CVEs from 2013
Total
5,731
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.0%
% with KEV
0.7%
% with exploit
0.9%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-3418 | medium | — | 6.8 | 13y ago | Cisco Unified Communications Domain Manager does not properly allocate memory for GET and POST requests, which allows remote authenticated users to cause a denial of service (memory consumption and p… | |||
| CVE-2013-3408 | medium | — | 6.8 | 13y ago | The firmware on Cisco Virtualization Experience Client 6000 devices sets incorrect operating-system permissions, which allows local users to gain privileges via an unspecified sequence of commands, a… | |||
| CVE-2013-3400 | medium | — | 6.8 | 13y ago | The license-installation module in Cisco NX-OS on Nexus 1000V devices allows local users to execute arbitrary commands via crafted "install license" arguments, aka Bug ID CSCuh30824. | |||
| CVE-2013-1954 | medium | — | 6.8 | 13y ago | The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted… | |||
| CVE-2013-2853 | medium | — | 6.8 | 13y ago | The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ensure that headers are terminated by \r\n\r\n (carriage return, newline, carriage return, newline), which allows man-in-the-mid… | |||
| CVE-2013-2053 | medium | — | 6.8 | 13y ago | Buffer overflow in the atodn function in Openswan before 2.6.39, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE… | |||
| CVE-2013-3395 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the web framework on Cisco IronPort Web Security Appliance (WSA) devices, Email Security Appliance (ESA) devices, and Content Security Management Ap… | |||
| CVE-2013-2158 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the Services module 6.x-3.x and 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to hijack the authentication of unspecified victims via un… | |||
| CVE-2013-4660 | medium | — | 6.8 | 13y ago | Deserialization Code Execution in js-yaml | |||
| CVE-2013-3397 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability component in Cisco Unified Communications Manager (CUCM) allows remote attackers to hijack the authentication of arbitrar… | |||
| CVE-2013-3250 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the WP Maintenance Mode plugin before 1.8.8 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that … | |||
| CVE-2013-3647 | medium | — | 6.8 | 13y ago | The WebView class in the Cybozu Live application before 2.0.1 for Android allows attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that place… | |||
| CVE-2013-3646 | medium | — | 6.8 | 13y ago | The Cybozu Live application before 2.0.1 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site.… | |||
| CVE-2013-2980 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the Web Console in IBM Data Studio 3.1.0 and 3.1.1 allows remote attackers to hijack the authentication of arbitrary users for requests that access … | |||
| CVE-2013-2066 | medium | — | 6.8 | 13y ago | Buffer overflow in X.org libXv 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvQueryPortAttribu… | |||
| CVE-2013-2005 | medium | — | 6.8 | 13y ago | X.org libXt 1.1.3 and earlier does not check the return value of the XGetWindowProperty function, which allows X servers to trigger use of an uninitialized pointer and memory corruption via vectors r… | |||
| CVE-2013-2004 | medium | — | 6.8 | 13y ago | The (1) GetDatabase and (2) _XimParseStringFile functions in X.org libX11 1.5.99.901 (1.6 RC1) and earlier do not restrict the recursion depth when processing directives to include files, which allow… | |||
| CVE-2013-2003 | medium | — | 6.8 | 13y ago | Integer overflow in X.org libXcursor 1.1.13 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the _XcursorFileHeaderCreate functio… | |||
| CVE-2013-2002 | medium | — | 6.8 | 13y ago | Buffer overflow in X.org libXt 1.1.3 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the _XtResourceConfigu… | |||
| CVE-2013-2001 | medium | — | 6.8 | 13y ago | Buffer overflow in X.org libXxf86vm 1.1.2 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XF86VidModeGe… | |||
| CVE-2013-2000 | medium | — | 6.8 | 13y ago | Multiple buffer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1)… | |||
| CVE-2013-1999 | medium | — | 6.8 | 13y ago | Buffer overflow in X.org libXvMC 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvMCGetDRInfo fu… | |||
| CVE-2013-1998 | medium | — | 6.8 | 13y ago | Multiple buffer overflows in X.org libXi 1.7.1 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XGetD… | |||
| CVE-2013-1997 | medium | — | 6.8 | 13y ago | Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values … | |||
| CVE-2013-1996 | medium | — | 6.8 | 13y ago | X.org libFS 1.0.4 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the FSOpenServer function. | |||
| CVE-2013-1995 | medium | — | 6.8 | 13y ago | X.org libXi 1.7.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the XListInputDevices function. | |||
| CVE-2013-2064 | medium | — | 6.8 | 13y ago | Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function. | |||
| CVE-2013-2063 | medium | — | 6.8 | 13y ago | Integer overflow in X.org libXtst 1.2.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XRecordGetContext function. | |||
| CVE-2013-2062 | medium | — | 6.8 | 13y ago | Multiple integer overflows in X.org libXp 1.0.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XpGetAttributes, (2) XpGe… | |||
| CVE-2013-1994 | medium | — | 6.8 | 13y ago | Multiple integer overflows in X.org libchromeXvMC and libchromeXvMCPro in openChrome 0.3.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors r… | |||
| CVE-2013-1993 | medium | — | 6.8 | 13y ago | Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XF86DRIOpenConne… | |||
| CVE-2013-1992 | medium | — | 6.8 | 13y ago | Multiple integer overflows in X.org libdmx 1.1.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) DMXGetScreenAttributes, … | |||
| CVE-2013-1991 | medium | — | 6.8 | 13y ago | Multiple integer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XDGAQueryModes and … | |||
| CVE-2013-1990 | medium | — | 6.8 | 13y ago | Multiple integer overflows in X.org libXvMC 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvMCListSurfaceTypes an… | |||
| CVE-2013-1989 | medium | — | 6.8 | 13y ago | Multiple integer overflows in X.org libXv 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvQueryPortAttributes, (2… | |||
| CVE-2013-1988 | medium | — | 6.8 | 13y ago | Multiple integer overflows in X.org libXRes 1.0.6 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XResQueryClients and (2… | |||
| CVE-2013-1987 | medium | — | 6.8 | 13y ago | Multiple integer overflows in X.org libXrender 0.9.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRenderQueryFilters,… | |||
| CVE-2013-1986 | medium | — | 6.8 | 13y ago | Multiple integer overflows in X.org libXrandr 1.4.0 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRRQueryOutputPropert… | |||
| CVE-2013-1985 | medium | — | 6.8 | 13y ago | Integer overflow in X.org libXinerama 1.1.2 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XineramaQueryScreens function. | |||
| CVE-2013-1984 | medium | — | 6.8 | 13y ago | Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XGetDeviceControl, (2) XG… | |||
| CVE-2013-1983 | medium | — | 6.8 | 13y ago | Integer overflow in X.org libXfixes 5.0 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XFixesGetCursorImage function. | |||
| CVE-2013-1982 | medium | — | 6.8 | 13y ago | Multiple integer overflows in X.org libXext 1.3.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XcupGetReservedColormap… | |||
| CVE-2013-1981 | medium | — | 6.8 | 13y ago | Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XQueryFon… | |||
| CVE-2013-0144 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in cgi-bin/create_user.cgi on QNAP VioStor NVR devices with firmware 4.0.3 allows remote attackers to hijack the authentication of administrators for r… | |||
| CVE-2013-1024 | medium | — | 6.8 | 13y ago | CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial … | |||
| CVE-2013-1023 | medium | — | 6.8 | 13y ago | WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differ… | |||
| CVE-2013-1009 | medium | — | 6.8 | 13y ago | WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differ… | |||
| CVE-2013-0983 | medium | — | 6.8 | 13y ago | Stack consumption vulnerability in CoreAnimation in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text … | |||
| CVE-2013-0975 | medium | — | 6.8 | 13y ago | Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. | |||
| CVE-2013-2067 | medium | — | 6.8 | 13y ago | Improper Authentication in Apache Tomcat | |||
| CVE-2013-1246 | medium | — | 6.8 | 13y ago | Cisco TelePresence System Software does not properly handle inactive t-shell sessions, which allows remote authenticated users to cause a denial of service (memory consumption and service outage) by … | |||
| CVE-2013-2989 | medium | — | 6.8 | 13y ago | The file-copying functionality in IBM Sterling Connect:Direct 3.8.00, 4.0.00, and 4.1.0 for UNIX on AIX 6.1 through 7.1 uses incorrect privileges, which allows local users to bypass filesystem read p… | |||
| CVE-2013-2847 | medium | — | 6.8 | 13y ago | Race condition in the workers implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecif… | |||
| CVE-2013-3270 | medium | — | 6.8 | 13y ago | EMC VNX Control Station before 7.1.70.2 and Celerra Control Station before 6.0.70.1 have an incorrect group ownership for unspecified script files, which allows local users to gain privileges by leve… | |||
| CVE-2013-1011 | medium | — | 6.8 | 13y ago | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related … | |||
| CVE-2013-0998 | medium | — | 6.8 | 13y ago | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related … | |||
| CVE-2013-0997 | medium | — | 6.8 | 13y ago | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related … | |||
| CVE-2013-0996 | medium | — | 6.8 | 13y ago | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related … | |||
| CVE-2013-0995 | medium | — | 6.8 | 13y ago | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related … | |||
| CVE-2013-0994 | medium | — | 6.8 | 13y ago | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related … | |||
| CVE-2013-0993 | medium | — | 6.8 | 13y ago | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related … | |||
| CVE-2013-0992 | medium | — | 6.8 | 13y ago | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related … | |||
| CVE-2013-0991 | medium | — | 6.8 | 13y ago | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related … | |||
| CVE-2013-1200 | medium | — | 6.8 | 13y ago | Session fixation vulnerability in Cisco Secure Access Control System (ACS) allows remote attackers to hijack web sessions via unspecified vectors, aka Bug ID CSCud95787. | |||
| CVE-2013-0096 | medium | — | 6.8 | 13y ago | Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Ha… | |||
| CVE-2013-2977 | medium | — | 6.8 | 13y ago | Integer overflow in IBM Notes 8.5.x before 8.5.3 FP4 Interim Fix 1 and 9.x before 9.0 Interim Fix 1 on Windows, and 8.5.x before 8.5.3 FP5 and 9.x before 9.0.1 on Linux, allows remote attackers to ex… | |||
| CVE-2013-2707 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the Login With Ajax plugin before 3.1 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that modify… | |||
| CVE-2013-3513 | medium | — | 6.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Noma component in GroundWork Monitor Enterprise 6.7.0 allow remote attackers to hijack the authentication of unspecified victims for … | |||
| CVE-2013-2703 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the Facebook Members plugin before 5.0.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modi… | |||
| CVE-2013-2702 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the Easy AdSense Lite plugin before 6.10 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that mod… | |||
| CVE-2013-1927 | medium | — | 6.8 | 13y ago | The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR." | |||
| CVE-2013-1196 | medium | — | 6.8 | 13y ago | The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System,… | |||
| CVE-2013-2709 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the FourSquare Checkins plugin before 1.3 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that in… | |||
| CVE-2013-2696 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the All in One Webmaster plugin before 8.2.4 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that… | |||
| CVE-2013-1215 | medium | — | 6.8 | 13y ago | The vpnclient program in the Easy VPN component on Cisco Adaptive Security Appliances (ASA) 5505 devices allows local users to gain privileges via unspecified vectors, aka Bug ID CSCuf85295. | |||
| CVE-2013-3269 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0 allows remote attackers to hijack the authentication of arbitrary users for requests that change mob… | |||
| CVE-2013-2305 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0, Cybozu Dezie before 8.0.7, and Cybozu Mailwise before 5.0.4 allows remote attackers to hijack the a… | |||
| CVE-2013-1217 | medium | — | 6.8 | 13y ago | The generic input/output control implementation in Cisco IOS does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) by sending many SNM… | |||
| CVE-2013-1088 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request valida… | |||
| CVE-2013-0543 | medium | — | 6.8 | 13y ago | IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux, Solaris, and HP-UX, when a Local OS registry is used, does not pr… | |||
| CVE-2013-2697 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the WP-DownloadManager plugin before 1.61 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that in… | |||
| CVE-2013-0132 | medium | — | 6.8 | 13y ago | The suexec implementation in Parallels Plesk Panel 11.0.9 contains a cgi-wrapper whitelist entry, which allows user-assisted remote attackers to execute arbitrary PHP code via a request containing cr… | |||
| CVE-2013-2395 | medium | — | 6.8 | 13y ago | Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerabil… | |||
| CVE-2013-2760 | medium | — | 6.8 | 13y ago | Buffer overflow in Groovy Media Player 3.2.0 allows remote attackers to execute arbitrary code via a long string in a .m3u file. | |||
| CVE-2013-1197 | medium | — | 6.8 | 13y ago | The XML parser in the server in Cisco Unified Presence (CUP) allows remote authenticated users to cause a denial of service (jabberd daemon crash) via crafted XML content in an XMPP message, aka Bug … | |||
| CVE-2013-1790 | medium | — | 6.8 | 13y ago | poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar fun… | |||
| CVE-2013-1788 | medium | — | 6.8 | 13y ago | poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Spl… | |||
| CVE-2013-0111 | medium | — | 6.8 | 13y ago | daemonu.exe (aka the NVIDIA Update Service Daemon), as distributed with the NVIDIA driver before 307.78, and Release 310 before 311.00, on Windows, lacks " (double quote) characters in the service pa… | |||
| CVE-2013-0110 | medium | — | 6.8 | 13y ago | nvSCPAPISvr.exe in the NVIDIA Stereoscopic 3D Driver service, as distributed with the NVIDIA driver before 307.78, and Release 310 before 311.00, on Windows, lacks " (double quote) characters in the … | |||
| CVE-2013-0663 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSX… | |||
| CVE-2013-0800 | medium | — | 6.8 | 13y ago | Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird be… | |||
| CVE-2013-1911 | medium | — | 6.8 | 13y ago | ldoce Gem Arbitrary Command Execution | |||
| CVE-2013-1079 | medium | — | 6.8 | 13y ago | Directory traversal vulnerability in the ISCreateObject method in an ActiveX control in InstallShield\ISProxy.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.3 through 11.2 al… | |||
| CVE-2013-0532 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to hijack t… | |||
| CVE-2013-0452 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the Software Use Analysis (SUA) application before 1.3.3 in IBM Tivoli Endpoint Manager 8.2 allows remote attackers to hijack the authentication of … | |||
| CVE-2013-0926 | medium | — | 6.8 | 13y ago | Google Chrome before 26.0.1410.43 does not properly handle active content in an EMBED element during a copy-and-paste operation, which allows user-assisted remote attackers to have an unspecified imp… | |||
| CVE-2013-0921 | medium | — | 6.8 | 13y ago | The Isolated Sites feature in Google Chrome before 26.0.1410.43 does not properly enforce the use of separate processes, which makes it easier for remote attackers to bypass intended access restricti… | |||
| CVE-2013-0918 | medium | — | 6.8 | 13y ago | Google Chrome before 26.0.1410.43 does not prevent navigation to developer tools in response to a drag-and-drop operation, which allows user-assisted remote attackers to have an unspecified impact vi… | |||
| CVE-2013-0258 | medium | — | 6.8 | 13y ago | The Google Authenticator login (ga_login) module 7.x before 7.x-1.3 for Drupal, when multi-factor authentication is enabled, allows remote attackers to bypass authentication for accounts without an a… | |||
| CVE-2013-1797 | medium | — | 6.8 | 13y ago | Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other … |