CVEs from 2013
Total
5,687
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-1572 | low | — | 2.9 | 14y ago | The dissect_oampdu_event_notification function in epan/dissectors/packet-slowprotocols.c in the IEEE 802.3 Slow Protocols dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not pr… | |||
| CVE-2013-6398 | low | — | 2.8 | 13y ago | The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions v… | |||
| CVE-2013-1506 | low | — | 2.8 | 13y ago | Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server… | |||
| CVE-2013-4375 | low | — | 2.7 | 13y ago | The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) v… | |||
| CVE-2013-5875 | low | — | 2.7 | 13y ago | Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect integrity and availability via vectors related to Role Based Access Control (RBAC). | |||
| CVE-2013-4236 | low | — | 2.7 | 13y ago | VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via invalid XML characters in a guest agent respons… | |||
| CVE-2013-0167 | low | — | 2.7 | 13y ago | VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via guestInfo dictionaries with "unexpected fields." | |||
| CVE-2013-4678 | low | — | 2.7 | 13y ago | The NDMP protocol implementation in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote authenticated users to obtain sensitive host-version information via unspecified … | |||
| CVE-2013-4504 | low | — | 2.6 | 12y ago | The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL. | |||
| CVE-2013-3571 | low | — | 2.6 | 12y ago | socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor co… | |||
| CVE-2013-5951 | low | — | 2.6 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer 2.1.3, when used as a component for Joomla!, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) ap… | |||
| CVE-2013-7078 | low | — | 2.6 | 13y ago | TYPO3 Cross-site scripting (XSS) vulnerability in the Extbase Framework | |||
| CVE-2013-0244 | low | — | 2.6 | 13y ago | Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and 7.x before 7.19, when running with older versions of jQuery that are vulnerable to CVE-2011-4969, allows remote attackers to inj… | |||
| CVE-2013-2037 | low | — | 2.6 | 13y ago | httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the … | |||
| CVE-2013-2139 | low | — | 2.6 | 13y ago | Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from… | |||
| CVE-2013-5808 | low | — | 2.6 | 13y ago | Unspecified vulnerability in the Oracle iPlanet Web Proxy Server component in Oracle Fusion Middleware 4.0 allows remote attackers to affect confidentiality via unknown vectors related to Administrat… | |||
| CVE-2013-5908 | low | — | 2.6 | 13y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vecto… | |||
| CVE-2013-4065 | low | — | 2.6 | 13y ago | Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote attackers to inject arbitrary web scrip… | |||
| CVE-2013-4505 | low | — | 2.6 | 13y ago | The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a den… | |||
| CVE-2013-2061 | low | — | 2.6 | 13y ago | The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparis… | |||
| CVE-2013-5183 | low | — | 2.6 | 13y ago | Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled, sends invalid cleartext data, which allows remote attackers to obtain sensitive information by sniffin… | |||
| CVE-2013-2236 | low | — | 2.6 | 13y ago | Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allow… | |||
| CVE-2013-5854 | low | — | 2.6 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality via unknown vectors. | |||
| CVE-2013-5803 | low | — | 2.6 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40… | |||
| CVE-2013-5772 | low | — | 2.6 | 13y ago | Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to j… | |||
| CVE-2013-2207 | low | — | 2.6 | 13y ago | pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbit… | |||
| CVE-2013-5679 | low | — | 2.6 | 13y ago | Missing Cryptographic Step in OWASP Enterprise Security API for Java | |||
| CVE-2013-5137 | low | — | 2.6 | 13y ago | IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API. | |||
| CVE-2013-1729 | low | — | 2.6 | 13y ago | The WebGL implementation in Mozilla Firefox before 24.0, when NVIDIA graphics drivers are used on Mac OS X, allows remote attackers to obtain desktop-screenshot data by reading from a CANVAS element. | |||
| CVE-2013-2988 | low | — | 2.6 | 13y ago | Absolute path traversal vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to read files by leveraging the Re… | |||
| CVE-2013-5587 | low | — | 2.6 | 13y ago | Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket… | |||
| CVE-2013-5315 | low | — | 2.6 | 13y ago | Cross-site scripting (XSS) vulnerability in the Resource Manager in the MEE submodule (mee.module) in the Scald module 6.x-1.x before 6.x-1.0-beta3 and 7.x-1.x before 7.x-1.1 for Drupal allows remote… | |||
| CVE-2013-5309 | low | — | 2.6 | 13y ago | Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web sc… | |||
| CVE-2013-4944 | low | — | 2.6 | 13y ago | Cross-site scripting (XSS) vulnerability in the BuddyPress Extended Friendship Request plugin before 1.0.2 for WordPress, when the "Friend Connections" component is enabled, allows remote attackers t… | |||
| CVE-2013-4877 | low | — | 2.6 | 13y ago | The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and condu… | |||
| CVE-2013-2051 | low | — | 2.6 | 13y ago | The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce becom… | |||
| CVE-2013-2318 | low | — | 2.6 | 13y ago | The Content Provider in the MovatwiTouch application before 1.793 and MovatwiTouch Paid application before 1.793 for Android does not properly restrict access to authorization information, which allo… | |||
| CVE-2013-2071 | low | — | 2.6 | 13y ago | Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat | |||
| CVE-2013-1897 | low | — | 2.6 | 13y ago | The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anony… | |||
| CVE-2013-1517 | low | — | 2.6 | 13y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality via unknown vec… | |||
| CVE-2013-0181 | low | — | 2.6 | 13y ago | Cross-site scripting (XSS) vulnerability in Views in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal, when using certain backends and facets, allows remote attackers to inject ar… | |||
| CVE-2013-0158 | low | — | 2.6 | 14y ago | Jenkins allows attackers to obtain the master cryptographic key | |||
| CVE-2013-0466 | low | — | 2.6 | 14y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Message Broker 7.0 before 7.0.0.6 and 8.0 before 8.0.0.2, when wsdl support is enabled on a SOAPInput node, allows remote attackers to inject… | |||
| CVE-2013-0169 | low | — | 2.6 | 14y ago | The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirem… | |||
| CVE-2013-0962 | low | — | 2.6 | 14y ago | Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 6.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted content that is not properly handle… | |||
| CVE-2013-5791 | low | — | 2.5 | 13y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors relat… | |||
| CVE-2013-7393 | low | — | 2.4 | 12y ago | The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfil… | |||
| CVE-2013-4262 | low | — | 2.4 | 12y ago | svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this i… | |||
| CVE-2013-5762 | low | — | 2.4 | 13y ago | Unspecified vulnerability in the Oracle Siebel CTMS component in Oracle Industry Applications 8.1.1.x allows local users to affect confidentiality and availability via unknown vectors related to SC-O… | |||
| CVE-2013-0420 | low | — | 2.4 | 14y ago | Unspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2 allows local users to affect integrity and availability via unknown vectors related to Core. NOTE: Th… | |||
| CVE-2013-4377 | low | — | 2.3 | 13y ago | Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by "hot-unplugging" a virtio device. | |||
| CVE-2013-0572 | low | — | 2.3 | 13y ago | Cross-site scripting (XSS) vulnerability in IBM Document Connect for Application Support Facility (aka DC4ASF) before 1.0.0.1218 in Application Support Facility (ASF) 3.4 for z/OS on Windows, Linux, … | |||
| CVE-2013-4463 | low | — | 2.1 | 4y ago | OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumpti… | |||
| CVE-2013-1888 | low | — | 2.1 | 4y ago | pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory. | |||
| CVE-2013-7421 | low | — | 2.1 | 11y ago | The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different… | |||
| CVE-2013-6494 | low | — | 2.1 | 12y ago | fedup 0.9.0 in Fedora 19, 20, and 21 uses a temporary directory with a static name for its download cache, which allows local users to cause a denial of service (prevention of system updates). | |||
| CVE-2013-6497 | low | — | 2.1 | 12y ago | clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file. | |||
| CVE-2013-6223 | low | — | 2.1 | 12y ago | LiveZilla before 5.1.1.0 stores the admin Base64 encoded username and password in a 1click file, which allows local users to obtain access by reading the file. | |||
| CVE-2013-2563 | low | — | 2.1 | 12y ago | Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file. | |||
| CVE-2013-2562 | low | — | 2.1 | 12y ago | Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors. | |||
| CVE-2013-4143 | low | — | 2.1 | 12y ago | The (1) checkPasswd and (2) checkGroupXlockPasswds functions in xlockmore before 5.43 do not properly handle when a NULL value is returned upon an error by the crypt or dispcrypt function as implemen… | |||
| CVE-2013-4380 | low | — | 2.1 | 12y ago | Cross-site scripting (XSS) vulnerability in the MediaFront module 6.x-1.x before 6.x-1.6, 7.x-1.x before 7.x-1.6, and 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "adm… | |||
| CVE-2013-4427 | low | — | 2.1 | 12y ago | pyxtrlock before 0.2 does not properly check the return values of the (1) xcb_grab_pointer and (2) xcb_grab_keyboard XCB library functions, which allows physically proximate attackers to gain access … | |||
| CVE-2013-4498 | low | — | 2.1 | 12y ago | The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes t… | |||
| CVE-2013-1810 | low | — | 2.1 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in core/summary_api.php in MantisBT 1.2.12 allow remote authenticated users with manager or administrator permissions to inject arbitrary web scrip… | |||
| CVE-2013-4455 | low | — | 2.1 | 12y ago | Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node, which allows local users to obtain the private key by readi… | |||
| CVE-2013-4503 | low | — | 2.1 | 12y ago | Cross-site scripting (XSS) vulnerability in the Feed Element Mapper module for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTM… | |||
| CVE-2013-4577 | low | — | 2.1 | 12y ago | A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the f… | |||
| CVE-2013-6372 | low | — | 2.1 | 12y ago | Jenkins Subversion Plugin Stores Credentials with Base64 Encoding | |||
| CVE-2013-0345 | low | — | 2.1 | 12y ago | varnish 3.0.3 uses world-readable permissions for the /var/log/varnish/ directory and the log files in the directory, which allows local users to obtain sensitive information by reading the files. N… | |||
| CVE-2013-7273 | low | — | 2.1 | 12y ago | GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a … | |||
| CVE-2013-7064 | low | — | 2.1 | 12y ago | Cross-site scripting (XSS) vulnerability in the EU Cookie Compliance module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated administrators with the "Administer EU Cookie Compliance pop… | |||
| CVE-2013-4285 | low | — | 2.1 | 12y ago | A certain Gentoo patch for the PAM S/Key module does not properly clear credentials from memory, which allows local users to obtain sensitive information by reading system memory. | |||
| CVE-2013-1764 | low | — | 2.1 | 12y ago | The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to downgrade packages via the "install updates" method. | |||
| CVE-2013-6216 | low | — | 2.1 | 12y ago | Unspecified vulnerability in HP Array Configuration Utility, Array Diagnostics Utility, ProLiant Array Diagnostics, and SmartSSD Wear Gauge Utility 9.40 and earlier allows local users to gain privile… | |||
| CVE-2013-2033 | low | — | 2.1 | 12y ago | Jenkins vulnerable to Cross-site Scripting | |||
| CVE-2013-3976 | low | — | 2.1 | 12y ago | The (1) Data Protection for Exchange component 6.1 before 6.1.3.4 and 6.3 before 6.3.1 in IBM Tivoli Storage Manager for Mail and the (2) FlashCopy Manager for Exchange component 2.2 and 3.1 before 3… | |||
| CVE-2013-2047 | low | — | 2.1 | 12y ago | The login page (aka index.php) in ownCloud before 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate attackers to guess the pas… | |||
| CVE-2013-1822 | low | — | 2.1 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.8 allow remote authenticated users with administrator privileges to inject arbitrary web script or HTML via the (1) qu… | |||
| CVE-2013-6493 | low | — | 2.1 | 12y ago | The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a tem… | |||
| CVE-2013-1069 | low | — | 2.1 | 13y ago | Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 uses world-readable permissions for txlongpoll.yaml, which allows local users to obtain RabbitMQ authentication credentials by reading the file. | |||
| CVE-2013-0346 | low | — | 2.1 | 13y ago | Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor ha… | |||
| CVE-2013-4331 | low | — | 2.1 | 13y ago | Light Display Manager (aka LightDM) 1.4.x before 1.4.3, 1.6.x before 1.6.2, and 1.7.x before 1.7.14 uses 0664 permissions for the temporary .Xauthority file, which allows local users to obtain sensit… | |||
| CVE-2013-4383 | low | — | 2.1 | 13y ago | Cross-site scripting (XSS) vulnerability in the jQuery Countdown module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "access administration pages" permission to inject… | |||
| CVE-2013-1853 | low | — | 2.1 | 13y ago | Almanah Diary 0.9.0 and 0.10.0 does not encrypt the database when closed, which allows local users to obtain sensitive information by reading the database. | |||
| CVE-2013-5371 | low | — | 2.1 | 13y ago | The client in IBM Tivoli Storage Manager (TSM) 6.3.1 and 6.4.0 on Windows does not preserve permissions of Resilient File System (ReFS) files across backup and restore operations, which allows local … | |||
| CVE-2013-0157 | low | — | 2.1 | 13y ago | (a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line … | |||
| CVE-2013-5429 | low | — | 2.1 | 13y ago | The Risk Based Access functionality in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.2 before FP9 does not prevent … | |||
| CVE-2013-5872 | low | — | 2.1 | 13y ago | Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to Name Service Cache Daemon (NSCD). | |||
| CVE-2013-6436 | low | — | 2.1 | 13y ago | The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to c… | |||
| CVE-2013-4969 | low | — | 2.1 | 13y ago | Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files. | |||
| CVE-2013-6402 | low | — | 2.1 | 13y ago | base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file. | |||
| CVE-2013-6181 | low | — | 2.1 | 13y ago | EMC Watch4Net before 6.3 stores cleartext polled-device passwords in the installation repository, which allows local users to obtain sensitive information by leveraging repository privileges. | |||
| CVE-2013-2030 | low | — | 2.1 | 13y ago | keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre… | |||
| CVE-2013-6387 | low | — | 2.1 | 13y ago | Cross-site scripting (XSS) vulnerability in the Image module in Drupal 7.x before 7.24 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the descri… | |||
| CVE-2013-4452 | low | — | 2.1 | 13y ago | Red Hat JBoss Operations Network 3.1.2 uses world-readable permissions for the (1) server and (2) agent configuration files, which allows local users to obtain authentication credentials and other un… | |||
| CVE-2013-4064 | low | — | 2.1 | 13y ago | Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote authenticated users to inject arbitrary… | |||
| CVE-2013-4576 | low | — | 2.1 | 13y ago | GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a … | |||
| CVE-2013-5440 | low | — | 2.1 | 13y ago | IBM InfoSphere Information Server 8.0, 8.1, 8.5, 8.7, and 9.1 allows local users to obtain sensitive information in opportunistic circumstances by leveraging the presence of file content after a fail… | |||
| CVE-2013-7128 | low | — | 2.1 | 13y ago | Valve Bug Reporter in the valve-bugreporter package 2.10+bsos1 in Valve SteamOS Beta stores cleartext credentials in a .valve-bugreporter.cfg file upon a Remember Credentials action, which allows loc… |