CVEs from 2013
Total
5,684
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-4043 | medium | — | 5.0 | 13y ago | The server in IBM SPSS Collaboration and Deployment Services 4.x before 4.2.1.3 IF3, 5.x before 5.0 FP3, and 6.x before 6.0 IF1 allows remote attackers to read arbitrary files via an unspecified HTTP… | |||
| CVE-2013-6143 | medium | — | 5.0 | 13y ago | The Schneider Electric Telvent SAGE 3030 RTU with firmware C3413-500-001D3_P4 and C3413-500-001F0_PB allows remote attackers to cause a denial of service (temporary outage and CPU consumption) via ma… | |||
| CVE-2013-6727 | medium | — | 5.0 | 13y ago | The Connect client in IBM Sametime 8.5.2 through 8.5.2.1 and 9.0 before HF1 does not properly restrict unsigned Java plugins, which allows remote attackers to obtain sensitive information via unspeci… | |||
| CVE-2013-6141 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in op5 Monitor before 6.1.3 allows attackers to read arbitrary files via unknown vectors related to lack of authorization. | |||
| CVE-2013-7299 | medium | — | 5.0 | 13y ago | framework/common/messageheaderparser.cpp in Tntnet before 2.2.1 allows remote attackers to obtain sensitive information via a header that ends in \n instead of \r\n, which prevents a null terminator … | |||
| CVE-2013-7298 | medium | — | 5.0 | 13y ago | query_params.cpp in cxxtools before 2.2.1 allows remote attackers to cause a denial of service (infinite recursion and crash) via an HTTP query that contains %% (double percent) characters. | |||
| CVE-2013-6467 | medium | — | 5.0 | 13y ago | Libreswan 3.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. | |||
| CVE-2013-6466 | medium | — | 5.0 | 13y ago | Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. | |||
| CVE-2013-7296 | medium | — | 5.0 | 13y ago | The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial o… | |||
| CVE-2013-6030 | medium | — | 5.0 | 13y ago | Directory traversal vulnerability on the Emerson Network Power Avocent MergePoint Unity 2016 (aka MPU2016) KVM switch with firmware 1.9.16473 allows remote attackers to read arbitrary files via unspe… | |||
| CVE-2013-6448 | medium | — | 5.0 | 13y ago | The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation restr… | |||
| CVE-2013-6447 | medium | — | 5.0 | 13y ago | Multiple XML External Entity (XXE) vulnerabilities in the (1) ExecutionHandler, (2) PollHandler, and (3) SubscriptionHandler classes in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier… | |||
| CVE-2013-4160 | medium | — | 5.0 | 13y ago | Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) c… | |||
| CVE-2013-1769 | medium | — | 5.0 | 13y ago | A certain hashing algorithm in Telepathy Gabble 0.16.x before 0.16.5 and 0.17.x before 0.17.3 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted m… | |||
| CVE-2013-6425 | medium | — | 5.0 | 13y ago | Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) v… | |||
| CVE-2013-6424 | medium | — | 5.0 | 13y ago | Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. | |||
| CVE-2013-6642 | medium | — | 5.0 | 13y ago | Google Chrome through 32.0.1700.23 on Android allows remote attackers to spoof the address bar via unspecified vectors. | |||
| CVE-2013-7294 | medium | — | 5.0 | 13y ago | The ikev2parent_inI1outR1 function in pluto/ikev2_parent.c in libreswan before 3.7 allows remote attackers to cause a denial of service (restart) via an IKEv2 I1 notification without a KE payload. | |||
| CVE-2013-7293 | medium | — | 5.0 | 13y ago | The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always re… | |||
| CVE-2013-5887 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect availability via unknown vectors related to Deployment. | |||
| CVE-2013-5884 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the pre… | |||
| CVE-2013-5873 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related … | |||
| CVE-2013-5869 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.6.0, 11.1.1.7.0, and 11.1.1.8.0 allows remote attackers to affect confidentiality via unknown vec… | |||
| CVE-2013-5853 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect availability via unknown vectors. | |||
| CVE-2013-5910 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Security. NOTE: the previou… | |||
| CVE-2013-5899 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. | |||
| CVE-2013-5896 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect availability via vectors related to CORBA. NOTE: the previo… | |||
| CVE-2013-5895 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect confidentiality via unknown vectors related to JavaFX. | |||
| CVE-2013-7138 | medium | — | 5.0 | 13y ago | Directory traversal vulnerability in lib/functions/d-load.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in t… | |||
| CVE-2013-4564 | medium | — | 5.0 | 13y ago | Libreswan 3.6 allows remote attackers to cause a denial of service (crash) via a small length value and (1) no version or (2) an invalid major number in an IKE packet. | |||
| CVE-2013-6953 | medium | — | 5.0 | 13y ago | BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file. | |||
| CVE-2013-4358 | medium | — | 5.0 | 13y ago | libavcodec/h264.c in FFmpeg before 0.11.4 allows remote attackers to cause a denial of service (crash) via vectors related to alternating bit depths in H.264 data. | |||
| CVE-2013-7249 | medium | — | 5.0 | 13y ago | Fat Free CRM vulnerable to Exposure of Sensitive Information | |||
| CVE-2013-7222 | medium | — | 5.0 | 13y ago | Fat Free CRM has fixed token value | |||
| CVE-2013-7224 | medium | — | 5.0 | 13y ago | Fat Free CRM allows remote attackers to obtain sensitive information via a direct request | |||
| CVE-2013-4549 | medium | — | 5.0 | 13y ago | QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack. | |||
| CVE-2013-2629 | medium | — | 5.0 | 13y ago | Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the (1) importForm, (2) importFeed, (3) addFavorite, or (4) removeFavorite action… | |||
| CVE-2013-6735 | medium | — | 5.0 | 13y ago | IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allow… | |||
| CVE-2013-6723 | medium | — | 5.0 | 13y ago | IBM WebSphere Portal 8.0.0.1 before CF09 does not properly handle references in compute="always" Web Content Manager (WCM) navigator components, which allows remote attackers to obtain sensitive comp… | |||
| CVE-2013-4070 | medium | — | 5.0 | 13y ago | The Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to discover an internal password via unspecified vectors. | |||
| CVE-2013-4069 | medium | — | 5.0 | 13y ago | The Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to read arbitrary files via an XML external entity declara… | |||
| CVE-2013-7114 | medium | — | 5.0 | 13y ago | Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote … | |||
| CVE-2013-7113 | medium | — | 5.0 | 13y ago | epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service (applicatio… | |||
| CVE-2013-7112 | medium | — | 5.0 | 13y ago | The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote atta… | |||
| CVE-2013-7100 | medium | — | 5.0 | 13y ago | Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones … | |||
| CVE-2013-6701 | medium | — | 5.0 | 13y ago | The tNetTaskLimit process on the Transport Node Controller (TNC) on Cisco ONS 15454 devices with software 9.6 and earlier does not properly prioritize health pings, which allows remote attackers to c… | |||
| CVE-2013-6193 | medium | — | 5.0 | 13y ago | Unspecified vulnerability on HP LaserJet M1522n and M2727; LaserJet Pro 100, 300, 400, CM1415fnw, CP1*, M121*, M1536dnf, and P1*; Color LaserJet CM* and CP*; and TopShot LaserJet Pro M275 printers al… | |||
| CVE-2013-6972 | medium | — | 5.0 | 13y ago | Cisco WebEx Training Center allows remote attackers to discover session numbers, and bypass host approval for audio-conference attendance, by reading HTML source code, aka Bug ID CSCul57126. | |||
| CVE-2013-6970 | medium | — | 5.0 | 13y ago | Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information by reading verbose error messages within server responses, aka Bug ID CSCul35928. | |||
| CVE-2013-6968 | medium | — | 5.0 | 13y ago | Cisco WebEx Training Center provides different error messages for registration attempts depending on whether the e-mail address exists, which allows remote attackers to enumerate attendees via a seri… | |||
| CVE-2013-6965 | medium | — | 5.0 | 13y ago | The registration component in Cisco WebEx Training Center provides the training-session URL before e-mail confirmation is completed, which allows remote attackers to bypass intended access restrictio… | |||
| CVE-2013-6709 | medium | — | 5.0 | 13y ago | The registration component in Cisco WebEx Training Center provides the training-session URL before payment is completed, which allows remote attackers to bypass intended access restrictions and join … | |||
| CVE-2013-6411 | medium | — | 5.0 | 13y ago | The HandleCrashedAircraft function in aircraft_cmd.cpp in OpenTTD 0.3.6 through 1.3.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) by crashing an aircraft outsi… | |||
| CVE-2013-5107 | medium | — | 5.0 | 13y ago | Directory traversal vulnerability in RockMongo 1.1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the ROCK_LANG cookie, as demonstrated in a login.index action to… | |||
| CVE-2013-1364 | medium | — | 5.0 | 13y ago | The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to override LDAP configuration via the cnf parameter. | |||
| CVE-2013-7111 | medium | — | 5.0 | 13y ago | Exposure of Sensitive Information in bio-basespace-sdk | |||
| CVE-2013-7093 | medium | — | 5.0 | 13y ago | SAP Network Interface Router (SAProuter) 39.3 SP4 allows remote attackers to bypass authentication and modify the configuration via unspecified vectors. | |||
| CVE-2013-6809 | medium | — | 5.0 | 13y ago | Format string vulnerability in the client in Tftpd32 before 4.50 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the Remo… | |||
| CVE-2013-6048 | medium | — | 5.0 | 13y ago | The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) … | |||
| CVE-2013-5676 | medium | — | 5.0 | 13y ago | Jenkins SonarQube Plugin Stores Passwords in Cleartext | |||
| CVE-2013-6052 | medium | — | 5.0 | 13y ago | OpenJPEG 1.3 and earlier allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read. | |||
| CVE-2013-4458 | medium | — | 5.0 | 13y ago | Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (cra… | |||
| CVE-2013-1447 | medium | — | 5.0 | 13y ago | OpenJPEG 1.3 and earlier allows remote attackers to cause a denial of service (memory consumption or crash) via unspecified vectors related to NULL pointer dereferences, division-by-zero, and other e… | |||
| CVE-2013-6708 | medium | — | 5.0 | 13y ago | Cisco Cloud Portal 9.4 allows remote attackers to read files of unspecified types via a direct request, aka Bug IDs CSCuj08426 and CSCui60889. | |||
| CVE-2013-3921 | medium | — | 5.0 | 13y ago | Directory traversal vulnerability in Easytime Studio Easy File Manager 1.1 for iOS allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) to the default URI. | |||
| CVE-2013-6002 | medium | — | 5.0 | 13y ago | The server in Cybozu Garoon before 3.7 SP1 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. | |||
| CVE-2013-6000 | medium | — | 5.0 | 13y ago | Directory traversal vulnerability in Tattyan HP TOWN before 5_10_1 allows remote attackers to read arbitrary files via a .. (dot dot) in a request. | |||
| CVE-2013-3708 | medium | — | 5.0 | 13y ago | The id1.GetPrinterURLList function in Novell iPrint Client before 5.93 allows remote attackers to cause a denial of service via unspecified vectors. | |||
| CVE-2013-6700 | medium | — | 5.0 | 13y ago | The SNMP module in Cisco IOS XR allows remote attackers to cause a denial of service (process reload) via a request for an unspecified MIB, aka Bug ID CSCuh43144. | |||
| CVE-2013-6712 | medium | — | 5.0 | 13y ago | The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of servi… | |||
| CVE-2013-4617 | medium | — | 5.0 | 13y ago | Jahia xCM before 6.6.2 does not include the HTTPOnly flag in a Set-Cookie header for the JSESSIONID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via … | |||
| CVE-2013-3923 | medium | — | 5.0 | 13y ago | Directory traversal vulnerability in SavySoda WiFi HD Free before 7.0 allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) in a GET request. | |||
| CVE-2013-4522 | medium | — | 5.0 | 13y ago | Moodle vulnerable to Exposure of Sensitive Information to an Unauthorized Actor | |||
| CVE-2013-0861 | medium | — | 5.0 | 13y ago | The avcodec_decode_audio4 function in libavcodec/utils.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 allows remote attackers to trigger memory corruption via vectors related to the channel layout. | |||
| CVE-2013-6699 | medium | — | 5.0 | 13y ago | The Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service via a craft… | |||
| CVE-2013-6312 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in IBM Rational Service Tester 8.3.x and 8.5.x before 8.5.1 and Rational Performance Tester 8.3.x and 8.5.x before 8.5.1 allows remote attackers to read arbitrary files via … | |||
| CVE-2013-5994 | medium | — | 5.0 | 13y ago | data/class/pages/mypage/LC_Page_Mypage_DeliveryAddr.php in LOCKON EC-CUBE 2.11.2 through 2.13.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the full pa… | |||
| CVE-2013-6827 | medium | — | 5.0 | 13y ago | Absolute path traversal vulnerability in admin/viewmsg.php in PineApp Mail-SeCure allows remote attackers to read arbitrary files via a full pathname in the msg parameter. | |||
| CVE-2013-6821 | medium | — | 5.0 | 13y ago | Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2013-6815 | medium | — | 5.0 | 13y ago | The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to a… | |||
| CVE-2013-4560 | medium | — | 5.0 | 13y ago | Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory fai… | |||
| CVE-2013-4487 | medium | — | 5.0 | 13y ago | Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a r… | |||
| CVE-2013-4466 | medium | — | 5.0 | 13y ago | Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruptio… | |||
| CVE-2013-6630 | medium | — | 5.0 | 13y ago | The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during t… | |||
| CVE-2013-6629 | medium | — | 5.0 | 13y ago | The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain dup… | |||
| CVE-2013-4034 | medium | — | 5.0 | 13y ago | IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote authenticated users to read arbitr… | |||
| CVE-2013-3407 | medium | — | 5.0 | 13y ago | The web interface in Cisco Server Provisioner 6.4.0 Patch 5-1301292331 and earlier does not require authentication for unspecified pages, which allows remote attackers to obtain sensitive information… | |||
| CVE-2013-3030 | medium | — | 5.0 | 13y ago | The servlet gateway in IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote attackers t… | |||
| CVE-2013-2032 | medium | — | 5.0 | 13y ago | MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attacke… | |||
| CVE-2013-6789 | medium | — | 5.0 | 13y ago | security/MemberLoginForm.php in SilverStripe 3.0.3 supports credentials in a GET request, which allows remote or local attackers to obtain sensitive information by reading web-server access logs, web… | |||
| CVE-2013-3905 | medium | — | 5.0 | 13y ago | Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does not properly expand metadata contained in S/MIME certificates, which allows remote attackers to obtain sensitive network configura… | |||
| CVE-2013-3869 | medium | — | 5.0 | 13y ago | Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows R… | |||
| CVE-2013-5566 | medium | — | 5.0 | 13y ago | Cisco NX-OS 5.0 and earlier on MDS 9000 devices allows remote attackers to cause a denial of service (supervisor CPU consumption) via Authentication Header (AH) authentication in a Virtual Router Red… | |||
| CVE-2013-5562 | medium | — | 5.0 | 13y ago | The ITM web server in Cisco Prime Central for Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (temporary HTTP service outage) via a flood of TCP packets, aka … | |||
| CVE-2013-5564 | medium | — | 5.0 | 13y ago | The Java process in the Impact server in Cisco Prime Central for Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (process crash) via a flood of TCP packets, a… | |||
| CVE-2013-5561 | medium | — | 5.0 | 13y ago | The Safe Search enforcement feature in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security Software does not properly perform filtering, which allows remote attackers to bypass intended… | |||
| CVE-2013-4282 | medium | — | 5.0 | 13y ago | Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket. | |||
| CVE-2013-1084 | medium | — | 5.0 | 13y ago | Directory traversal vulnerability in the GetFle method in the umaninv service in Novell ZENworks Configuration Management (ZCM) 11.2.3 allows remote attackers to read arbitrary files via a .. (dot do… | |||
| CVE-2013-6076 | medium | — | 5.0 | 13y ago | strongSwan 5.0.2 through 5.1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and charon daemon crash) via a crafted IKEv1 fragmentation packet. | |||
| CVE-2013-6075 | medium | — | 5.0 | 13y ago | The compare_dn function in utils/identification.c in strongSwan 4.3.3 through 5.1.1 allows (1) remote attackers to cause a denial of service (out-of-bounds read, NULL pointer dereference, and daemon … |