CVEs from 2013
Total
5,695
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
3.5%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-2697 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the WP-DownloadManager plugin before 1.61 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that in… | |||
| CVE-2013-0132 | medium | — | 6.8 | 13y ago | The suexec implementation in Parallels Plesk Panel 11.0.9 contains a cgi-wrapper whitelist entry, which allows user-assisted remote attackers to execute arbitrary PHP code via a request containing cr… | |||
| CVE-2013-2395 | medium | — | 6.8 | 13y ago | Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerabil… | |||
| CVE-2013-2760 | medium | — | 6.8 | 13y ago | Buffer overflow in Groovy Media Player 3.2.0 allows remote attackers to execute arbitrary code via a long string in a .m3u file. | |||
| CVE-2013-1197 | medium | — | 6.8 | 13y ago | The XML parser in the server in Cisco Unified Presence (CUP) allows remote authenticated users to cause a denial of service (jabberd daemon crash) via crafted XML content in an XMPP message, aka Bug … | |||
| CVE-2013-1790 | medium | — | 6.8 | 13y ago | poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar fun… | |||
| CVE-2013-1788 | medium | — | 6.8 | 13y ago | poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Spl… | |||
| CVE-2013-0111 | medium | — | 6.8 | 13y ago | daemonu.exe (aka the NVIDIA Update Service Daemon), as distributed with the NVIDIA driver before 307.78, and Release 310 before 311.00, on Windows, lacks " (double quote) characters in the service pa… | |||
| CVE-2013-0110 | medium | — | 6.8 | 13y ago | nvSCPAPISvr.exe in the NVIDIA Stereoscopic 3D Driver service, as distributed with the NVIDIA driver before 307.78, and Release 310 before 311.00, on Windows, lacks " (double quote) characters in the … | |||
| CVE-2013-0663 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSX… | |||
| CVE-2013-0800 | medium | — | 6.8 | 13y ago | Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird be… | |||
| CVE-2013-1911 | medium | — | 6.8 | 13y ago | ldoce Gem Arbitrary Command Execution | |||
| CVE-2013-1079 | medium | — | 6.8 | 13y ago | Directory traversal vulnerability in the ISCreateObject method in an ActiveX control in InstallShield\ISProxy.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.3 through 11.2 al… | |||
| CVE-2013-0532 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to hijack t… | |||
| CVE-2013-0452 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the Software Use Analysis (SUA) application before 1.3.3 in IBM Tivoli Endpoint Manager 8.2 allows remote attackers to hijack the authentication of … | |||
| CVE-2013-0926 | medium | — | 6.8 | 13y ago | Google Chrome before 26.0.1410.43 does not properly handle active content in an EMBED element during a copy-and-paste operation, which allows user-assisted remote attackers to have an unspecified imp… | |||
| CVE-2013-0921 | medium | — | 6.8 | 13y ago | The Isolated Sites feature in Google Chrome before 26.0.1410.43 does not properly enforce the use of separate processes, which makes it easier for remote attackers to bypass intended access restricti… | |||
| CVE-2013-0918 | medium | — | 6.8 | 13y ago | Google Chrome before 26.0.1410.43 does not prevent navigation to developer tools in response to a drag-and-drop operation, which allows user-assisted remote attackers to have an unspecified impact vi… | |||
| CVE-2013-0258 | medium | — | 6.8 | 13y ago | The Google Authenticator login (ga_login) module 7.x before 7.x-1.3 for Drupal, when multi-factor authentication is enabled, allows remote attackers to bypass authentication for accounts without an a… | |||
| CVE-2013-1797 | medium | — | 6.8 | 13y ago | Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other … | |||
| CVE-2013-1796 | medium | — | 6.8 | 13y ago | The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS u… | |||
| CVE-2013-2632 | medium | — | 6.8 | 13y ago | Google V8 before 3.17.13, as used in Google Chrome before 27.0.1444.3, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted J… | |||
| CVE-2013-0126 | medium | — | 6.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication o… | |||
| CVE-2013-0674 | medium | — | 6.8 | 13y ago | Buffer overflow in the RegReader ActiveX control in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to execute arbitrary code via a long p… | |||
| CVE-2013-0713 | medium | — | 6.8 | 13y ago | IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (daemon outage) via a crafted pty request. | |||
| CVE-2013-0712 | medium | — | 6.8 | 13y ago | IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (daemon outage) via a crafted packet. | |||
| CVE-2013-0717 | medium | — | 6.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the web-based management utility on the NEC AtermWR9500N, AtermWR8600N, AtermWR8370N, AtermWR8160N, AtermWM3600R, and AtermWM3450RN route… | |||
| CVE-2013-0327 | medium | — | 6.8 | 13y ago | Jenkins Cross-Site Request Forgery vulnerability | |||
| CVE-2013-0207 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the Mark Complete module 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown v… | |||
| CVE-2013-0205 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the RESTful Web Services (restws) module 7.x-1.x before 7.x-1.2 and 7.x-2.x before 7.x-2.0-alpha4 for Drupal allows remote attackers to hijack the a… | |||
| CVE-2013-0976 | medium | — | 6.8 | 13y ago | IOAcceleratorFamily in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted graphics image. | |||
| CVE-2013-0973 | medium | — | 6.8 | 13y ago | Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the cl… | |||
| CVE-2013-0971 | medium | — | 6.8 | 13y ago | Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted ink annotations i… | |||
| CVE-2013-0961 | medium | — | 6.8 | 13y ago | WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-… | |||
| CVE-2013-0960 | medium | — | 6.8 | 13y ago | WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-… | |||
| CVE-2013-2503 | medium | — | 6.8 | 13y ago | Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended… | |||
| CVE-2013-1153 | medium | — | 6.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the web interface in Cisco Prime Infrastructure allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCue84676. | |||
| CVE-2013-0288 | medium | — | 6.8 | 13y ago | nss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code by performing a name lookup… | |||
| CVE-2013-0900 | medium | — | 6.8 | 13y ago | Race condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers … | |||
| CVE-2013-0893 | medium | — | 6.8 | 13y ago | Race condition in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other … | |||
| CVE-2013-0889 | medium | — | 6.8 | 13y ago | Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly enforce a user gesture requirement before proceeding with a file download, which might m… | |||
| CVE-2013-0884 | medium | — | 6.8 | 13y ago | Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly load Native Client (aka NaCl) code, which has unspecified impact and attack vectors. | |||
| CVE-2013-1125 | medium | — | 6.8 | 14y ago | The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Con… | |||
| CVE-2013-0272 | medium | — | 6.8 | 14y ago | Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header. | |||
| CVE-2013-1128 | medium | — | 6.8 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the server in Cisco Unified MeetingPlace before 7.1(2.2000) allow remote attackers to hijack the authentication of unspecified victims vi… | |||
| CVE-2013-0255 | medium | — | 6.8 | 14y ago | PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, whic… | |||
| CVE-2013-0170 | medium | — | 6.8 | 14y ago | Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allo… | |||
| CVE-2013-1639 | medium | — | 6.8 | 14y ago | Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF protection mechanism via a crafted web site that triggers a CORS request. | |||
| CVE-2013-1120 | medium | — | 6.8 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown v… | |||
| CVE-2013-0968 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different v… | |||
| CVE-2013-0959 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different v… | |||
| CVE-2013-0958 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different v… | |||
| CVE-2013-0956 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different v… | |||
| CVE-2013-0955 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different v… | |||
| CVE-2013-0954 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different v… | |||
| CVE-2013-0953 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different v… | |||
| CVE-2013-0952 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different v… | |||
| CVE-2013-0951 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different v… | |||
| CVE-2013-0950 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different v… | |||
| CVE-2013-0949 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different v… | |||
| CVE-2013-0948 | medium | — | 6.8 | 14y ago | WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different v… | |||
| CVE-2013-0460 | medium | — | 6.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in the portlet subsystem in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47 and 7.0 before 7.0.0.27 allows rem… | |||
| CVE-2013-0656 | medium | — | 6.8 | 14y ago | Buffer overflow in a third-party ActiveX component in Siemens SIMATIC RF-MANAGER 2008, and RF-MANAGER Basic 3.0 and earlier, allows remote attackers to execute arbitrary code via a crafted web site. | |||
| CVE-2013-1109 | medium | — | 6.8 | 14y ago | Cross-site request forgery (CSRF) vulnerability in testingLibraryAction.do in the Training Center testing library in Cisco WebEx Training Center allows remote attackers to hijack the authentication o… | |||
| CVE-2013-0418 | medium | — | 6.8 | 14y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related… | |||
| CVE-2013-0393 | medium | — | 6.8 | 14y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related… | |||
| CVE-2013-0389 | medium | — | 6.8 | 14y ago | Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to S… | |||
| CVE-2013-0386 | medium | — | 6.8 | 14y ago | Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure. | |||
| CVE-2013-0384 | medium | — | 6.8 | 14y ago | Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to I… | |||
| CVE-2013-0836 | medium | — | 6.8 | 14y ago | Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.52, does not properly implement garbage collection, which allows remote attackers to cause a denial of service (application crash)… | |||
| CVE-2013-0828 | medium | — | 6.8 | 14y ago | The PDF functionality in Google Chrome before 24.0.1312.52 does not properly perform a cast of an unspecified variable during processing of the root of the structure tree, which allows remote attacke… | |||
| CVE-2013-0747 | medium | — | 6.8 | 14y ago | The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMon… | |||
| CVE-2013-1608 | medium | — | 6.7 | 13y ago | Directory traversal vulnerability in the Management Console on the Symantec NetBackup (NBU) appliance 2.0.x allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2013-3734 | medium | 6.6 | 6.6 | 9y ago | The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses, which might allow (1) man-in-the-middle attackers to obtain sensitive… | |||
| CVE-2013-2598 | medium | — | 6.6 | 12y ago | app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to overwrite s… | |||
| CVE-2013-6685 | medium | — | 6.6 | 13y ago | The firmware on Cisco Unified IP phones 8961, 9951, and 9971 uses weak permissions for memory block devices, which allows local users to gain privileges by mounting a device with a setuid file in its… | |||
| CVE-2013-5175 | medium | — | 6.6 | 13y ago | The kernel in Apple Mac OS X before 10.9 allows local users to obtain sensitive information or cause a denial of service (out-of-bounds read and system crash) via a crafted Mach-O file. | |||
| CVE-2013-5506 | medium | — | 6.6 | 13y ago | The authorization functionality in Cisco Firewall Services Module (FWSM) 3.1.x and 3.2.x before 3.2(25) and 4.x before 4.1(13), when multiple-context mode is enabled, allows local users to read or mo… | |||
| CVE-2013-5163 | medium | — | 6.6 | 13y ago | Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified vecto… | |||
| CVE-2013-4679 | medium | — | 6.6 | 13y ago | Symantec Workspace Virtualization before 6.x before 6.4.1953.0, when a virtual application layer is configured, allows local users to gain privileges via an application that performs crafted interact… | |||
| CVE-2013-4651 | medium | — | 6.6 | 13y ago | Siemens Scalance W7xx devices with firmware before 4.5.4 use the same hardcoded X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-… | |||
| CVE-2013-2786 | medium | — | 6.6 | 13y ago | Alstom Grid MiCOM S1 Agile before 1.0.3 and Alstom Grid MiCOM S1 Studio use weak permissions for the MiCOM S1 %PROGRAMFILES% directory, which allows local users to gain privileges via a Trojan horse … | |||
| CVE-2013-3399 | medium | — | 6.6 | 13y ago | Buffer overflow in an unspecified Android API on the Cisco Desktop Collaboration Experience DX650 allows attackers to execute arbitrary code via vectors that leverage incorrect memory allocation, aka… | |||
| CVE-2013-0687 | medium | — | 6.6 | 13y ago | The installer routine in Schneider Electric MiCOM S1 Studio uses world-writable permissions for executable files, which allows local users to modify the service or the configuration files, and conseq… | |||
| CVE-2013-1173 | medium | — | 6.6 | 13y ago | Heap-based buffer overflow in ciscod.exe in the Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) allows local users to gain privileges via unspecified vec… | |||
| CVE-2013-1172 | medium | — | 6.6 | 13y ago | The Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) does not properly verify files, which allows local users to gain privileges via unspecified vectors, … | |||
| CVE-2013-1762 | medium | — | 6.6 | 13y ago | stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary… | |||
| CVE-2013-0310 | medium | — | 6.6 | 14y ago | The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux kernel before 3.4.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have u… | |||
| CVE-2013-0400 | medium | — | 6.6 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Filesystem/cachefs. | |||
| CVE-2013-0399 | medium | — | 6.6 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Umount. | |||
| CVE-2013-0385 | medium | — | 6.6 | 14y ago | Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to… | |||
| CVE-2013-0270 | medium | 6.5 | 6.5 | 4y ago | A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This … | |||
| CVE-2013-7449 | medium | 6.5 | 6.5 | 10y ago | The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows m… | |||
| CVE-2013-7447 | medium | 6.5 | 6.5 | 10y ago | Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, all… | |||
| CVE-2013-7418 | medium | — | 6.5 | 12y ago | cgi-bin/iptablesgui.cgi in IPCop (aka IPCop Firewall) before 2.1.5 allows remote authenticated users to execute arbitrary code via shell metacharacters in the TABLE parameter. NOTE: this can be expl… | |||
| CVE-2013-6311 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-5465 | medium | — | 6.5 | 12y ago | IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, and 7.5.0.4 before IFIX011; S… | |||
| CVE-2013-4016 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027… | |||
| CVE-2013-4321 | medium | — | 6.5 | 12y ago | TYPO3 vulnerable to remote authenticated arbitrary code execution | |||
| CVE-2013-4250 | medium | — | 6.5 | 12y ago | TYPO3 doesn't properly check file extensions |