CVEs from 2013
Total
5,688
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-1949 | medium | — | 5.0 | 13y ago | Social Media Widget (social-media-widget) plugin 4.0 for WordPress contains an externally introduced modification (Trojan Horse), which allows remote attackers to force the upload of arbitrary files. | |||
| CVE-2013-1214 | medium | — | 5.0 | 13y ago | The scripts editor in Cisco Unified Contact Center Express (aka Unified CCX) does not properly manage privileges for anonymous logins, which allows remote attackers to read arbitrary scripts by visit… | |||
| CVE-2013-1195 | medium | — | 5.0 | 13y ago | The time-based ACL implementation on Cisco Adaptive Security Appliances (ASA) devices, and in Cisco Firewall Services Module (FWSM), does not properly handle periodic statements for the time-range co… | |||
| CVE-2013-0584 | medium | — | 5.0 | 13y ago | The Data Replication Dashboard component in IBM InfoSphere Replication Server 9.7 and 10.x before 10.2.0.0-b113 allows remote attackers to obtain a list of all user accounts, along with information a… | |||
| CVE-2013-3210 | medium | — | 5.0 | 13y ago | Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the … | |||
| CVE-2013-1194 | medium | — | 5.0 | 13y ago | The ISAKMP implementation on Cisco Adaptive Security Appliances (ASA) devices generates different responses for IKE aggressive-mode messages depending on whether invalid VPN groups are specified, whi… | |||
| CVE-2013-2438 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to JavaFX. | |||
| CVE-2013-2424 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allow… | |||
| CVE-2013-2417 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allow… | |||
| CVE-2013-1564 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect integrity via unknow… | |||
| CVE-2013-1561 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality via … | |||
| CVE-2013-2409 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality via vectors related t… | |||
| CVE-2013-2388 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect availability via unknown vec… | |||
| CVE-2013-1570 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote attackers to affect availability via unknown vectors related to MemCached. | |||
| CVE-2013-1565 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Oracle GoldenGate Veridata component in Oracle Fusion Middleware 3.0.0.11 allows remote attackers to affect availability via unknown vectors. | |||
| CVE-2013-1559 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote authenticated users to affect availability via unknown vectors … | |||
| CVE-2013-1554 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to affect availability via unknown vect… | |||
| CVE-2013-1545 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.5.0, and 11.1.1.6.0 allows remote attackers to affect availability via unknown vectors relat… | |||
| CVE-2013-1538 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Network Layer component in Oracle Database Server 11.2.0.2 and 11.2.0.3 allows remote attackers to affect availability via unknown vectors. | |||
| CVE-2013-1535 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0, 5.1.0, 5.2.0, 5.3.4, and 6.0.1 allows remote attackers to affect c… | |||
| CVE-2013-1519 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.1 allows remote attackers to affect integrity via unknown vectors. | |||
| CVE-2013-1510 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Portal Framework, … | |||
| CVE-2013-1509 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 7.6.2, 11.1.1.6.0, and 11.1.1.6.1 allows remote authenticated users to affect integrity via unknown vecto… | |||
| CVE-2013-0408 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to CPU performance counters drivers. | |||
| CVE-2013-2835 | medium | — | 5.0 | 13y ago | Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechan… | |||
| CVE-2013-2834 | medium | — | 5.0 | 13y ago | Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechan… | |||
| CVE-2013-2832 | medium | — | 5.0 | 13y ago | The Buffer::Set function in core/cross/buffer.cc in the O3D plug-in in Google Chrome OS before 26.0.1410.57 does not prevent uninitialized data from remaining in a buffer, which might allow remote at… | |||
| CVE-2013-2303 | medium | — | 5.0 | 13y ago | Sleipnir 4.0.0.4000 and earlier on Windows allows remote attackers to spoof the SSL lock icon and address-bar colors via unspecified vectors. | |||
| CVE-2013-1193 | medium | — | 5.0 | 13y ago | The Secure Shell (SSH) implementation on Cisco Adaptive Security Appliances (ASA) devices, and in Cisco Firewall Services Module (FWSM), does not properly terminate sessions, which allows remote atta… | |||
| CVE-2013-1187 | medium | — | 5.0 | 13y ago | The Connection Manager in Cisco Jabber Extensible Communications Platform (aka Jabber XCP) does not properly validate login data, which allows remote attackers to cause a denial of service (service c… | |||
| CVE-2013-0315 | medium | — | 5.0 | 13y ago | The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML Entit… | |||
| CVE-2013-0282 | medium | — | 5.0 | 13y ago | OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, whi… | |||
| CVE-2013-2716 | medium | — | 5.0 | 13y ago | Puppet Labs Puppet Enterprise before 2.8.0 does not use a "randomized secret" in the CAS client config file (cas_client_config.yml) when upgrading from older 1.2.x or 2.0.x versions, which allows rem… | |||
| CVE-2013-1282 | medium | — | 5.0 | 13y ago | The LDAP service in Microsoft Active Directory, Active Directory Application Mode (ADAM), Active Directory Lightweight Directory Service (AD LDS), and Active Directory Services allows remote attacker… | |||
| CVE-2013-1821 | medium | — | 5.0 | 13y ago | Ruby vulnerable to denial of service | |||
| CVE-2013-0681 | medium | — | 5.0 | 13y ago | Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote attackers to cause a denial… | |||
| CVE-2013-1174 | medium | — | 5.0 | 13y ago | Cisco Tivoli Business Service Manager (TBSM) in Hosted Collaboration Mediation (HCM) in Cisco Hosted Collaboration Solution allows remote attackers to cause a denial of service (temporary service han… | |||
| CVE-2013-0483 | medium | — | 5.0 | 13y ago | The login component in SOAP Gateway in IBM IMS Enterprise Suite 1.1, 2.1, and 2.2 uses cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | |||
| CVE-2013-0128 | medium | — | 5.0 | 13y ago | The Contact Customer Support feature in the TigerText Free Private Texting app before 3.1.402 for iOS sends a log-file e-mail message with unencrypted credentials, which allows remote attackers to ob… | |||
| CVE-2013-2763 | medium | — | 5.0 | 13y ago | The Schneider Electric M340 PLC modules allow remote attackers to cause a denial of service (resource consumption) via unspecified vectors. NOTE: the vendor reportedly disputes this issue because it… | |||
| CVE-2013-0791 | medium | — | 5.0 | 13y ago | The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x… | |||
| CVE-2013-1665 | medium | — | 5.0 | 13y ago | The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via a… | |||
| CVE-2013-1664 | medium | — | 5.0 | 13y ago | The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other pro… | |||
| CVE-2013-2744 | medium | — | 5.0 | 13y ago | importbuddy.php in the BackupBuddy plugin 2.2.25 for WordPress allows remote attackers to obtain configuration information via a step 0 phpinfo action, which calls the phpinfo function. | |||
| CVE-2013-2686 | medium | — | 5.0 | 13y ago | main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.… | |||
| CVE-2013-2264 | medium | — | 5.0 | 13y ago | The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x … | |||
| CVE-2013-1747 | medium | — | 5.0 | 13y ago | channel.c in ngIRCd 20 and 20.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a KICK command for a user who is not on the associated channel. | |||
| CVE-2013-0923 | medium | — | 5.0 | 13y ago | The USB Apps API in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors. | |||
| CVE-2013-0917 | medium | — | 5.0 | 13y ago | The URL loader in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||
| CVE-2013-0316 | medium | — | 5.0 | 13y ago | The Image module in Drupal 7.x before 7.20 allows remote attackers to cause a denial of service (CPU and disk space consumption) via a large number of new derivative requests. | |||
| CVE-2013-0257 | medium | — | 5.0 | 13y ago | The email2image module 6.x-1.x and 6.x-2.x for Drupal does not properly restrict access to nodes, which allows remote attackers to read images of user email addresses and email fields. | |||
| CVE-2013-0182 | medium | — | 5.0 | 13y ago | The Payment module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to payments, which allows remote attackers to read arbitrary payments. | |||
| CVE-2013-2300 | medium | — | 5.0 | 13y ago | The FlickWnn (aka OpenWnn/Flick support) application 2.02 and earlier for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an applicatio… | |||
| CVE-2013-0720 | medium | — | 5.0 | 13y ago | The COBIME application before 0.9.4 for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesyst… | |||
| CVE-2013-0719 | medium | — | 5.0 | 13y ago | The ArtIME Japanese Input application 1.1.2 and earlier for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesse… | |||
| CVE-2013-0718 | medium | — | 5.0 | 13y ago | The Simeji application 4.8.1 and earlier for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local fil… | |||
| CVE-2013-1162 | medium | — | 5.0 | 13y ago | The traffic engineering (TE) processing subsystem in Cisco IOS XR allows remote attackers to cause a denial of service (process restart) via crafted TE packets, aka Bug ID CSCue04000. | |||
| CVE-2013-1831 | medium | — | 5.0 | 13y ago | Moodle reveals absolute path in exception message | |||
| CVE-2013-1830 | medium | — | 5.0 | 13y ago | Moodle does not enforce the forceloginforprofiles setting | |||
| CVE-2013-2640 | medium | — | 5.0 | 13y ago | ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct… | |||
| CVE-2013-0731 | medium | — | 5.0 | 13y ago | ajax.functions.php in the MailUp plugin before 1.3.3 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct… | |||
| CVE-2013-2633 | medium | — | 5.0 | 13y ago | Piwik (now Matomo) Reveals Sensitive Information by Accepting Input from `POST` Requests | |||
| CVE-2013-0716 | medium | — | 5.0 | 13y ago | The web server in Wind River VxWorks 5.5 through 6.9 allows remote attackers to cause a denial of service (daemon crash) via a crafted URI. | |||
| CVE-2013-1654 | medium | — | 5.0 | 13y ago | Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote attackers to c… | |||
| CVE-2013-2263 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Citrix Access Gateway Standard Edition 5.0.x before 5.0.4.223524 allows remote attackers to access network resources via unknown attack vectors. | |||
| CVE-2013-1854 | medium | — | 5.0 | 13y ago | The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attack… | |||
| CVE-2013-2371 | medium | — | 5.0 | 13y ago | The Web API in the Statistics Server in TIBCO Spotfire Statistics Services 3.3.x before 3.3.1, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to obtain sensitive information via a… | |||
| CVE-2013-1795 | medium | — | 5.0 | 13y ago | Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote attackers to cause a denial of service (crash) via a large list from the IdToName RPC, which triggers a heap-based buffer overflow. | |||
| CVE-2013-1814 | medium | — | 5.0 | 13y ago | Apache Rave information disclosure vulnerability | |||
| CVE-2013-1469 | medium | — | 5.0 | 13y ago | Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the dl parameter. | |||
| CVE-2013-0312 | medium | — | 5.0 | 13y ago | 389 Directory Server before 1.3.0.4 allows remote attackers to cause a denial of service (crash) via a zero length LDAP control sequence. | |||
| CVE-2013-0095 | medium | — | 5.0 | 13y ago | Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTM… | |||
| CVE-2013-0086 | medium | — | 5.0 | 13y ago | Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Siz… | |||
| CVE-2013-0239 | medium | — | 5.0 | 13y ago | Improper Authentication in Apache CXF | |||
| CVE-2013-0252 | medium | — | 5.0 | 13y ago | boost::locale::utf::utf_traits in the Boost.Locale library in Boost 1.48 through 1.52 does not properly detect certain invalid UTF-8 sequences, which might allow remote attackers to bypass input vali… | |||
| CVE-2013-2293 | medium | — | 5.0 | 13y ago | The CTransaction::FetchInputs method in bitcoind and Bitcoin-Qt before 0.8.0rc1 copies transactions from disk to memory without incrementally checking for spent prevouts, which allows remote attacker… | |||
| CVE-2013-2273 | medium | — | 5.0 | 13y ago | bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 make it easier for remote attackers to obtain … | |||
| CVE-2013-2272 | medium | — | 5.0 | 13y ago | The penny-flooding protection mechanism in the CTxMemPool::accept method in bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5r… | |||
| CVE-2013-1154 | medium | — | 5.0 | 13y ago | The Cisco Small Business 200 Series Smart Switch 1.2.7.76 and earlier, Small Business 300 Series Managed Switch 1.2.7.76 and earlier, and Small Business 500 Series Stackable Managed Switch 1.2.7.76 a… | |||
| CVE-2013-2488 | medium | — | 5.0 | 13y ago | The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not validate the fragment offset before invoking the reassembly state machine, which allows remote attackers to cause a… | |||
| CVE-2013-1643 | medium | — | 5.0 | 13y ago | The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an … | |||
| CVE-2013-0909 | medium | — | 5.0 | 13y ago | The XSS Auditor in Google Chrome before 25.0.1364.152 allows remote attackers to obtain sensitive HTTP Referer information via unspecified vectors. | |||
| CVE-2013-0198 | medium | — | 5.0 | 13y ago | Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplificati… | |||
| CVE-2013-1415 | medium | — | 5.0 | 13y ago | The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1… | |||
| CVE-2013-1138 | medium | — | 5.0 | 14y ago | The NAT process on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (connections-table memory consumption) via crafted packets, aka Bug ID CSCue46… | |||
| CVE-2013-0247 | medium | — | 5.0 | 14y ago | OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service (disk consumption) via many invalid … | |||
| CVE-2013-0220 | medium | — | 5.0 | 14y ago | The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in S… | |||
| CVE-2013-0786 | medium | — | 5.0 | 14y ago | The Bugzilla::Search::build_subselect function in Bugzilla 2.x and 3.x before 3.6.13 and 3.7.x and 4.0.x before 4.0.10 generates different error messages for invalid product queries depending on whet… | |||
| CVE-2013-0118 | medium | — | 5.0 | 14y ago | CS-Cart before 3.0.6, when PayPal Standard Payments is configured, allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setti… | |||
| CVE-2013-0899 | medium | — | 5.0 | 14y ago | Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and… | |||
| CVE-2013-0888 | medium | — | 5.0 | 14y ago | Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors rel… | |||
| CVE-2013-0883 | medium | — | 5.0 | 14y ago | Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via unspe… | |||
| CVE-2013-0881 | medium | — | 5.0 | 14y ago | Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via crafted data in the Ma… | |||
| CVE-2013-1485 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect integrity via unknown vectors related to Librarie… | |||
| CVE-2013-1129 | medium | — | 5.0 | 14y ago | Memory leak in Cisco Unity Connection 9.x allows remote attackers to cause a denial of service (memory consumption and process crash) by sending many TCP requests, aka Bug ID CSCud59736. | |||
| CVE-2013-0273 | medium | — | 5.0 | 14y ago | sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash)… | |||
| CVE-2013-0271 | medium | — | 5.0 | 14y ago | The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname. | |||
| CVE-2013-0705 | medium | — | 5.0 | 14y ago | Directory traversal vulnerability in LSI 3ware Disk Manager (3DM) before 2 allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2013-1122 | medium | — | 5.0 | 14y ago | Cisco NX-OS on the Nexus 7000, when a certain Overlay Transport Virtualization (OTV) configuration is used, allows remote attackers to cause a denial of service (M1-Series module reload) via crafted … | |||
| CVE-2013-1455 | medium | — | 5.0 | 14y ago | Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to an "Undefined variable." |