CVEs from 2013
Total
5,695
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
3.5%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-7223 | medium | — | 6.8 | 13y ago | Fat Free CRM contains Cross-site Request Forgery vulnerablilities | |||
| CVE-2013-4405 | medium | — | 6.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allow remote attackers to hijack the authentication of cumin users for uns… | |||
| CVE-2013-2628 | medium | — | 6.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in action.php in Leed (Light Feed), possibly before 1.5 Stable, allow remote attackers to hijack the authentication of administrators for un… | |||
| CVE-2013-6976 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup on Cisco EPC3925 devices allows remote attackers to hijack the authentication of administrators for requests that change a passwo… | |||
| CVE-2013-5228 | medium | — | 6.8 | 13y ago | WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2013-5225 | medium | — | 6.8 | 13y ago | WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2013-5199 | medium | — | 6.8 | 13y ago | WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2013-5198 | medium | — | 6.8 | 13y ago | WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2013-5197 | medium | — | 6.8 | 13y ago | WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2013-5196 | medium | — | 6.8 | 13y ago | WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2013-5195 | medium | — | 6.8 | 13y ago | WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft… | |||
| CVE-2013-6883 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to hijack the authentication of administrators for requests … | |||
| CVE-2013-6038 | medium | — | 6.8 | 13y ago | Stack-based buffer overflow in Trimble SketchUp Viewer 13.0.4124 allows remote attackers to execute arbitrary code via a crafted .SKP file. | |||
| CVE-2013-6192 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration before 9 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||
| CVE-2013-6710 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Training Center allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCul25567. | |||
| CVE-2013-4000 | medium | — | 6.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Cognos Command Center before 10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) start o… | |||
| CVE-2013-7069 | medium | — | 6.8 | 13y ago | ack 2.00 through 2.11_02 allows remote attackers to execute arbitrary code via a (1) --pager, (2) --regex, or (3) --output option in a .ackrc file in a directory to be searched. | |||
| CVE-2013-6400 | medium | — | 6.8 | 13y ago | Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been assigned, does not clear the flag that suppresses IOMMU TLB flushes when unspecified errors occur, which causes the TLB entries to… | |||
| CVE-2013-7050 | medium | — | 6.8 | 13y ago | The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a direc… | |||
| CVE-2013-2752 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication… | |||
| CVE-2013-1978 | medium | — | 6.8 | 13y ago | Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and po… | |||
| CVE-2013-1913 | medium | — | 6.8 | 13y ago | Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of s… | |||
| CVE-2013-5059 | medium | — | 6.8 | 13y ago | Microsoft SharePoint Server 2010 SP1 and SP2 and 2013, and Office Web Apps 2013, allows remote attackers to execute arbitrary code via crafted page content, aka "SharePoint Page Content Vulnerabiliti… | |||
| CVE-2013-6427 | medium | — | 6.8 | 13y ago | upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary co… | |||
| CVE-2013-6180 | medium | — | 6.8 | 13y ago | EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended… | |||
| CVE-2013-5355 | medium | — | 6.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Sharetronix 3.1.1 allow remote attackers to hijack the authentication of administrators for requests that (1) change configuration settin… | |||
| CVE-2013-7024 | medium | — | 6.8 | 13y ago | The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not consider the component number in certain calculations, which allows remote attackers to cause a denial of s… | |||
| CVE-2013-7023 | medium | — | 6.8 | 13y ago | The ff_combine_frame function in libavcodec/parser.c in FFmpeg before 2.1 does not properly handle certain memory-allocation errors, which allows remote attackers to cause a denial of service (out-of… | |||
| CVE-2013-7022 | medium | — | 6.8 | 13y ago | The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 does not properly allocate memory for tiles, which allows remote attackers to cause a denial of service (out-of-bounds array … | |||
| CVE-2013-7021 | medium | — | 6.8 | 13y ago | The filter_frame function in libavfilter/vf_fps.c in FFmpeg before 2.1 does not properly ensure the availability of FIFO content, which allows remote attackers to cause a denial of service (double fr… | |||
| CVE-2013-7020 | medium | — | 6.8 | 13y ago | The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce certain bit-count and colorspace constraints, which allows remote attackers to cause a denial of servic… | |||
| CVE-2013-7019 | medium | — | 6.8 | 13y ago | The get_cox function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not properly validate the reduction factor, which allows remote attackers to cause a denial of service (out-of-bounds array … | |||
| CVE-2013-7018 | medium | — | 6.8 | 13y ago | libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the use of valid code-block dimension values, which allows remote attackers to cause a denial of service (out-of-bounds array access) or … | |||
| CVE-2013-7017 | medium | — | 6.8 | 13y ago | libavcodec/jpeg2000.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via crafted JPEG2000 data. | |||
| CVE-2013-7016 | medium | — | 6.8 | 13y ago | The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the expected sample separation, which allows remote attackers to cause a denial of service (out-of-bounds array a… | |||
| CVE-2013-7015 | medium | — | 6.8 | 13y ago | The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg before 2.1 does not properly validate a certain height value, which allows remote attackers to cause a denial of service (out-of-bo… | |||
| CVE-2013-7014 | medium | — | 6.8 | 13y ago | Integer signedness error in the add_bytes_l2_c function in libavcodec/pngdsp.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have … | |||
| CVE-2013-7013 | medium | — | 6.8 | 13y ago | The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 uses an incorrect ordering of arithmetic operations, which allows remote attackers to cause a denial of service (out-of-bound… | |||
| CVE-2013-7012 | medium | — | 6.8 | 13y ago | The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not prevent attempts to use non-zero image offsets, which allows remote attackers to cause a denial of service (out-of-bound… | |||
| CVE-2013-7011 | medium | — | 6.8 | 13y ago | The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not prevent changes to global parameters, which allows remote attackers to cause a denial of service (out-of-bounds array ac… | |||
| CVE-2013-7010 | medium | — | 6.8 | 13y ago | Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg before 2.1 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other imp… | |||
| CVE-2013-7009 | medium | — | 6.8 | 13y ago | The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before 2.1 does not properly maintain a pointer to pixel data, which allows remote attackers to cause a denial of service (out-of-bounds… | |||
| CVE-2013-7008 | medium | — | 6.8 | 13y ago | The decode_slice_header function in libavcodec/h264.c in FFmpeg before 2.1 incorrectly relies on a certain droppable field, which allows remote attackers to cause a denial of service (deadlock) or po… | |||
| CVE-2013-1953 | medium | — | 6.8 | 13y ago | Integer underflow in the input_bmp_reader function in input-bmp.c in AutoTrace 0.31.1 allows context-dependent attackers to have an unspecified impact via a small value in the biSize field in the hea… | |||
| CVE-2013-6386 | medium | — | 6.8 | 13y ago | Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand function to generate random numbers, which uses predictable seeds and allows remote attackers to predict security strings and bypass in… | |||
| CVE-2013-4446 | medium | — | 6.8 | 13y ago | The _json_decode function in plugins/context_reaction_block.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support t… | |||
| CVE-2013-6635 | medium | — | 6.8 | 13y ago | Use-after-free vulnerability in the editing implementation in Blink, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service or possibly have unspecified ot… | |||
| CVE-2013-6634 | medium | — | 6.8 | 13y ago | The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows… | |||
| CVE-2013-6004 | medium | — | 6.8 | 13y ago | Session fixation vulnerability in Cybozu Garoon before 3.7.2 allows remote attackers to hijack web sessions via unspecified vectors. | |||
| CVE-2013-6029 | medium | — | 6.8 | 13y ago | Stack-based buffer overflow in the AT&T Connect Participant Application before 9.5.51 on Windows allows remote attackers to execute arbitrary code via a malformed .SVT file. | |||
| CVE-2013-6937 | medium | — | 6.8 | 13y ago | Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the name attribute of the cols element in a .wstyle file. | |||
| CVE-2013-4524 | medium | — | 6.8 | 13y ago | Directory traversal vulnerability in repository/filesystem/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to read … | |||
| CVE-2013-5375 | medium | — | 6.8 | 13y ago | Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, 6.0.0 before SR15, and 5.0.0 before SR16 FP4 allows remote attackers to access restricted classes via unspecified vectors… | |||
| CVE-2013-4041 | medium | — | 6.8 | 13y ago | Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to access restricted classes via unspecified vectors. | |||
| CVE-2013-6860 | medium | — | 6.8 | 13y ago | Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to … | |||
| CVE-2013-4407 | medium | — | 6.8 | 13y ago | HTTP::Body::Multipart in the HTTP-Body module for Perl (1.07 through 1.22, before 1.23) uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, whic… | |||
| CVE-2013-5997 | medium | — | 6.8 | 13y ago | Unspecified vulnerability in the SSH implementation on D-Link Japan DES-3800 devices with firmware before R4.50B58 allows remote authenticated users to cause a denial of service (device hang) via unk… | |||
| CVE-2013-6852 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in html/json.html on HP 2620 switches allows remote attackers to hijack the authentication of administrators for requests that change an administrative… | |||
| CVE-2013-6173 | medium | — | 6.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Ent… | |||
| CVE-2013-5993 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.0 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors related to refu… | |||
| CVE-2013-6826 | medium | — | 6.8 | 13y ago | cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site req… | |||
| CVE-2013-6817 | medium | — | 6.8 | 13y ago | Heap-based buffer overflow in SAP Network Interface Router (SAProuter) 7.30 allows remote attackers to cause a denial of service and execute arbitrary code via crafted NI Route messages. | |||
| CVE-2013-5730 | medium | — | 6.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DSL-2740B Gateway with firmware EU_1.00 allow remote attackers to hijack the authentication of administrators for requests that (1… | |||
| CVE-2013-3095 | medium | — | 6.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR865L router (Rev. A1) with firmware before 1.05b07 allow remote attackers to hijack the authentication of administrators for re… | |||
| CVE-2013-6797 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in bluewrench-video-widget.php in the Blue Wrench Video Widget plugin before 2.0.0 for WordPress allows remote attackers to hijack the authentication o… | |||
| CVE-2013-6686 | medium | — | 6.8 | 13y ago | The SSL VPN implementation in Cisco IOS 15.3(1)T2 and earlier allows remote authenticated users to cause a denial of service (interface queue wedge) via crafted DTLS packets in an SSL session, aka Bu… | |||
| CVE-2013-5556 | medium | — | 6.8 | 13y ago | The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Securi… | |||
| CVE-2013-4843 | medium | — | 6.8 | 13y ago | Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote authenticated users to obtain sensitive information via unknown vectors. | |||
| CVE-2013-3694 | medium | — | 6.8 | 13y ago | BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not require authentication for remote file-access folders, which allows remote attackers to read or create arbitr… | |||
| CVE-2013-3406 | medium | — | 6.8 | 13y ago | The "Files Available for Download" implementation in the Cisco Intelligent Automation for Cloud component in Cisco Services Portal 9.4(1) allows remote authenticated users to read arbitrary files via… | |||
| CVE-2013-4555 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in ecrire/action/logout.php in SPIP before 2.1.24 allows remote attackers to hijack the authentication of arbitrary users for requests that logout the … | |||
| CVE-2013-2114 | medium | — | 6.8 | 13y ago | Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19 through 1.19.6 and 1.20.x before 1.20.6 allows remote attackers to execute arbitrary code by uploading a file with an … | |||
| CVE-2013-6684 | medium | — | 6.8 | 13y ago | The web framework on Cisco Wireless LAN Controller (WLC) devices does not properly validate configuration parameters, which allows remote authenticated users to cause a denial of service via a crafte… | |||
| CVE-2013-6625 | medium | — | 6.8 | 13y ago | Use-after-free vulnerability in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service or possibly have unspecified ot… | |||
| CVE-2013-6622 | medium | — | 6.8 | 13y ago | Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument function in core/html/HTMLMediaElement.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers t… | |||
| CVE-2013-6357 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that… | |||
| CVE-2013-5726 | medium | — | 6.8 | 13y ago | Tweetbot 1.3.3 for Mac, and 2.8.5 for iPad and iPhone, does not require confirmation of (1) follow or (2) favorite actions, which allows remote attackers to automatically force the user to perform un… | |||
| CVE-2013-4562 | medium | — | 6.8 | 13y ago | The omniauth-facebook gem 1.4.1 before 1.5.0 does not properly store the session parameter, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via the state parameter. | |||
| CVE-2013-6230 | medium | — | 6.8 | 13y ago | The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in ISC BIND 9.6-ESV before 9.6-ESV-R10-P1, 9.8 before 9.8.6-P1, 9.9 before 9.9.4-P1, 9.9.3-S1, 9.9.4-S1, and other products, does no… | |||
| CVE-2013-4419 | medium | — | 6.8 | 13y ago | The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary … | |||
| CVE-2013-5559 | medium | — | 6.8 | 13y ago | Buffer overflow in the Active Template Library (ATL) framework in the VPNAPI COM module in Cisco AnyConnect Secure Mobility Client 2.x allows user-assisted remote attackers to execute arbitrary code … | |||
| CVE-2013-6347 | medium | — | 6.8 | 13y ago | Session fixation vulnerability in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack web sessions via unspecified vectors. | |||
| CVE-2013-6346 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack the authentication of unspecified vic… | |||
| CVE-2013-5977 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in Cart66Product.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allows remote attackers to hijack the authentication of administrators for… | |||
| CVE-2013-2701 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the Social Sharing Toolkit plugin 2.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that manip… | |||
| CVE-2013-5596 | medium | — | 6.8 | 13y ago | The cycle collection (CC) implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for re… | |||
| CVE-2013-4478 | medium | — | 6.8 | 13y ago | Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment. | |||
| CVE-2013-4479 | medium | — | 6.8 | 13y ago | lib/sup/message_chunks.rb in Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the content_type of an email attachment. | |||
| CVE-2013-3243 | medium | — | 6.8 | 13y ago | Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allows remote attackers to execute arbitrary ABAP code via unknown vectors. | |||
| CVE-2013-2208 | medium | — | 6.8 | 13y ago | tpp 1.3.1 allows remote attackers to execute arbitrary commands via a --exec command in a TPP template file. | |||
| CVE-2013-6018 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in login.jsp in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to hijack the authentication of arbitrary users for requests that change a p… | |||
| CVE-2013-5914 | medium | — | 6.8 | 13y ago | Buffer overflow in the ssl_read_record function in ssl_tls.c in PolarSSL before 1.1.8, when using TLS 1.1, might allow remote attackers to execute arbitrary code via a long packet. | |||
| CVE-2013-4885 | medium | — | 6.8 | 13y ago | The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in … | |||
| CVE-2013-4957 | medium | — | 6.8 | 13y ago | The dashboard report in Puppet Enterprise before 3.0.1 allows attackers to execute arbitrary YAML code via a crafted report-specific type. | |||
| CVE-2013-5424 | medium | — | 6.8 | 13y ago | IBM Flex System Manager (FSM) 1.3.0 allows remote attackers to bypass intended access restrictions, and create new user accounts or execute tasks, by leveraging an expired password for the system-lev… | |||
| CVE-2013-5522 | medium | — | 6.8 | 13y ago | Cisco IOS on Catalyst 3750X switches has default Service Module credentials, which makes it easier for local users to gain privileges via a Service Module login, aka Bug ID CSCue92286. | |||
| CVE-2013-5143 | medium | — | 6.8 | 13y ago | The RADIUS service in Server App in Apple OS X Server before 3.0 selects a fallback X.509 certificate in unspecified circumstances, which might allow man-in-the-middle attackers to hijack RADIUS sess… | |||
| CVE-2013-1734 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allows remote attackers… | |||
| CVE-2013-1733 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in process_bug.cgi in Bugzilla 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that modify bugs… | |||
| CVE-2013-5170 | medium | — | 6.8 | 13y ago | Buffer underflow in CoreGraphics in Apple Mac OS X before 10.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. |