CVEs from 2013
Total
5,695
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
3.5%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-6666 | medium | — | 5.8 | 12y ago | The PepperFlashRendererHost::OnNavigate function in renderer/pepper/pepper_flash_renderer_host.cc in Google Chrome before 33.0.1750.146 does not verify that all headers are Cross-Origin Resource Shar… | |||
| CVE-2013-4286 | medium | — | 5.8 | 12y ago | Apache Tomcat is vulnerable to HTTP request-smuggling | |||
| CVE-2013-4420 | medium | — | 5.8 | 12y ago | Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files via a .. (d… | |||
| CVE-2013-6396 | medium | — | 5.8 | 12y ago | The OpenStack Python client library for Swift (python-swiftclient) 1.0 through 1.9.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and… | |||
| CVE-2013-7328 | medium | — | 5.8 | 12y ago | Multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allow remote attackers to cause a denial of service (application crash) or obtain sensitive inf… | |||
| CVE-2013-6492 | medium | — | 5.8 | 13y ago | The Piranha Configuration Tool in Piranha 0.8.6 does not properly restrict access to webpages, which allows remote attackers to bypass authentication and read or modify the LVS configuration via an H… | |||
| CVE-2013-6728 | medium | — | 5.8 | 13y ago | The charting component in IBM WebSphere Dashboard Framework (WDF) 6.1.5 and 7.0.1 allows remote attackers to view or delete image files by leveraging incorrect security constraints for a temporary di… | |||
| CVE-2013-6722 | medium | — | 5.8 | 13y ago | Unrestricted file upload vulnerability in the Registration/Edit My Profile portlet in IBM WebSphere Portal 7.x before 7.0.0.2 CF27 and 8.x through 8.0.0.1 CF09 allows remote attackers to cause a deni… | |||
| CVE-2013-1740 | medium | — | 5.8 | 13y ago | The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to sp… | |||
| CVE-2013-7255 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in Opsview before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||
| CVE-2013-6450 | medium | — | 5.8 | 13y ago | The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-t… | |||
| CVE-2013-5038 | medium | — | 5.8 | 13y ago | The HOT HOTBOX router with software 2.1.11 allows remote attackers to bypass authentication by configuring a source IP address that had previously been used for an authenticated session. | |||
| CVE-2013-6812 | medium | — | 5.8 | 13y ago | The ONEDC app before 1.7 for iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted… | |||
| CVE-2013-6006 | medium | — | 5.8 | 13y ago | Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request. | |||
| CVE-2013-7080 | medium | — | 5.8 | 13y ago | TYPO3 is vulnerable to Mass Assignment in the Extension table administration library | |||
| CVE-2013-7079 | medium | — | 5.8 | 13y ago | TYPO3 OpenID extension Open redirect vulnerability | |||
| CVE-2013-4046 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to redirect users to arbitrary web sites and conduct … | |||
| CVE-2013-7067 | medium | — | 5.8 | 13y ago | The OG Features module 6.x-1.x before 6.x-1.4 for Drupal does not properly override pages that have an access callback set to false, which allows remote attackers to bypass intended access restrictio… | |||
| CVE-2013-6966 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36031. | |||
| CVE-2013-6971 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul57140. | |||
| CVE-2013-6967 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in the mobile-browser subsystem in Cisco WebEx Sales Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified v… | |||
| CVE-2013-6959 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in Cisco WebEx Sales Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul25557. | |||
| CVE-2013-7085 | medium | — | 5.8 | 13y ago | Uscan in devscripts 2.13.5, when USCAN_EXCLUSION is enabled, allows remote attackers to delete arbitrary files via a whitespace character in a filename. | |||
| CVE-2013-6391 | medium | — | 5.8 | 13y ago | The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to … | |||
| CVE-2013-5611 | medium | — | 5.8 | 13y ago | Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing… | |||
| CVE-2013-6171 | medium | — | 5.8 | 13y ago | checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attachin… | |||
| CVE-2013-6389 | medium | — | 5.8 | 13y ago | Drupal has open redirect vulnerability in the Overlay module | |||
| CVE-2013-6918 | medium | — | 5.8 | 13y ago | The web interface on the Satechi travel router 1.5, when Wi-Fi is used for WAN access, exposes the console without authentication on the WAN IP address regardless of the "Web Management via WAN" sett… | |||
| CVE-2013-1058 | medium | — | 5.8 | 13y ago | maas-import-pxe-files in MAAS before 13.10 does not verify the integrity of downloaded files, which allows remote attackers to modify these files via a man-in-the-middle (MITM) attack. | |||
| CVE-2013-5999 | medium | — | 5.8 | 13y ago | Kingsoft KDrive Personal before 1.21.0.1880 on Windows does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information … | |||
| CVE-2013-6174 | medium | — | 5.8 | 13y ago | Multiple open redirect vulnerabilities in xAdmin in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Ed… | |||
| CVE-2013-6814 | medium | — | 5.8 | 13y ago | The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPP… | |||
| CVE-2013-6802 | medium | — | 5.8 | 13y ago | Google Chrome before 31.0.1650.57 allows remote attackers to bypass intended sandbox restrictions by leveraging access to a renderer process, as demonstrated during a Mobile Pwn2Own competition at Pa… | |||
| CVE-2013-5606 | medium | — | 5.8 | 13y ago | The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when… | |||
| CVE-2013-6798 | medium | — | 5.8 | 13y ago | BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not properly determine the user account for execution of Peer Manager in certain situations involving successive … | |||
| CVE-2013-2653 | medium | — | 5.8 | 13y ago | security/MemberLoginForm.php in SilverStripe 3.0.3 supports login using a GET request, which makes it easier for remote attackers to conduct phishing attacks without detection by the victim. | |||
| CVE-2013-6077 | medium | — | 5.8 | 13y ago | Citrix XenDesktop 7.0, when upgraded from XenDesktop 5.x, does not properly enforce policy rule permissions, which allows remote attackers to bypass intended restrictions. | |||
| CVE-2013-5431 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8 and Tivoli Federated Identity Manager Business Gateway… | |||
| CVE-2013-6020 | medium | — | 5.8 | 13y ago | passwordRequestPOST.jsp in Tyler Technologies TaxWeb 3.13.3.1 sends different HTTP status codes for invalid password-recovery requests depending on whether the user account exists, which allows remot… | |||
| CVE-2013-6128 | medium | — | 5.8 | 13y ago | The KCHARTXYLib.KChartXY ActiveX control in KChartXY.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict SaveToFile method calls, which allows remote attackers … | |||
| CVE-2013-6127 | medium | — | 5.8 | 13y ago | The SUPERGRIDLib.SuperGrid ActiveX control in SuperGrid.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict ReplaceDBFile method calls, which allows remote atta… | |||
| CVE-2013-5189 | medium | — | 5.8 | 13y ago | Apple Mac OS X before 10.9 does not preserve a certain administrative system-preferences setting across software updates, which allows context-dependent attackers to bypass intended access restrictio… | |||
| CVE-2013-4390 | medium | — | 5.8 | 13y ago | Apache Sling Auth Core bundle vulnerable to Open Redirection | |||
| CVE-2013-5761 | medium | — | 5.8 | 13y ago | Unspecified vulnerability in the Siebel Core - Server BizLogic Script component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality and integrity via unknown vector… | |||
| CVE-2013-4345 | medium | — | 5.8 | 13y ago | Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms… | |||
| CVE-2013-4351 | medium | — | 5.8 | 13y ago | GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass int… | |||
| CVE-2013-2223 | medium | — | 5.8 | 13y ago | GNU ZRTPCPP before 3.2.0 allows remote attackers to obtain sensitive information (uninitialized heap memory) or cause a denial of service (out-of-bounds read) via a crafted packet, as demonstrated by… | |||
| CVE-2013-4067 | medium | — | 5.8 | 13y ago | IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to hijack sessions and read cookie values, or conduct phishing attacks to capture credentials, via un… | |||
| CVE-2013-4310 | medium | — | 5.8 | 13y ago | Apache Struts2 Broken Access Control Vulnerability | |||
| CVE-2013-5960 | medium | — | 5.8 | 13y ago | Missing Cryptographic Step in OWASP Enterprise Security API for Java | |||
| CVE-2013-0957 | medium | — | 5.8 | 13y ago | Data Protection in Apple iOS before 7 allows attackers to bypass intended limits on incorrect passcode entry, and consequently avoid a configured Erase Data setting, by leveraging the presence of an … | |||
| CVE-2013-1028 | medium | — | 5.8 | 13y ago | The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof securi… | |||
| CVE-2013-3446 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in the login page in Cisco Digital Media Manager (DMM) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vector… | |||
| CVE-2013-3277 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in EMC RSA Archer GRC 5.x before 5.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||
| CVE-2013-1651 | medium | — | 5.8 | 13y ago | OXUpdater in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spo… | |||
| CVE-2013-2123 | medium | — | 5.8 | 13y ago | The Node access user reference module 6.x-3.x before 6.x-3.5 and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to content containing a user reference field when the author upda… | |||
| CVE-2013-4111 | medium | — | 5.8 | 13y ago | The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in t… | |||
| CVE-2013-4700 | medium | — | 5.8 | 13y ago | The Yahoo! Japan Shopping application 1.4 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive i… | |||
| CVE-2013-4699 | medium | — | 5.8 | 13y ago | The Yahoo! Japan Yafuoku! application 4.3.0 and earlier for iOS and Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain s… | |||
| CVE-2013-4962 | medium | — | 5.8 | 13y ago | The reset password page in Puppet Enterprise before 3.0.1 does not force entry of the current password, which allows attackers to modify user passwords by leveraging session hijacking, an unattended … | |||
| CVE-2013-4955 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in the login page in Puppet Enterprise before 3.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the service … | |||
| CVE-2013-4762 | medium | — | 5.8 | 13y ago | Puppet Enterprise before 3.0.1 does not sufficiently invalidate a session when a user logs out, which might allow remote attackers to hijack sessions by obtaining an old session ID. | |||
| CVE-2013-2155 | medium | — | 5.8 | 13y ago | Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 does not properly validate length values, which allows remote attackers to cause a denial of service or bypass the CVE-2009-021… | |||
| CVE-2013-0149 | medium | — | 5.8 | 13y ago | The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.3, IOS-XE 2.x through 3.9.xS, ASA and PIX 7.x through 9.1, FWSM, NX-OS, and StarOS before 14.0.50488 does not properly valid… | |||
| CVE-2013-4912 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks by leveraging improper … | |||
| CVE-2013-4673 | medium | — | 5.8 | 13y ago | The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 does not properly implement RADIUS authentication, which allows remote attackers to execute arbitrary code by leveragin… | |||
| CVE-2013-2993 | medium | — | 5.8 | 13y ago | IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the conte… | |||
| CVE-2013-2881 | medium | — | 5.8 | 13y ago | Google Chrome before 28.0.1500.95 does not properly handle frames, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | |||
| CVE-2013-3656 | medium | — | 5.8 | 13y ago | Cybozu Office 9.1.0 and earlier does not properly manage sessions, which allows remote attackers to bypass authentication by leveraging knowledge of a login URL. | |||
| CVE-2013-2248 | medium | — | 5.8 | 13y ago | Open redirect in Apache Struts | |||
| CVE-2013-2070 | medium | — | 5.8 | 13y ago | http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (c… | |||
| CVE-2013-3813 | medium | — | 5.8 | 13y ago | Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect confidentiality and integrity via vectors related to Libraries/PAM-Unix. | |||
| CVE-2013-3798 | medium | — | 5.8 | 13y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect integrity and availability via unknown vectors related to MemCached. | |||
| CVE-2013-2879 | medium | — | 5.8 | 13y ago | Google Chrome before 28.0.1500.71 does not properly determine the circumstances in which a renderer process can be considered a trusted process for sign-in and subsequent sync operations, which makes… | |||
| CVE-2013-3925 | medium | — | 5.8 | 13y ago | Atlassian Crowd 2.5.x before 2.5.4, 2.6.x before 2.6.3, 2.3.8, and 2.4.9 allows remote attackers to read arbitrary files and send HTTP requests to intranet servers via a request to (1) /services/2 or… | |||
| CVE-2013-2458 | medium | — | 5.8 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via… | |||
| CVE-2013-2454 | medium | — | 5.8 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remo… | |||
| CVE-2013-4616 | medium | — | 5.8 | 13y ago | The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK pa… | |||
| CVE-2013-1093 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in the fwdToURL function in the ZCC login page in zcc-framework.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote at… | |||
| CVE-2013-3641 | medium | — | 5.8 | 13y ago | The Pizza Hut Japan Official Order application before 1.1.1.a for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sen… | |||
| CVE-2013-2319 | medium | — | 5.8 | 13y ago | FileMaker Pro before 12 and Pro Advanced before 12 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via … | |||
| CVE-2013-2317 | medium | — | 5.8 | 13y ago | The Sleipnir Mobile application 2.9.1 and earlier and Sleipnir Mobile Black Edition application 2.9.1 and earlier for Android allow remote attackers to spoof the address bar via vectors involving the… | |||
| CVE-2013-2316 | medium | — | 5.8 | 13y ago | The Yahoo! Browser application 1.4.4 and earlier for Android allows remote attackers to spoof the address bar via vectors related to URL display, a different vulnerability than CVE-2013-2307. | |||
| CVE-2013-1212 | medium | — | 5.8 | 13y ago | The SSL functionality in Cisco NX-OS on the Nexus 1000V does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof servers, and intercept or modify Virtual Supervi… | |||
| CVE-2013-1208 | medium | — | 5.8 | 13y ago | The encryption functionality in Cisco NX-OS on the Nexus 1000V does not properly handle Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication, which allows remote attackers t… | |||
| CVE-2013-0939 | medium | — | 5.8 | 13y ago | EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allow remote attackers to obtain sensitive info… | |||
| CVE-2013-0937 | medium | — | 5.8 | 13y ago | Session fixation vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote… | |||
| CVE-2013-3511 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified … | |||
| CVE-2013-0127 | medium | — | 5.8 | 13y ago | IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 does not block APPLET elements in HTML e-mail, which allows remote attackers to bypass intended restrictions on Java co… | |||
| CVE-2013-1926 | medium | — | 5.8 | 13y ago | The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensi… | |||
| CVE-2013-2307 | medium | — | 5.8 | 13y ago | The Yahoo! Browser application before 1.4.3 for Android allows remote attackers to spoof the address bar via a crafted web site. | |||
| CVE-2013-2306 | medium | — | 5.8 | 13y ago | The jigbrowser+ application before 1.6.4 for Android does not properly open windows, which allows remote attackers to spoof the address bar via a crafted web site. | |||
| CVE-2013-2304 | medium | — | 5.8 | 13y ago | The Sleipnir Mobile application 2.8.0 and earlier and Sleipnir Mobile Black Edition application 2.8.0 and earlier for Android allow remote attackers to load arbitrary Extension APIs, and trigger down… | |||
| CVE-2013-0253 | medium | — | 5.8 | 13y ago | The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack. | |||
| CVE-2013-2770 | medium | — | 5.8 | 13y ago | The installation functionality in the Novell Kanaka component before 2.8 for Novell Open Enterprise Server (OES) on Mac OS X does not verify the server's X.509 certificate during an SSL session, whic… | |||
| CVE-2013-0794 | medium | — | 5.8 | 13y ago | Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prevent origin spoofing of tab-modal dialogs, which allows remote attackers to conduct phishing attacks via a crafted web site. | |||
| CVE-2013-1299 | medium | — | 5.8 | 13y ago | Microsoft Windows Modern Mail allows remote attackers to spoof link targets via a crafted HTML e-mail message. | |||
| CVE-2013-0677 | medium | — | 5.8 | 13y ago | The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to obtain sensitive information or cause a denial of service via a craft… | |||
| CVE-2013-1856 | medium | — | 5.8 | 13y ago | The ActiveSupport::XmlMini_JDOM backend in lib/active_support/xml_mini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13, when JRuby is us… | |||
| CVE-2013-1124 | medium | — | 5.8 | 13y ago | The Cisco Network Admission Control (NAC) agent on Mac OS X does not verify the X.509 certificate of an Identity Services Engine (ISE) server during an SSL session, which allows man-in-the-middle att… |