the serveServletsByClassnameEnabled setting. | |||
| CVE-2013-2905 | medium | — | 5.0 | 13y ago | The SharedMemory::Create function in memory/shared_memory_posix.cc in Google Chrome before 29.0.1547.57 uses weak permissions under /dev/shm/, which allows attackers to obtain sensitive information v… | |||
| CVE-2013-4967 | medium | — | 5.0 | 13y ago | Puppet Enterprise before 3.0.1 allows remote attackers to obtain the database password via vectors related to how the password is "seeded as a console parameter," External Node Classifiers, and the l… | |||
| CVE-2013-4964 | medium | — | 5.0 | 13y ago | Puppet Enterprise before 3.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmiss… | |||
| CVE-2013-4961 | medium | — | 5.0 | 13y ago | Puppet Enterprise before 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote attackers to obtain sensitive information. | |||
| CVE-2013-4130 | medium | — | 5.0 | 13y ago | The (1) red_channel_pipes_add_type and (2) red_channel_pipes_add_empty_msg functions in server/red_channel.c in SPICE before 0.12.4 do not properly perform ring loops, which might allow remote attack… | |||
| CVE-2013-2175 | medium | — | 5.0 | 13y ago | HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (ne… |