CVEs from 2013
Total
5,692
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-2818 | medium | — | 4.7 | 13y ago | The DNP Master Driver in Alstom e-terracontrol 3.5, 3.6, and 3.7 allows physically proximate attackers to cause a denial of service (infinite loop and DNP3 service disruption) via crafted input over … | |||
| CVE-2013-6885 | medium | — | 4.7 | 13y ago | The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of… | |||
| CVE-2013-6380 | medium | — | 4.7 | 13y ago | The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of serv… | |||
| CVE-2013-2823 | medium | — | 4.7 | 13y ago | The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent… | |||
| CVE-2013-5193 | medium | — | 4.7 | 13y ago | The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App pu… | |||
| CVE-2013-4514 | medium | — | 4.7 | 13y ago | Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveragin… | |||
| CVE-2013-4512 | medium | — | 4.7 | 13y ago | Buffer overflow in the exitcode_proc_write function in arch/um/kernel/exitcode.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other imp… | |||
| CVE-2013-2239 | medium | — | 4.7 | 13y ago | vzkernel before 042stab080.2 in the OpenVZ modification for the Linux kernel 2.6.32 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel … | |||
| CVE-2013-2058 | medium | — | 4.7 | 13y ago | The host_start function in drivers/usb/chipidea/host.c in the Linux kernel before 3.7.4 does not properly support a certain non-streaming option, which allows local users to cause a denial of service… | |||
| CVE-2013-5666 | medium | — | 4.7 | 13y ago | The sendfile system-call implementation in sys/kern/uipc_syscalls.c in the kernel in FreeBSD 9.2-RC1 and 9.2-RC2 does not properly pad transmissions, which allows local users to obtain sensitive info… | |||
| CVE-2013-5147 | low | — | 4.7 | 13y ago | Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition invo… | |||
| CVE-2013-5138 | medium | — | 4.7 | 13y ago | IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application. | |||
| CVE-2013-2899 | medium | — | 4.7 | 13y ago | drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allows physically proximate attackers to cause a den… | |||
| CVE-2013-2897 | medium | — | 4.7 | 13y ago | Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically pro… | |||
| CVE-2013-2896 | medium | — | 4.7 | 13y ago | drivers/hid/hid-ntrig.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_NTRIG is enabled, allows physically proximate attackers to cause a denial of se… | |||
| CVE-2013-2894 | medium | — | 4.7 | 13y ago | drivers/hid/hid-lenovo-tpkbd.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LENOVO_TPKBD is enabled, allows physically proximate attackers to cause … | |||
| CVE-2013-2893 | medium | — | 4.7 | 13y ago | The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate attackers to … | |||
| CVE-2013-2892 | medium | — | 4.7 | 13y ago | drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of… | |||
| CVE-2013-2891 | medium | — | 4.7 | 13y ago | drivers/hid/hid-steelseries.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_STEELSERIES is enabled, allows physically proximate attackers to cause a … | |||
| CVE-2013-2890 | medium | — | 4.7 | 13y ago | drivers/hid/hid-sony.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_SONY is enabled, allows physically proximate attackers to cause a denial of serv… | |||
| CVE-2013-2889 | medium | — | 4.7 | 13y ago | drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of … | |||
| CVE-2013-3495 | medium | — | 4.7 | 13y ago | The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device… | |||
| CVE-2013-4205 | medium | — | 4.7 | 13y ago | Memory leak in the unshare_userns function in kernel/user_namespace.c in the Linux kernel before 3.10.6 allows local users to cause a denial of service (memory consumption) via an invalid CLONE_NEWUS… | |||
| CVE-2013-2078 | medium | — | 4.7 | 13y ago | Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users to cause a denial of service (hypervisor crash) via certain bit combinations to the XSETBV instruction. | |||
| CVE-2013-2798 | medium | — | 4.7 | 13y ago | Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, and SEL-3530 RTAC master devices allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over… | |||
| CVE-2013-4163 | medium | — | 4.7 | 13y ago | The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 implementation in the Linux kernel through 3.10.3 does not properly maintain information about whether the IPV6_MTU setsockopt op… | |||
| CVE-2013-4162 | medium | — | 4.7 | 13y ago | The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function call for pending data, which allows local users to … | |||
| CVE-2013-4129 | medium | — | 4.7 | 13y ago | The bridge multicast implementation in the Linux kernel through 3.10.3 does not check whether a certain timer is armed before modifying the timeout value of that timer, which allows local users to ca… | |||
| CVE-2013-4127 | medium | — | 4.7 | 13y ago | Use-after-free vulnerability in the vhost_net_set_backend function in drivers/vhost/net.c in the Linux kernel through 3.10.3 allows local users to cause a denial of service (OOPS and system crash) vi… | |||
| CVE-2013-3797 | medium | — | 4.7 | 13y ago | Unspecified vulnerability in Oracle Solaris 11 allows local users to affect availability via unknown vectors related to Filesystem/DevFS. | |||
| CVE-2013-2188 | medium | — | 4.7 | 13y ago | A certain Red Hat patch to the do_filp_open function in fs/namei.c in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle failure to obtain wri… | |||
| CVE-2013-1613 | medium | — | 4.7 | 13y ago | SQL injection vulnerability in the management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allows remote authenticated users t… | |||
| CVE-2013-2146 | medium | — | 4.7 | 13y ago | arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial o… | |||
| CVE-2013-1919 | medium | — | 4.7 | 13y ago | Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which allows local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to "passed-through IRQs … | |||
| CVE-2013-1918 | medium | — | 4.7 | 13y ago | Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to "deep page table tra… | |||
| CVE-2013-3497 | medium | — | 4.7 | 13y ago | Juniper Junos Space before 12.3P2.8, as used on the JA1500 appliance and in other contexts, includes a cleartext password in a configuration tab, which makes it easier for physically proximate attack… | |||
| CVE-2013-1959 | low | — | 4.7 | 13y ago | kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a … | |||
| CVE-2013-2015 | medium | — | 4.7 | 13y ago | The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers … | |||
| CVE-2013-1928 | medium | — | 4.7 | 13y ago | The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive… | |||
| CVE-2013-1957 | medium | — | 4.7 | 13y ago | The clone_mnt function in fs/namespace.c in the Linux kernel before 3.8.6 does not properly restrict changes to the MNT_READONLY flag, which allows local users to bypass an intended read-only propert… | |||
| CVE-2013-3231 | medium | — | 4.7 | 13y ago | The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel … | |||
| CVE-2013-1494 | medium | — | 4.7 | 13y ago | Unspecified vulnerability in Oracle Sun Solaris 10, when running on SPARC T4 servers, allows local users to affect availability via unknown vectors related to Kernel. | |||
| CVE-2013-1792 | medium | — | 4.7 | 13y ago | Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and sys… | |||
| CVE-2013-0309 | medium | — | 4.7 | 14y ago | arch/x86/include/asm/pgtable.h in the Linux kernel before 3.6.2, when transparent huge pages are used, does not properly support PROT_NONE memory regions, which allows local users to cause a denial o… | |||
| CVE-2013-0153 | medium | — | 4.7 | 14y ago | The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to … | |||
| CVE-2013-0152 | medium | — | 4.7 | 14y ago | Memory leak in Xen 4.2 and unstable allows local HVM guests to cause a denial of service (host memory consumption) by performing nested virtualization in a way that triggers errors that are not prope… | |||
| CVE-2013-6501 | medium | — | 4.6 | 11y ago | The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL … | |||
| CVE-2013-2027 | medium | — | 4.6 | 12y ago | Jython Improper Access Restrictions vulnerability | |||
| CVE-2013-6306 | medium | — | 4.6 | 12y ago | Unspecified vulnerability on IBM Power 7 Systems 740 before 740.70 01Ax740_121, 760 before 760.40 Ax760_078, and 770 before 770.30 01Ax770_062 allows local users to gain Service Processor privileges … | |||
| CVE-2013-0204 | medium | — | 4.6 | 12y ago | settings/personal.php in ownCloud 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via crafted mount point settings. | |||
| CVE-2013-6975 | medium | — | 4.6 | 12y ago | Directory traversal vulnerability in the command-line interface in Cisco NX-OS 6.2(2a) and earlier allows local users to read arbitrary files via unspecified input, aka Bug ID CSCul05217. | |||
| CVE-2013-7374 | medium | — | 4.6 | 12y ago | The Ubuntu Date and Time Indicator (aka indicator-datetime) 13.10.0+13.10.x before 13.10.0+13.10.20131023.2-0ubuntu1.1 does not properly restrict access to Evolution, which allows local users to bypa… | |||
| CVE-2013-7221 | medium | — | 4.6 | 12y ago | The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute ar… | |||
| CVE-2013-7220 | medium | — | 4.6 | 12y ago | js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus o… | |||
| CVE-2013-7348 | medium | — | 4.6 | 12y ago | Double free vulnerability in the ioctx_alloc function in fs/aio.c in the Linux kernel before 3.12.4 allows local users to cause a denial of service (system crash) or possibly have unspecified other i… | |||
| CVE-2013-2089 | medium | — | 4.6 | 12y ago | Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the … | |||
| CVE-2013-6412 | medium | — | 4.6 | 13y ago | The transform_save function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be… | |||
| CVE-2013-5888 | medium | — | 4.6 | 13y ago | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, when running with GNOME, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | |||
| CVE-2013-5821 | medium | — | 4.6 | 13y ago | Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11.1 allows local users to affect confidentiality, integrity, and availability via vectors related to RPC. | |||
| CVE-2013-5010 | medium | — | 4.6 | 13y ago | The Application/Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x … | |||
| CVE-2013-7042 | medium | — | 4.6 | 13y ago | SUSE Lifecycle Management Server (SLMS) before 1.3.7 uses world-readable permissions for the secret keys, which allows local users to gain privileges via unspecified vectors. | |||
| CVE-2013-6432 | medium | — | 4.6 | 13y ago | The ping_recvmsg function in net/ipv4/ping.c in the Linux kernel before 3.12.4 does not properly interact with read system calls on ping sockets, which allows local users to cause a denial of service… | |||
| CVE-2013-4465 | medium | — | 4.6 | 13y ago | Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file… | |||
| CVE-2013-5550 | medium | — | 4.6 | 13y ago | The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via crafted command parameters that trigger hardware-component write operatio… | |||
| CVE-2013-4370 | medium | — | 4.6 | 13y ago | The ocaml binding for the xc_vcpu_getaffinity function in Xen 4.2.x and 4.3.x frees certain memory that may still be intended for use, which allows local users to cause a denial of service (heap corr… | |||
| CVE-2013-5008 | medium | — | 4.6 | 13y ago | The agent and task-agent components in Symantec Management Platform 7.0 and 7.1 before 7.1 SP2 Mp1.1v7 rollup, as used in certain Altiris products, use the same registry-entry encryption key across d… | |||
| CVE-2013-4256 | medium | — | 4.6 | 13y ago | Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1.9.3 allow local users to cause a denial of service (crash) or possibly execute arbitrary code via the (1) display … | |||
| CVE-2013-4326 | medium | — | 4.6 | 13y ago | RealtimeKit (aka rtkit) 0.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess Po… | |||
| CVE-2013-4324 | medium | — | 4.6 | 13y ago | spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by l… | |||
| CVE-2013-4311 | medium | — | 4.6 | 13y ago | libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race c… | |||
| CVE-2013-1066 | medium | — | 4.6 | 13y ago | language-selector 0.110.x before 0.110.1, 0.90.x before 0.90.1, and 0.79.x before 0.79.4 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass inte… | |||
| CVE-2013-1065 | medium | — | 4.6 | 13y ago | backend.py in Jockey before 0.9.7-0ubuntu7.11 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a Po… | |||
| CVE-2013-1064 | medium | — | 4.6 | 13y ago | apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restr… | |||
| CVE-2013-1063 | medium | — | 4.6 | 13y ago | usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and 0.2.38 before 0.2.38.2 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass i… | |||
| CVE-2013-1062 | medium | — | 4.6 | 13y ago | ubuntu-system-service 0.2.4 before 0.2.4.1. 0.2.3 before 0.2.3.1, and 0.2.2 before 0.2.2.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass in… | |||
| CVE-2013-1061 | medium | — | 4.6 | 13y ago | dbus/SoftwarePropertiesDBus.py in Software Properties 0.92.17 before 0.92.17.3, 0.92.9 before 0.92.9.3, and 0.82.7 before 0.82.7.5 does not properly use D-Bus for communication with a polkit authorit… | |||
| CVE-2013-3467 | medium | — | 4.6 | 13y ago | Memory leak in the CLI component on Cisco Unified Computing System (UCS) 6100 Fabric Interconnect devices, in certain situations that lack a SPAN session, allows local users to cause a denial of serv… | |||
| CVE-2013-4033 | medium | — | 4.6 | 13y ago | IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 allow remote authenticated users to execute DML statements by leveraging EXPLAIN authority. | |||
| CVE-2013-3464 | medium | — | 4.6 | 13y ago | Cisco IOS XR allows local users to cause a denial of service (Silicon Packet Processor memory corruption, improper mutex handling, and device reload) by starting an outbound flood of large ICMP Echo … | |||
| CVE-2013-0943 | medium | — | 4.6 | 13y ago | EMC NetWorker 7.6.x and 8.x before 8.1 allows local users to obtain sensitive configuration information by leveraging operating-system privileges to perform decryption with nsradmin. | |||
| CVE-2013-3028 | medium | — | 4.6 | 13y ago | Multiple buffer overflows in mqm programs in IBM WebSphere MQ 7.0.x before 7.0.1.11, 7.1.x before 7.1.0.3, and 7.5.x before 7.5.0.2 on non-Windows platforms allow local users to gain privileges via u… | |||
| CVE-2013-2339 | medium | — | 4.6 | 13y ago | HP Smart Zero Core 4.3 and 4.3.1 on the t410 All-in-One Smart Zero Client, t410 Smart Zero Client, t510 Flexible Thin Client, t5565z Smart Client, t610 Flexible Thin Client, and t610 PLUS Flexible Th… | |||
| CVE-2013-3927 | medium | — | 4.6 | 13y ago | Unspecified vulnerability in the client library in Siemens COMOS 9.2 before 9.2.0.6.10 and 10.0 before 10.0.3.0.4 allows local users to obtain unintended write access to the database by leveraging re… | |||
| CVE-2013-3951 | medium | — | 4.6 | 13y ago | sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users… | |||
| CVE-2013-2119 | medium | — | 4.6 | 13y ago | Phusion Passenger Denial of Service | |||
| CVE-2013-1136 | medium | — | 4.6 | 13y ago | The crypto engine process in Cisco IOS on Aggregation Services Router (ASR) Route Processor 2 does not properly manage memory, which allows local users to cause a denial of service (route processor c… | |||
| CVE-2013-1240 | medium | — | 4.6 | 13y ago | The command-line interface in Cisco Unified Communications Manager (CUCM) does not properly validate input, which allows local users to read arbitrary files via unspecified vectors, aka Bug ID CSCue2… | |||
| CVE-2013-2418 | medium | — | 4.6 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows local users to affect confidentiality, integrity… | |||
| CVE-2013-1523 | medium | — | 4.6 | 13y ago | Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors relate… | |||
| CVE-2013-0977 | medium | — | 4.6 | 13y ago | dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requi… | |||
| CVE-2013-0151 | medium | — | 4.6 | 13y ago | The do_hvm_op function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x86_32 platform does not prevent HVM_PARAM_NESTEDHVM (aka nested virtualization) operations, which allows guest OS users to cause … | |||
| CVE-2013-1819 | medium | — | 4.6 | 13y ago | The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel before 3.7.6 does not validate block numbers, which allows local users to cause a denial of service (NULL pointer dereference and sy… | |||
| CVE-2013-1048 | medium | — | 4.6 | 13y ago | The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not proper… | |||
| CVE-2013-0407 | medium | — | 4.6 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/DTrace Framework. | |||
| CVE-2013-3728 | low | — | 4.5 | 12y ago | Cross-site scripting (XSS) vulnerability in Kasseler CMS before 2 r1232 allows remote authenticated users with permissions to create categories to inject arbitrary web script or HTML via the cat para… | |||
| CVE-2013-6232 | low | — | 4.5 | 12y ago | Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1 allows remote authenticated users to inject arbitrary web script or HTML via a document note in the execution page. | |||
| CVE-2013-0177 | low | — | 4.5 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in widget/screen/ModelScreenWidget.java in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.05, 11.04.01, and possibly 09.04.x all… | |||
| CVE-2013-7274 | low | — | 4.5 | 13y ago | Cross-site scripting (XSS) vulnerability in Wallpaper Script 3.5.0082 allows remote authenticated users to inject arbitrary web script or HTML via the title field in a wallpaper file upload. | |||
| CVE-2013-7194 | low | — | 4.5 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in www/administrator.php in eFront 3.6.14 (build 18012) allow remote authenticated administrators to inject arbitrary web script or HTML via the (1… | |||
| CVE-2013-7025 | low | — | 4.5 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before… |