CVEs from 2013
Total
5,692
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-2371 | medium | — | 5.0 | 13y ago | The Web API in the Statistics Server in TIBCO Spotfire Statistics Services 3.3.x before 3.3.1, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to obtain sensitive information via a… | |||
| CVE-2013-1795 | medium | — | 5.0 | 13y ago | Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote attackers to cause a denial of service (crash) via a large list from the IdToName RPC, which triggers a heap-based buffer overflow. | |||
| CVE-2013-1814 | medium | — | 5.0 | 13y ago | Apache Rave information disclosure vulnerability | |||
| CVE-2013-1469 | medium | — | 5.0 | 13y ago | Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the dl parameter. | |||
| CVE-2013-0312 | medium | — | 5.0 | 13y ago | 389 Directory Server before 1.3.0.4 allows remote attackers to cause a denial of service (crash) via a zero length LDAP control sequence. | |||
| CVE-2013-0095 | medium | — | 5.0 | 13y ago | Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTM… | |||
| CVE-2013-0086 | medium | — | 5.0 | 13y ago | Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Siz… | |||
| CVE-2013-0239 | medium | — | 5.0 | 13y ago | Improper Authentication in Apache CXF | |||
| CVE-2013-0252 | medium | — | 5.0 | 13y ago | boost::locale::utf::utf_traits in the Boost.Locale library in Boost 1.48 through 1.52 does not properly detect certain invalid UTF-8 sequences, which might allow remote attackers to bypass input vali… | |||
| CVE-2013-2293 | medium | — | 5.0 | 13y ago | The CTransaction::FetchInputs method in bitcoind and Bitcoin-Qt before 0.8.0rc1 copies transactions from disk to memory without incrementally checking for spent prevouts, which allows remote attacker… | |||
| CVE-2013-2273 | medium | — | 5.0 | 13y ago | bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 make it easier for remote attackers to obtain … | |||
| CVE-2013-2272 | medium | — | 5.0 | 13y ago | The penny-flooding protection mechanism in the CTxMemPool::accept method in bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5r… | |||
| CVE-2013-1154 | medium | — | 5.0 | 13y ago | The Cisco Small Business 200 Series Smart Switch 1.2.7.76 and earlier, Small Business 300 Series Managed Switch 1.2.7.76 and earlier, and Small Business 500 Series Stackable Managed Switch 1.2.7.76 a… | |||
| CVE-2013-2488 | medium | — | 5.0 | 13y ago | The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not validate the fragment offset before invoking the reassembly state machine, which allows remote attackers to cause a… | |||
| CVE-2013-1643 | medium | — | 5.0 | 13y ago | The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an … | |||
| CVE-2013-0909 | medium | — | 5.0 | 13y ago | The XSS Auditor in Google Chrome before 25.0.1364.152 allows remote attackers to obtain sensitive HTTP Referer information via unspecified vectors. | |||
| CVE-2013-0198 | medium | — | 5.0 | 13y ago | Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplificati… | |||
| CVE-2013-1415 | medium | — | 5.0 | 13y ago | The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1… | |||
| CVE-2013-1138 | medium | — | 5.0 | 13y ago | The NAT process on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (connections-table memory consumption) via crafted packets, aka Bug ID CSCue46… | |||
| CVE-2013-0247 | medium | — | 5.0 | 13y ago | OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service (disk consumption) via many invalid … | |||
| CVE-2013-0220 | medium | — | 5.0 | 13y ago | The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in S… | |||
| CVE-2013-0786 | medium | — | 5.0 | 13y ago | The Bugzilla::Search::build_subselect function in Bugzilla 2.x and 3.x before 3.6.13 and 3.7.x and 4.0.x before 4.0.10 generates different error messages for invalid product queries depending on whet… | |||
| CVE-2013-0118 | medium | — | 5.0 | 13y ago | CS-Cart before 3.0.6, when PayPal Standard Payments is configured, allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setti… | |||
| CVE-2013-0899 | medium | — | 5.0 | 13y ago | Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and… | |||
| CVE-2013-0888 | medium | — | 5.0 | 13y ago | Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors rel… | |||
| CVE-2013-0883 | medium | — | 5.0 | 13y ago | Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via unspe… | |||
| CVE-2013-0881 | medium | — | 5.0 | 13y ago | Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via crafted data in the Ma… | |||
| CVE-2013-1485 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect integrity via unknown vectors related to Librarie… | |||
| CVE-2013-1129 | medium | — | 5.0 | 14y ago | Memory leak in Cisco Unity Connection 9.x allows remote attackers to cause a denial of service (memory consumption and process crash) by sending many TCP requests, aka Bug ID CSCud59736. | |||
| CVE-2013-0273 | medium | — | 5.0 | 14y ago | sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash)… | |||
| CVE-2013-0271 | medium | — | 5.0 | 14y ago | The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname. | |||
| CVE-2013-0705 | medium | — | 5.0 | 14y ago | Directory traversal vulnerability in LSI 3ware Disk Manager (3DM) before 2 allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2013-1122 | medium | — | 5.0 | 14y ago | Cisco NX-OS on the Nexus 7000, when a certain Overlay Transport Virtualization (OTV) configuration is used, allows remote attackers to cause a denial of service (M1-Series module reload) via crafted … | |||
| CVE-2013-1455 | medium | — | 5.0 | 14y ago | Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to an "Undefined variable." | |||
| CVE-2013-1454 | medium | — | 5.0 | 14y ago | Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to "Coding errors." | |||
| CVE-2013-0637 | medium | — | 5.0 | 14y ago | Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, b… | |||
| CVE-2013-0242 | medium | — | 5.0 | 14y ago | Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service… | |||
| CVE-2013-0189 | medium | — | 5.0 | 14y ago | cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue… | |||
| CVE-2013-0166 | medium | — | 5.0 | 14y ago | OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service … | |||
| CVE-2013-1473 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect integrity via unknown vectors… | |||
| CVE-2013-0449 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect confidentiality via unknown vectors related to Deploy… | |||
| CVE-2013-0448 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect integrity via unknown vectors related to Libraries. | |||
| CVE-2013-0440 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, a… | |||
| CVE-2013-0435 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confide… | |||
| CVE-2013-0434 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 an… | |||
| CVE-2013-0433 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote att… | |||
| CVE-2013-0427 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote att… | |||
| CVE-2013-0424 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, a… | |||
| CVE-2013-0409 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confi… | |||
| CVE-2013-1112 | medium | — | 5.0 | 14y ago | Cisco Carrier Routing System (CRS) allows remote attackers to cause a denial of service (packet loss) via short malformed packets that trigger inefficient processing, aka Bug ID CSCud79136. | |||
| CVE-2013-1451 | medium | — | 5.0 | 14y ago | Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent… | |||
| CVE-2013-0652 | medium | — | 5.0 | 14y ago | GE Intelligent Platforms Proficy Real-Time Information Portal does not restrict access to methods of an unspecified Java class, which allows remote attackers to obtain a username listing via an RMI c… | |||
| CVE-2013-0651 | medium | — | 5.0 | 14y ago | The Portal installation process in GE Intelligent Platforms Proficy Real-Time Information Portal stores sensitive information under the web root with insufficient access control, which allows remote … | |||
| CVE-2013-0417 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Sun Storage Common Array Manager (CAM) component in Oracle Sun Products Suite 6.9.0 allows remote attackers to affect confidentiality, related to Fault Management Sys… | |||
| CVE-2013-0396 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Application Performance Management (APM) component in Oracle Enterprise Manager Grid Control 6.5, 11.1, and 12.1.0.2 allows remote attackers to affect integrity via u… | |||
| CVE-2013-0394 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the PeopleSoft HRMS component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote attackers to affect confidentiality via unknown vectors related to Candidate Gateway. | |||
| CVE-2013-0360 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Application Performance Management (APM) component in Oracle Enterprise Manager Grid Control 6.5, 11.1, and 12.1.0.2 allows remote attackers to affect integrity via u… | |||
| CVE-2013-0835 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Geolocation implementation in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (application crash) via unknown vectors. | |||
| CVE-2013-0834 | medium | — | 5.0 | 14y ago | Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving glyphs. | |||
| CVE-2013-0833 | medium | — | 5.0 | 14y ago | Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to printing. | |||
| CVE-2013-0759 | medium | — | 5.0 | 14y ago | Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 a… | |||
| CVE-2013-0183 | medium | — | 5.0 | 14y ago | multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipar… | |||
| CVE-2013-0721 | medium | — | 5.0 | 14y ago | wp-php-widget.php in the WP PHP widget plugin 1.0.2 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. | |||
| CVE-2013-0284 | medium | — | 5.0 | 14y ago | newrelic_rpm Gem Discloses Sensitive Information | |||
| CVE-2013-7395 | medium | — | 4.9 | 12y ago | ZOLL Defibrillator / Monitor X Series has a default (1) supervisor password and (2) service password, which allows physically proximate attackers to modify device configuration and cause a denial of … | |||
| CVE-2013-6308 | medium | — | 4.9 | 12y ago | IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to conduct phishing attacks and capture login credentials via an unspecified injection. | |||
| CVE-2013-4500 | medium | — | 4.9 | 12y ago | The Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote authenticated users with the "view any quiz results" or "view results for own quiz" permission to delete arbitrary results via the dele… | |||
| CVE-2013-6889 | medium | — | 4.9 | 12y ago | GNU Rush 1.7 does not properly drop privileges, which allows local users to read arbitrary files via the --lint option. | |||
| CVE-2013-4544 | medium | — | 4.9 | 12y ago | hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers o… | |||
| CVE-2013-7068 | medium | — | 4.9 | 12y ago | The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field. | |||
| CVE-2013-3997 | medium | — | 4.9 | 12y ago | Open redirect vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before 2.1 FP2 allows remote authenticated users to redirect users to arbitrary web sit… | |||
| CVE-2013-7322 | medium | — | 4.9 | 12y ago | usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly handle lines containing an invalid one-time-password (OTP) type and a user name in /etc/users.oath, which causes the wrong line t… | |||
| CVE-2013-2962 | medium | — | 4.9 | 13y ago | Buffer overflow in the Launcher in IBM WebSphere Transformation Extender 8.4.x before 8.4.0.4 allows local users to cause a denial of service (process crash or Admin Console command-stream outage) vi… | |||
| CVE-2013-4739 | medium | — | 4.9 | 13y ago | The MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to obtain sensitive information… | |||
| CVE-2013-4661 | medium | — | 4.9 | 13y ago | CiviCRM 2.0.0 through 4.2.9 and 4.3.0 through 4.3.3 does not properly enforce role-based access control (RBAC) restrictions for default custom searches, which allows remote authenticated users with t… | |||
| CVE-2013-5876 | medium | — | 4.9 | 13y ago | Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2014-0447. | |||
| CVE-2013-5833 | medium | — | 4.9 | 13y ago | Unspecified vulnerability in Oracle Solaris 8 and 9 allows local users to affect availability via unknown vectors related to Filesystem. | |||
| CVE-2013-5909 | medium | — | 4.9 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality and integrity via unknown v… | |||
| CVE-2013-7281 | medium | — | 4.9 | 13y ago | The dgram_recvmsg function in net/ieee802154/dgram.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which al… | |||
| CVE-2013-7271 | medium | — | 4.9 | 13y ago | The x25_recvmsg function in net/x25/af_x25.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows loc… | |||
| CVE-2013-7270 | medium | — | 4.9 | 13y ago | The packet_recvmsg function in net/packet/af_packet.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which al… | |||
| CVE-2013-7269 | medium | — | 4.9 | 13y ago | The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allow… | |||
| CVE-2013-7268 | medium | — | 4.9 | 13y ago | The ipx_recvmsg function in net/ipx/af_ipx.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows loc… | |||
| CVE-2013-7267 | medium | — | 4.9 | 13y ago | The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allow… | |||
| CVE-2013-7266 | medium | — | 4.9 | 13y ago | The mISDN_sock_recvmsg function in drivers/isdn/mISDN/socket.c in the Linux kernel before 3.12.4 does not ensure that a certain length value is consistent with the size of an associated data structur… | |||
| CVE-2013-7265 | medium | — | 4.9 | 13y ago | The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows … | |||
| CVE-2013-7264 | medium | — | 4.9 | 13y ago | The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allow… | |||
| CVE-2013-7263 | medium | — | 4.9 | 13y ago | The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kerne… | |||
| CVE-2013-7081 | medium | — | 4.9 | 13y ago | TYPO3 Improper Access Control vulnerability | |||
| CVE-2013-4012 | medium | — | 4.9 | 13y ago | IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF09, when Content Template Catalog 4.0 is used, does not require administrative privileges for Portal Application Archive (PAA) file installation, which a… | |||
| CVE-2013-3705 | medium | — | 4.9 | 13y ago | The VBA32 AntiRootKit component for Novell Client 2 SP3 before IR5 on Windows allows local users to cause a denial of service (bugcheck and BSOD) via an IOCTL call for an invalid IOCTL. | |||
| CVE-2013-5407 | medium | — | 4.9 | 13y ago | IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not properly restrict use of FRAME elements, which allows remote authenticated users to bypass intended access restrictions or obtain … | |||
| CVE-2013-5426 | medium | — | 4.9 | 13y ago | Session fixation vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 IF5 and 11.0 before IF1 and InfoSphere Master Data Management Server for Product Infor… | |||
| CVE-2013-7005 | medium | — | 4.9 | 13y ago | D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware bef… | |||
| CVE-2013-4445 | medium | — | 4.9 | 13y ago | The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal uses Drupal's token scheme to restrict access to blocks, which makes it easier for … | |||
| CVE-2013-5455 | medium | — | 4.9 | 13y ago | IBM SmartCloud Provisioning 2.1 before FP3 IF0001 allows remote authenticated users to modify virtual-system deployment via deployer.virtualsystems CLI commands, as demonstrated by a deletion using a… | |||
| CVE-2013-6392 | medium | — | 4.9 | 13y ago | The genlock_dev_ioctl function in genlock.c in the Genlock driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does… | |||
| CVE-2013-6861 | medium | — | 4.9 | 13y ago | Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows local users to obtain s… | |||
| CVE-2013-6834 | medium | — | 4.9 | 13y ago | The ql_eioctl function in sys/dev/qlxgbe/ql_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from k… | |||
| CVE-2013-6833 | medium | — | 4.9 | 13y ago | The qls_eioctl function in sys/dev/qlxge/qls_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from … |