CVEs from 2013
Total
5,688
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-2319 | medium | — | 5.8 | 13y ago | FileMaker Pro before 12 and Pro Advanced before 12 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via … | |||
| CVE-2013-2317 | medium | — | 5.8 | 13y ago | The Sleipnir Mobile application 2.9.1 and earlier and Sleipnir Mobile Black Edition application 2.9.1 and earlier for Android allow remote attackers to spoof the address bar via vectors involving the… | |||
| CVE-2013-2316 | medium | — | 5.8 | 13y ago | The Yahoo! Browser application 1.4.4 and earlier for Android allows remote attackers to spoof the address bar via vectors related to URL display, a different vulnerability than CVE-2013-2307. | |||
| CVE-2013-1212 | medium | — | 5.8 | 13y ago | The SSL functionality in Cisco NX-OS on the Nexus 1000V does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof servers, and intercept or modify Virtual Supervi… | |||
| CVE-2013-1208 | medium | — | 5.8 | 13y ago | The encryption functionality in Cisco NX-OS on the Nexus 1000V does not properly handle Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication, which allows remote attackers t… | |||
| CVE-2013-0939 | medium | — | 5.8 | 13y ago | EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allow remote attackers to obtain sensitive info… | |||
| CVE-2013-0937 | medium | — | 5.8 | 13y ago | Session fixation vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote… | |||
| CVE-2013-3511 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified … | |||
| CVE-2013-0127 | medium | — | 5.8 | 13y ago | IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 does not block APPLET elements in HTML e-mail, which allows remote attackers to bypass intended restrictions on Java co… | |||
| CVE-2013-1926 | medium | — | 5.8 | 13y ago | The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensi… | |||
| CVE-2013-2307 | medium | — | 5.8 | 13y ago | The Yahoo! Browser application before 1.4.3 for Android allows remote attackers to spoof the address bar via a crafted web site. | |||
| CVE-2013-2306 | medium | — | 5.8 | 13y ago | The jigbrowser+ application before 1.6.4 for Android does not properly open windows, which allows remote attackers to spoof the address bar via a crafted web site. | |||
| CVE-2013-2304 | medium | — | 5.8 | 13y ago | The Sleipnir Mobile application 2.8.0 and earlier and Sleipnir Mobile Black Edition application 2.8.0 and earlier for Android allow remote attackers to load arbitrary Extension APIs, and trigger down… | |||
| CVE-2013-0253 | medium | — | 5.8 | 13y ago | The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack. | |||
| CVE-2013-2770 | medium | — | 5.8 | 13y ago | The installation functionality in the Novell Kanaka component before 2.8 for Novell Open Enterprise Server (OES) on Mac OS X does not verify the server's X.509 certificate during an SSL session, whic… | |||
| CVE-2013-0794 | medium | — | 5.8 | 13y ago | Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prevent origin spoofing of tab-modal dialogs, which allows remote attackers to conduct phishing attacks via a crafted web site. | |||
| CVE-2013-1299 | medium | — | 5.8 | 13y ago | Microsoft Windows Modern Mail allows remote attackers to spoof link targets via a crafted HTML e-mail message. | |||
| CVE-2013-0677 | medium | — | 5.8 | 13y ago | The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to obtain sensitive information or cause a denial of service via a craft… | |||
| CVE-2013-1856 | medium | — | 5.8 | 13y ago | The ActiveSupport::XmlMini_JDOM backend in lib/active_support/xml_mini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13, when JRuby is us… | |||
| CVE-2013-1124 | medium | — | 5.8 | 13y ago | The Cisco Network Admission Control (NAC) agent on Mac OS X does not verify the X.509 certificate of an Identity Services Engine (ISE) server during an SSL session, which allows man-in-the-middle att… | |||
| CVE-2013-0772 | medium | — | 5.8 | 14y ago | The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory … | |||
| CVE-2013-0751 | medium | — | 5.8 | 14y ago | Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do not restrict a touch event to a single IFRAME element, which allows remote attackers to obtain sensitive information or possibly co… | |||
| CVE-2013-0013 | medium | — | 5.8 | 14y ago | The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle enc… | |||
| CVE-2013-6367 | medium | — | 5.7 | 13y ago | The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash)… | |||
| CVE-2013-6799 | medium | — | 5.7 | 13y ago | Apple Mac OS X 10.9 allows local users to cause a denial of service (memory corruption or panic) by creating a hard link to a directory. NOTE: this vulnerability exists because of an incomplete fix f… | |||
| CVE-2013-4551 | medium | — | 5.7 | 13y ago | Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation paths for (1) VMLAUNCH and (2) VMRESUME, which allows local HVM guest users to cause a denial of ser… | |||
| CVE-2013-5184 | medium | — | 5.7 | 13y ago | The kernel in Apple Mac OS X before 10.9 does not properly check for errors during the processing of multicast Wi-Fi packets, which allows remote attackers to cause a denial of service (system crash)… | |||
| CVE-2013-5527 | medium | — | 5.7 | 13y ago | The OSPF functionality in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted options in an LSA type 11 packet, aka Bug ID CSCui21030. | |||
| CVE-2013-5499 | medium | — | 5.7 | 13y ago | The remember feature in the DHCP server in Cisco IOS allows remote attackers to cause a denial of service (device reload) by acquiring a lease and then sending a DHCPRELEASE message, aka Bug ID CSCuh… | |||
| CVE-2013-2212 | medium | — | 5.7 | 13y ago | The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling caches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly… | |||
| CVE-2013-1935 | medium | — | 5.7 | 13y ago | A certain Red Hat patch to the KVM subsystem in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux (RHEL) 6 does not properly implement the PV EOI feature, which allows guest O… | |||
| CVE-2013-1189 | medium | — | 5.7 | 13y ago | Cisco Universal Broadband (aka uBR) 10000 series routers, when an IPv4/IPv6 dual-stack modem is used, allow remote attackers to cause a denial of service (routing-engine reload) via unspecified chang… | |||
| CVE-2013-3630 | medium | — | 5.6 | 13y ago | Moodle Authenticated Spelling Binary Remote Code Execution | |||
| CVE-2013-3239 | medium | — | 5.6 | 13y ago | phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename… | |||
| CVE-2013-7488 | medium | — | 5.5 | 2y ago | RHSA-2024:3049: perl-Convert-ASN1 security update (Moderate) | |||
| CVE-2013-2104 | medium | — | 5.5 | 4y ago | python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after i… | |||
| CVE-2013-7061 | medium | — | 5.5 | 4y ago | Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API. | |||
| CVE-2013-7461 | medium | 5.5 | 5.5 | 9y ago | A write protection and execution bypass vulnerability in McAfee (now Intel Security) Change Control (MCC) 6.1.0 for Linux and earlier allows authenticated users to change files that are part of write… | |||
| CVE-2013-7460 | medium | 5.5 | 5.5 | 9y ago | A write protection and execution bypass vulnerability in McAfee (now Intel Security) Application Control (MAC) 6.1.0 for Linux and earlier allows authenticated users to change binaries that are part … | |||
| CVE-2013-5653 | medium | 5.5 | 5.5 | 9y ago | The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file. | |||
| CVE-2013-4320 | medium | — | 5.5 | 12y ago | TYPO3 Improper Access Management in the File Abstraction Layer | |||
| CVE-2013-4431 | medium | — | 5.5 | 12y ago | Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly prevent access to blocks, which allows remote authenticated users to modify arbitrary blocks via the bock id in an e… | |||
| CVE-2013-4471 | medium | — | 5.5 | 12y ago | The Identity v3 API in OpenStack Dashboard (Horizon) before 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to chang… | |||
| CVE-2013-5459 | medium | — | 5.5 | 12y ago | Unspecified vulnerability in IBM Rational Software Architect (RSA) Design Manager and Rational Rhapsody Design Manager 3.x through 3.0.1 and 4.x before 4.0.6 allows remote authenticated users to modi… | |||
| CVE-2013-7195 | medium | — | 5.5 | 12y ago | PHPFox 3.7.3 and 3.7.4 allows remote authenticated users to bypass intended "Only Me" restrictions and "like" a publication via a request that specifies the ID for the publication. | |||
| CVE-2013-4197 | medium | — | 5.5 | 12y ago | member_portrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to modify or delete portraits of other users via unspecified vectors. | |||
| CVE-2013-5890 | medium | — | 5.5 | 13y ago | Unspecified vulnerability in the Oracle Payroll component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, 12.1.3, and 12.2.2 allows remote authenticated users to affect confidentiality … | |||
| CVE-2013-5897 | medium | — | 5.5 | 13y ago | Unspecified vulnerability in the Oracle Agile Product Lifecycle Management for Process component in Oracle Supply Chain Products Suite 6.0, 6.1, and 6.1.1 allows remote authenticated users to affect … | |||
| CVE-2013-2133 | medium | — | 5.5 | 13y ago | The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS S… | |||
| CVE-2013-6373 | medium | — | 5.5 | 13y ago | Jenkins Exclusion Plugin allows Access to Resource Locks | |||
| CVE-2013-5995 | medium | — | 5.5 | 13y ago | data/class/helper/SC_Helper_Address.php in the front-features implementation in LOCKON EC-CUBE 2.12.3 through 2.13.0 allows remote authenticated users to obtain sensitive information via unspecified … | |||
| CVE-2013-5430 | medium | — | 5.5 | 13y ago | The Jazz Team Server component in IBM Security AppScan Enterprise 8.x before 8.8 has a default username and password, which makes it easier for remote authenticated users to obtain unspecified access… | |||
| CVE-2013-3831 | medium | — | 5.5 | 13y ago | Unspecified vulnerability in the Oracle Portal component in Oracle Fusion Middleware 11.1.1.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related t… | |||
| CVE-2013-3814 | medium | — | 5.5 | 13y ago | Unspecified vulnerability in the Oracle Retail Invoice Matching component in Oracle Industry Applications 10.2, 11.0, 12.0, 12.0IN, 12.1, 13.0, 13.1, and 13.2 allows remote authenticated users to aff… | |||
| CVE-2013-4831 | medium | — | 5.5 | 13y ago | HP Service Manager 9.30 through 9.32 does not properly manage privileges, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | |||
| CVE-2013-5517 | medium | — | 5.5 | 13y ago | SQL injection vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh… | |||
| CVE-2013-2296 | medium | — | 5.5 | 13y ago | Walrus in Eucalyptus before 3.2.2 does not verify authorization for the GetBucketLoggingStatus, SetBucketLoggingStatus, and SetBucketVersioningStatus bucket operations, which allows remote authentica… | |||
| CVE-2013-1033 | medium | — | 5.5 | 13y ago | Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access. | |||
| CVE-2013-1968 | medium | — | 5.5 | 13y ago | Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name. | |||
| CVE-2013-3784 | medium | — | 5.5 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors T… | |||
| CVE-2013-3770 | medium | — | 5.5 | 13y ago | Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, and 11.1.1.7.0 allows remote authenticated users to affect confidentiality and … | |||
| CVE-2013-3764 | medium | — | 5.5 | 13y ago | Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 7.4.0 and 7.5.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vec… | |||
| CVE-2013-3756 | medium | — | 5.5 | 13y ago | Unspecified vulnerability in the Oracle Landed Cost Management component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect confidentiality and integrit… | |||
| CVE-2013-4729 | medium | — | 5.5 | 13y ago | phpMyAdmin Global variables scope injection vulnerability | |||
| CVE-2013-2128 | medium | 5.5 | 5.5 | 13y ago | The tcp_read_sock function in net/ipv4/tcp.c in the Linux kernel before 2.6.34 does not properly manage skb consumption, which allows local users to cause a denial of service (system crash) via a cra… | |||
| CVE-2013-3504 | medium | — | 5.5 | 13y ago | Directory traversal vulnerability in monarch.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to overwrite arbitrary files by leveraging access to… | |||
| CVE-2013-2405 | medium | — | 5.5 | 13y ago | Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 7.0, 8.1, and 8.2 allows remote authenticated users to affect confid… | |||
| CVE-2013-2397 | medium | — | 5.5 | 13y ago | Unspecified vulnerability in the Oracle Retail Central Office component in Oracle Industry Applications 13.1, 13.2, 13.3, and 13.4 allows remote authenticated users to affect confidentiality and inte… | |||
| CVE-2013-1533 | medium | — | 5.5 | 13y ago | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 3.1.0, 5.1.0, 5.2.0, 5.3.1 through 5.3.3, and 6.0.1 through 12.0.0 allows… | |||
| CVE-2013-1520 | medium | — | 5.5 | 13y ago | Unspecified vulnerability in the Oracle Clinical Remote Data Capture Option component in Oracle Industry Applications 4.6.0 and 4.6.6 allows remote authenticated users to affect confidentiality and i… | |||
| CVE-2013-0505 | medium | — | 5.5 | 13y ago | IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to conduct XPath injection attacks, and re… | |||
| CVE-2013-0266 | medium | 5.5 | 5.5 | 13y ago | A flaw was found in the `puppetlabs-cinder` module, as used in PackStack. This vulnerability is due to incorrect file permissions, specifically world-readable permissions, on the `cinder.conf` and `a… | |||
| CVE-2013-0391 | medium | — | 5.5 | 14y ago | Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote authenticated users to affect confidentiality and integrity via unknown vectors rela… | |||
| CVE-2013-0369 | medium | — | 5.5 | 14y ago | Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect confidentiality and integrity via unknown vec… | |||
| CVE-2013-6465 | medium | 5.4 | 5.4 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs. | |||
| CVE-2013-5567 | medium | — | 5.4 | 12y ago | Cisco Adaptive Security Appliance (ASA) Software 8.4(.6) and earlier, when using an unsupported configuration with overlapping criteria for filtering and inspection, allows remote attackers to cause … | |||
| CVE-2013-7313 | medium | — | 5.4 | 13y ago | The OSPF implementation in Juniper Junos through 13.x, JunosE, and ScreenOS through 6.3.x does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets… | |||
| CVE-2013-7312 | medium | — | 5.4 | 13y ago | The OSPF implementation on Enterasys switches and routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on… | |||
| CVE-2013-7311 | medium | — | 5.4 | 13y ago | The OSPF implementation in Check Point Gaia OS R75.X and R76 and IPSO OS 6.2 R75.X and R76 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packet… | |||
| CVE-2013-7310 | medium | — | 5.4 | 13y ago | The OSPF implementation on Yamaha routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA databas… | |||
| CVE-2013-7309 | medium | — | 5.4 | 13y ago | The OSPF implementation in Extreme Networks EXOS does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA … | |||
| CVE-2013-7308 | medium | — | 5.4 | 13y ago | The OSPF implementation on the D-Link DES-3810-28 switch with firmware R2.20.B017 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before … | |||
| CVE-2013-7307 | medium | — | 5.4 | 13y ago | The OSPF implementation on the Brocade Vyatta vRouter with software before 6.6R1 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before p… | |||
| CVE-2013-7306 | medium | — | 5.4 | 13y ago | The OSPF implementation on Brocade routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA databa… | |||
| CVE-2013-6981 | medium | — | 5.4 | 13y ago | Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a denial of service (Packet Processor crash) via fragmented MPLS IP packets, aka Bug ID CSCul00709. | |||
| CVE-2013-6979 | medium | — | 5.4 | 13y ago | The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authenticat… | |||
| CVE-2013-6706 | medium | — | 5.4 | 13y ago | The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP he… | |||
| CVE-2013-6693 | medium | — | 5.4 | 13y ago | The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service (chunk corruption and device reload) by … | |||
| CVE-2013-5560 | medium | — | 5.4 | 13y ago | The IPv6 implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1.3 and earlier, when NAT64 or NAT66 is enabled, does not properly process NAT rules, which allows remote attackers to ca… | |||
| CVE-2013-5544 | medium | — | 5.4 | 13y ago | The VPN authentication functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to cause a denial of service (device reload) by sending many username-from-cert IKE re… | |||
| CVE-2013-0500 | medium | — | 5.4 | 13y ago | IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 does not properly handle device files that are created with the NFS protocol but accessed with a non-NFS protocol, which allows remote authen… | |||
| CVE-2013-4356 | medium | — | 5.4 | 13y ago | Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when live migration is performed on hosts with more than 5TB of RAM, which allows local 64-bit PV guests to read or write to invalid … | |||
| CVE-2013-4112 | medium | — | 5.4 | 13y ago | Exposure of Sensitive Information to an Unauthorized Actor in JGroup | |||
| CVE-2013-1121 | medium | — | 5.4 | 13y ago | The regex engine in the BGP implementation in Cisco NX-OS, when a complex regular expression is configured for inbound routes, allows remote attackers to cause a denial of service (device reload) via… | |||
| CVE-2013-5650 | medium | — | 5.4 | 13y ago | Junos Pulse Secure Access Service (IVE) 7.1 before 7.1r5, 7.2 before 7.2r10, 7.3 before 7.3r6, and 7.4 before 7.4r3 and Junos Pulse Access Control Service (UAC) 4.1 before 4.1r8.1, 4.2 before 4.2r5, … | |||
| CVE-2013-2895 | medium | — | 5.4 | 13y ago | drivers/hid/hid-logitech-dj.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LOGITECH_DJ is enabled, allows physically proximate attackers to cause a … | |||
| CVE-2013-3039 | medium | — | 5.4 | 13y ago | IBM Rational Requirements Composer before 4.0.4 does not properly perform authentication, which has unspecified impact and remote attack vectors. | |||
| CVE-2013-3038 | medium | — | 5.4 | 13y ago | Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for remote attackers to discover credentials via unknown vectors. | |||
| CVE-2013-5132 | medium | — | 5.4 | 13y ago | Apple AirPort Base Station Firmware before 7.6.4 does not properly handle incorrect frame lengths, which allows remote attackers to cause a denial of service (device crash) by associating with the ac… | |||
| CVE-2013-1717 | medium | — | 5.4 | 13y ago | Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access … |