CVEs from 2013
Total
5,692
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-5905 | medium | — | 5.1 | 13y ago | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install, a different v… | |||
| CVE-2013-5902 | medium | — | 5.1 | 13y ago | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnera… | |||
| CVE-2013-4550 | medium | — | 5.1 | 13y ago | Bip before 0.8.9, when running as a daemon, writes SSL handshake errors to an unexpected file descriptor that was previously associated with stderr before stderr has been closed, which allows remote … | |||
| CVE-2013-7039 | medium | — | 5.1 | 13y ago | Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a d… | |||
| CVE-2013-6385 | medium | — | 5.1 | 13y ago | The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote att… | |||
| CVE-2013-4689 | medium | — | 5.1 | 13y ago | J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1R before 12.1R6, 12.1X44 before 12.1X44-D15, 12.1x45 before 12.1X45-D10, 12.2 before 12.2R3, 12.3 before 12.3R2, and 13.1 before 13.1R3 … | |||
| CVE-2013-2054 | medium | — | 5.1 | 13y ago | Buffer overflow in the atodn function in strongSwan 2.0.0 through 4.3.4, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (p… | |||
| CVE-2013-2052 | medium | — | 5.1 | 13y ago | Buffer overflow in the atodn function in libreswan 3.0 and 3.1, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE … | |||
| CVE-2013-1862 | medium | — | 5.1 | 13y ago | mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to exec… | |||
| CVE-2013-1912 | medium | — | 5.1 | 13y ago | Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends … | |||
| CVE-2013-0130 | medium | — | 5.1 | 13y ago | Multiple buffer overflows in Core FTP before 2.2 build 1769 allow remote FTP servers to execute arbitrary code or cause a denial of service (application crash) via a long directory name in a (1) DELE… | |||
| CVE-2013-0320 | medium | — | 5.1 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack th… | |||
| CVE-2013-0472 | medium | — | 5.1 | 14y ago | The Web GUI in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.1.0 and 6.4 before 6.4.0.1 allows man-in-the-middle attackers to obtain unspecified client access, and consequently obtain… | |||
| CVE-2013-0263 | medium | — | 5.1 | 14y ago | Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privile… | |||
| CVE-2013-0214 | medium | — | 5.1 | 14y ago | Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the… | |||
| CVE-2013-0213 | medium | — | 5.1 | 14y ago | The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME el… | |||
| CVE-2013-0974 | medium | — | 5.1 | 14y ago | StoreKit in Apple iOS before 6.1 does not properly handle the disabling of JavaScript within the preferences configuration of Mobile Safari, which allows remote attackers to bypass intended access re… | |||
| CVE-2013-4294 | medium | — | 5.0 | 4y ago | The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which a… | |||
| CVE-2013-1443 | medium | — | 5.0 | 4y ago | The authentication framework (django.contrib.auth) in Django 1.4.x before 1.4.8, 1.5.x before 1.5.4, and 1.6.x before 1.6 beta 4 allows remote attackers to cause a denial of service (CPU consumption)… | |||
| CVE-2013-6419 | medium | — | 5.0 | 4y ago | Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive… | |||
| CVE-2013-2014 | medium | — | 5.0 | 4y ago | OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests. | |||
| CVE-2013-7444 | medium | — | 5.0 | 11y ago | The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the "Change block" text. | |||
| CVE-2013-7443 | medium | — | 5.0 | 11y ago | Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a denial of service (crash) via crafted SQL statements. | |||
| CVE-2013-7437 | medium | — | 5.0 | 11y ago | Multiple integer overflows in potrace 1.11 allow remote attackers to cause a denial of service (crash) via large dimensions in a BMP image, which triggers a buffer overflow. | |||
| CVE-2013-7423 | medium | — | 5.0 | 11y ago | The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended l… | |||
| CVE-2013-7252 | medium | — | 5.0 | 12y ago | kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a co… | |||
| CVE-2013-5958 | medium | — | 5.0 | 12y ago | The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service (CPU consumption) via a lon… | |||
| CVE-2013-7401 | medium | — | 5.0 | 12y ago | The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a " " or "?" character in an ICAP request, as demonstrated by us… | |||
| CVE-2013-4442 | medium | — | 5.0 | 12y ago | Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers. | |||
| CVE-2013-4440 | medium | — | 5.0 | 12y ago | Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack. | |||
| CVE-2013-7402 | medium | — | 5.0 | 12y ago | Multiple unspecified vulnerabilities in request.c in c-icap 0.2.x allow remote attackers to cause a denial of service (crash) via a crafted ICAP request. | |||
| CVE-2013-3737 | medium | — | 5.0 | 12y ago | The MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13, when using the file-based session store (Apache::Session::File) and certain authentication … | |||
| CVE-2013-0336 | medium | — | 5.0 | 12y ago | The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (cr… | |||
| CVE-2013-7329 | medium | — | 5.0 | 12y ago | The CGI::Application module before 4.50_50 and 4.50_51 for Perl, when run modes are not specified, allows remote attackers to obtain sensitive information (web queries and environment details) via ve… | |||
| CVE-2013-6496 | medium | — | 5.0 | 12y ago | Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive information via a crafted request to the (1) homebase, (2) cluster, (3) storage, (4) portal_skins/custom, or (5) logs Luci extension. | |||
| CVE-2013-2599 | medium | — | 5.0 | 12y ago | A certain Qualcomm Innovation Center (QuIC) patch to the NativeDaemonConnector class in services/java/com/android/server/NativeDaemonConnector.java in Code Aurora Forum (CAF) releases of Android 4.1.… | |||
| CVE-2013-0334 | medium | — | 5.0 | 12y ago | Bundler may install gems from a different source than expected | |||
| CVE-2013-5757 | medium | — | 5.0 | 12y ago | Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parame… | |||
| CVE-2013-5756 | medium | — | 5.0 | 12y ago | Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to cgi-bin/cgiServer.exx. | |||
| CVE-2013-7391 | medium | — | 5.0 | 12y ago | The Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when using the (a) Views field or (b) area plugins, allows remote attackers to read restricted entities via the (1) field, (2) header, or (3) … | |||
| CVE-2013-5423 | medium | — | 5.0 | 12y ago | IBM Flex System Manager (FSM) 1.1 through 1.3 before 1.3.2.0 allows remote attackers to enumerate user accounts via unspecified vectors. | |||
| CVE-2013-1068 | medium | — | 5.0 | 12y ago | The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before 1:2013.2.… | |||
| CVE-2013-2163 | medium | — | 5.0 | 12y ago | Monkey HTTP Daemon (monkeyd) before 1.2.2 allows remote attackers to cause a denial of service (infinite loop) via an offset equal to the file size in the Range HTTP header. | |||
| CVE-2013-5760 | medium | — | 5.0 | 12y ago | QNAP Photo Station before firmware 4.0.3 build0912 allows remote attackers to list OS user accounts via a request to photo/p/api/list.php. | |||
| CVE-2013-2564 | medium | — | 5.0 | 12y ago | Mambo CMS 4.6.5 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by uploading a crafted file. | |||
| CVE-2013-4728 | medium | — | 5.0 | 12y ago | DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a .. (dot dot) in the "l" parameter… | |||
| CVE-2013-4725 | medium | — | 5.0 | 12y ago | DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easi… | |||
| CVE-2013-4724 | medium | — | 5.0 | 12y ago | DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which make… | |||
| CVE-2013-0250 | medium | — | 5.0 | 12y ago | The init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 before 2.3 does not properly initialize the HMAC key, which allows remote attackers to cause a denial of service (crash) via a crafted… | |||
| CVE-2013-0302 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in ownCloud Server before 4.0.12 allows remote attackers to obtain sensitive information via unspecified vectors related to "inclusion of the Amazon SDK testing suite." NOTE… | |||
| CVE-2013-1941 | medium | — | 5.0 | 12y ago | The installation routine in ownCloud Server before 4.0.14, 4.5.x before 4.5.9, and 5.0.x before 5.0.4 uses the time function to seed the generation of the PostgreSQL database user password, which mak… | |||
| CVE-2013-0191 | medium | — | 5.0 | 12y ago | libpam-pgsql (aka pam_pgsql) 0.7 does not properly handle a NULL value returned by the password search query, which allows remote attackers to bypass authentication via a crafted password. | |||
| CVE-2013-7386 | medium | — | 5.0 | 12y ago | Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly ex… | |||
| CVE-2013-6470 | medium | — | 5.0 | 12y ago | The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid… | |||
| CVE-2013-1818 | medium | — | 5.0 | 12y ago | maintenance/mwdoc-filter.php in MediaWiki before 1.20.3 allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2013-5919 | medium | — | 5.0 | 12y ago | Suricata before 1.4.6 allows remote attackers to cause a denial of service (crash) via a malformed SSL record. | |||
| CVE-2013-4178 | medium | — | 5.0 | 12y ago | The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to obtain access by replaying the username, password, and one-time password … | |||
| CVE-2013-4177 | medium | — | 5.0 | 12y ago | The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal does not properly identify user account names, which might allow remote attackers to bypass the two-… | |||
| CVE-2013-0199 | medium | — | 5.0 | 12y ago | The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-… | |||
| CVE-2013-4598 | medium | — | 5.0 | 12y ago | The Groups, Communities and Co (GCC) module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permission, which allows remote attackers to access the configuration pages via unspecified vecto… | |||
| CVE-2013-2125 | medium | — | 5.0 | 12y ago | OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service (connection blocking) by keeping a connection open. | |||
| CVE-2013-2111 | medium | — | 5.0 | 12y ago | The IMAP functionality in Dovecot before 2.2.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via invalid APPEND parameters. | |||
| CVE-2013-1883 | medium | — | 5.0 | 12y ago | Mantis Bug Tracker (aka MantisBT) 1.2.12 before 1.2.15 allows remote attackers to cause a denial of service (resource consumption) via a filter using a criteria, text search, and the "any condition" … | |||
| CVE-2013-3981 | medium | — | 5.0 | 12y ago | The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to download avatar photos of arbitrary users via unspecified vectors. | |||
| CVE-2013-3980 | medium | — | 5.0 | 12y ago | The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to cause a denial of service (room unusability) by generating a large number of fictitious users… | |||
| CVE-2013-4223 | medium | — | 5.0 | 12y ago | The Gentoo Nullmailer package before 1.11-r2 uses world-readable permissions for /etc/nullmailer/remotes, which allows local users to obtain SMTP authentication credentials by reading the file. | |||
| CVE-2013-2758 | medium | — | 5.0 | 12y ago | Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers… | |||
| CVE-2013-2756 | medium | — | 5.0 | 12y ago | Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging … | |||
| CVE-2013-7384 | medium | — | 5.0 | 12y ago | UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors, related to SSL. NOTE: this issue was SPLIT from C… | |||
| CVE-2013-6805 | medium | — | 5.0 | 12y ago | OpenText Exceed OnDemand (EoD) 8 uses weak encryption for passwords, which makes it easier for (1) remote attackers to discover credentials by sniffing the network or (2) local users to discover cred… | |||
| CVE-2013-6413 | medium | — | 5.0 | 12y ago | Use-after-free vulnerability in UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due t… | |||
| CVE-2013-4406 | medium | — | 5.0 | 12y ago | The Quick Tabs module 6.x-2.x before 6.x-2.2, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.6 for Drupal does not properly check block permissions, which allows remote attackers to obtain sensitiv… | |||
| CVE-2013-4501 | medium | — | 5.0 | 12y ago | The default views in the Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote attackers to obtain sensitive quiz results via unspecified vectors. | |||
| CVE-2013-6472 | medium | — | 5.0 | 12y ago | MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain information about deleted page via the (1) log API, (2) enhanced RecentChanges, and (3) user w… | |||
| CVE-2013-4570 | medium | — | 5.0 | 12y ago | The zend_inline_hash_func function in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to cause a denial of… | |||
| CVE-2013-0174 | medium | — | 5.0 | 12y ago | The external node classifier (ENC) API in Foreman before 1.1 allows remote attackers to obtain the hashed root password via an API request. | |||
| CVE-2013-0173 | medium | — | 5.0 | 12y ago | Foreman before 1.1 uses a salt of "foreman" to hash root passwords, which makes it easier for attackers to guess the password via a brute force attack. | |||
| CVE-2013-7060 | medium | — | 5.0 | 12y ago | Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initial… | |||
| CVE-2013-6445 | medium | — | 5.0 | 12y ago | Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, uses the DES-based crypt function to hash passwords, which makes it easier for attackers to obtain sensitive information via… | |||
| CVE-2013-7372 | medium | — | 5.0 | 12y ago | The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apache … | |||
| CVE-2013-7063 | medium | — | 5.0 | 12y ago | The Invitation module 7.x-2.x for Drupal does not properly check permissions, which allows remote attackers to obtain sensitive information via unspecified default views. | |||
| CVE-2013-6053 | medium | — | 5.0 | 12y ago | OpenJPEG 1.5.1 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read. | |||
| CVE-2013-6371 | medium | — | 5.0 | 12y ago | The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions. | |||
| CVE-2013-6370 | medium | — | 5.0 | 12y ago | Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors. | |||
| CVE-2013-4279 | medium | — | 5.0 | 12y ago | imapsync 1.564 and earlier performs a release check by default, which sends sensitive information (imapsync, operating system, and Perl version) to the developer's site. | |||
| CVE-2013-4768 | medium | — | 5.0 | 12y ago | The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote attackers to cause a denial of service via vectors related to the "network connection clean up code" and (1) Cloud Controller (CLC),… | |||
| CVE-2013-5705 | medium | — | 5.0 | 12y ago | apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header. | |||
| CVE-2013-5704 | medium | — | 5.0 | 12y ago | The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfe… | |||
| CVE-2013-7366 | medium | — | 5.0 | 12y ago | The SAP Software Deployment Manager (SDM), in certain unspecified conditions, allows remote attackers to cause a denial of service via vectors related to failed authentications. | |||
| CVE-2013-7361 | medium | — | 5.0 | 12y ago | Directory traversal vulnerability in SAP CMS and CM Services allows attackers to upload arbitrary files via unspecified vectors. | |||
| CVE-2013-7359 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in SAP Mobile Infrastructure allows remote attackers to obtain sensitive port information via unknown vectors, related to an "internal port scanning" issue. | |||
| CVE-2013-7358 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in SAP Guided Procedures Archive Monitor allows remote attackers to obtain usernames, roles, profiles, and possibly other identity information via unknown vectors. | |||
| CVE-2013-7357 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in the configuration service in SAP J2EE Engine allows remote attackers to obtain credential information via unknown vectors. | |||
| CVE-2013-7356 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in the SAP CCMS / Database Monitors for Oracle allows attackers to obtain the database password via unknown vectors. | |||
| CVE-2013-6768 | medium | — | 5.0 | 12y ago | Untrusted search path vulnerability in the CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier allows attackers to trigger the launch of a Trojan horse app_process … | |||
| CVE-2013-5445 | medium | — | 5.0 | 12y ago | IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows local users to obtain sensitive cleartext information by leveraging knowledge of a static dec… | |||
| CVE-2013-5444 | medium | — | 5.0 | 12y ago | The server in IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows remote attackers to read encrypted credentials via unspecified vectors. | |||
| CVE-2013-7345 | medium | — | 5.0 | 12y ago | The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to ca… | |||
| CVE-2013-5401 | medium | — | 5.0 | 12y ago | The command-port listener in IBM WebSphere MQ Internet Pass-Thru (MQIPT) 2.x before 2.1.0.1 allows remote attackers to cause a denial of service (remote-administration outage) via unspecified vectors. | |||
| CVE-2013-6401 | medium | — | 5.0 | 12y ago | Jansson, possibly 2.4 and earlier, does not restrict the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a … |