CVEs from 2013
Total
5,695
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
3.5%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-1629 | medium | — | 6.8 | 13y ago | pip before 1.3 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code v… | |||
| CVE-2013-1610 | medium | — | 6.8 | 13y ago | Unquoted Windows search path vulnerability in RDDService in Symantec PGP Desktop 10.0.x through 10.2.x and Symantec Encryption Desktop 10.3.0 before MP3 allows local users to gain privileges via a Tr… | |||
| CVE-2013-3451 | medium | — | 6.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Unified Communications Manager (Unified CM) allow remote attackers to hijack the authentication of arbitrary users for requests tha… | |||
| CVE-2013-3450 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users… | |||
| CVE-2013-4911 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to hijack the authentication of unspecified victims by leveraging imprope… | |||
| CVE-2013-4156 | medium | — | 6.8 | 13y ago | Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document fi… | |||
| CVE-2013-2189 | medium | — | 6.8 | 13y ago | Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file. | |||
| CVE-2013-2174 | medium | — | 6.8 | 13y ago | Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possib… | |||
| CVE-2013-4949 | medium | — | 6.8 | 13y ago | Unrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in t… | |||
| CVE-2013-4871 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the TEQneers SEO Enhancements (tq_seo) extension before 5.0.1 for TYPO3 allows remote attackers to hijack the authentication of unspecified victims … | |||
| CVE-2013-3665 | medium | — | 6.8 | 13y ago | Unspecified vulnerability in Autodesk AutoCAD through 2014, AutoCAD LT through 2014, and DWG TrueView through 2014 allows remote attackers to execute arbitrary code via a crafted DWG file. | |||
| CVE-2013-3420 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the web framework on the Cisco Identity Services Engine (ISE) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CS… | |||
| CVE-2013-3434 | medium | — | 6.8 | 13y ago | Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environme… | |||
| CVE-2013-3433 | medium | — | 6.8 | 13y ago | Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environme… | |||
| CVE-2013-3403 | medium | — | 6.8 | 13y ago | Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and… | |||
| CVE-2013-3781 | medium | — | 6.8 | 13y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7, 8.4.0, and 8.4.1 allows context-dependent attackers to affect availability via unknown vecto… | |||
| CVE-2013-3776 | medium | — | 6.8 | 13y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7, 8.4.0, and 8.4.1 allows context-dependent attackers to affect availability via unknown vecto… | |||
| CVE-2013-3491 | medium | — | 6.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Sharebar plugin 1.2.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add o… | |||
| CVE-2013-4113 | medium | — | 6.8 | 13y ago | ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other imp… | |||
| CVE-2013-3424 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in Administration and View pages in Cisco Secure Access Control System (ACS) allows remote attackers to hijack the authentication of arbitrary users, a… | |||
| CVE-2013-2704 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the Dropdown Menu Widget plugin 1.9.1 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert… | |||
| CVE-2013-3418 | medium | — | 6.8 | 13y ago | Cisco Unified Communications Domain Manager does not properly allocate memory for GET and POST requests, which allows remote authenticated users to cause a denial of service (memory consumption and p… | |||
| CVE-2013-3408 | medium | — | 6.8 | 13y ago | The firmware on Cisco Virtualization Experience Client 6000 devices sets incorrect operating-system permissions, which allows local users to gain privileges via an unspecified sequence of commands, a… | |||
| CVE-2013-3400 | medium | — | 6.8 | 13y ago | The license-installation module in Cisco NX-OS on Nexus 1000V devices allows local users to execute arbitrary commands via crafted "install license" arguments, aka Bug ID CSCuh30824. | |||
| CVE-2013-1954 | medium | — | 6.8 | 13y ago | The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted… | |||
| CVE-2013-2853 | medium | — | 6.8 | 13y ago | The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ensure that headers are terminated by \r\n\r\n (carriage return, newline, carriage return, newline), which allows man-in-the-mid… | |||
| CVE-2013-2053 | medium | — | 6.8 | 13y ago | Buffer overflow in the atodn function in Openswan before 2.6.39, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE… | |||
| CVE-2013-3395 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the web framework on Cisco IronPort Web Security Appliance (WSA) devices, Email Security Appliance (ESA) devices, and Content Security Management Ap… | |||
| CVE-2013-2158 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the Services module 6.x-3.x and 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to hijack the authentication of unspecified victims via un… | |||
| CVE-2013-3397 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability component in Cisco Unified Communications Manager (CUCM) allows remote attackers to hijack the authentication of arbitrar… | |||
| CVE-2013-3250 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the WP Maintenance Mode plugin before 1.8.8 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that … | |||
| CVE-2013-3647 | medium | — | 6.8 | 13y ago | The WebView class in the Cybozu Live application before 2.0.1 for Android allows attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that place… | |||
| CVE-2013-3646 | medium | — | 6.8 | 13y ago | The Cybozu Live application before 2.0.1 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site.… | |||
| CVE-2013-2980 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the Web Console in IBM Data Studio 3.1.0 and 3.1.1 allows remote attackers to hijack the authentication of arbitrary users for requests that access … | |||
| CVE-2013-2066 | medium | — | 6.8 | 13y ago | Buffer overflow in X.org libXv 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvQueryPortAttribu… | |||
| CVE-2013-2005 | medium | — | 6.8 | 13y ago | X.org libXt 1.1.3 and earlier does not check the return value of the XGetWindowProperty function, which allows X servers to trigger use of an uninitialized pointer and memory corruption via vectors r… | |||
| CVE-2013-2004 | medium | — | 6.8 | 13y ago | The (1) GetDatabase and (2) _XimParseStringFile functions in X.org libX11 1.5.99.901 (1.6 RC1) and earlier do not restrict the recursion depth when processing directives to include files, which allow… | |||
| CVE-2013-2003 | medium | — | 6.8 | 13y ago | Integer overflow in X.org libXcursor 1.1.13 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the _XcursorFileHeaderCreate functio… | |||
| CVE-2013-2002 | medium | — | 6.8 | 13y ago | Buffer overflow in X.org libXt 1.1.3 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the _XtResourceConfigu… | |||
| CVE-2013-2001 | medium | — | 6.8 | 13y ago | Buffer overflow in X.org libXxf86vm 1.1.2 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XF86VidModeGe… | |||
| CVE-2013-2000 | medium | — | 6.8 | 13y ago | Multiple buffer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1)… | |||
| CVE-2013-1999 | medium | — | 6.8 | 13y ago | Buffer overflow in X.org libXvMC 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvMCGetDRInfo fu… | |||
| CVE-2013-1998 | medium | — | 6.8 | 13y ago | Multiple buffer overflows in X.org libXi 1.7.1 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XGetD… | |||
| CVE-2013-1997 | medium | — | 6.8 | 13y ago | Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values … | |||
| CVE-2013-1996 | medium | — | 6.8 | 13y ago | X.org libFS 1.0.4 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the FSOpenServer function. | |||
| CVE-2013-1995 | medium | — | 6.8 | 13y ago | X.org libXi 1.7.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the XListInputDevices function. | |||
| CVE-2013-2064 | medium | — | 6.8 | 13y ago | Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function. | |||
| CVE-2013-2063 | medium | — | 6.8 | 13y ago | Integer overflow in X.org libXtst 1.2.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XRecordGetContext function. | |||
| CVE-2013-2062 | medium | — | 6.8 | 13y ago | Multiple integer overflows in X.org libXp 1.0.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XpGetAttributes, (2) XpGe… | |||
| CVE-2013-1994 | medium | — | 6.8 | 13y ago | Multiple integer overflows in X.org libchromeXvMC and libchromeXvMCPro in openChrome 0.3.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors r… | |||
| CVE-2013-1993 | medium | — | 6.8 | 13y ago | Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XF86DRIOpenConne… | |||
| CVE-2013-1992 | medium | — | 6.8 | 13y ago | Multiple integer overflows in X.org libdmx 1.1.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) DMXGetScreenAttributes, … | |||
| CVE-2013-1991 | medium | — | 6.8 | 13y ago | Multiple integer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XDGAQueryModes and … | |||
| CVE-2013-1990 | medium | — | 6.8 | 13y ago | Multiple integer overflows in X.org libXvMC 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvMCListSurfaceTypes an… | |||
| CVE-2013-1989 | medium | — | 6.8 | 13y ago | Multiple integer overflows in X.org libXv 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvQueryPortAttributes, (2… | |||
| CVE-2013-1988 | medium | — | 6.8 | 13y ago | Multiple integer overflows in X.org libXRes 1.0.6 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XResQueryClients and (2… | |||
| CVE-2013-1987 | medium | — | 6.8 | 13y ago | Multiple integer overflows in X.org libXrender 0.9.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRenderQueryFilters,… | |||
| CVE-2013-1986 | medium | — | 6.8 | 13y ago | Multiple integer overflows in X.org libXrandr 1.4.0 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRRQueryOutputPropert… | |||
| CVE-2013-1985 | medium | — | 6.8 | 13y ago | Integer overflow in X.org libXinerama 1.1.2 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XineramaQueryScreens function. | |||
| CVE-2013-1984 | medium | — | 6.8 | 13y ago | Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XGetDeviceControl, (2) XG… | |||
| CVE-2013-1983 | medium | — | 6.8 | 13y ago | Integer overflow in X.org libXfixes 5.0 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XFixesGetCursorImage function. | |||
| CVE-2013-1982 | medium | — | 6.8 | 13y ago | Multiple integer overflows in X.org libXext 1.3.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XcupGetReservedColormap… | |||
| CVE-2013-1981 | medium | — | 6.8 | 13y ago | Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XQueryFon… | |||
| CVE-2013-0144 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in cgi-bin/create_user.cgi on QNAP VioStor NVR devices with firmware 4.0.3 allows remote attackers to hijack the authentication of administrators for r… | |||
| CVE-2013-1024 | medium | — | 6.8 | 13y ago | CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial … | |||
| CVE-2013-1023 | medium | — | 6.8 | 13y ago | WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differ… | |||
| CVE-2013-1009 | medium | — | 6.8 | 13y ago | WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differ… | |||
| CVE-2013-0983 | medium | — | 6.8 | 13y ago | Stack consumption vulnerability in CoreAnimation in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text … | |||
| CVE-2013-0975 | medium | — | 6.8 | 13y ago | Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. | |||
| CVE-2013-2067 | medium | — | 6.8 | 13y ago | Improper Authentication in Apache Tomcat | |||
| CVE-2013-1246 | medium | — | 6.8 | 13y ago | Cisco TelePresence System Software does not properly handle inactive t-shell sessions, which allows remote authenticated users to cause a denial of service (memory consumption and service outage) by … | |||
| CVE-2013-2989 | medium | — | 6.8 | 13y ago | The file-copying functionality in IBM Sterling Connect:Direct 3.8.00, 4.0.00, and 4.1.0 for UNIX on AIX 6.1 through 7.1 uses incorrect privileges, which allows local users to bypass filesystem read p… | |||
| CVE-2013-2847 | medium | — | 6.8 | 13y ago | Race condition in the workers implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecif… | |||
| CVE-2013-3270 | medium | — | 6.8 | 13y ago | EMC VNX Control Station before 7.1.70.2 and Celerra Control Station before 6.0.70.1 have an incorrect group ownership for unspecified script files, which allows local users to gain privileges by leve… | |||
| CVE-2013-1011 | medium | — | 6.8 | 13y ago | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related … | |||
| CVE-2013-0998 | medium | — | 6.8 | 13y ago | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related … | |||
| CVE-2013-0997 | medium | — | 6.8 | 13y ago | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related … | |||
| CVE-2013-0996 | medium | — | 6.8 | 13y ago | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related … | |||
| CVE-2013-0995 | medium | — | 6.8 | 13y ago | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related … | |||
| CVE-2013-0994 | medium | — | 6.8 | 13y ago | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related … | |||
| CVE-2013-0993 | medium | — | 6.8 | 13y ago | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related … | |||
| CVE-2013-0992 | medium | — | 6.8 | 13y ago | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related … | |||
| CVE-2013-0991 | medium | — | 6.8 | 13y ago | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related … | |||
| CVE-2013-1200 | medium | — | 6.8 | 13y ago | Session fixation vulnerability in Cisco Secure Access Control System (ACS) allows remote attackers to hijack web sessions via unspecified vectors, aka Bug ID CSCud95787. | |||
| CVE-2013-0096 | medium | — | 6.8 | 13y ago | Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Ha… | |||
| CVE-2013-2977 | medium | — | 6.8 | 13y ago | Integer overflow in IBM Notes 8.5.x before 8.5.3 FP4 Interim Fix 1 and 9.x before 9.0 Interim Fix 1 on Windows, and 8.5.x before 8.5.3 FP5 and 9.x before 9.0.1 on Linux, allows remote attackers to ex… | |||
| CVE-2013-2707 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the Login With Ajax plugin before 3.1 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that modify… | |||
| CVE-2013-3513 | medium | — | 6.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Noma component in GroundWork Monitor Enterprise 6.7.0 allow remote attackers to hijack the authentication of unspecified victims for … | |||
| CVE-2013-2703 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the Facebook Members plugin before 5.0.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modi… | |||
| CVE-2013-2702 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the Easy AdSense Lite plugin before 6.10 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that mod… | |||
| CVE-2013-1927 | medium | — | 6.8 | 13y ago | The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR." | |||
| CVE-2013-1196 | medium | — | 6.8 | 13y ago | The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System,… | |||
| CVE-2013-2709 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the FourSquare Checkins plugin before 1.3 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that in… | |||
| CVE-2013-2696 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the All in One Webmaster plugin before 8.2.4 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that… | |||
| CVE-2013-1215 | medium | — | 6.8 | 13y ago | The vpnclient program in the Easy VPN component on Cisco Adaptive Security Appliances (ASA) 5505 devices allows local users to gain privileges via unspecified vectors, aka Bug ID CSCuf85295. | |||
| CVE-2013-3269 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0 allows remote attackers to hijack the authentication of arbitrary users for requests that change mob… | |||
| CVE-2013-2305 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0, Cybozu Dezie before 8.0.7, and Cybozu Mailwise before 5.0.4 allows remote attackers to hijack the a… | |||
| CVE-2013-1217 | medium | — | 6.8 | 13y ago | The generic input/output control implementation in Cisco IOS does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) by sending many SNM… | |||
| CVE-2013-1088 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request valida… | |||
| CVE-2013-0543 | medium | — | 6.8 | 13y ago | IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux, Solaris, and HP-UX, when a Local OS registry is used, does not pr… |