CVEs from 2013
Total
5,694
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-1209 | medium | — | 5.0 | 13y ago | The encryption functionality in the Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication component in Cisco NX-OS on the Nexus 1000V does not properly authenticate VSM/VEM p… | |||
| CVE-2013-1962 | medium | — | 5.0 | 13y ago | The remoteDispatchStoragePoolListAllVolumes function in the storage pool manager in libvirt 1.0.5 allows remote attackers to cause a denial of service (file descriptor consumption) via a large number… | |||
| CVE-2013-0599 | medium | — | 5.0 | 13y ago | IBM Eclipse Help System (IEHS), as used in IBM Rational Directory Server 5.1.1 through 5.1.1.2 and 5.2 through 5.2.1 and other products, allows remote attackers to obtain sensitive information by pro… | |||
| CVE-2013-2959 | medium | — | 5.0 | 13y ago | The Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 does not provide an encrypted session for transmitting login credentials, which allows rem… | |||
| CVE-2013-2954 | medium | — | 5.0 | 13y ago | The login page in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 does not limit the number of incorrect authentication attempts, which ma… | |||
| CVE-2013-3562 | medium | — | 5.0 | 13y ago | Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a deni… | |||
| CVE-2013-3560 | medium | — | 5.0 | 13y ago | The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attacke… | |||
| CVE-2013-3559 | medium | — | 5.0 | 13y ago | epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer over… | |||
| CVE-2013-3558 | medium | — | 5.0 | 13y ago | The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cau… | |||
| CVE-2013-3557 | medium | — | 5.0 | 13y ago | The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, whi… | |||
| CVE-2013-3556 | medium | — | 5.0 | 13y ago | The fragment_add_seq_common function in epan/reassemble.c in the ASN.1 BER dissector in Wireshark before r48943 has an incorrect pointer dereference during a comparison, which allows remote attackers… | |||
| CVE-2013-3555 | medium | — | 5.0 | 13y ago | epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in Wireshark 1.8.x before 1.8.7 calls incorrect functions in certain contexts related to ciphers, which allows remote attackers to cause a denial… | |||
| CVE-2013-2083 | medium | — | 5.0 | 13y ago | Moodle is vulnerable to Improper Input Validation in MoodleQuickForm class | |||
| CVE-2013-2082 | medium | — | 5.0 | 13y ago | Moodle does not enforce capability requirements for reading blog comments | |||
| CVE-2013-1204 | medium | — | 5.0 | 13y ago | Memory leak in the SNMP process in Cisco IOS XR allows remote attackers to cause a denial of service (memory consumption or process reload) by sending many port-162 UDP packets, aka Bug ID CSCug80345. | |||
| CVE-2013-2848 | medium | — | 5.0 | 13y ago | The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2013-2838 | medium | — | 5.0 | 13y ago | Google V8, as used in Google Chrome before 27.0.1453.93, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||
| CVE-2013-2737 | medium | — | 5.0 | 13y ago | A JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2013-1188 | medium | — | 5.0 | 13y ago | Cisco Unified Communications Manager (CUCM) does not properly limit the rate of authentication attempts, which allows remote attackers to cause a denial of service (application slowdown) via a series… | |||
| CVE-2013-1336 | medium | — | 5.0 | 13y ago | The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XM… | |||
| CVE-2013-2020 | medium | — | 5.0 | 13y ago | Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in… | |||
| CVE-2013-1242 | medium | — | 5.0 | 13y ago | Memory leak in the web framework in the server in Cisco Unified Presence (CUP) allows remote attackers to cause a denial of service (memory consumption) via malformed TCP packets, aka Bug ID CSCug380… | |||
| CVE-2013-0519 | medium | — | 5.0 | 13y ago | IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 provides web-server version data in (1) an unspecified page tit… | |||
| CVE-2013-1235 | medium | — | 5.0 | 13y ago | Cisco Wireless LAN Controller (WLC) devices do not properly address the resource consumption of terminated TELNET sessions, which allows remote attackers to cause a denial of service (TELNET outage) … | |||
| CVE-2013-1232 | medium | — | 5.0 | 13y ago | The HTTP implementation in Cisco WebEx Node for MCS, WebEx Meetings Server, and WebEx Node for ASR 1000 Series allows remote attackers to read the contents of uninitialized memory locations via a cra… | |||
| CVE-2013-1231 | medium | — | 5.0 | 13y ago | The HTTP implementation in Cisco WebEx Node for MCS and WebEx Meetings Server allows remote attackers to read cache files via a crafted request, aka Bug IDs CSCue36664 and CSCue36629. | |||
| CVE-2013-0306 | medium | — | 5.0 | 13y ago | The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of ser… | |||
| CVE-2013-1230 | medium | — | 5.0 | 13y ago | Cisco Unified Communications Domain Manager allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed UDP packets, aka Bug ID CSCug47057. | |||
| CVE-2013-1229 | medium | — | 5.0 | 13y ago | TMSSNMPService.exe in TelePresence Manager in Cisco TelePresence Management Suite (TMS) on 64-bit platforms allows remote attackers to cause a denial of service (process crash) via SNMP traps, aka Bu… | |||
| CVE-2013-1156 | medium | — | 5.0 | 13y ago | Directory traversal vulnerability in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to read arbitrary files via a crafted URL, aka Bug ID CSCud51034. | |||
| CVE-2013-0666 | medium | — | 5.0 | 13y ago | The configuration utility in MatrikonOPC Security Gateway 1.0 allows remote attackers to cause a denial of service (unhandled exception and application crash) via a TCP RST packet. | |||
| CVE-2013-1944 | medium | — | 5.0 | 13y ago | The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix… | |||
| CVE-2013-1914 | medium | — | 5.0 | 13y ago | Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (cra… | |||
| CVE-2013-3241 | medium | — | 5.0 | 13y ago | export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users t… | |||
| CVE-2013-1949 | medium | — | 5.0 | 13y ago | Social Media Widget (social-media-widget) plugin 4.0 for WordPress contains an externally introduced modification (Trojan Horse), which allows remote attackers to force the upload of arbitrary files. | |||
| CVE-2013-1214 | medium | — | 5.0 | 13y ago | The scripts editor in Cisco Unified Contact Center Express (aka Unified CCX) does not properly manage privileges for anonymous logins, which allows remote attackers to read arbitrary scripts by visit… | |||
| CVE-2013-1195 | medium | — | 5.0 | 13y ago | The time-based ACL implementation on Cisco Adaptive Security Appliances (ASA) devices, and in Cisco Firewall Services Module (FWSM), does not properly handle periodic statements for the time-range co… | |||
| CVE-2013-0584 | medium | — | 5.0 | 13y ago | The Data Replication Dashboard component in IBM InfoSphere Replication Server 9.7 and 10.x before 10.2.0.0-b113 allows remote attackers to obtain a list of all user accounts, along with information a… | |||
| CVE-2013-3210 | medium | — | 5.0 | 13y ago | Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the … | |||
| CVE-2013-1194 | medium | — | 5.0 | 13y ago | The ISAKMP implementation on Cisco Adaptive Security Appliances (ASA) devices generates different responses for IKE aggressive-mode messages depending on whether invalid VPN groups are specified, whi… | |||
| CVE-2013-2438 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to JavaFX. | |||
| CVE-2013-2424 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allow… | |||
| CVE-2013-2417 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allow… | |||
| CVE-2013-1564 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect integrity via unknow… | |||
| CVE-2013-1561 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality via … | |||
| CVE-2013-2409 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality via vectors related t… | |||
| CVE-2013-2388 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect availability via unknown vec… | |||
| CVE-2013-1570 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote attackers to affect availability via unknown vectors related to MemCached. | |||
| CVE-2013-1565 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Oracle GoldenGate Veridata component in Oracle Fusion Middleware 3.0.0.11 allows remote attackers to affect availability via unknown vectors. | |||
| CVE-2013-1559 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote authenticated users to affect availability via unknown vectors … | |||
| CVE-2013-1554 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to affect availability via unknown vect… | |||
| CVE-2013-1545 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.5.0, and 11.1.1.6.0 allows remote attackers to affect availability via unknown vectors relat… | |||
| CVE-2013-1538 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Network Layer component in Oracle Database Server 11.2.0.2 and 11.2.0.3 allows remote attackers to affect availability via unknown vectors. | |||
| CVE-2013-1535 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0, 5.1.0, 5.2.0, 5.3.4, and 6.0.1 allows remote attackers to affect c… | |||
| CVE-2013-1519 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.1 allows remote attackers to affect integrity via unknown vectors. | |||
| CVE-2013-1510 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Portal Framework, … | |||
| CVE-2013-1509 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 7.6.2, 11.1.1.6.0, and 11.1.1.6.1 allows remote authenticated users to affect integrity via unknown vecto… | |||
| CVE-2013-0408 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to CPU performance counters drivers. | |||
| CVE-2013-2835 | medium | — | 5.0 | 13y ago | Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechan… | |||
| CVE-2013-2834 | medium | — | 5.0 | 13y ago | Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechan… | |||
| CVE-2013-2832 | medium | — | 5.0 | 13y ago | The Buffer::Set function in core/cross/buffer.cc in the O3D plug-in in Google Chrome OS before 26.0.1410.57 does not prevent uninitialized data from remaining in a buffer, which might allow remote at… | |||
| CVE-2013-2303 | medium | — | 5.0 | 13y ago | Sleipnir 4.0.0.4000 and earlier on Windows allows remote attackers to spoof the SSL lock icon and address-bar colors via unspecified vectors. | |||
| CVE-2013-1193 | medium | — | 5.0 | 13y ago | The Secure Shell (SSH) implementation on Cisco Adaptive Security Appliances (ASA) devices, and in Cisco Firewall Services Module (FWSM), does not properly terminate sessions, which allows remote atta… | |||
| CVE-2013-1187 | medium | — | 5.0 | 13y ago | The Connection Manager in Cisco Jabber Extensible Communications Platform (aka Jabber XCP) does not properly validate login data, which allows remote attackers to cause a denial of service (service c… | |||
| CVE-2013-0315 | medium | — | 5.0 | 13y ago | The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML Entit… | |||
| CVE-2013-0282 | medium | — | 5.0 | 13y ago | OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, whi… | |||
| CVE-2013-2716 | medium | — | 5.0 | 13y ago | Puppet Labs Puppet Enterprise before 2.8.0 does not use a "randomized secret" in the CAS client config file (cas_client_config.yml) when upgrading from older 1.2.x or 2.0.x versions, which allows rem… | |||
| CVE-2013-1282 | medium | — | 5.0 | 13y ago | The LDAP service in Microsoft Active Directory, Active Directory Application Mode (ADAM), Active Directory Lightweight Directory Service (AD LDS), and Active Directory Services allows remote attacker… | |||
| CVE-2013-1821 | medium | — | 5.0 | 13y ago | Ruby vulnerable to denial of service | |||
| CVE-2013-0681 | medium | — | 5.0 | 13y ago | Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote attackers to cause a denial… | |||
| CVE-2013-1174 | medium | — | 5.0 | 13y ago | Cisco Tivoli Business Service Manager (TBSM) in Hosted Collaboration Mediation (HCM) in Cisco Hosted Collaboration Solution allows remote attackers to cause a denial of service (temporary service han… | |||
| CVE-2013-0483 | medium | — | 5.0 | 13y ago | The login component in SOAP Gateway in IBM IMS Enterprise Suite 1.1, 2.1, and 2.2 uses cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | |||
| CVE-2013-0128 | medium | — | 5.0 | 13y ago | The Contact Customer Support feature in the TigerText Free Private Texting app before 3.1.402 for iOS sends a log-file e-mail message with unencrypted credentials, which allows remote attackers to ob… | |||
| CVE-2013-2763 | medium | — | 5.0 | 13y ago | The Schneider Electric M340 PLC modules allow remote attackers to cause a denial of service (resource consumption) via unspecified vectors. NOTE: the vendor reportedly disputes this issue because it… | |||
| CVE-2013-0791 | medium | — | 5.0 | 13y ago | The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x… | |||
| CVE-2013-1665 | medium | — | 5.0 | 13y ago | The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via a… | |||
| CVE-2013-1664 | medium | — | 5.0 | 13y ago | The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other pro… | |||
| CVE-2013-2744 | medium | — | 5.0 | 13y ago | importbuddy.php in the BackupBuddy plugin 2.2.25 for WordPress allows remote attackers to obtain configuration information via a step 0 phpinfo action, which calls the phpinfo function. | |||
| CVE-2013-2686 | medium | — | 5.0 | 13y ago | main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.… | |||
| CVE-2013-2264 | medium | — | 5.0 | 13y ago | The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x … | |||
| CVE-2013-1747 | medium | — | 5.0 | 13y ago | channel.c in ngIRCd 20 and 20.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a KICK command for a user who is not on the associated channel. | |||
| CVE-2013-0923 | medium | — | 5.0 | 13y ago | The USB Apps API in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors. | |||
| CVE-2013-0917 | medium | — | 5.0 | 13y ago | The URL loader in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||
| CVE-2013-0316 | medium | — | 5.0 | 13y ago | The Image module in Drupal 7.x before 7.20 allows remote attackers to cause a denial of service (CPU and disk space consumption) via a large number of new derivative requests. | |||
| CVE-2013-0257 | medium | — | 5.0 | 13y ago | The email2image module 6.x-1.x and 6.x-2.x for Drupal does not properly restrict access to nodes, which allows remote attackers to read images of user email addresses and email fields. | |||
| CVE-2013-0182 | medium | — | 5.0 | 13y ago | The Payment module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to payments, which allows remote attackers to read arbitrary payments. | |||
| CVE-2013-2300 | medium | — | 5.0 | 13y ago | The FlickWnn (aka OpenWnn/Flick support) application 2.02 and earlier for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an applicatio… | |||
| CVE-2013-0720 | medium | — | 5.0 | 13y ago | The COBIME application before 0.9.4 for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesyst… | |||
| CVE-2013-0719 | medium | — | 5.0 | 13y ago | The ArtIME Japanese Input application 1.1.2 and earlier for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesse… | |||
| CVE-2013-0718 | medium | — | 5.0 | 13y ago | The Simeji application 4.8.1 and earlier for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local fil… | |||
| CVE-2013-1162 | medium | — | 5.0 | 13y ago | The traffic engineering (TE) processing subsystem in Cisco IOS XR allows remote attackers to cause a denial of service (process restart) via crafted TE packets, aka Bug ID CSCue04000. | |||
| CVE-2013-1831 | medium | — | 5.0 | 13y ago | Moodle reveals absolute path in exception message | |||
| CVE-2013-1830 | medium | — | 5.0 | 13y ago | Moodle does not enforce the forceloginforprofiles setting | |||
| CVE-2013-2640 | medium | — | 5.0 | 13y ago | ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct… | |||
| CVE-2013-0731 | medium | — | 5.0 | 13y ago | ajax.functions.php in the MailUp plugin before 1.3.3 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct… | |||
| CVE-2013-2633 | medium | — | 5.0 | 13y ago | Piwik (now Matomo) Reveals Sensitive Information by Accepting Input from `POST` Requests | |||
| CVE-2013-0716 | medium | — | 5.0 | 13y ago | The web server in Wind River VxWorks 5.5 through 6.9 allows remote attackers to cause a denial of service (daemon crash) via a crafted URI. | |||
| CVE-2013-1654 | medium | — | 5.0 | 13y ago | Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote attackers to c… | |||
| CVE-2013-2263 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Citrix Access Gateway Standard Edition 5.0.x before 5.0.4.223524 allows remote attackers to access network resources via unknown attack vectors. | |||
| CVE-2013-1854 | medium | — | 5.0 | 13y ago | The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attack… |