CVEs from 2013
Total
5,688
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-4373 | low | — | 3.2 | 13y ago | The storeFiles method in JPADriftServerBean in Red Hat JBoss Operations Network (JON) 3.1.2 allows local users to load arbitrary drift files into a server by writing the files to the temporary direct… | |||
| CVE-2013-0343 | low | — | 3.2 | 13y ago | The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attacke… | |||
| CVE-2013-6446 | low | 3.1 | 3.1 | 9y ago | The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job informatio… | |||
| CVE-2013-6480 | low | — | 3.1 | 13y ago | Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM. | |||
| CVE-2013-1650 | low | — | 3.1 | 13y ago | Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses weak permissions (group "other" readable) under opt/open-xchange/etc/, which allows local users to obtain se… | |||
| CVE-2013-4614 | low | — | 3.1 | 13y ago | English/pages_MacUS/wls_set_content.html on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers shows the Wi-Fi PSK passphrase in cleartext, which allows physicall… | |||
| CVE-2013-0160 | low | — | 3.1 | 14y ago | The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device. | |||
| CVE-2013-2391 | low | — | 3.0 | 13y ago | Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Serv… | |||
| CVE-2013-3984 | low | — | 2.9 | 12y ago | The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers t… | |||
| CVE-2013-3985 | low | — | 2.9 | 13y ago | The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 does not properly restrict application cookies, which allows remote attackers to read session variables by leveraging a weak sett… | |||
| CVE-2013-1615 | low | — | 2.9 | 13y ago | The management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allows remote attackers to obtain sensitive information via unspec… | |||
| CVE-2013-0571 | low | — | 2.9 | 13y ago | Cross-site scripting (XSS) vulnerability in IBM Document Connect for Application Support Facility (aka DC4ASF) before 1.0.0.1218 in Application Support Facility (ASF) 3.4 for z/OS on Windows, Linux, … | |||
| CVE-2013-2481 | low | — | 2.9 | 13y ago | Integer signedness error in the dissect_mount_dirpath_call function in epan/dissectors/packet-mount.c in the Mount dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6, when nfs_file_nam… | |||
| CVE-2013-0274 | low | — | 2.9 | 14y ago | upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging ac… | |||
| CVE-2013-1590 | low | — | 2.9 | 14y ago | Buffer overflow in the NTLMSSP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet. | |||
| CVE-2013-1589 | low | — | 2.9 | 14y ago | Double free vulnerability in epan/proto.c in the dissection engine in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via… | |||
| CVE-2013-1588 | low | — | 2.9 | 14y ago | Multiple buffer overflows in the dissect_pft_fec_detailed function in the DCP-ETSI dissector in epan/dissectors/packet-dcp-etsi.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allow remote … | |||
| CVE-2013-1587 | low | — | 2.9 | 14y ago | The dissect_rohc_ir_packet function in epan/dissectors/packet-rohc.c in the ROHC dissector in Wireshark 1.8.x before 1.8.5 does not properly handle unknown profiles, which allows remote attackers to … | |||
| CVE-2013-1586 | low | — | 2.9 | 14y ago | The fragment_set_tot_len function in epan/reassemble.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly determine the length of a reassembled packet for the DTLS dissector, w… | |||
| CVE-2013-1585 | low | — | 2.9 | 14y ago | epan/tvbuff.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly validate certain length values for the MS-MMC dissector, which allows remote attackers to cause a denial of ser… | |||
| CVE-2013-1584 | low | — | 2.9 | 14y ago | The dissect_version_5_and_6_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, whi… | |||
| CVE-2013-1583 | low | — | 2.9 | 14y ago | The dissect_version_4_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which all… | |||
| CVE-2013-1582 | low | — | 2.9 | 14y ago | The dissect_clnp function in epan/dissectors/packet-clnp.c in the CLNP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly manage an offset variable, which allows remo… | |||
| CVE-2013-1581 | low | — | 2.9 | 14y ago | The dissect_pft_fec_detailed function in epan/dissectors/packet-dcp-etsi.c in the DCP-ETSI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle fragment gaps, wh… | |||
| CVE-2013-1580 | low | — | 2.9 | 14y ago | The dissect_cmstatus_tlv function in plugins/docsis/packet-cmstatus.c in the DOCSIS CM-STATUS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a posit… | |||
| CVE-2013-1579 | low | — | 2.9 | 14y ago | The rtps_util_add_bitmap function in epan/dissectors/packet-rtps.c in the RTPS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly implement certain nested loops for p… | |||
| CVE-2013-1578 | low | — | 2.9 | 14y ago | The dissect_pw_eth_heuristic function in epan/dissectors/packet-pw-eth.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle apparent Ethernet address values at the begin… | |||
| CVE-2013-1577 | low | — | 2.9 | 14y ago | The dissect_sip_p_charging_func_addresses function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle offset data as… | |||
| CVE-2013-1576 | low | — | 2.9 | 14y ago | The dissect_sdp_media_attribute function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly process crypto-suite parameters… | |||
| CVE-2013-1575 | low | — | 2.9 | 14y ago | The dissect_r3_cmd_alarmconfigure function in epan/dissectors/packet-assa_r3.c in the R3 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a certain alarm len… | |||
| CVE-2013-1574 | low | — | 2.9 | 14y ago | The dissect_bthci_eir_ad_data function in epan/dissectors/packet-bthci_cmd.c in the Bluetooth HCI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a c… | |||
| CVE-2013-1573 | low | — | 2.9 | 14y ago | The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a large number of padding bits… | |||
| CVE-2013-1572 | low | — | 2.9 | 14y ago | The dissect_oampdu_event_notification function in epan/dissectors/packet-slowprotocols.c in the IEEE 802.3 Slow Protocols dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not pr… | |||
| CVE-2013-6398 | low | — | 2.8 | 13y ago | The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions v… | |||
| CVE-2013-1506 | low | — | 2.8 | 13y ago | Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server… | |||
| CVE-2013-4375 | low | — | 2.7 | 13y ago | The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) v… | |||
| CVE-2013-5875 | low | — | 2.7 | 13y ago | Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect integrity and availability via vectors related to Role Based Access Control (RBAC). | |||
| CVE-2013-4236 | low | — | 2.7 | 13y ago | VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via invalid XML characters in a guest agent respons… | |||
| CVE-2013-0167 | low | — | 2.7 | 13y ago | VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via guestInfo dictionaries with "unexpected fields." | |||
| CVE-2013-4678 | low | — | 2.7 | 13y ago | The NDMP protocol implementation in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote authenticated users to obtain sensitive host-version information via unspecified … | |||
| CVE-2013-4504 | low | — | 2.6 | 12y ago | The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL. | |||
| CVE-2013-3571 | low | — | 2.6 | 12y ago | socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor co… | |||
| CVE-2013-5951 | low | — | 2.6 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer 2.1.3, when used as a component for Joomla!, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) ap… | |||
| CVE-2013-7078 | low | — | 2.6 | 13y ago | TYPO3 Cross-site scripting (XSS) vulnerability in the Extbase Framework | |||
| CVE-2013-0244 | low | — | 2.6 | 13y ago | Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and 7.x before 7.19, when running with older versions of jQuery that are vulnerable to CVE-2011-4969, allows remote attackers to inj… | |||
| CVE-2013-2037 | low | — | 2.6 | 13y ago | httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the … | |||
| CVE-2013-2139 | low | — | 2.6 | 13y ago | Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from… | |||
| CVE-2013-5808 | low | — | 2.6 | 13y ago | Unspecified vulnerability in the Oracle iPlanet Web Proxy Server component in Oracle Fusion Middleware 4.0 allows remote attackers to affect confidentiality via unknown vectors related to Administrat… | |||
| CVE-2013-5908 | low | — | 2.6 | 13y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vecto… | |||
| CVE-2013-4065 | low | — | 2.6 | 13y ago | Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote attackers to inject arbitrary web scrip… | |||
| CVE-2013-4505 | low | — | 2.6 | 13y ago | The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a den… | |||
| CVE-2013-2061 | low | — | 2.6 | 13y ago | The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparis… | |||
| CVE-2013-5183 | low | — | 2.6 | 13y ago | Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled, sends invalid cleartext data, which allows remote attackers to obtain sensitive information by sniffin… | |||
| CVE-2013-2236 | low | — | 2.6 | 13y ago | Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allow… | |||
| CVE-2013-5854 | low | — | 2.6 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality via unknown vectors. | |||
| CVE-2013-5803 | low | — | 2.6 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40… | |||
| CVE-2013-5772 | low | — | 2.6 | 13y ago | Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to j… | |||
| CVE-2013-2207 | low | — | 2.6 | 13y ago | pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbit… | |||
| CVE-2013-5679 | low | — | 2.6 | 13y ago | Missing Cryptographic Step in OWASP Enterprise Security API for Java | |||
| CVE-2013-5137 | low | — | 2.6 | 13y ago | IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API. | |||
| CVE-2013-1729 | low | — | 2.6 | 13y ago | The WebGL implementation in Mozilla Firefox before 24.0, when NVIDIA graphics drivers are used on Mac OS X, allows remote attackers to obtain desktop-screenshot data by reading from a CANVAS element. | |||
| CVE-2013-2988 | low | — | 2.6 | 13y ago | Absolute path traversal vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to read files by leveraging the Re… | |||
| CVE-2013-5587 | low | — | 2.6 | 13y ago | Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket… | |||
| CVE-2013-5315 | low | — | 2.6 | 13y ago | Cross-site scripting (XSS) vulnerability in the Resource Manager in the MEE submodule (mee.module) in the Scald module 6.x-1.x before 6.x-1.0-beta3 and 7.x-1.x before 7.x-1.1 for Drupal allows remote… | |||
| CVE-2013-5309 | low | — | 2.6 | 13y ago | Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web sc… | |||
| CVE-2013-4944 | low | — | 2.6 | 13y ago | Cross-site scripting (XSS) vulnerability in the BuddyPress Extended Friendship Request plugin before 1.0.2 for WordPress, when the "Friend Connections" component is enabled, allows remote attackers t… | |||
| CVE-2013-4877 | low | — | 2.6 | 13y ago | The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and condu… | |||
| CVE-2013-2051 | low | — | 2.6 | 13y ago | The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce becom… | |||
| CVE-2013-2318 | low | — | 2.6 | 13y ago | The Content Provider in the MovatwiTouch application before 1.793 and MovatwiTouch Paid application before 1.793 for Android does not properly restrict access to authorization information, which allo… | |||
| CVE-2013-2071 | low | — | 2.6 | 13y ago | Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat | |||
| CVE-2013-1897 | low | — | 2.6 | 13y ago | The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anony… | |||
| CVE-2013-1517 | low | — | 2.6 | 13y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality via unknown vec… | |||
| CVE-2013-0181 | low | — | 2.6 | 13y ago | Cross-site scripting (XSS) vulnerability in Views in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal, when using certain backends and facets, allows remote attackers to inject ar… | |||
| CVE-2013-0158 | low | — | 2.6 | 14y ago | Jenkins allows attackers to obtain the master cryptographic key | |||
| CVE-2013-0466 | low | — | 2.6 | 14y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Message Broker 7.0 before 7.0.0.6 and 8.0 before 8.0.0.2, when wsdl support is enabled on a SOAPInput node, allows remote attackers to inject… | |||
| CVE-2013-0169 | low | — | 2.6 | 14y ago | The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirem… | |||
| CVE-2013-0962 | low | — | 2.6 | 14y ago | Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 6.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted content that is not properly handle… | |||
| CVE-2013-3918 | unknown | — | 2.5 | 8mo ago | Microsoft Windows contains an out-of-bounds write vulnerability in the InformationCardSigninHelper Class ActiveX control, icardie.dll. An attacker could exploit the vulnerability by constructing a sp… | |||
| CVE-2013-3893 | unknown | — | 2.5 | 10mo ago | Microsoft Internet Explorer contains a memory corruption vulnerability that allows for remote code execution. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users shoul… | |||
| CVE-2013-3163 | unknown | — | 2.5 | 3y ago | Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial of service via a crafted website. | |||
| CVE-2013-6282 | unknown | — | 2.5 | 4y ago | The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the conten… | |||
| CVE-2013-2094 | unknown | — | 2.5 | 4y ago | The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open … | |||
| CVE-2013-7331 | unknown | — | 2.5 | 4y ago | An information disclosure vulnerability exists in Internet Explorer which allows resources loaded into memory to be queried. This vulnerability could allow an attacker to detect anti-malware applicat… | |||
| CVE-2013-3896 | unknown | — | 2.5 | 4y ago | Microsoft Silverlight does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application. | |||
| CVE-2013-2423 | unknown | — | 2.5 | 4y ago | Unspecified vulnerability in hotspot for Java Runtime Environment (JRE) allows remote attackers to affect integrity. | |||
| CVE-2013-0431 | unknown | — | 2.5 | 4y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle allows remote attackers to bypass the Java security sandbox. | |||
| CVE-2013-0074 | unknown | — | 2.5 | 4y ago | Microsoft Silverlight does not properly validate pointers during HTML object rendering, which allows remote attackers to execute code via a crafted Silverlight application. | |||
| CVE-2013-0422 | unknown | — | 2.5 | 4y ago | A vulnerability in the way Java restricts the permissions of Java applets could allow an attacker to execute commands on a vulnerable system. | |||
| CVE-2013-2251 | unknown | — | 2.5 | 4y ago | Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language (OGNL) expressions. | |||
| CVE-2013-3660 | unknown | — | 2.5 | 4y ago | The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft does not properly initialize a pointer for the next object in a certain list, which allows local users to ga… | |||
| CVE-2013-2729 | unknown | — | 2.5 | 4y ago | Integer overflow vulnerability in Adobe Reader and Acrobat allows attackers to execute remote code. | |||
| CVE-2013-1690 | unknown | — | 2.5 | 4y ago | Mozilla Firefox and Thunderbird do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial-of-service (DoS) or possibly execu… | |||
| CVE-2013-2551 | unknown | — | 2.5 | 4y ago | Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute remote code via a crafted web site that triggers access to a deleted object. | |||
| CVE-2013-2465 | unknown | — | 2.5 | 4y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related … | |||
| CVE-2013-5223 | unknown | — | 2.5 | 4y ago | A cross-site scripting (XSS) vulnerability exists in the D-Link DSL-2760U gateway, allowing remote authenticated users to inject arbitrary web script or HTML. | |||
| CVE-2013-4810 | unknown | — | 2.5 | 4y ago | HP ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet … | |||
| CVE-2013-0629 | unknown | — | 2.5 | 4y ago | Adobe Coldfusion contains a directory traversal vulnerability, which could permit an unauthorized user access to restricted directories. | |||
| CVE-2013-0625 | unknown | — | 2.5 | 4y ago | Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access. | |||
| CVE-2013-3346 | unknown | — | 2.5 | 4y ago | Adobe Reader and Acrobat contain a memory corruption vulnerability which can allow attackers to execute arbitrary code or cause a denial of service. | |||
| CVE-2013-5065 | unknown | — | 2.5 | 4y ago | Microsoft Windows NDProxy.sys in the kernel contains an improper input validation vulnerability which can allow a local attacker to escalate privileges. |