CVEs from 2013
Total
5,692
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-6438 | medium | — | 5.0 | 12y ago | The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote atta… | |||
| CVE-2013-2086 | medium | — | 5.0 | 12y ago | The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file. | |||
| CVE-2013-1939 | medium | — | 5.0 | 12y ago | SabreDAV Directory Traversal vulnerability | |||
| CVE-2013-4846 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in HP System Management Homepage (SMH) before 7.3 allows remote attackers to obtain sensitive information via unknown vectors. | |||
| CVE-2013-4496 | medium | — | 5.0 | 12y ago | Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obta… | |||
| CVE-2013-4196 | medium | — | 5.0 | 12y ago | The object manager implementation (objectmanager.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote … | |||
| CVE-2013-6943 | medium | — | 5.0 | 12y ago | Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to conduct an LDAP injection attack via vectors… | |||
| CVE-2013-6940 | medium | — | 5.0 | 12y ago | Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 logs user credentials, which allows attackers to obtain sensitive infor… | |||
| CVE-2013-6939 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows attackers to cause a denial of serv… | |||
| CVE-2013-6938 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in the Service VM in Citrix NetScaler SDX 9.3 before 9.3-64.4 and 10.0 before 10.0-77.5 and Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.… | |||
| CVE-2013-4971 | medium | — | 5.0 | 12y ago | Puppet Enterprise before 3.2.0 does not properly restrict access to node endpoints in the console, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2013-3706 | medium | — | 5.0 | 12y ago | Directory traversal vulnerability in the PreBoot service in Novell ZENworks Configuration Management (ZCM) 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a preboot update … | |||
| CVE-2013-5468 | medium | — | 5.0 | 12y ago | IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, does not encrypt… | |||
| CVE-2013-7332 | medium | — | 5.0 | 12y ago | The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memor… | |||
| CVE-2013-6660 | medium | — | 5.0 | 12y ago | The drag-and-drop implementation in Google Chrome before 33.0.1750.117 does not properly restrict the information in WebDropData data structures, which allows remote attackers to discover full pathna… | |||
| CVE-2013-6656 | medium | — | 5.0 | 12y ago | The XSSAuditor::init function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, processes POST requests by using the body of a redirecting… | |||
| CVE-2013-6440 | medium | — | 5.0 | 13y ago | Exposure of Sensitive Information to an Unauthorized Actor in OpenSAML | |||
| CVE-2013-3978 | medium | — | 5.0 | 13y ago | The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not send the appropriate HTTP response headers to prevent unwanted caching by a web browser, which allows remote … | |||
| CVE-2013-2055 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Apache Wicket 1.4.x before 1.4.23, 1.5.x before 1.5.11, and 6.x before 6.8.0 allows remote attackers to obtain sensitive information via vectors that cause raw HTML templ… | |||
| CVE-2013-1904 | medium | — | 5.0 | 13y ago | Absolute path traversal vulnerability in steps/mail/sendmail.inc in Roundcube Webmail before 0.7.3 and 0.8.x before 0.8.6 allows remote attackers to read arbitrary files via a full pathname in the _v… | |||
| CVE-2013-6489 | medium | — | 5.0 | 13y ago | Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (segmentation fault) via a crafted emoticon value, which triggers an in… | |||
| CVE-2013-6482 | medium | — | 5.0 | 13y ago | Pidgin before 2.10.8 allows remote MSN servers to cause a denial of service (NULL pointer dereference and crash) via a crafted (1) SOAP response, (2) OIM XML response, or (3) Content-Length header. | |||
| CVE-2013-6481 | medium | — | 5.0 | 13y ago | libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (crash) via a Yahoo! P2P message with a crafted length field, which triggers a buffer … | |||
| CVE-2013-6485 | medium | — | 5.0 | 13y ago | Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid chu… | |||
| CVE-2013-6484 | medium | — | 5.0 | 13y ago | The STUN protocol implementation in libpurple in Pidgin before 2.10.8 allows remote STUN servers to cause a denial of service (out-of-bounds write operation and application crash) by triggering a soc… | |||
| CVE-2013-6479 | medium | — | 5.0 | 13y ago | util.c in libpurple in Pidgin before 2.10.8 does not properly allocate memory for HTTP responses that are inconsistent with the Content-Length header, which allows remote HTTP servers to cause a deni… | |||
| CVE-2013-6477 | medium | — | 5.0 | 13y ago | Multiple integer signedness errors in libpurple in Pidgin before 2.10.8 allow remote attackers to cause a denial of service (application crash) via a crafted timestamp value in an XMPP message. | |||
| CVE-2013-2074 | medium | — | 5.0 | 13y ago | kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and pa… | |||
| CVE-2013-7301 | medium | — | 5.0 | 13y ago | Cantata before 1.2.2 does not restrict access to files in the play queue, which allows remote attackers to obtain sensitive information by reading the songs in the queue. | |||
| CVE-2013-7300 | medium | — | 5.0 | 13y ago | Absolute path traversal vulnerability in cantata before 1.2.2 allows local users to read arbitrary files via a full pathname in a request to the internal httpd server. NOTE: this vulnerability can b… | |||
| CVE-2013-7177 | medium | — | 5.0 | 13y ago | config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches… | |||
| CVE-2013-7176 | medium | — | 5.0 | 13y ago | config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an im… | |||
| CVE-2013-4043 | medium | — | 5.0 | 13y ago | The server in IBM SPSS Collaboration and Deployment Services 4.x before 4.2.1.3 IF3, 5.x before 5.0 FP3, and 6.x before 6.0 IF1 allows remote attackers to read arbitrary files via an unspecified HTTP… | |||
| CVE-2013-6143 | medium | — | 5.0 | 13y ago | The Schneider Electric Telvent SAGE 3030 RTU with firmware C3413-500-001D3_P4 and C3413-500-001F0_PB allows remote attackers to cause a denial of service (temporary outage and CPU consumption) via ma… | |||
| CVE-2013-6727 | medium | — | 5.0 | 13y ago | The Connect client in IBM Sametime 8.5.2 through 8.5.2.1 and 9.0 before HF1 does not properly restrict unsigned Java plugins, which allows remote attackers to obtain sensitive information via unspeci… | |||
| CVE-2013-6141 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in op5 Monitor before 6.1.3 allows attackers to read arbitrary files via unknown vectors related to lack of authorization. | |||
| CVE-2013-7299 | medium | — | 5.0 | 13y ago | framework/common/messageheaderparser.cpp in Tntnet before 2.2.1 allows remote attackers to obtain sensitive information via a header that ends in \n instead of \r\n, which prevents a null terminator … | |||
| CVE-2013-7298 | medium | — | 5.0 | 13y ago | query_params.cpp in cxxtools before 2.2.1 allows remote attackers to cause a denial of service (infinite recursion and crash) via an HTTP query that contains %% (double percent) characters. | |||
| CVE-2013-6467 | medium | — | 5.0 | 13y ago | Libreswan 3.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. | |||
| CVE-2013-6466 | medium | — | 5.0 | 13y ago | Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. | |||
| CVE-2013-7296 | medium | — | 5.0 | 13y ago | The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial o… | |||
| CVE-2013-6030 | medium | — | 5.0 | 13y ago | Directory traversal vulnerability on the Emerson Network Power Avocent MergePoint Unity 2016 (aka MPU2016) KVM switch with firmware 1.9.16473 allows remote attackers to read arbitrary files via unspe… | |||
| CVE-2013-6448 | medium | — | 5.0 | 13y ago | The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation restr… | |||
| CVE-2013-6447 | medium | — | 5.0 | 13y ago | Multiple XML External Entity (XXE) vulnerabilities in the (1) ExecutionHandler, (2) PollHandler, and (3) SubscriptionHandler classes in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier… | |||
| CVE-2013-4160 | medium | — | 5.0 | 13y ago | Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) c… | |||
| CVE-2013-1769 | medium | — | 5.0 | 13y ago | A certain hashing algorithm in Telepathy Gabble 0.16.x before 0.16.5 and 0.17.x before 0.17.3 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted m… | |||
| CVE-2013-6425 | medium | — | 5.0 | 13y ago | Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) v… | |||
| CVE-2013-6424 | medium | — | 5.0 | 13y ago | Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. | |||
| CVE-2013-6642 | medium | — | 5.0 | 13y ago | Google Chrome through 32.0.1700.23 on Android allows remote attackers to spoof the address bar via unspecified vectors. | |||
| CVE-2013-7294 | medium | — | 5.0 | 13y ago | The ikev2parent_inI1outR1 function in pluto/ikev2_parent.c in libreswan before 3.7 allows remote attackers to cause a denial of service (restart) via an IKEv2 I1 notification without a KE payload. | |||
| CVE-2013-7293 | medium | — | 5.0 | 13y ago | The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always re… | |||
| CVE-2013-5887 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect availability via unknown vectors related to Deployment. | |||
| CVE-2013-5884 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the pre… | |||
| CVE-2013-5873 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related … | |||
| CVE-2013-5869 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.6.0, 11.1.1.7.0, and 11.1.1.8.0 allows remote attackers to affect confidentiality via unknown vec… | |||
| CVE-2013-5853 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect availability via unknown vectors. | |||
| CVE-2013-5910 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Security. NOTE: the previou… | |||
| CVE-2013-5899 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. | |||
| CVE-2013-5896 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect availability via vectors related to CORBA. NOTE: the previo… | |||
| CVE-2013-5895 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect confidentiality via unknown vectors related to JavaFX. | |||
| CVE-2013-7138 | medium | — | 5.0 | 13y ago | Directory traversal vulnerability in lib/functions/d-load.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in t… | |||
| CVE-2013-4564 | medium | — | 5.0 | 13y ago | Libreswan 3.6 allows remote attackers to cause a denial of service (crash) via a small length value and (1) no version or (2) an invalid major number in an IKE packet. | |||
| CVE-2013-6953 | medium | — | 5.0 | 13y ago | BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file. | |||
| CVE-2013-4358 | medium | — | 5.0 | 13y ago | libavcodec/h264.c in FFmpeg before 0.11.4 allows remote attackers to cause a denial of service (crash) via vectors related to alternating bit depths in H.264 data. | |||
| CVE-2013-7249 | medium | — | 5.0 | 13y ago | Fat Free CRM vulnerable to Exposure of Sensitive Information | |||
| CVE-2013-7222 | medium | — | 5.0 | 13y ago | Fat Free CRM has fixed token value | |||
| CVE-2013-7224 | medium | — | 5.0 | 13y ago | Fat Free CRM allows remote attackers to obtain sensitive information via a direct request | |||
| CVE-2013-4549 | medium | — | 5.0 | 13y ago | QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack. | |||
| CVE-2013-2629 | medium | — | 5.0 | 13y ago | Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the (1) importForm, (2) importFeed, (3) addFavorite, or (4) removeFavorite action… | |||
| CVE-2013-6735 | medium | — | 5.0 | 13y ago | IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allow… | |||
| CVE-2013-6723 | medium | — | 5.0 | 13y ago | IBM WebSphere Portal 8.0.0.1 before CF09 does not properly handle references in compute="always" Web Content Manager (WCM) navigator components, which allows remote attackers to obtain sensitive comp… | |||
| CVE-2013-4070 | medium | — | 5.0 | 13y ago | The Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to discover an internal password via unspecified vectors. | |||
| CVE-2013-4069 | medium | — | 5.0 | 13y ago | The Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to read arbitrary files via an XML external entity declara… | |||
| CVE-2013-7114 | medium | — | 5.0 | 13y ago | Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote … | |||
| CVE-2013-7113 | medium | — | 5.0 | 13y ago | epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service (applicatio… | |||
| CVE-2013-7112 | medium | — | 5.0 | 13y ago | The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote atta… | |||
| CVE-2013-7100 | medium | — | 5.0 | 13y ago | Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones … | |||
| CVE-2013-6701 | medium | — | 5.0 | 13y ago | The tNetTaskLimit process on the Transport Node Controller (TNC) on Cisco ONS 15454 devices with software 9.6 and earlier does not properly prioritize health pings, which allows remote attackers to c… | |||
| CVE-2013-6193 | medium | — | 5.0 | 13y ago | Unspecified vulnerability on HP LaserJet M1522n and M2727; LaserJet Pro 100, 300, 400, CM1415fnw, CP1*, M121*, M1536dnf, and P1*; Color LaserJet CM* and CP*; and TopShot LaserJet Pro M275 printers al… | |||
| CVE-2013-6972 | medium | — | 5.0 | 13y ago | Cisco WebEx Training Center allows remote attackers to discover session numbers, and bypass host approval for audio-conference attendance, by reading HTML source code, aka Bug ID CSCul57126. | |||
| CVE-2013-6970 | medium | — | 5.0 | 13y ago | Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information by reading verbose error messages within server responses, aka Bug ID CSCul35928. | |||
| CVE-2013-6968 | medium | — | 5.0 | 13y ago | Cisco WebEx Training Center provides different error messages for registration attempts depending on whether the e-mail address exists, which allows remote attackers to enumerate attendees via a seri… | |||
| CVE-2013-6965 | medium | — | 5.0 | 13y ago | The registration component in Cisco WebEx Training Center provides the training-session URL before e-mail confirmation is completed, which allows remote attackers to bypass intended access restrictio… | |||
| CVE-2013-6709 | medium | — | 5.0 | 13y ago | The registration component in Cisco WebEx Training Center provides the training-session URL before payment is completed, which allows remote attackers to bypass intended access restrictions and join … | |||
| CVE-2013-6411 | medium | — | 5.0 | 13y ago | The HandleCrashedAircraft function in aircraft_cmd.cpp in OpenTTD 0.3.6 through 1.3.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) by crashing an aircraft outsi… | |||
| CVE-2013-5107 | medium | — | 5.0 | 13y ago | Directory traversal vulnerability in RockMongo 1.1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the ROCK_LANG cookie, as demonstrated in a login.index action to… | |||
| CVE-2013-1364 | medium | — | 5.0 | 13y ago | The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to override LDAP configuration via the cnf parameter. | |||
| CVE-2013-7111 | medium | — | 5.0 | 13y ago | Exposure of Sensitive Information in bio-basespace-sdk | |||
| CVE-2013-7093 | medium | — | 5.0 | 13y ago | SAP Network Interface Router (SAProuter) 39.3 SP4 allows remote attackers to bypass authentication and modify the configuration via unspecified vectors. | |||
| CVE-2013-6809 | medium | — | 5.0 | 13y ago | Format string vulnerability in the client in Tftpd32 before 4.50 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the Remo… | |||
| CVE-2013-6048 | medium | — | 5.0 | 13y ago | The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) … | |||
| CVE-2013-5676 | medium | — | 5.0 | 13y ago | Jenkins SonarQube Plugin Stores Passwords in Cleartext | |||
| CVE-2013-6052 | medium | — | 5.0 | 13y ago | OpenJPEG 1.3 and earlier allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read. | |||
| CVE-2013-4458 | medium | — | 5.0 | 13y ago | Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (cra… | |||
| CVE-2013-1447 | medium | — | 5.0 | 13y ago | OpenJPEG 1.3 and earlier allows remote attackers to cause a denial of service (memory consumption or crash) via unspecified vectors related to NULL pointer dereferences, division-by-zero, and other e… | |||
| CVE-2013-6708 | medium | — | 5.0 | 13y ago | Cisco Cloud Portal 9.4 allows remote attackers to read files of unspecified types via a direct request, aka Bug IDs CSCuj08426 and CSCui60889. | |||
| CVE-2013-3921 | medium | — | 5.0 | 13y ago | Directory traversal vulnerability in Easytime Studio Easy File Manager 1.1 for iOS allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) to the default URI. | |||
| CVE-2013-6002 | medium | — | 5.0 | 13y ago | The server in Cybozu Garoon before 3.7 SP1 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. | |||
| CVE-2013-6000 | medium | — | 5.0 | 13y ago | Directory traversal vulnerability in Tattyan HP TOWN before 5_10_1 allows remote attackers to read arbitrary files via a .. (dot dot) in a request. | |||
| CVE-2013-3708 | medium | — | 5.0 | 13y ago | The id1.GetPrinterURLList function in Novell iPrint Client before 5.93 allows remote attackers to cause a denial of service via unspecified vectors. |