CVEs from 2013
Total
5,692
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-3829 | medium | — | 6.4 | 13y ago | Unspecified vulnerability in the Java SE, Java SE Embedded component in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and ea… | |||
| CVE-2013-5535 | medium | — | 6.4 | 13y ago | The analytics page on Cisco Video Surveillance 4000 IP cameras has hardcoded credentials, which allows remote attackers to watch the video feed by leveraging knowledge of the password, aka Bug IDs CS… | |||
| CVE-2013-4379 | medium | — | 6.4 | 13y ago | The Make Meeting Scheduler module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to bypass intended access restrictions for a poll via a direct request to the node's URL instead of the has… | |||
| CVE-2013-4213 | medium | — | 6.4 | 13y ago | Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client. | |||
| CVE-2013-4128 | medium | — | 6.4 | 13y ago | Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by remote-naming, which allows remote attackers to hijack sessions by using a remoting client. | |||
| CVE-2013-3220 | medium | — | 6.4 | 13y ago | bitcoind and Bitcoin-Qt before 0.4.9rc2, 0.5.x before 0.5.8rc2, 0.6.x before 0.6.5rc2, and 0.7.x before 0.7.3rc2, and wxBitcoin, do not properly consider whether a block's size could require an exces… | |||
| CVE-2013-2994 | medium | — | 6.4 | 13y ago | IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 incorrectly maintains a valid session after unspecified interaction with REST services, which allows remote attackers to issue REST reques… | |||
| CVE-2013-4851 | medium | — | 6.4 | 13y ago | The vfs_hang_addrlist function in sys/kern/vfs_export.c in the NFS server implementation in the kernel in FreeBSD 8.3 and 9.x through 9.1-RELEASE-p5 controls authorization for host/subnet export entr… | |||
| CVE-2013-0559 | medium | — | 6.4 | 13y ago | Unspecified vulnerability in IBM API Management 2.0 before 2.0.0.1 allows remote attackers to access tenant APIs, and consequently obtain sensitive information or modify data, via unknown vectors. | |||
| CVE-2013-3821 | medium | — | 6.4 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality and availability via … | |||
| CVE-2013-3819 | medium | — | 6.4 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality and availability via … | |||
| CVE-2013-3800 | medium | — | 6.4 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality and integrity via unk… | |||
| CVE-2013-3757 | medium | — | 6.4 | 13y ago | Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows remote attackers to affect integrity and availability via vectors related to SMF/File Locking Services. | |||
| CVE-2013-0476 | medium | — | 6.4 | 13y ago | IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to inject arbitrary FTP commands via unspecified vectors. | |||
| CVE-2013-4680 | medium | — | 6.4 | 13y ago | Open redirect vulnerability in Maag Form Captcha extension 2.0.0 and earlier for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified ve… | |||
| CVE-2013-2407 | medium | — | 6.4 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confi… | |||
| CVE-2013-3060 | medium | — | 6.4 | 13y ago | Improper Authentication in Apache ActiveMQ | |||
| CVE-2013-3221 | medium | — | 6.4 | 13y ago | The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored value… | |||
| CVE-2013-1553 | medium | — | 6.4 | 13y ago | Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.6.0 allows remote attackers to affect confidentiality and integrity via unknown vectors relat… | |||
| CVE-2013-0405 | medium | — | 6.4 | 13y ago | Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows remote attackers to affect confidentiality and integrity via vectors related to NFS client mounts and IPv6. | |||
| CVE-2013-1859 | medium | — | 6.4 | 13y ago | The Node Parameter Control module 6.x-1.x for Drupal does not properly restrict access to the configuration options, which allows remote attackers to read and edit configuration options via unspecifi… | |||
| CVE-2013-1843 | medium | — | 6.4 | 13y ago | TYPO3 Open redirect vulnerability in the Access tracking mechanism | |||
| CVE-2013-2373 | medium | — | 6.4 | 13y ago | The Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 does not properly implement access control, which allows remote attackers to… | |||
| CVE-2013-0966 | medium | — | 6.4 | 13y ago | The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended direc… | |||
| CVE-2013-1131 | medium | — | 6.4 | 14y ago | Cisco Small Business Wireless Access Points WAP200, WAP2000, WAP200E, and WET200 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SSID that … | |||
| CVE-2013-0432 | medium | — | 6.4 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 an… | |||
| CVE-2013-0382 | medium | — | 6.4 | 14y ago | Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity vi… | |||
| CVE-2013-0381 | medium | — | 6.4 | 14y ago | Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via… | |||
| CVE-2013-0829 | medium | — | 6.4 | 14y ago | Google Chrome before 24.0.1312.52 does not properly maintain database metadata, which allows remote attackers to bypass intended file-access restrictions via unspecified vectors. | |||
| CVE-2013-0155 | medium | — | 6.4 | 14y ago | Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implement… | |||
| CVE-2013-5557 | medium | — | 6.3 | 12y ago | The Proxy Bypass Content Rewriter feature in the WebVPN subsystem in Cisco Adaptive Security Appliance (ASA) Software 9.1(.2) and earlier allows remote authenticated users to cause a denial of servic… | |||
| CVE-2013-0350 | medium | — | 6.3 | 12y ago | tmp_smtp.c in pktstat 1.8.5 allows local users to overwrite arbitrary files via a symlink attack on /tmp/smtp.log. | |||
| CVE-2013-2561 | medium | — | 6.3 | 13y ago | OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst, (… | |||
| CVE-2013-4214 | medium | — | 6.3 | 13y ago | rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache. | |||
| CVE-2013-2029 | medium | — | 6.3 | 13y ago | nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary n… | |||
| CVE-2013-6692 | medium | — | 6.3 | 13y ago | Cisco IOS XE 3.8S(.2) and earlier does not properly use a DHCP pool during assignment of an IP address, which allows remote authenticated users to cause a denial of service (device reload) via an AAA… | |||
| CVE-2013-6688 | medium | — | 6.3 | 13y ago | Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authentica… | |||
| CVE-2013-5551 | medium | — | 6.3 | 13y ago | Cisco Adaptive Security Appliance (ASA) Software, when certain same-security-traffic and management-access options are enabled, allows remote authenticated users to cause a denial of service (stack o… | |||
| CVE-2013-5516 | medium | — | 6.3 | 13y ago | The Media Snapshot implementation on Cisco TelePresence Multipoint Switch (CTMS) devices allows remote authenticated users to cause a denial of service (device reload) by sending many Media Snapshot … | |||
| CVE-2013-4707 | medium | — | 6.3 | 13y ago | The SSH implementation on D-Link Japan DES-3810 devices with firmware before R2.20.011 allows remote authenticated users to cause a denial of service (device hang) by leveraging login access. | |||
| CVE-2013-4706 | medium | — | 6.3 | 13y ago | The SSH implementation on the D-Link Japan DWL-2100AP with firmware before R252JP-RC572 allows remote authenticated users to cause a denial of service (reboot) by leveraging login access. | |||
| CVE-2013-5145 | medium | — | 6.3 | 13y ago | kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message. | |||
| CVE-2013-5496 | medium | — | 6.3 | 13y ago | Open Network Environment Platform (ONEP) in Cisco NX-OS allows remote authenticated users to cause a denial of service (network-element reload) via a crafted packet, aka Bug ID CSCui51551. | |||
| CVE-2013-3474 | medium | — | 6.3 | 13y ago | The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) devices allows remote authenticated users to cause a denial of service (device crash) by leveraging membership in the Full Manag… | |||
| CVE-2013-3245 | medium | 6.3 | 6.3 | 13y ago | plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a… | |||
| CVE-2013-2968 | medium | — | 6.3 | 13y ago | An unspecified buffer-read method in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to cause a denial of service v… | |||
| CVE-2013-1241 | medium | — | 6.3 | 13y ago | The ISM module in Cisco IOS on ISR G2 routers does not properly handle authentication-header packets, which allows remote authenticated users to cause a denial of service (module reload) via a series… | |||
| CVE-2013-1161 | medium | — | 6.3 | 13y ago | The XML parser in the Cisco Jabber IM application for Android allows remote authenticated users to cause a denial of service (blocked connection) by leveraging an entry on a Buddy list and sending a … | |||
| CVE-2013-4312 | medium | 6.2 | 6.2 | 11y ago | The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, r… | |||
| CVE-2013-6200 | medium | — | 6.2 | 12y ago | Unspecified vulnerability in m4 in HP HP-UX B.11.23 and B.11.31 allows local users to obtain sensitive information or modify data via unknown vectors. | |||
| CVE-2013-5834 | medium | — | 6.2 | 13y ago | Unspecified vulnerability in Oracle Solaris 8 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to ps. | |||
| CVE-2013-6368 | medium | — | 6.2 | 13y ago | The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end addre… | |||
| CVE-2013-5046 | medium | — | 6.2 | 13y ago | Microsoft Internet Explorer 7 through 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, a… | |||
| CVE-2013-6409 | medium | — | 6.2 | 13y ago | Debian adequate before 0.8.1, when run by root with the --user option, allows local users to hijack the tty and possibly gain privileges via the TIOCSTI ioctl. | |||
| CVE-2013-4482 | medium | — | 6.2 | 13y ago | Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in t… | |||
| CVE-2013-4591 | medium | — | 6.2 | 13y ago | Buffer overflow in the __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (memory corruption and system crash) or p… | |||
| CVE-2013-1726 | medium | — | 6.2 | 13y ago | Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access… | |||
| CVE-2013-2888 | medium | — | 6.2 | 13y ago | Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or … | |||
| CVE-2013-4876 | medium | — | 6.2 | 13y ago | The Verizon Wireless Network Extender SCS-2U01 has a hardcoded password for the root account, which makes it easier for physically proximate attackers to obtain administrative access by leveraging a … | |||
| CVE-2013-4875 | medium | — | 6.2 | 13y ago | The Uboot bootloader on the Verizon Wireless Network Extender SCS-2U01 allows physically proximate attackers to bypass the intended boot process and obtain a login prompt by connecting a crafted HDMI… | |||
| CVE-2013-4874 | medium | — | 6.2 | 13y ago | The Uboot bootloader on the Verizon Wireless Network Extender SCS-26UC4 allows physically proximate attackers to obtain root access by connecting a crafted HDMI cable and using a sys session to modif… | |||
| CVE-2013-3692 | medium | — | 6.2 | 13y ago | BlackBerry 10 OS before 10.0.10.648 on BlackBerry Z10 smartphones uses weak permissions for a BlackBerry Protect object, which allows physically proximate attackers to bypass intended access restrict… | |||
| CVE-2013-3955 | medium | — | 6.2 | 13y ago | The get_xattrinfo function in the XNU kernel in Apple iOS 5.x and 6.x through 6.1.3 on iPad devices does not properly validate the header of an AppleDouble file, which might allow local users to caus… | |||
| CVE-2013-3051 | medium | — | 6.2 | 13y ago | The TrustZone kernel, when used in conjunction with a certain Motorola build of Android 4.1.2, on Motorola Razr HD, Razr M, and Atrix HD devices with the Qualcomm MSM8960 chipset does not verify the … | |||
| CVE-2013-1848 | medium | — | 6.2 | 13y ago | fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and … | |||
| CVE-2013-1827 | medium | — | 6.2 | 13y ago | net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capabil… | |||
| CVE-2013-1826 | medium | — | 6.2 | 13y ago | The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux kernel before 3.5.7 does not properly handle error conditions in dump_one_state function calls, which allows local users to gain p… | |||
| CVE-2013-1798 | medium | — | 6.2 | 13y ago | The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, … | |||
| CVE-2013-0665 | medium | — | 6.2 | 13y ago | Schweitzer Engineering Laboratories (SEL) AcSELerator QuickSet before 5.12.0.1 uses weak permissions for its Program Files directory, which allows local users to replace executable files, and consequ… | |||
| CVE-2013-0228 | medium | — | 6.2 | 13y ago | The xen_iret function in arch/x86/xen/xen-asm_32.S in the Linux kernel before 3.7.9 on 32-bit Xen paravirt_ops platforms does not properly handle an invalid value in the DS segment register, which al… | |||
| CVE-2013-1767 | medium | — | 6.2 | 13y ago | Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel before 3.7.10 allows local users to gain privileges or cause a denial of service (system crash) by remo… | |||
| CVE-2013-0313 | medium | — | 6.2 | 14y ago | The evm_update_evmxattr function in security/integrity/evm/evm_crypto.c in the Linux kernel before 3.7.5, when the Extended Verification Module (EVM) is enabled, allows local users to cause a denial … | |||
| CVE-2013-7433 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the Googlemaps plugin before 3.1 for Joomla!. | |||
| CVE-2013-7430 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the Googlemaps plugin before 3.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the xmlns parameter. | |||
| CVE-2013-7454 | medium | 6.1 | 6.1 | 10y ago | Multiple XSS Filter Bypasses in validator | |||
| CVE-2013-7453 | medium | 6.1 | 6.1 | 10y ago | Moderate severity vulnerability that affects validator | |||
| CVE-2013-7452 | medium | 6.1 | 6.1 | 10y ago | Moderate severity vulnerability that affects validator | |||
| CVE-2013-7451 | medium | 6.1 | 6.1 | 10y ago | Moderate severity vulnerability that affects validator | |||
| CVE-2013-3572 | medium | 6.1 | 6.1 | 13y ago | Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and earlier allows remote attackers to inject arbitrary web script or HTM… | |||
| CVE-2013-7027 | medium | — | 6.1 | 13y ago | The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow at… | |||
| CVE-2013-6705 | medium | — | 6.1 | 13y ago | The IP Device Tracking (IPDT) feature in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (IPDT AVL corruption and device reload) via a crafted sequence of ARP packets, aka B… | |||
| CVE-2013-6864 | medium | — | 6.1 | 13y ago | Directory traversal vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenti… | |||
| CVE-2013-6683 | medium | — | 6.1 | 13y ago | The IPv6 implementation in Cisco NX-OS does not properly handle neighbor-table adjacencies, which allows remote attackers to cause a denial of service (NS processing outage) via a series of malformed… | |||
| CVE-2013-4387 | medium | — | 6.1 | 13y ago | net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not properly determine the need for UDP Fragmentation Offload (UFO) processing of small packets after the UFO queueing of a large packet,… | |||
| CVE-2013-3610 | medium | — | 6.1 | 13y ago | qis/QIS_finish.htm on the ASUS RT-N10E router with firmware before 2.0.0.25 does not require authentication, which allows remote attackers to discover the administrator password via a direct request. | |||
| CVE-2013-4788 | medium | — | 6.1 | 13y ago | The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it … | |||
| CVE-2013-5962 | medium | — | 6.1 | 13y ago | Unrestricted file upload vulnerability in frames/upload-images.php in the Complete Gallery Manager plugin before 3.3.4 rev40279 for WordPress allows remote attackers to execute arbitrary code by uplo… | |||
| CVE-2013-1414 | medium | — | 6.1 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of … | |||
| CVE-2013-1226 | medium | — | 6.1 | 13y ago | The Ethernet frame-forwarding implementation in Cisco NX-OS on Nexus 7000 devices allows remote attackers to cause a denial of service (forwarding loop and service outage) via a crafted frame, aka Bu… | |||
| CVE-2013-1815 | medium | 6.1 | 6.1 | 13y ago | A flaw was found in PackStack. This vulnerability allows a local user to modify deployed systems by changing the answer file, which is created in insecure directories such as /tmp or the current work… | |||
| CVE-2013-0675 | medium | — | 6.1 | 13y ago | Buffer overflow in CCEServer (aka the central communications component) in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to cause a deni… | |||
| CVE-2013-2486 | medium | — | 6.1 | 13y ago | The dissect_diagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data … | |||
| CVE-2013-2485 | medium | — | 6.1 | 13y ago | The FCSP dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. | |||
| CVE-2013-2482 | medium | — | 6.1 | 13y ago | The AMPQ dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. | |||
| CVE-2013-2476 | medium | — | 6.1 | 13y ago | The dissect_hartip function in epan/dissectors/packet-hartip.c in the HART/IP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a pack… | |||
| CVE-2013-1141 | medium | — | 6.1 | 13y ago | The mDNS snooping functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.4.1.54 and earlier does not properly manage buffers, which allows remote authenticated users to cause a … | |||
| CVE-2013-2256 | medium | — | 6.0 | 4y ago | OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive info… | |||
| CVE-2013-2131 | medium | — | 6.0 | 12y ago | Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdt… | |||
| CVE-2013-6043 | medium | — | 6.0 | 12y ago | The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote attackers… | |||
| CVE-2013-3304 | medium | — | 6.0 | 12y ago | Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI. |