CVEs from 2013
Total
5,685
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-4329 | medium | — | 6.5 | 13y ago | The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows loca… | |||
| CVE-2013-4619 | medium | — | 6.5 | 13y ago | Multiple SQL injection vulnerabilities in OpenEMR 4.1.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) start or (2) end parameter to interface/reports/custom_report_ra… | |||
| CVE-2013-5003 | medium | — | 6.5 | 13y ago | Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitrary SQL commands via (1) the scale parameter to pm… | |||
| CVE-2013-3033 | medium | — | 6.5 | 13y ago | SQL injection vulnerability in the server component in IBM Tivoli Remote Control 5.1.2 before 5.1.2-TIV-TRC512-IF0015 allows remote authenticated users to execute arbitrary SQL commands via unspecifi… | |||
| CVE-2013-3437 | medium | — | 6.5 | 13y ago | SQL injection vulnerability in the management application in Cisco Unified Operations Manager allows remote authenticated users to execute arbitrary SQL commands via an entry field, aka Bug ID CSCud8… | |||
| CVE-2013-3412 | medium | — | 6.5 | 13y ago | SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug I… | |||
| CVE-2013-3402 | medium | — | 6.5 | 13y ago | An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440. | |||
| CVE-2013-3789 | medium | — | 6.5 | 13y ago | Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect confidentiality, integ… | |||
| CVE-2013-3763 | medium | — | 6.5 | 13y ago | Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 7.4.0 and 7.5.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vec… | |||
| CVE-2013-4650 | medium | — | 6.5 | 13y ago | MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote authenticated users to obtain internal system privileges by leveraging a username of __system in an arbitrary database. | |||
| CVE-2013-2984 | medium | — | 6.5 | 13y ago | Directory traversal vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote authenticated users to read or modify files via unspecified vectors. | |||
| CVE-2013-2982 | medium | — | 6.5 | 13y ago | IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to upload arbitrary files via unspecified vectors. | |||
| CVE-2013-0560 | medium | — | 6.5 | 13y ago | Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to execute arbitrary SQL commands via unspecif… | |||
| CVE-2013-4604 | medium | — | 6.5 | 13y ago | Fortinet FortiOS before 5.0.3 on FortiGate devices does not properly restrict Guest capabilities, which allows remote authenticated users to read, modify, or delete the records of arbitrary users by … | |||
| CVE-2013-4609 | medium | — | 6.5 | 13y ago | REDCap before 5.0.4 and 5.1.x before 5.1.3 does not reject certain undocumented syntax within branching logic and calculations, which allows remote authenticated users to bypass intended access restr… | |||
| CVE-2013-2970 | medium | — | 6.5 | 13y ago | Unspecified vulnerability in IBM QRadar Security Information and Event Manager (SIEM) 7.x before 7.1 MR2 Patch 1 allows remote authenticated users to execute operating-system commands via unknown vec… | |||
| CVE-2013-3315 | medium | — | 6.5 | 13y ago | The server in TIBCO Silver Mobile 1.1.0 does not properly verify access to the administrator role before executing a command, which allows authenticated users to gain privileges via unspecified vecto… | |||
| CVE-2013-3512 | medium | — | 6.5 | 13y ago | The Cacti component in GroundWork Monitor Enterprise 6.7.0 does not properly perform authorization checks, which allows remote authenticated users to read or modify configuration settings via unspeci… | |||
| CVE-2013-3510 | medium | — | 6.5 | 13y ago | Multiple SQL injection vulnerabilities in GroundWork Monitor Enterprise 6.7.0 allow remote authenticated users to execute arbitrary SQL commands via (1) nedi/html/System-Export.php, (2) nedi/html/Dev… | |||
| CVE-2013-3509 | medium | — | 6.5 | 13y ago | html/System-NeDi.php in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the scan functionality in… | |||
| CVE-2013-3508 | medium | — | 6.5 | 13y ago | html/System-Files.php in the System File Overview feature in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands via vectors invo… | |||
| CVE-2013-3242 | medium | — | 6.5 | 13y ago | plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated use… | |||
| CVE-2013-3062 | medium | — | 6.5 | 13y ago | The CP_RC_TRANSACTION_CALL_BY_SET function in the Engineering Workbench component in SAP Production Planning and Control allows remote authenticated users to bypass intended transaction restrictions … | |||
| CVE-2013-3061 | medium | — | 6.5 | 13y ago | The ISHMED-PATRED_TRANSACT_RFCCALL function in the IS-H Industry-Specific Component Hospital subsystem in SAP Healthcare Industry Solution, and the SAP ERP central component (aka ECC 6), allows remot… | |||
| CVE-2013-2378 | medium | — | 6.5 | 13y ago | Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via u… | |||
| CVE-2013-2375 | medium | — | 6.5 | 13y ago | Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via u… | |||
| CVE-2013-1552 | medium | — | 6.5 | 13y ago | Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | |||
| CVE-2013-1531 | medium | — | 6.5 | 13y ago | Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors relate… | |||
| CVE-2013-1521 | medium | — | 6.5 | 13y ago | Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors relate… | |||
| CVE-2013-0511 | medium | — | 6.5 | 13y ago | Multiple SQL injection vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified parameters. | |||
| CVE-2013-1836 | medium | — | 6.5 | 13y ago | Moodle does not properly manage privileges for WebDAV repositories | |||
| CVE-2013-2274 | medium | — | 6.5 | 13y ago | Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a craft… | |||
| CVE-2013-1794 | medium | — | 6.5 | 13y ago | Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long fileserver AC… | |||
| CVE-2013-0311 | medium | — | 6.5 | 14y ago | The translate_desc function in drivers/vhost/vhost.c in the Linux kernel before 3.7 does not properly handle cross-region descriptors, which allows guest OS users to obtain host OS privileges by leve… | |||
| CVE-2013-0208 | medium | — | 6.5 | 14y ago | The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_de… | |||
| CVE-2013-4497 | medium | — | 6.4 | 4y ago | The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows … | |||
| CVE-2013-6994 | medium | — | 6.4 | 12y ago | OpenText Exceed OnDemand (EoD) 8 transmits the session ID in cleartext, which allows remote attackers to perform session fixation attacks by sniffing the network. | |||
| CVE-2013-5655 | medium | — | 6.4 | 12y ago | Directory traversal vulnerability in the FTP server in YingZhi Python Programming Language for iOS 1.9 allows remote attackers to read and possibly write arbitrary files via a .. (dot dot) in the def… | |||
| CVE-2013-5984 | medium | — | 6.4 | 12y ago | Directory traversal vulnerability in userfiles/modules/admin/backup/delete.php in Microweber before 0.830 allows remote attackers to delete arbitrary files via a .. (dot dot) in the file parameter. | |||
| CVE-2013-6887 | medium | — | 6.4 | 12y ago | OpenJPEG 1.5.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger NULL pointer dereferences, division-by-zero, and other errors. | |||
| CVE-2013-4966 | medium | — | 6.4 | 12y ago | The master external node classification script in Puppet Enterprise before 3.2.0 does not verify the identity of consoles, which allows remote attackers to create arbitrary classifications on the mas… | |||
| CVE-2013-6659 | medium | — | 6.4 | 13y ago | The SSLClientSocketNSS::Core::OwnAuthCertHandler function in net/socket/ssl_client_socket_nss.cc in Google Chrome before 33.0.1750.117 does not prevent changes to server X.509 certificates during ren… | |||
| CVE-2013-6657 | medium | — | 6.4 | 13y ago | core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, inserts the about:blank URL during certain blocking of FORM elements within HTTP requests, … | |||
| CVE-2013-6483 | medium | — | 6.4 | 13y ago | The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remo… | |||
| CVE-2013-2826 | medium | — | 6.4 | 13y ago | WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 perform authentication on the KAEClientManager console rather than on the server, which allows remote attac… | |||
| CVE-2013-7205 | medium | — | 6.4 | 13y ago | Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory … | |||
| CVE-2013-6334 | medium | — | 6.4 | 13y ago | IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, Disposal and Governance Management for IT 6.0.1.5 and earlier and 6.0.2, and Global Retention Policy and Schedule Management 6.0… | |||
| CVE-2013-3667 | medium | — | 6.4 | 13y ago | The software update mechanism as used in Bare Bones Software Yojimbo before 4.0, TextWrangler before 4.5.3, and BBEdit before 10.5.5 does not properly download and verify updates before installation,… | |||
| CVE-2013-5039 | medium | — | 6.4 | 13y ago | Cross-site request forgery (CSRF) vulnerability in goform/wlanBasicSecurity on the HOT HOTBOX router with software 2.1.11 allows remote attackers to hijack the authentication of administrators for re… | |||
| CVE-2013-5227 | medium | — | 6.4 | 13y ago | Apple Safari before 6.1.1 and 7.x before 7.0.1 allows remote attackers to bypass the Same Origin Policy and discover credentials by triggering autofill of subframe form fields. | |||
| CVE-2013-7038 | medium | — | 6.4 | 13y ago | The MHD_http_unescape function in libmicrohttpd before 0.9.32 might allow remote attackers to obtain sensitive information or cause a denial of service (crash) via unspecified vectors that trigger an… | |||
| CVE-2013-6408 | medium | — | 6.4 | 13y ago | XML Injection in Apache Solr | |||
| CVE-2013-6407 | medium | — | 6.4 | 13y ago | Apache Solr UpdateRequestHandler for XML resolves XML External Entities | |||
| CVE-2013-6417 | medium | — | 6.4 | 13y ago | actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and… | |||
| CVE-2013-6718 | medium | — | 6.4 | 13y ago | The Advanced Management Module (AMM) with firmware 3.64B, 3.64C, and 3.64G for IBM BladeCenter systems allows remote attackers to discover account names and passwords via use of an unspecified interf… | |||
| CVE-2013-6828 | medium | — | 6.4 | 13y ago | admin/management.html in PineApp Mail-SeCure allows remote attackers to bypass authentication and perform a sys_usermng operation via the it parameter. | |||
| CVE-2013-6823 | medium | — | 6.4 | 13y ago | GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors. | |||
| CVE-2013-6818 | medium | — | 6.4 | 13y ago | SAP NetWeaver Logviewer 6.30, when running on Windows, allows remote attackers to bypass intended access restrictions via unspecified vectors. | |||
| CVE-2013-6682 | medium | — | 6.4 | 13y ago | The phone-proxy implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0.3.6 and earlier does not properly validate X.509 certificates, which allows remote attackers to cause a denial o… | |||
| CVE-2013-5552 | medium | — | 6.4 | 13y ago | Cisco IOS 12.4(24)MDB9 and earlier on Content Services Gateway (CSG) devices does not properly implement the "parse error drop" feature, which allows remote attackers to bypass intended access restri… | |||
| CVE-2013-3264 | medium | — | 6.4 | 13y ago | The WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress does not properly restrict access to (1) list/edit.php and (2) campaign/editCampaign.php, which allows remote attackers … | |||
| CVE-2013-2065 | medium | — | 6.4 | 13y ago | (1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to byp… | |||
| CVE-2013-5165 | medium | — | 6.4 | 13y ago | socketfilterfw in Application Firewall in Apple Mac OS X before 10.9 does not properly implement the --blockApp option, which allows remote attackers to bypass intended access restrictions via a netw… | |||
| CVE-2013-5813 | medium | — | 6.4 | 13y ago | Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, 11.1.1.7.0, and 11.1.1.8.0 allows remote attackers to affect confidentiality an… | |||
| CVE-2013-5812 | medium | — | 6.4 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and availability via un… | |||
| CVE-2013-5804 | medium | — | 6.4 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and JRockit R27.7.6 and earlier allows remote attacker… | |||
| CVE-2013-5783 | medium | — | 6.4 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentia… | |||
| CVE-2013-5771 | medium | — | 6.4 | 13y ago | Unspecified vulnerability in the XML Parser component in Oracle Database Server 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect confidentiality and availability via unkno… | |||
| CVE-2013-3829 | medium | — | 6.4 | 13y ago | Unspecified vulnerability in the Java SE, Java SE Embedded component in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and ea… | |||
| CVE-2013-5535 | medium | — | 6.4 | 13y ago | The analytics page on Cisco Video Surveillance 4000 IP cameras has hardcoded credentials, which allows remote attackers to watch the video feed by leveraging knowledge of the password, aka Bug IDs CS… | |||
| CVE-2013-4379 | medium | — | 6.4 | 13y ago | The Make Meeting Scheduler module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to bypass intended access restrictions for a poll via a direct request to the node's URL instead of the has… | |||
| CVE-2013-4213 | medium | — | 6.4 | 13y ago | Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client. | |||
| CVE-2013-4128 | medium | — | 6.4 | 13y ago | Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by remote-naming, which allows remote attackers to hijack sessions by using a remoting client. | |||
| CVE-2013-3220 | medium | — | 6.4 | 13y ago | bitcoind and Bitcoin-Qt before 0.4.9rc2, 0.5.x before 0.5.8rc2, 0.6.x before 0.6.5rc2, and 0.7.x before 0.7.3rc2, and wxBitcoin, do not properly consider whether a block's size could require an exces… | |||
| CVE-2013-2994 | medium | — | 6.4 | 13y ago | IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 incorrectly maintains a valid session after unspecified interaction with REST services, which allows remote attackers to issue REST reques… | |||
| CVE-2013-4851 | medium | — | 6.4 | 13y ago | The vfs_hang_addrlist function in sys/kern/vfs_export.c in the NFS server implementation in the kernel in FreeBSD 8.3 and 9.x through 9.1-RELEASE-p5 controls authorization for host/subnet export entr… | |||
| CVE-2013-0559 | medium | — | 6.4 | 13y ago | Unspecified vulnerability in IBM API Management 2.0 before 2.0.0.1 allows remote attackers to access tenant APIs, and consequently obtain sensitive information or modify data, via unknown vectors. | |||
| CVE-2013-3821 | medium | — | 6.4 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality and availability via … | |||
| CVE-2013-3819 | medium | — | 6.4 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality and availability via … | |||
| CVE-2013-3800 | medium | — | 6.4 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality and integrity via unk… | |||
| CVE-2013-3757 | medium | — | 6.4 | 13y ago | Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows remote attackers to affect integrity and availability via vectors related to SMF/File Locking Services. | |||
| CVE-2013-0476 | medium | — | 6.4 | 13y ago | IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to inject arbitrary FTP commands via unspecified vectors. | |||
| CVE-2013-4680 | medium | — | 6.4 | 13y ago | Open redirect vulnerability in Maag Form Captcha extension 2.0.0 and earlier for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified ve… | |||
| CVE-2013-2407 | medium | — | 6.4 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confi… | |||
| CVE-2013-3060 | medium | — | 6.4 | 13y ago | Improper Authentication in Apache ActiveMQ | |||
| CVE-2013-3221 | medium | — | 6.4 | 13y ago | The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored value… | |||
| CVE-2013-1553 | medium | — | 6.4 | 13y ago | Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.6.0 allows remote attackers to affect confidentiality and integrity via unknown vectors relat… | |||
| CVE-2013-0405 | medium | — | 6.4 | 13y ago | Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows remote attackers to affect confidentiality and integrity via vectors related to NFS client mounts and IPv6. | |||
| CVE-2013-1859 | medium | — | 6.4 | 13y ago | The Node Parameter Control module 6.x-1.x for Drupal does not properly restrict access to the configuration options, which allows remote attackers to read and edit configuration options via unspecifi… | |||
| CVE-2013-1843 | medium | — | 6.4 | 13y ago | TYPO3 Open redirect vulnerability in the Access tracking mechanism | |||
| CVE-2013-2373 | medium | — | 6.4 | 13y ago | The Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 does not properly implement access control, which allows remote attackers to… | |||
| CVE-2013-0966 | medium | — | 6.4 | 13y ago | The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended direc… | |||
| CVE-2013-1131 | medium | — | 6.4 | 14y ago | Cisco Small Business Wireless Access Points WAP200, WAP2000, WAP200E, and WET200 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SSID that … | |||
| CVE-2013-0432 | medium | — | 6.4 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 an… | |||
| CVE-2013-0382 | medium | — | 6.4 | 14y ago | Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity vi… | |||
| CVE-2013-0381 | medium | — | 6.4 | 14y ago | Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via… | |||
| CVE-2013-0829 | medium | — | 6.4 | 14y ago | Google Chrome before 24.0.1312.52 does not properly maintain database metadata, which allows remote attackers to bypass intended file-access restrictions via unspecified vectors. | |||
| CVE-2013-0155 | medium | — | 6.4 | 14y ago | Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implement… | |||
| CVE-2013-5557 | medium | — | 6.3 | 12y ago | The Proxy Bypass Content Rewriter feature in the WebVPN subsystem in Cisco Adaptive Security Appliance (ASA) Software 9.1(.2) and earlier allows remote authenticated users to cause a denial of servic… | |||
| CVE-2013-0350 | medium | — | 6.3 | 12y ago | tmp_smtp.c in pktstat 1.8.5 allows local users to overwrite arbitrary files via a symlink attack on /tmp/smtp.log. |