CVEs from 2013
Total
5,688
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-0652 | medium | — | 5.0 | 14y ago | GE Intelligent Platforms Proficy Real-Time Information Portal does not restrict access to methods of an unspecified Java class, which allows remote attackers to obtain a username listing via an RMI c… | |||
| CVE-2013-0651 | medium | — | 5.0 | 14y ago | The Portal installation process in GE Intelligent Platforms Proficy Real-Time Information Portal stores sensitive information under the web root with insufficient access control, which allows remote … | |||
| CVE-2013-0417 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Sun Storage Common Array Manager (CAM) component in Oracle Sun Products Suite 6.9.0 allows remote attackers to affect confidentiality, related to Fault Management Sys… | |||
| CVE-2013-0396 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Application Performance Management (APM) component in Oracle Enterprise Manager Grid Control 6.5, 11.1, and 12.1.0.2 allows remote attackers to affect integrity via u… | |||
| CVE-2013-0394 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the PeopleSoft HRMS component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote attackers to affect confidentiality via unknown vectors related to Candidate Gateway. | |||
| CVE-2013-0360 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Application Performance Management (APM) component in Oracle Enterprise Manager Grid Control 6.5, 11.1, and 12.1.0.2 allows remote attackers to affect integrity via u… | |||
| CVE-2013-0835 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Geolocation implementation in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (application crash) via unknown vectors. | |||
| CVE-2013-0834 | medium | — | 5.0 | 14y ago | Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving glyphs. | |||
| CVE-2013-0833 | medium | — | 5.0 | 14y ago | Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to printing. | |||
| CVE-2013-0759 | medium | — | 5.0 | 14y ago | Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 a… | |||
| CVE-2013-0183 | medium | — | 5.0 | 14y ago | multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipar… | |||
| CVE-2013-0721 | medium | — | 5.0 | 14y ago | wp-php-widget.php in the WP PHP widget plugin 1.0.2 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. | |||
| CVE-2013-0284 | medium | — | 5.0 | 14y ago | newrelic_rpm Gem Discloses Sensitive Information | |||
| CVE-2013-7395 | medium | — | 4.9 | 12y ago | ZOLL Defibrillator / Monitor X Series has a default (1) supervisor password and (2) service password, which allows physically proximate attackers to modify device configuration and cause a denial of … | |||
| CVE-2013-6308 | medium | — | 4.9 | 12y ago | IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to conduct phishing attacks and capture login credentials via an unspecified injection. | |||
| CVE-2013-4500 | medium | — | 4.9 | 12y ago | The Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote authenticated users with the "view any quiz results" or "view results for own quiz" permission to delete arbitrary results via the dele… | |||
| CVE-2013-6889 | medium | — | 4.9 | 12y ago | GNU Rush 1.7 does not properly drop privileges, which allows local users to read arbitrary files via the --lint option. | |||
| CVE-2013-4544 | medium | — | 4.9 | 12y ago | hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers o… | |||
| CVE-2013-7068 | medium | — | 4.9 | 12y ago | The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field. | |||
| CVE-2013-3997 | medium | — | 4.9 | 12y ago | Open redirect vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before 2.1 FP2 allows remote authenticated users to redirect users to arbitrary web sit… | |||
| CVE-2013-7322 | medium | — | 4.9 | 12y ago | usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly handle lines containing an invalid one-time-password (OTP) type and a user name in /etc/users.oath, which causes the wrong line t… | |||
| CVE-2013-2962 | medium | — | 4.9 | 13y ago | Buffer overflow in the Launcher in IBM WebSphere Transformation Extender 8.4.x before 8.4.0.4 allows local users to cause a denial of service (process crash or Admin Console command-stream outage) vi… | |||
| CVE-2013-4739 | medium | — | 4.9 | 13y ago | The MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to obtain sensitive information… | |||
| CVE-2013-4661 | medium | — | 4.9 | 13y ago | CiviCRM 2.0.0 through 4.2.9 and 4.3.0 through 4.3.3 does not properly enforce role-based access control (RBAC) restrictions for default custom searches, which allows remote authenticated users with t… | |||
| CVE-2013-5876 | medium | — | 4.9 | 13y ago | Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2014-0447. | |||
| CVE-2013-5833 | medium | — | 4.9 | 13y ago | Unspecified vulnerability in Oracle Solaris 8 and 9 allows local users to affect availability via unknown vectors related to Filesystem. | |||
| CVE-2013-5909 | medium | — | 4.9 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality and integrity via unknown v… | |||
| CVE-2013-7281 | medium | — | 4.9 | 13y ago | The dgram_recvmsg function in net/ieee802154/dgram.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which al… | |||
| CVE-2013-7271 | medium | — | 4.9 | 13y ago | The x25_recvmsg function in net/x25/af_x25.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows loc… | |||
| CVE-2013-7270 | medium | — | 4.9 | 13y ago | The packet_recvmsg function in net/packet/af_packet.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which al… | |||
| CVE-2013-7269 | medium | — | 4.9 | 13y ago | The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allow… | |||
| CVE-2013-7268 | medium | — | 4.9 | 13y ago | The ipx_recvmsg function in net/ipx/af_ipx.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows loc… | |||
| CVE-2013-7267 | medium | — | 4.9 | 13y ago | The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allow… | |||
| CVE-2013-7266 | medium | — | 4.9 | 13y ago | The mISDN_sock_recvmsg function in drivers/isdn/mISDN/socket.c in the Linux kernel before 3.12.4 does not ensure that a certain length value is consistent with the size of an associated data structur… | |||
| CVE-2013-7265 | medium | — | 4.9 | 13y ago | The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows … | |||
| CVE-2013-7264 | medium | — | 4.9 | 13y ago | The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allow… | |||
| CVE-2013-7263 | medium | — | 4.9 | 13y ago | The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kerne… | |||
| CVE-2013-7081 | medium | — | 4.9 | 13y ago | TYPO3 Improper Access Control vulnerability | |||
| CVE-2013-4012 | medium | — | 4.9 | 13y ago | IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF09, when Content Template Catalog 4.0 is used, does not require administrative privileges for Portal Application Archive (PAA) file installation, which a… | |||
| CVE-2013-3705 | medium | — | 4.9 | 13y ago | The VBA32 AntiRootKit component for Novell Client 2 SP3 before IR5 on Windows allows local users to cause a denial of service (bugcheck and BSOD) via an IOCTL call for an invalid IOCTL. | |||
| CVE-2013-5407 | medium | — | 4.9 | 13y ago | IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not properly restrict use of FRAME elements, which allows remote authenticated users to bypass intended access restrictions or obtain … | |||
| CVE-2013-5426 | medium | — | 4.9 | 13y ago | Session fixation vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 IF5 and 11.0 before IF1 and InfoSphere Master Data Management Server for Product Infor… | |||
| CVE-2013-7005 | medium | — | 4.9 | 13y ago | D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware bef… | |||
| CVE-2013-4445 | medium | — | 4.9 | 13y ago | The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal uses Drupal's token scheme to restrict access to blocks, which makes it easier for … | |||
| CVE-2013-5455 | medium | — | 4.9 | 13y ago | IBM SmartCloud Provisioning 2.1 before FP3 IF0001 allows remote authenticated users to modify virtual-system deployment via deployer.virtualsystems CLI commands, as demonstrated by a deletion using a… | |||
| CVE-2013-6392 | medium | — | 4.9 | 13y ago | The genlock_dev_ioctl function in genlock.c in the Genlock driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does… | |||
| CVE-2013-6861 | medium | — | 4.9 | 13y ago | Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows local users to obtain s… | |||
| CVE-2013-6834 | medium | — | 4.9 | 13y ago | The ql_eioctl function in sys/dev/qlxgbe/ql_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from k… | |||
| CVE-2013-6833 | medium | — | 4.9 | 13y ago | The qls_eioctl function in sys/dev/qlxge/qls_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from … | |||
| CVE-2013-6832 | medium | — | 4.9 | 13y ago | The nand_ioctl function in sys/dev/nand/nand_geom.c in the nand driver in the kernel in FreeBSD 10 and earlier does not properly initialize a certain data structure, which allows local users to obtai… | |||
| CVE-2013-3887 | medium | — | 4.9 | 13y ago | The Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, W… | |||
| CVE-2013-4516 | medium | — | 4.9 | 13y ago | The mp_get_count function in drivers/staging/sb105x/sb_pci_mp.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information … | |||
| CVE-2013-4515 | medium | — | 4.9 | 13y ago | The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information fro… | |||
| CVE-2013-4513 | medium | — | 4.9 | 13y ago | Buffer overflow in the oz_cdev_write function in drivers/staging/ozwpan/ozcdev.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other imp… | |||
| CVE-2013-4439 | medium | — | 4.9 | 13y ago | Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key. | |||
| CVE-2013-4483 | medium | — | 4.9 | 13y ago | The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or syst… | |||
| CVE-2013-1067 | medium | — | 4.9 | 13y ago | Apport 2.12.5 and earlier uses weak permissions for core dump files created by setuid binaries, which allows local users to obtain sensitive information by reading the file. | |||
| CVE-2013-5192 | medium | — | 4.9 | 13y ago | The USB hub controller in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a request with a crafted (1) port or (2) port number. | |||
| CVE-2013-5177 | medium | — | 4.9 | 13y ago | The kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (panic) via an invalid iovec structure. | |||
| CVE-2013-5176 | medium | — | 4.9 | 13y ago | The kernel in Apple Mac OS X before 10.9 does not properly handle integer values during unspecified tty device operations, which allows local users to cause a denial of service (system hang) by trigg… | |||
| CVE-2013-5174 | medium | — | 4.9 | 13y ago | Integer signedness error in the kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a crafted tty read operation. | |||
| CVE-2013-5166 | medium | — | 4.9 | 13y ago | The Bluetooth USB host controller in Apple Mac OS X before 10.9 prematurely deletes interfaces, which allows local users to cause a denial of service (system crash) via a crafted application. | |||
| CVE-2013-5864 | medium | — | 4.9 | 13y ago | Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to USB hub driver. | |||
| CVE-2013-5862 | medium | — | 4.9 | 13y ago | Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to CPU performance counters (CPC) drivers, a different vulnerability than CVE-201… | |||
| CVE-2013-5807 | medium | — | 4.9 | 13y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to… | |||
| CVE-2013-5394 | medium | — | 4.9 | 13y ago | The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows remote authenticated users to conduct phishing attacks via unspecified vectors. | |||
| CVE-2013-0580 | medium | — | 4.9 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote authenticated users to hijack the… | |||
| CVE-2013-3278 | medium | — | 4.9 | 13y ago | EMC VPLEX before VPLEX GeoSynchrony 5.2 SP1 uses cleartext for storage of the LDAP/AD bind password, which allows local users to obtain sensitive information by reading the management-server configur… | |||
| CVE-2013-5142 | medium | — | 4.9 | 13y ago | The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2… | |||
| CVE-2013-1029 | medium | — | 4.9 | 13y ago | The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to cause a denial of service (panic) via crafted IGMP packets that leverage incorrect, extraneous code in the IGMP parser. | |||
| CVE-2013-3036 | medium | — | 4.9 | 13y ago | Open redirect vulnerability in IBM Rational Requirements Composer before 4.0.4 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted UR… | |||
| CVE-2013-2794 | medium | — | 4.9 | 13y ago | Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow physically prox… | |||
| CVE-2013-5035 | medium | — | 4.9 | 13y ago | Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other person… | |||
| CVE-2013-4220 | medium | — | 4.9 | 13y ago | The bad_mode function in arch/arm64/kernel/traps.c in the Linux kernel before 3.9.5 on the ARM64 platform allows local users to cause a denial of service (system crash) via vectors involving an attem… | |||
| CVE-2013-3996 | medium | — | 4.9 | 13y ago | IBM InfoSphere BigInsights 1.1 through 2.1 does not properly handle FRAME elements, which makes it easier for remote authenticated users to conduct phishing attacks via a crafted web site. | |||
| CVE-2013-3799 | medium | — | 4.9 | 13y ago | Unspecified vulnerability in Oracle Solaris 10 and 11, when running on AMD64, allows local users to affect availability via unknown vectors related to Kernel. | |||
| CVE-2013-3765 | medium | — | 4.9 | 13y ago | Unspecified vulnerability in Oracle Solaris 11 allows local users to affect availability via unknown vectors related to Kernel/VM. | |||
| CVE-2013-3172 | medium | — | 4.9 | 13y ago | Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows … | |||
| CVE-2013-2232 | medium | — | 4.9 | 13y ago | The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to a… | |||
| CVE-2013-3953 | medium | — | 4.9 | 13y ago | The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive inf… | |||
| CVE-2013-0990 | medium | — | 4.9 | 13y ago | SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors. | |||
| CVE-2013-2944 | medium | — | 4.9 | 13y ago | strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signature verification, allows remote attackers to authenticate as other users via an invalid signature. | |||
| CVE-2013-3237 | medium | — | 4.9 | 13y ago | The vsock_stream_sendmsg function in net/vmw_vsock/af_vsock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive informatio… | |||
| CVE-2013-3236 | medium | — | 4.9 | 13y ago | The vmci_transport_dgram_dequeue function in net/vmw_vsock/vmci_transport.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obta… | |||
| CVE-2013-3235 | medium | — | 4.9 | 13y ago | net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel s… | |||
| CVE-2013-3234 | medium | — | 4.9 | 13y ago | The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel s… | |||
| CVE-2013-3233 | medium | — | 4.9 | 13y ago | The llcp_sock_recvmsg function in net/nfc/llcp/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable and a certain data structure, which allows local users to obtain… | |||
| CVE-2013-3232 | medium | — | 4.9 | 13y ago | The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel… | |||
| CVE-2013-3230 | medium | — | 4.9 | 13y ago | The l2tp_ip6_recvmsg function in net/l2tp/l2tp_ip6.c in the Linux kernel before 3.9-rc7 does not initialize a certain structure member, which allows local users to obtain sensitive information from k… | |||
| CVE-2013-3229 | medium | — | 4.9 | 13y ago | The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from ke… | |||
| CVE-2013-3228 | medium | — | 4.9 | 13y ago | The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from k… | |||
| CVE-2013-3227 | medium | — | 4.9 | 13y ago | The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information f… | |||
| CVE-2013-3226 | medium | — | 4.9 | 13y ago | The sco_sock_recvmsg function in net/bluetooth/sco.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from ke… | |||
| CVE-2013-3225 | medium | — | 4.9 | 13y ago | The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive informat… | |||
| CVE-2013-3224 | medium | — | 4.9 | 13y ago | The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive in… | |||
| CVE-2013-3223 | medium | — | 4.9 | 13y ago | The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel s… | |||
| CVE-2013-3222 | medium | — | 4.9 | 13y ago | The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel sta… | |||
| CVE-2013-3076 | medium | — | 4.9 | 13y ago | The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvms… | |||
| CVE-2013-1199 | medium | — | 4.9 | 13y ago | Race condition in the CIFS implementation in the rewriter module in the Clientless SSL VPN component on Cisco Adaptive Security Appliances (ASA) devices allows remote authenticated users to cause a d… | |||
| CVE-2013-2413 | medium | — | 4.9 | 13y ago | Unspecified vulnerability in the Siebel Enterprise Application Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality and integrity via… |