CVEs from 2013
Total
5,684
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-5611 | medium | — | 5.8 | 13y ago | Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing… | |||
| CVE-2013-6171 | medium | — | 5.8 | 13y ago | checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attachin… | |||
| CVE-2013-6389 | medium | — | 5.8 | 13y ago | Drupal has open redirect vulnerability in the Overlay module | |||
| CVE-2013-6918 | medium | — | 5.8 | 13y ago | The web interface on the Satechi travel router 1.5, when Wi-Fi is used for WAN access, exposes the console without authentication on the WAN IP address regardless of the "Web Management via WAN" sett… | |||
| CVE-2013-1058 | medium | — | 5.8 | 13y ago | maas-import-pxe-files in MAAS before 13.10 does not verify the integrity of downloaded files, which allows remote attackers to modify these files via a man-in-the-middle (MITM) attack. | |||
| CVE-2013-5999 | medium | — | 5.8 | 13y ago | Kingsoft KDrive Personal before 1.21.0.1880 on Windows does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information … | |||
| CVE-2013-6174 | medium | — | 5.8 | 13y ago | Multiple open redirect vulnerabilities in xAdmin in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Ed… | |||
| CVE-2013-6814 | medium | — | 5.8 | 13y ago | The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPP… | |||
| CVE-2013-6802 | medium | — | 5.8 | 13y ago | Google Chrome before 31.0.1650.57 allows remote attackers to bypass intended sandbox restrictions by leveraging access to a renderer process, as demonstrated during a Mobile Pwn2Own competition at Pa… | |||
| CVE-2013-5606 | medium | — | 5.8 | 13y ago | The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when… | |||
| CVE-2013-6798 | medium | — | 5.8 | 13y ago | BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not properly determine the user account for execution of Peer Manager in certain situations involving successive … | |||
| CVE-2013-6077 | medium | — | 5.8 | 13y ago | Citrix XenDesktop 7.0, when upgraded from XenDesktop 5.x, does not properly enforce policy rule permissions, which allows remote attackers to bypass intended restrictions. | |||
| CVE-2013-5431 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8 and Tivoli Federated Identity Manager Business Gateway… | |||
| CVE-2013-6020 | medium | — | 5.8 | 13y ago | passwordRequestPOST.jsp in Tyler Technologies TaxWeb 3.13.3.1 sends different HTTP status codes for invalid password-recovery requests depending on whether the user account exists, which allows remot… | |||
| CVE-2013-5189 | medium | — | 5.8 | 13y ago | Apple Mac OS X before 10.9 does not preserve a certain administrative system-preferences setting across software updates, which allows context-dependent attackers to bypass intended access restrictio… | |||
| CVE-2013-4390 | medium | — | 5.8 | 13y ago | Apache Sling Auth Core bundle vulnerable to Open Redirection | |||
| CVE-2013-5761 | medium | — | 5.8 | 13y ago | Unspecified vulnerability in the Siebel Core - Server BizLogic Script component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality and integrity via unknown vector… | |||
| CVE-2013-4345 | medium | — | 5.8 | 13y ago | Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms… | |||
| CVE-2013-4351 | medium | — | 5.8 | 13y ago | GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass int… | |||
| CVE-2013-2223 | medium | — | 5.8 | 13y ago | GNU ZRTPCPP before 3.2.0 allows remote attackers to obtain sensitive information (uninitialized heap memory) or cause a denial of service (out-of-bounds read) via a crafted packet, as demonstrated by… | |||
| CVE-2013-4067 | medium | — | 5.8 | 13y ago | IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to hijack sessions and read cookie values, or conduct phishing attacks to capture credentials, via un… | |||
| CVE-2013-4310 | medium | — | 5.8 | 13y ago | Apache Struts2 Broken Access Control Vulnerability | |||
| CVE-2013-5960 | medium | — | 5.8 | 13y ago | Missing Cryptographic Step in OWASP Enterprise Security API for Java | |||
| CVE-2013-0957 | medium | — | 5.8 | 13y ago | Data Protection in Apple iOS before 7 allows attackers to bypass intended limits on incorrect passcode entry, and consequently avoid a configured Erase Data setting, by leveraging the presence of an … | |||
| CVE-2013-1028 | medium | — | 5.8 | 13y ago | The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof securi… | |||
| CVE-2013-3446 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in the login page in Cisco Digital Media Manager (DMM) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vector… | |||
| CVE-2013-3277 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in EMC RSA Archer GRC 5.x before 5.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||
| CVE-2013-2123 | medium | — | 5.8 | 13y ago | The Node access user reference module 6.x-3.x before 6.x-3.5 and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to content containing a user reference field when the author upda… | |||
| CVE-2013-4111 | medium | — | 5.8 | 13y ago | The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in t… | |||
| CVE-2013-4700 | medium | — | 5.8 | 13y ago | The Yahoo! Japan Shopping application 1.4 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive i… | |||
| CVE-2013-4699 | medium | — | 5.8 | 13y ago | The Yahoo! Japan Yafuoku! application 4.3.0 and earlier for iOS and Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain s… | |||
| CVE-2013-4962 | medium | — | 5.8 | 13y ago | The reset password page in Puppet Enterprise before 3.0.1 does not force entry of the current password, which allows attackers to modify user passwords by leveraging session hijacking, an unattended … | |||
| CVE-2013-4955 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in the login page in Puppet Enterprise before 3.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the service … | |||
| CVE-2013-4762 | medium | — | 5.8 | 13y ago | Puppet Enterprise before 3.0.1 does not sufficiently invalidate a session when a user logs out, which might allow remote attackers to hijack sessions by obtaining an old session ID. | |||
| CVE-2013-2155 | medium | — | 5.8 | 13y ago | Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 does not properly validate length values, which allows remote attackers to cause a denial of service or bypass the CVE-2009-021… | |||
| CVE-2013-0149 | medium | — | 5.8 | 13y ago | The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.3, IOS-XE 2.x through 3.9.xS, ASA and PIX 7.x through 9.1, FWSM, NX-OS, and StarOS before 14.0.50488 does not properly valid… | |||
| CVE-2013-4912 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks by leveraging improper … | |||
| CVE-2013-4673 | medium | — | 5.8 | 13y ago | The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 does not properly implement RADIUS authentication, which allows remote attackers to execute arbitrary code by leveragin… | |||
| CVE-2013-2993 | medium | — | 5.8 | 13y ago | IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the conte… | |||
| CVE-2013-2881 | medium | — | 5.8 | 13y ago | Google Chrome before 28.0.1500.95 does not properly handle frames, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | |||
| CVE-2013-3656 | medium | — | 5.8 | 13y ago | Cybozu Office 9.1.0 and earlier does not properly manage sessions, which allows remote attackers to bypass authentication by leveraging knowledge of a login URL. | |||
| CVE-2013-2070 | medium | — | 5.8 | 13y ago | http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (c… | |||
| CVE-2013-3813 | medium | — | 5.8 | 13y ago | Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect confidentiality and integrity via vectors related to Libraries/PAM-Unix. | |||
| CVE-2013-3798 | medium | — | 5.8 | 13y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect integrity and availability via unknown vectors related to MemCached. | |||
| CVE-2013-2879 | medium | — | 5.8 | 13y ago | Google Chrome before 28.0.1500.71 does not properly determine the circumstances in which a renderer process can be considered a trusted process for sign-in and subsequent sync operations, which makes… | |||
| CVE-2013-3925 | medium | — | 5.8 | 13y ago | Atlassian Crowd 2.5.x before 2.5.4, 2.6.x before 2.6.3, 2.3.8, and 2.4.9 allows remote attackers to read arbitrary files and send HTTP requests to intranet servers via a request to (1) /services/2 or… | |||
| CVE-2013-2458 | medium | — | 5.8 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via… | |||
| CVE-2013-2454 | medium | — | 5.8 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remo… | |||
| CVE-2013-4616 | medium | — | 5.8 | 13y ago | The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK pa… | |||
| CVE-2013-1093 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in the fwdToURL function in the ZCC login page in zcc-framework.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote at… | |||
| CVE-2013-3641 | medium | — | 5.8 | 13y ago | The Pizza Hut Japan Official Order application before 1.1.1.a for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sen… | |||
| CVE-2013-2319 | medium | — | 5.8 | 13y ago | FileMaker Pro before 12 and Pro Advanced before 12 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via … | |||
| CVE-2013-2317 | medium | — | 5.8 | 13y ago | The Sleipnir Mobile application 2.9.1 and earlier and Sleipnir Mobile Black Edition application 2.9.1 and earlier for Android allow remote attackers to spoof the address bar via vectors involving the… | |||
| CVE-2013-2316 | medium | — | 5.8 | 13y ago | The Yahoo! Browser application 1.4.4 and earlier for Android allows remote attackers to spoof the address bar via vectors related to URL display, a different vulnerability than CVE-2013-2307. | |||
| CVE-2013-1212 | medium | — | 5.8 | 13y ago | The SSL functionality in Cisco NX-OS on the Nexus 1000V does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof servers, and intercept or modify Virtual Supervi… | |||
| CVE-2013-1208 | medium | — | 5.8 | 13y ago | The encryption functionality in Cisco NX-OS on the Nexus 1000V does not properly handle Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication, which allows remote attackers t… | |||
| CVE-2013-0939 | medium | — | 5.8 | 13y ago | EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allow remote attackers to obtain sensitive info… | |||
| CVE-2013-0937 | medium | — | 5.8 | 13y ago | Session fixation vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote… | |||
| CVE-2013-3511 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified … | |||
| CVE-2013-0127 | medium | — | 5.8 | 13y ago | IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 does not block APPLET elements in HTML e-mail, which allows remote attackers to bypass intended restrictions on Java co… | |||
| CVE-2013-1926 | medium | — | 5.8 | 13y ago | The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensi… | |||
| CVE-2013-2307 | medium | — | 5.8 | 13y ago | The Yahoo! Browser application before 1.4.3 for Android allows remote attackers to spoof the address bar via a crafted web site. | |||
| CVE-2013-2306 | medium | — | 5.8 | 13y ago | The jigbrowser+ application before 1.6.4 for Android does not properly open windows, which allows remote attackers to spoof the address bar via a crafted web site. | |||
| CVE-2013-2304 | medium | — | 5.8 | 13y ago | The Sleipnir Mobile application 2.8.0 and earlier and Sleipnir Mobile Black Edition application 2.8.0 and earlier for Android allow remote attackers to load arbitrary Extension APIs, and trigger down… | |||
| CVE-2013-0253 | medium | — | 5.8 | 13y ago | The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack. | |||
| CVE-2013-2770 | medium | — | 5.8 | 13y ago | The installation functionality in the Novell Kanaka component before 2.8 for Novell Open Enterprise Server (OES) on Mac OS X does not verify the server's X.509 certificate during an SSL session, whic… | |||
| CVE-2013-0794 | medium | — | 5.8 | 13y ago | Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prevent origin spoofing of tab-modal dialogs, which allows remote attackers to conduct phishing attacks via a crafted web site. | |||
| CVE-2013-1299 | medium | — | 5.8 | 13y ago | Microsoft Windows Modern Mail allows remote attackers to spoof link targets via a crafted HTML e-mail message. | |||
| CVE-2013-0677 | medium | — | 5.8 | 13y ago | The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to obtain sensitive information or cause a denial of service via a craft… | |||
| CVE-2013-1856 | medium | — | 5.8 | 13y ago | The ActiveSupport::XmlMini_JDOM backend in lib/active_support/xml_mini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13, when JRuby is us… | |||
| CVE-2013-1124 | medium | — | 5.8 | 14y ago | The Cisco Network Admission Control (NAC) agent on Mac OS X does not verify the X.509 certificate of an Identity Services Engine (ISE) server during an SSL session, which allows man-in-the-middle att… | |||
| CVE-2013-0772 | medium | — | 5.8 | 14y ago | The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory … | |||
| CVE-2013-0751 | medium | — | 5.8 | 14y ago | Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do not restrict a touch event to a single IFRAME element, which allows remote attackers to obtain sensitive information or possibly co… | |||
| CVE-2013-0013 | medium | — | 5.8 | 14y ago | The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle enc… | |||
| CVE-2013-6367 | medium | — | 5.7 | 13y ago | The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash)… | |||
| CVE-2013-6799 | medium | — | 5.7 | 13y ago | Apple Mac OS X 10.9 allows local users to cause a denial of service (memory corruption or panic) by creating a hard link to a directory. NOTE: this vulnerability exists because of an incomplete fix f… | |||
| CVE-2013-4551 | medium | — | 5.7 | 13y ago | Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation paths for (1) VMLAUNCH and (2) VMRESUME, which allows local HVM guest users to cause a denial of ser… | |||
| CVE-2013-5184 | medium | — | 5.7 | 13y ago | The kernel in Apple Mac OS X before 10.9 does not properly check for errors during the processing of multicast Wi-Fi packets, which allows remote attackers to cause a denial of service (system crash)… | |||
| CVE-2013-5527 | medium | — | 5.7 | 13y ago | The OSPF functionality in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted options in an LSA type 11 packet, aka Bug ID CSCui21030. | |||
| CVE-2013-5499 | medium | — | 5.7 | 13y ago | The remember feature in the DHCP server in Cisco IOS allows remote attackers to cause a denial of service (device reload) by acquiring a lease and then sending a DHCPRELEASE message, aka Bug ID CSCuh… | |||
| CVE-2013-2212 | medium | — | 5.7 | 13y ago | The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling caches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly… | |||
| CVE-2013-1935 | medium | — | 5.7 | 13y ago | A certain Red Hat patch to the KVM subsystem in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux (RHEL) 6 does not properly implement the PV EOI feature, which allows guest O… | |||
| CVE-2013-1189 | medium | — | 5.7 | 13y ago | Cisco Universal Broadband (aka uBR) 10000 series routers, when an IPv4/IPv6 dual-stack modem is used, allow remote attackers to cause a denial of service (routing-engine reload) via unspecified chang… | |||
| CVE-2013-3630 | medium | — | 5.6 | 13y ago | Moodle Authenticated Spelling Binary Remote Code Execution | |||
| CVE-2013-3239 | medium | — | 5.6 | 13y ago | phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename… | |||
| CVE-2013-7488 | medium | — | 5.5 | 2y ago | RHSA-2024:3049: perl-Convert-ASN1 security update (Moderate) | |||
| CVE-2013-2104 | medium | — | 5.5 | 4y ago | python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after i… | |||
| CVE-2013-7061 | medium | — | 5.5 | 4y ago | Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API. | |||
| CVE-2013-7461 | medium | 5.5 | 5.5 | 9y ago | A write protection and execution bypass vulnerability in McAfee (now Intel Security) Change Control (MCC) 6.1.0 for Linux and earlier allows authenticated users to change files that are part of write… | |||
| CVE-2013-7460 | medium | 5.5 | 5.5 | 9y ago | A write protection and execution bypass vulnerability in McAfee (now Intel Security) Application Control (MAC) 6.1.0 for Linux and earlier allows authenticated users to change binaries that are part … | |||
| CVE-2013-5653 | medium | 5.5 | 5.5 | 9y ago | The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file. | |||
| CVE-2013-4320 | medium | — | 5.5 | 12y ago | TYPO3 Improper Access Management in the File Abstraction Layer | |||
| CVE-2013-4431 | medium | — | 5.5 | 12y ago | Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly prevent access to blocks, which allows remote authenticated users to modify arbitrary blocks via the bock id in an e… | |||
| CVE-2013-4471 | medium | — | 5.5 | 12y ago | The Identity v3 API in OpenStack Dashboard (Horizon) before 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to chang… | |||
| CVE-2013-5459 | medium | — | 5.5 | 12y ago | Unspecified vulnerability in IBM Rational Software Architect (RSA) Design Manager and Rational Rhapsody Design Manager 3.x through 3.0.1 and 4.x before 4.0.6 allows remote authenticated users to modi… | |||
| CVE-2013-7195 | medium | — | 5.5 | 12y ago | PHPFox 3.7.3 and 3.7.4 allows remote authenticated users to bypass intended "Only Me" restrictions and "like" a publication via a request that specifies the ID for the publication. | |||
| CVE-2013-4197 | medium | — | 5.5 | 12y ago | member_portrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to modify or delete portraits of other users via unspecified vectors. | |||
| CVE-2013-5890 | medium | — | 5.5 | 13y ago | Unspecified vulnerability in the Oracle Payroll component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, 12.1.3, and 12.2.2 allows remote authenticated users to affect confidentiality … | |||
| CVE-2013-5897 | medium | — | 5.5 | 13y ago | Unspecified vulnerability in the Oracle Agile Product Lifecycle Management for Process component in Oracle Supply Chain Products Suite 6.0, 6.1, and 6.1.1 allows remote authenticated users to affect … | |||
| CVE-2013-2133 | medium | — | 5.5 | 13y ago | The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS S… |