CVEs from 2013
Total
5,684
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-3056 | medium | — | 4.0 | 13y ago | Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and delete the private messages of arbitrary users via unspecified vecto… | |||
| CVE-2013-1234 | medium | — | 4.0 | 13y ago | The SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (process restart) via crafted SNMP packets, aka Bug ID CSCue69472. | |||
| CVE-2013-1846 | medium | — | 4.0 | 13y ago | The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash… | |||
| CVE-2013-0305 | medium | — | 4.0 | 13y ago | The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated a… | |||
| CVE-2013-1216 | medium | — | 4.0 | 13y ago | Memory leak in the SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (memory consumption and process restart) via crafted SNMP packets, aka Bug ID CSCue31546. | |||
| CVE-2013-0544 | medium | — | 4.0 | 13y ago | Directory traversal vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux… | |||
| CVE-2013-1416 | medium | — | 4.0 | 13y ago | The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allow… | |||
| CVE-2013-2441 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in the Agile EDM component in Oracle Supply Chain Products Suite 6.1.1.0, 6.1.2.0, and 6.1.2.2 allows remote authenticated users to affect integrity via unknown vectors rela… | |||
| CVE-2013-2410 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Ab… | |||
| CVE-2013-2399 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in the Siebel Call Center component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via vectors related to Email - COMM Serv… | |||
| CVE-2013-2392 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server… | |||
| CVE-2013-2389 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. | |||
| CVE-2013-2385 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect confidentiality via vec… | |||
| CVE-2013-2376 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure. | |||
| CVE-2013-2374 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote authenticated users to affect integrity via unknown vecto… | |||
| CVE-2013-1568 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 5.3.3, 6.0.1, and 6.2.0 allows remote authenticated users to affect avail… | |||
| CVE-2013-1562 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect integrity via vectors r… | |||
| CVE-2013-1555 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and 5.5.29 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Partition. | |||
| CVE-2013-1544 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data M… | |||
| CVE-2013-1543 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Open UI … | |||
| CVE-2013-1536 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.05 and 6.2 allows remote authenticated users to affect confidentiality via unknow… | |||
| CVE-2013-1532 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Inform… | |||
| CVE-2013-1527 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote authenticated users to affect confidentiality via unknown… | |||
| CVE-2013-1526 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication. | |||
| CVE-2013-1525 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in the Oracle Retail Integration Bus component in Oracle Industry Applications 13.0, 13.1, and 13.2 allows remote authenticated users to affect confidentiality via unknown v… | |||
| CVE-2013-1516 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in the Oracle WebCenter Capture component in Oracle Fusion Middleware 10.1.3.5.1 allows remote authenticated users to affect availability via unknown vectors related to Impo… | |||
| CVE-2013-1514 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote authenticated users to affect integrity via vectors related to RMI Support. | |||
| CVE-2013-1512 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language. | |||
| CVE-2013-0416 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in the Siebel Enterprise Application Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vecto… | |||
| CVE-2013-0470 | medium | — | 4.0 | 13y ago | HTTPD in IBM Netezza Performance Portal 1.0.2 allows remote authenticated users to list application directories containing asset files via a direct request to a directory URI, as demonstrated by list… | |||
| CVE-2013-1901 | medium | — | 4.0 | 13y ago | PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) … | |||
| CVE-2013-2761 | medium | — | 4.0 | 13y ago | The Schneider Electric M340 BMXNOE01xx and BMXP3420xx PLC modules allow remote authenticated users to cause a denial of service (module crash) via crafted FTP traffic, as demonstrated by the FileZill… | |||
| CVE-2013-0454 | medium | — | 4.0 | 13y ago | The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS sh… | |||
| CVE-2013-1834 | medium | — | 4.0 | 13y ago | Moodle allows remote authenticated users to reassign notes | |||
| CVE-2013-1832 | medium | — | 4.0 | 13y ago | Moodle includes the WebDAV password in the configuration form | |||
| CVE-2013-1829 | medium | — | 4.0 | 13y ago | calendar/managesubscriptions.php in Moodle 2.4.x before 2.4.2 does not consider capability requirements before displaying calendar subscriptions, which allows remote authenticated users to obtain pot… | |||
| CVE-2013-0679 | medium | — | 4.0 | 13y ago | Directory traversal vulnerability in the web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote authenticated users to read arbitrary files v… | |||
| CVE-2013-0678 | medium | — | 4.0 | 13y ago | Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly represent WebNavigator credentials in a database, which makes it easier for remote authenticated… | |||
| CVE-2013-0676 | medium | — | 4.0 | 13y ago | Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote auth… | |||
| CVE-2013-0671 | medium | — | 4.0 | 13y ago | Directory traversal vulnerability in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to read HMI web-application source code and user-defined scripts via a crafted URL. | |||
| CVE-2013-0669 | medium | — | 4.0 | 13y ago | The HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to cause a denial of service (daemon crash) via a crafted HTTP request. | |||
| CVE-2013-0715 | medium | — | 4.0 | 13y ago | The WebCLI component in Wind River VxWorks 5.5 through 6.9 allows remote authenticated users to cause a denial of service (CLI session crash) via a crafted command string. | |||
| CVE-2013-2275 | medium | — | 4.0 | 13y ago | The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows r… | |||
| CVE-2013-0331 | medium | — | 4.0 | 13y ago | Jenkins Vulnerable to Denial of Service (DoS) via Crafted Payload | |||
| CVE-2013-0330 | medium | — | 4.0 | 13y ago | Jenkins allows Remote Users to Build Arbitrary Jobs | |||
| CVE-2013-0168 | medium | — | 4.0 | 13y ago | The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to … | |||
| CVE-2013-1774 | medium | — | 4.0 | 14y ago | The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /de… | |||
| CVE-2013-1772 | medium | — | 4.0 | 14y ago | The log_prefix function in kernel/printk.c in the Linux kernel 3.x before 3.4.33 does not properly remove a prefix string from a syslog header, which allows local users to cause a denial of service (… | |||
| CVE-2013-1139 | medium | — | 4.0 | 14y ago | The nsAPI interface in Cisco Cloud Portal 9.1 SP1 and SP2, and 9.3 through 9.3.2, does not properly check privileges, which allows remote authenticated users to obtain sensitive information via a cra… | |||
| CVE-2013-0212 | medium | — | 4.0 | 14y ago | OpenStack Glance logs user name and password in cleartext | |||
| CVE-2013-0467 | medium | — | 4.0 | 14y ago | IBM Eclipse Help System (IEHS), as used in IBM Data Studio 3.1 and 3.1.1 and other products, allows remote authenticated users to read source code via a crafted URL. | |||
| CVE-2013-2506 | medium | — | 4.0 | 14y ago | spree_auth_devise allows remote authenticated users to assign themselves arbitrary roles | |||
| CVE-2013-0776 | medium | — | 4.0 | 14y ago | Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the ad… | |||
| CVE-2013-1624 | medium | — | 4.0 | 14y ago | Improper Input Validation in Bouncy Castle | |||
| CVE-2013-1619 | medium | — | 4.0 | 14y ago | The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the pr… | |||
| CVE-2013-1618 | medium | — | 4.0 | 14y ago | The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed CBC padding, which allows remote attack… | |||
| CVE-2013-1107 | medium | — | 4.0 | 14y ago | The search function in Cisco Webex Social (formerly Cisco Quad) allows remote authenticated users to read files via unspecified parameters, aka Bug ID CSCud40235. | |||
| CVE-2013-0443 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 an… | |||
| CVE-2013-1450 | medium | — | 4.0 | 14y ago | Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not properly reuse TCP sessions to the proxy se… | |||
| CVE-2013-1110 | medium | — | 4.0 | 14y ago | Cisco WebEx Training Center allow remote authenticated users to bypass intended privilege restrictions and (1) enable or (2) disable training-center recordings via a crafted URL, aka Bug ID CSCzu8106… | |||
| CVE-2013-1108 | medium | — | 4.0 | 14y ago | Cisco WebEx Training Center allows remote authenticated users to remove hands-on lab-session reservations via a crafted URL, aka Bug ID CSCzu81064. | |||
| CVE-2013-0395 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect integrity via unknown vectors related to Secu… | |||
| CVE-2013-0371 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability, related to MyISAM. | |||
| CVE-2013-0368 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. | |||
| CVE-2013-0367 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition. | |||
| CVE-2013-0365 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security. | |||
| CVE-2013-3918 | unknown | — | 2.5 | 8mo ago | Microsoft Windows contains an out-of-bounds write vulnerability in the InformationCardSigninHelper Class ActiveX control, icardie.dll. An attacker could exploit the vulnerability by constructing a sp… | |||
| CVE-2013-3893 | unknown | — | 2.5 | 10mo ago | Microsoft Internet Explorer contains a memory corruption vulnerability that allows for remote code execution. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users shoul… | |||
| CVE-2013-3163 | unknown | — | 2.5 | 3y ago | Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial of service via a crafted website. | |||
| CVE-2013-6282 | unknown | — | 2.5 | 4y ago | The get_user and put_user API functions of the Linux kernel fail to validate the target address when being used on ARM v6k/v7 platforms. This allows an application to read and write kernel memory whi… | |||
| CVE-2013-2094 | unknown | — | 2.5 | 4y ago | Linux kernel fails to check all 64 bits of attr.config passed by user space, resulting to out-of-bounds access of the perf_swevent_enabled array in sw_perf_event_destroy(). Explotation allows for pri… | |||
| CVE-2013-0431 | unknown | — | 2.5 | 4y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle allows remote attackers to bypass the Java security sandbox. | |||
| CVE-2013-0422 | unknown | — | 2.5 | 4y ago | A vulnerability in the way Java restricts the permissions of Java applets could allow an attacker to execute commands on a vulnerable system. | |||
| CVE-2013-0074 | unknown | — | 2.5 | 4y ago | Microsoft Silverlight does not properly validate pointers during HTML object rendering, which allows remote attackers to execute code via a crafted Silverlight application. | |||
| CVE-2013-2423 | unknown | — | 2.5 | 4y ago | Unspecified vulnerability in hotspot for Java Runtime Environment (JRE) allows remote attackers to affect integrity. | |||
| CVE-2013-7331 | unknown | — | 2.5 | 4y ago | An information disclosure vulnerability exists in Internet Explorer which allows resources loaded into memory to be queried. This vulnerability could allow an attacker to detect anti-malware applicat… | |||
| CVE-2013-3896 | unknown | — | 2.5 | 4y ago | Microsoft Silverlight does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application. | |||
| CVE-2013-2251 | unknown | — | 2.5 | 4y ago | Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language (OGNL) expressions. | |||
| CVE-2013-2465 | unknown | — | 2.5 | 4y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related … | |||
| CVE-2013-1690 | unknown | — | 2.5 | 4y ago | Mozilla Firefox and Thunderbird do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial-of-service (DoS) or possibly execu… | |||
| CVE-2013-2551 | unknown | — | 2.5 | 4y ago | Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute remote code via a crafted web site that triggers access to a deleted object. | |||
| CVE-2013-2729 | unknown | — | 2.5 | 4y ago | Integer overflow vulnerability in Adobe Reader and Acrobat allows attackers to execute remote code. | |||
| CVE-2013-3660 | unknown | — | 2.5 | 4y ago | The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft does not properly initialize a pointer for the next object in a certain list, which allows local users to ga… | |||
| CVE-2013-5223 | unknown | — | 2.5 | 4y ago | A cross-site scripting (XSS) vulnerability exists in the D-Link DSL-2760U gateway, allowing remote authenticated users to inject arbitrary web script or HTML. | |||
| CVE-2013-4810 | unknown | — | 2.5 | 4y ago | HP ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet … | |||
| CVE-2013-0629 | unknown | — | 2.5 | 4y ago | Adobe Coldfusion contains a directory traversal vulnerability, which could permit an unauthorized user access to restricted directories. | |||
| CVE-2013-0625 | unknown | — | 2.5 | 4y ago | Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access. | |||
| CVE-2013-0640 | unknown | — | 2.5 | 4y ago | An memory corruption vulnerability exists in the acroform.dll in Adobe Reader that allows an attacker to perform remote code execution. | |||
| CVE-2013-3897 | unknown | — | 2.5 | 4y ago | A use-after-free vulnerability exists within CDisplayPointer in Microsoft Internet Explorer that allows an attacker to remotely execute arbitrary code. | |||
| CVE-2013-0632 | unknown | — | 2.5 | 4y ago | An authentication bypass vulnerability exists in Adobe ColdFusion which could result in an unauthorized user gaining administrative access. | |||
| CVE-2013-5065 | unknown | — | 2.5 | 4y ago | Microsoft Windows NDProxy.sys in the kernel contains an improper input validation vulnerability which can allow a local attacker to escalate privileges. | |||
| CVE-2013-1347 | unknown | — | 2.5 | 4y ago | This vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. | |||
| CVE-2013-3346 | unknown | — | 2.5 | 4y ago | Adobe Reader and Acrobat contain a memory corruption vulnerability which can allow attackers to execute arbitrary code or cause a denial of service. | |||
| CVE-2013-3906 | unknown | — | 2.5 | 4y ago | Microsoft Graphics Component contains a memory corruption vulnerability which can allow for remote code execution. | |||
| CVE-2013-0648 | unknown | — | 1.5 | 2y ago | Adobe Flash Player contains an unspecified vulnerability in the ExternalInterface ActionScript functionality that allows a remote attacker to execute arbitrary code via crafted SWF content. | |||
| CVE-2013-0643 | unknown | — | 1.5 | 2y ago | Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote attacker to execute arbitrary code via crafted SWF content. | |||
| CVE-2013-2597 | unknown | — | 1.5 | 4y ago | The Code Aurora audio calibration database (acdb) audio driver contains a stack-based buffer overflow vulnerability that allows for privilege escalation. Code Aurora is used in third-party products s… | |||
| CVE-2013-2596 | unknown | — | 1.5 | 4y ago | Linux kernel fb_mmap function in drivers/video/fbmem.c contains an integer overflow vulnerability that allows for privilege escalation. | |||
| CVE-2013-1331 | unknown | — | 1.5 | 4y ago | Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via crafted PNG data in an Office document. | |||
| CVE-2013-3993 | unknown | — | 1.5 | 4y ago | Certain APIs within BigInsights can take invalid input that might allow attackers unauthorized access to read, write, modify, or delete data. |