CVEs from 2013
Total
5,695
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
3.5%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-0260 | low | — | 2.1 | 13y ago | Unspecified vulnerability in the Drush Debian Packaging module for Drupal allows local users to obtain database credentials via unknown vectors. | |||
| CVE-2013-0259 | low | — | 2.1 | 13y ago | Cross-site scripting (XSS) vulnerability in the Boxes module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with administer or edit boxes permissions to inject arbitrary web scri… | |||
| CVE-2013-0980 | low | — | 2.1 | 13y ago | The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveragin… | |||
| CVE-2013-0978 | low | — | 2.1 | 13y ago | The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ensure that it has been invoked in an abort context, which makes it easier for local users to… | |||
| CVE-2013-0227 | low | — | 2.1 | 13y ago | Cross-site scripting (XSS) vulnerability in the Search API Sorts module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain roles to inject arbitrary web script or HTML v… | |||
| CVE-2013-0225 | low | — | 2.1 | 13y ago | Cross-site scripting (XSS) vulnerability in the User Relationships module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-alpha5 for Drupal allows remote authenticated users with the "administer us… | |||
| CVE-2013-2548 | low | — | 2.1 | 13y ago | The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation,… | |||
| CVE-2013-2547 | low | — | 2.1 | 13y ago | The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which al… | |||
| CVE-2013-2546 | low | — | 2.1 | 13y ago | The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive informatio… | |||
| CVE-2013-0162 | low | — | 2.1 | 14y ago | ruby_parser allows local users to overwrite arbitrary files via symlink attack on temporary file with predictable name | |||
| CVE-2013-0160 | low | — | 2.1 | 14y ago | The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device. | |||
| CVE-2013-0265 | low | — | 2.1 | 14y ago | The redirect_stderr function in xnbd_common.c in xnbd-server and xndb-wrapper in xNBD 0.1.0 allow local users to overwrite arbitrary files via a symlink attack on /tmp/xnbd.log. | |||
| CVE-2013-0241 | low | — | 2.1 | 14y ago | The QXL display driver in QXL Virtual GPU 0.1.0 allows local users to cause a denial of service (guest crash or hang) via a SPICE connection that prevents other threads from obtaining the qemu_mutex … | |||
| CVE-2013-0218 | low | — | 2.1 | 14y ago | The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows… | |||
| CVE-2013-0963 | low | — | 2.1 | 14y ago | Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging… | |||
| CVE-2013-0390 | low | — | 2.1 | 14y ago | Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect integrity via unknown vec… | |||
| CVE-2013-0370 | low | — | 2.1 | 14y ago | Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.1 allows remote authenticated users to affect confidentiality via unknown vectors rel… | |||
| CVE-2013-4469 | low | — | 1.9 | 4y ago | OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (ho… | |||
| CVE-2013-7336 | low | — | 1.9 | 12y ago | The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a… | |||
| CVE-2013-4509 | low | — | 1.9 | 13y ago | The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allo… | |||
| CVE-2013-6384 | low | — | 1.9 | 13y ago | (1) impl_db2.py and (2) impl_mongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to… | |||
| CVE-2013-0223 | low | — | 1.9 | 13y ago | The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i… | |||
| CVE-2013-4481 | low | — | 1.9 | 13y ago | Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive inf… | |||
| CVE-2013-4425 | low | — | 1.9 | 13y ago | The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starting up, encrypts the TLS private key file using "SuperSecretPassword" as the hardcoded password, which allows local users to obtai… | |||
| CVE-2013-3287 | low | — | 1.9 | 13y ago | EMC Unisphere for VMAX before 1.6.1.6, when using an unspecified level of debug logging in LDAP configurations, allows local users to discover the cleartext LDAP bind password by reading the console. | |||
| CVE-2013-1056 | low | — | 1.9 | 13y ago | X.org X server 1.13.3 and earlier, when not run as root, allows local users to cause a denial of service (crash) or possibly gain privileges via vectors involving cached xkb files. | |||
| CVE-2013-5187 | low | — | 1.9 | 13y ago | The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which … | |||
| CVE-2013-5169 | low | — | 1.9 | 13y ago | CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to o… | |||
| CVE-2013-4369 | low | — | 1.9 | 13y ago | The xlu_vif_parse_rate function in the libxlu library in Xen 4.2.x and 4.3.x allows local users to cause a denial of service (NULL pointer dereference) by using the "@" character as the VIF rate conf… | |||
| CVE-2013-4368 | low | — | 1.9 | 13y ago | The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests t… | |||
| CVE-2013-1921 | low | — | 1.9 | 13y ago | PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file. | |||
| CVE-2013-4025 | low | — | 1.9 | 13y ago | IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x do not have an off autocomplet… | |||
| CVE-2013-5150 | low | — | 1.9 | 13y ago | The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by lev… | |||
| CVE-2013-4259 | low | — | 1.9 | 13y ago | runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp… | |||
| CVE-2013-2898 | low | — | 1.9 | 13y ago | drivers/hid/hid-sensor-hub.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_SENSOR_HUB is enabled, allows physically proximate attackers to obtain sen… | |||
| CVE-2013-2976 | low | — | 1.9 | 13y ago | The Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 does not properly perform caching, which allo… | |||
| CVE-2013-4242 | low | — | 1.9 | 13y ago | GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cach… | |||
| CVE-2013-2162 | low | — | 1.9 | 13y ago | Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions befo… | |||
| CVE-2013-2168 | low | — | 1.9 | 13y ago | The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of s… | |||
| CVE-2013-0534 | low | — | 1.9 | 13y ago | The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, and 8.5.2.1, as used in the Lotus Notes client and separately, might allow local users to obtain sensitive information by leveraging… | |||
| CVE-2013-0527 | low | — | 1.9 | 13y ago | The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not close pages upon the timeout of a session, which allows physically proximate attackers to obtain sensit… | |||
| CVE-2013-1952 | low | — | 1.9 | 13y ago | Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, does not properly check the source when accessing a bridge device's interrupt remapping table entries for MSI interrupts, which … | |||
| CVE-2013-1917 | low | — | 1.9 | 13y ago | Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hyp… | |||
| CVE-2013-1958 | low | — | 1.9 | 13y ago | The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.8.6 does not properly enforce capability requirements for controlling the PID value associated with a UNIX domain socket, w… | |||
| CVE-2013-0541 | low | — | 1.9 | 13y ago | Buffer overflow in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Windows, when a localOS registry is used in conjuncti… | |||
| CVE-2013-0122 | low | — | 1.9 | 13y ago | The avast! Mobile Security application before 2.0.4400 for Android allows attackers to cause a denial of service (application crash) via a crafted application that sends an intent to com.avast.androi… | |||
| CVE-2013-0403 | low | — | 1.9 | 13y ago | Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Utility. | |||
| CVE-2013-2302 | low | — | 1.9 | 13y ago | TransWARE Active! mail 6, when an external public interface is used, allows local users to obtain sensitive information belonging to arbitrary users by leveraging shell access, as demonstrated by a T… | |||
| CVE-2013-2636 | low | — | 1.9 | 13y ago | net/bridge/br_mdb.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application. | |||
| CVE-2013-2635 | low | — | 1.9 | 13y ago | The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux kernel before 3.8.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from ke… | |||
| CVE-2013-2634 | low | — | 1.9 | 13y ago | net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. | |||
| CVE-2013-1427 | low | — | 1.9 | 13y ago | The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP con… | |||
| CVE-2013-0979 | low | — | 1.9 | 13y ago | lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of… | |||
| CVE-2013-0200 | low | — | 1.9 | 13y ago | HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/h… | |||
| CVE-2013-0349 | low | — | 1.9 | 13y ago | The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6 does not properly copy a certain name field, which allows local users to obtain sensitive information from ke… | |||
| CVE-2013-0154 | low | — | 1.9 | 14y ago | The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled, allows local PV or HVM guest administrators to cause a denial of service (assertion failure and hypervisor crash… | |||
| CVE-2013-7291 | low | — | 1.8 | 13y ago | memcached before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (crash) via a request that triggers an "unbounded key print" during logging, related to an … | |||
| CVE-2013-7290 | low | — | 1.8 | 13y ago | The do_item_get function in items.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a … | |||
| CVE-2013-0179 | low | — | 1.8 | 13y ago | The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fa… | |||
| CVE-2013-5885 | low | — | 1.7 | 13y ago | Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect integrity via unknown vectors related to Audit. | |||
| CVE-2013-5874 | low | — | 1.7 | 13y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, and 12.2.2 allows local users to affect confidentiality via unknown … | |||
| CVE-2013-5865 | low | — | 1.7 | 13y ago | Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect availability via unknown vectors related to Utility/User administration. | |||
| CVE-2013-2997 | low | — | 1.7 | 13y ago | IBM Security AppScan Enterprise before 8.7 does not invalidate the session context upon a logout action, which allows remote attackers to hijack sessions by leveraging an unattended workstation. | |||
| CVE-2013-0982 | low | — | 1.7 | 13y ago | The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypa… | |||
| CVE-2013-2382 | low | — | 1.7 | 13y ago | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 12.0.1 allows local users to affect confidentiality via vectors related t… | |||
| CVE-2013-1499 | low | — | 1.7 | 13y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Network Configuration. | |||
| CVE-2013-0643 | unknown | — | 1.5 | 2y ago | Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote attacker to execute arbitrary code via crafted SWF content. | |||
| CVE-2013-0648 | unknown | — | 1.5 | 2y ago | Adobe Flash Player contains an unspecified vulnerability in the ExternalInterface ActionScript functionality that allows a remote attacker to execute arbitrary code via crafted SWF content. | |||
| CVE-2013-2094 | unknown | — | 1.5 | 4y ago | Linux kernel fails to check all 64 bits of attr.config passed by user space, resulting to out-of-bounds access of the perf_swevent_enabled array in sw_perf_event_destroy(). Explotation allows for pri… | |||
| CVE-2013-2597 | unknown | — | 1.5 | 4y ago | The Code Aurora audio calibration database (acdb) audio driver contains a stack-based buffer overflow vulnerability that allows for privilege escalation. Code Aurora is used in third-party products s… | |||
| CVE-2013-2596 | unknown | — | 1.5 | 4y ago | Linux kernel fb_mmap function in drivers/video/fbmem.c contains an integer overflow vulnerability that allows for privilege escalation. | |||
| CVE-2013-1331 | unknown | — | 1.5 | 4y ago | Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via crafted PNG data in an Office document. | |||
| CVE-2013-3993 | unknown | — | 1.5 | 4y ago | Certain APIs within BigInsights can take invalid input that might allow attackers unauthorized access to read, write, modify, or delete data. | |||
| CVE-2013-2729 | unknown | — | 1.5 | 4y ago | Integer overflow vulnerability in Adobe Reader and Acrobat allows attackers to execute remote code. | |||
| CVE-2013-5223 | unknown | — | 1.5 | 4y ago | A cross-site scripting (XSS) vulnerability exists in the D-Link DSL-2760U gateway, allowing remote authenticated users to inject arbitrary web script or HTML. | |||
| CVE-2013-4810 | unknown | — | 1.5 | 4y ago | HP ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet … | |||
| CVE-2013-0625 | unknown | — | 1.5 | 4y ago | Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access. | |||
| CVE-2013-0631 | unknown | — | 1.5 | 4y ago | Adobe Coldfusion contains an unspecified vulnerability, which could result in information disclosure from a compromised server. | |||
| CVE-2013-0629 | unknown | — | 1.5 | 4y ago | Adobe Coldfusion contains a directory traversal vulnerability, which could permit an unauthorized user access to restricted directories. | |||
| CVE-2013-0641 | unknown | — | 1.5 | 4y ago | A buffer overflow vulnerability exists in Adobe Reader which allows an attacker to perform remote code execution. | |||
| CVE-2013-0640 | unknown | — | 1.5 | 4y ago | An memory corruption vulnerability exists in the acroform.dll in Adobe Reader that allows an attacker to perform remote code execution. | |||
| CVE-2013-1675 | unknown | — | 1.5 | 4y ago | Mozilla Firefox does not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive in… | |||
| CVE-2013-3900 | unknown | — | 1.5 | 4y ago | A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files. | |||
| CVE-2013-5763 | low | — | 1.5 | 13y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 allows context-dependent attackers to affect availability via unknown vectors related to Outs… | |||
| CVE-2013-5791 | low | — | 1.5 | 13y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors relat… | |||
| CVE-2013-4829 | low | — | 1.5 | 13y ago | HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c; Color LaserJet CM4540, M575, and M775; and ScanJet Enterprise 8500fn1 FutureSmart devices allow l… | |||
| CVE-2013-4355 | low | — | 1.5 | 13y ago | Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified o… | |||
| CVE-2013-2393 | low | — | 1.5 | 13y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4.0 allows context-dependent attackers to affect availability via unknown vectors relat… | |||
| CVE-2013-1546 | low | — | 1.5 | 13y ago | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 3.1.0 and 5.0.2 through 12.0.1 allows local users to affect confidentiali… | |||
| CVE-2013-1502 | low | — | 1.5 | 13y ago | Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition. | |||
| CVE-2013-0525 | low | — | 1.5 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in IBM iNotes 8.5.x allow local users to inject arbitrary web script or HTML via a shared mail file, aka SPR DKEN8PDNTX. | |||
| CVE-2013-6891 | low | — | 1.2 | 13y ago | lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cup… | |||
| CVE-2013-4476 | low | — | 1.2 | 13y ago | Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information b… | |||
| CVE-2013-1442 | low | — | 1.2 | 13y ago | Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCP… | |||
| CVE-2013-2217 | low | — | 1.2 | 13y ago | cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name … | |||
| CVE-2013-5123 | unknown | — | 1.0 | 4y ago | The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. | |||
| CVE-2013-3718 | unknown | — | — | — | evince is missing a check on number of pages which can lead to a segmentation fault | |||
| CVE-2013-0326 | unknown | — | — | — | OpenStack nova base images permissions are world readable | |||
| CVE-2013-7470 | unknown | — | — | — | cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstr… | |||
| CVE-2013-6430 | unknown | — | — | 4y ago | Improper Neutralization of Input During Web Page Generation in Spring Framework |