CVEs from 2013
Total
5,740
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.0%
% with KEV
0.7%
% with exploit
0.8%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2013-6219 | low | — | 3.8 | 12y ago | Unspecified vulnerability in HP HP-UX Whitelisting (aka WLI) before A.01.02.02 on HP-UX B.11.31 allows local users to bypass intended access restrictions via unknown vectors. | |
| CVE-2013-3792 | low | — | 3.8 | 13y ago | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.18, 4.0.20, 4.1.28, and 4.2.18 allows local users to affect availability via unknown v… | |
| CVE-2013-2140 | low | — | 3.8 | 13y ago | The dispatch_discard_io function in drivers/block/xen-blkback/blkback.c in the Xen blkback implementation in the Linux kernel before 3.10.5 allows guest OS users to cause a denial of service (data lo… | |
| CVE-2013-1530 | low | — | 3.8 | 13y ago | Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via unknown vectors related to Kernel. | |
| CVE-2013-5229 | low | — | 3.7 | 11y ago | The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physica… | |
| CVE-2013-7347 | low | — | 3.7 | 12y ago | Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the __ac session cookie. NOTE: this issue has been SPLI… | |
| CVE-2013-5710 | low | — | 3.7 | 13y ago | The nullfs implementation in sys/fs/nullfs/null_vnops.c in the kernel in FreeBSD 8.3 through 9.2 allows local users with certain permissions to bypass access restrictions via a hardlink in a nullfs i… | |
| CVE-2013-5147 | low | — | 3.7 | 13y ago | Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition invo… | |
| CVE-2013-2451 | low | — | 3.7 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidenti… | |
| CVE-2013-1959 | low | — | 3.7 | 13y ago | kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a … | |
| CVE-2013-0404 | low | — | 3.7 | 13y ago | Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/Boot. | |
| CVE-2013-0219 | low | — | 3.7 | 13y ago | System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a … | |
| CVE-2013-4426 | low | — | 3.6 | 12y ago | pyxtrlock before 0.1 uses an incorrect variable name, which allows physically proximate attackers to bypass the lock screen via multiple failed authentication attempts, which trigger a crash. | |
| CVE-2013-5364 | low | — | 3.6 | 13y ago | Secunia CSI Agent 6.0.0.15017 and earlier, 6.0.1.1007 and earlier, and 7.0.0.21 and earlier, when running on Red Hat Linux, uses world-readable and world-writable permissions for /etc/csia_config.xml… | |
| CVE-2013-4270 | low | — | 3.6 | 13y ago | The net_ctl_permissions function in net/sysctl_net.c in the Linux kernel before 3.11.5 does not properly determine uid and gid values, which allows local users to bypass intended /proc/sys/net restri… | |
| CVE-2013-2930 | low | — | 3.6 | 13y ago | The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable fun… | |
| CVE-2013-5857 | low | — | 3.6 | 13y ago | Unspecified vulnerability in the Oracle Health Sciences InForm component in Oracle Industry Applications 4.5 SP3, 4.5 SP3a-k, 4.6 SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5… | |
| CVE-2013-5856 | low | — | 3.6 | 13y ago | Unspecified vulnerability in the Oracle Health Sciences InForm component in Oracle Industry Applications 4.5 SP3, 4.5 SP3a-k, 4.6 SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5… | |
| CVE-2013-4157 | low | — | 3.6 | 13y ago | Red Hat Storage 2.0 allows local users to overwrite arbitrary files via a symlink attack on the (1) e, (2) local-bricks.list, (3) bricks.err, or (4) limits.conf files in /tmp. | |
| CVE-2013-4956 | low | — | 3.6 | 13y ago | Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if thos… | |
| CVE-2013-1500 | low | — | 3.6 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows loca… | |
| CVE-2013-2387 | low | — | 3.6 | 13y ago | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect confidentiality and int… | |
| CVE-2013-0412 | low | — | 3.6 | 13y ago | Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect integrity and availability via unknown vectors related to Utility/pax. | |
| CVE-2013-0914 | low | — | 3.6 | 13y ago | The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to … | |
| CVE-2013-1766 | low | — | 3.6 | 13y ago | libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspecified vectors. | |
| CVE-2013-0164 | low | — | 3.6 | 13y ago | The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a… | |
| CVE-2013-0254 | low | — | 3.6 | 14y ago | The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, w… | |
| CVE-2013-0964 | low | — | 3.6 | 14y ago | The kernel in Apple iOS before 6.1 and Apple TV before 5.2 does not properly validate copyin and copyout arguments, which allows local users to bypass intended pointer restrictions and access locatio… | |
| CVE-2013-4278 | low | — | 3.5 | 4y ago | The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot… | |
| CVE-2013-6892 | low | — | 3.5 | 12y ago | WebSVN 2.3.3 allows remote authenticated users to read arbitrary files via a symlink attack in a commit. | |
| CVE-2013-4754 | low | — | 3.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Owl Intranet Knowledgebase 1.10 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field to browse.php o… | |
| CVE-2013-4753 | low | — | 3.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.11.9 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field in an inbox action… | |
| CVE-2013-3065 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in the Parental Controls section in Linksys EA6500 with firmware 1.1.28.147876 allows remote authenticated users to inject arbitrary web script or HTML via ve… | |
| CVE-2013-3004 | low | — | 3.5 | 12y ago | Directory traversal vulnerability in BIRT-Report Viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.x and 7.2.x before 7.2.1.5 allows remote authenticated users to read arbitra… | |
| CVE-2013-6310 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |
| CVE-2013-6741 | low | — | 3.5 | 12y ago | IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Managem… | |
| CVE-2013-5460 | low | — | 3.5 | 12y ago | IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and r… | |
| CVE-2013-2998 | low | — | 3.5 | 12y ago | frontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to obtain sensitive i… | |
| CVE-2013-6726 | low | — | 3.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in WebProcess.srv in IBM TRIRIGA Application Platform 3.2.x and 3.3.x before 3.3.1.2 allow remote authenticated users to inject arbitrary web scrip… | |
| CVE-2013-6323 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, and WebSphere Virtu… | |
| CVE-2013-3069 | low | — | 3.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Pass… | |
| CVE-2013-3998 | low | — | 3.5 | 12y ago | CRLF injection vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before 2.1 FP2 allows remote authenticated users to inject arbitrary HTTP headers and … | |
| CVE-2013-6729 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM QuickFile 1.0.0.0 before iFix 4 and 1.1.0.1 before iFix 3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |
| CVE-2013-2150 | low | — | 3.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to… | |
| CVE-2013-2149 | low | — | 3.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.16 and 5.x before 5.0.7 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to share… | |
| CVE-2013-2042 | low | — | 3.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via … | |
| CVE-2013-2041 | low | — | 3.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tag parameter to apps/bookmarks/… | |
| CVE-2013-2040 | low | — | 3.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via … | |
| CVE-2013-1851 | low | — | 3.5 | 12y ago | Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.13 and 4.5.x before 4.5.8, when the user_migrate application is enabled, allows remote authenticated users to import arbit… | |
| CVE-2013-0307 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allows remote administrators to inject arbitrary web script or HTML via the group input field… | |
| CVE-2013-0297 | low | — | 3.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) site_… | |
| CVE-2013-3728 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in Kasseler CMS before 2 r1232 allows remote authenticated users with permissions to create categories to inject arbitrary web script or HTML via the cat para… | |
| CVE-2013-3943 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Disp… | |
| CVE-2013-4199 | low | — | 3.5 | 12y ago | (1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) v… | |
| CVE-2013-6232 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1 allows remote authenticated users to inject arbitrary web script or HTML via a document note in the execution page. | |
| CVE-2013-6314 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM InfoSphere Enterprise Records 4.5.1 before 4.5.1.7-IER-IF001 and Enterprise Records 5.1.1 before 5.1.1.1-IER-IF003 allows remote authenticated users to… | |
| CVE-2013-6333 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and A… | |
| CVE-2013-6320 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and A… | |
| CVE-2013-6301 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and A… | |
| CVE-2013-6300 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and A… | |
| CVE-2013-6299 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and A… | |
| CVE-2013-6734 | low | — | 3.5 | 12y ago | IBM WebSphere eXtreme Scale Client 7.1 through 8.6.0.4 does not properly isolate the cached data of different users, which allows remote authenticated users to obtain sensitive information in opportu… | |
| CVE-2013-1871 | low | — | 3.5 | 13y ago | Cross-site scripting (XSS) vulnerability in account/EditAddress.do in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary web script or HTML via the type par… | |
| CVE-2013-6743 | low | — | 3.5 | 13y ago | Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML v… | |
| CVE-2013-6033 | low | — | 3.5 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities on Lexmark W840 through LS.HA.P252, T64x before LS.ST.P344, C935dn through LC.JO.P091, C920 through LS.TA.P152, C53x through LS.SW.P069, C52x throu… | |
| CVE-2013-0177 | low | — | 3.5 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in widget/screen/ModelScreenWidget.java in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.05, 11.04.01, and possibly 09.04.x all… | |
| CVE-2013-6725 | low | — | 3.5 | 13y ago | Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote authentica… | |
| CVE-2013-6330 | low | — | 3.5 | 13y ago | IBM WebSphere Application Server 7.x before 7.0.0.31, when simpleFileServlet static file caching is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors. | |
| CVE-2013-5871 | low | — | 3.5 | 13y ago | Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical Professional component in Oracle Supply Chain Products Suite 20.1.1 allows remote authenticated users to affect confidentiality via … | |
| CVE-2013-5868 | low | — | 3.5 | 13y ago | Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical Professional component in Oracle Supply Chain Products Suite 20.1.1 allows remote authenticated users to affect confidentiality via … | |
| CVE-2013-5764 | low | — | 3.5 | 13y ago | Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect availability via unknown vectors. | |
| CVE-2013-5892 | low | — | 3.5 | 13y ago | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.22, and 4.3.6 allows local users to affect confidentiality, in… | |
| CVE-2013-7292 | low | — | 3.5 | 13y ago | VASCO IDENTIKEY Authentication Server (IAS) 3.4.x allows remote authenticated users to bypass Active Directory (AD) authentication by entering only a DIGIPASS one-time password, instead of the intend… | |
| CVE-2013-4460 | low | — | 3.5 | 13y ago | Cross-site scripting (XSS) vulnerability in account_sponsor_page.php in MantisBT 1.0.0 through 1.2.15 allows remote authenticated users to inject arbitrary web script or HTML via a project name. | |
| CVE-2013-7274 | low | — | 3.5 | 13y ago | Cross-site scripting (XSS) vulnerability in Wallpaper Script 3.5.0082 allows remote authenticated users to inject arbitrary web script or HTML via the title field in a wallpaper file upload. | |
| CVE-2013-7250 | low | — | 3.5 | 13y ago | Cross-site scripting (XSS) vulnerability in the JsonBuilder implementation in ProjectForge before 5.3 allows remote authenticated users to inject arbitrary web script or HTML via an autocompletion st… | |
| CVE-2013-7231 | low | — | 3.5 | 13y ago | Cross-site scripting (XSS) vulnerability in the Mobile Content Server in ESRI ArcGIS for Server 10.1 and 10.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified … | |
| CVE-2013-5222 | low | — | 3.5 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |
| CVE-2013-5420 | low | — | 3.5 | 13y ago | The IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to read log files by leveraging helpdesk privileges for a d… | |
| CVE-2013-6745 | low | — | 3.5 | 13y ago | Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to inject arbit… | |
| CVE-2013-6196 | low | — | 3.5 | 13y ago | Cross-site scripting (XSS) vulnerability in HP Autonomy Ultraseek 5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |
| CVE-2013-5406 | low | — | 3.5 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to inject arbitrary web script or HTML via unspec… | |
| CVE-2013-5405 | low | — | 3.5 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to inject arbitrary web script or HTML via unspec… | |
| CVE-2013-7194 | low | — | 3.5 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in www/administrator.php in eFront 3.6.14 (build 18012) allow remote authenticated administrators to inject arbitrary web script or HTML via the (1… | |
| CVE-2013-7074 | low | — | 3.5 | 13y ago | TYPO3 Cross-Site Scripting (XSS) vulnerabilities in Content Editing Wizards component | |
| CVE-2013-5452 | low | — | 3.5 | 13y ago | IBM FileNet Business Process Framework 4.1.0 allows remote authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration … | |
| CVE-2013-5402 | low | — | 3.5 | 13y ago | Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Lif… | |
| CVE-2013-6721 | low | — | 3.5 | 13y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.x through 8.0.0.2 allows remote authenticated users to inject arbitrary web… | |
| CVE-2013-6964 | low | — | 3.5 | 13y ago | Cisco WebEx Meeting Center allows remote authenticated users to bypass access control and inject content from a different WebEx site via unspecified vectors, aka Bug ID CSCul36197. | |
| CVE-2013-5404 | low | — | 3.5 | 13y ago | Cross-site scripting (XSS) vulnerability in the search implementation in IBM Rational Quality Manager (RQM) 2.0 through 2.0.1.1, 3.x before 3.0.1.6 iFix 1, and 4.x before 4.0.5, as used in Rational T… | |
| CVE-2013-6237 | low | — | 3.5 | 13y ago | The ISL Desktop plugin for Windows before 1.4.7 for ISL Light 3.5.4 and earlier allows remote authenticated users to obtain sensitive information by pasting the clipboard contents that have been copi… | |
| CVE-2013-7025 | low | — | 3.5 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before… | |
| CVE-2013-4558 | low | — | 3.5 | 13y ago | The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversio… | |
| CVE-2013-6915 | low | — | 3.5 | 13y ago | Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified … | |
| CVE-2013-6914 | low | — | 3.5 | 13y ago | Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |
| CVE-2013-6913 | low | — | 3.5 | 13y ago | Cross-site scripting (XSS) vulnerability in a search component in Cybozu Garoon before 3.7.2, when Internet Explorer is used, allows remote authenticated users to inject arbitrary web script or HTML … | |
| CVE-2013-6912 | low | — | 3.5 | 13y ago | Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2, when Internet Explorer 6 through 9 is used, allows remote authenticated users to inject arbitrary web s… | |
| CVE-2013-6911 | low | — | 3.5 | 13y ago | Cross-site scripting (XSS) vulnerability in the bulletin-board component in Cybozu Garoon before 3.7.2, when Internet Explorer or Firefox is used, allows remote authenticated users to inject arbitrar… | |
| CVE-2013-6003 | low | — | 3.5 | 13y ago | CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vect… | |
| CVE-2013-6307 | low | — | 3.5 | 13y ago | Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |