CVEs from 2013
Total
5,687
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-0386 | medium | — | 6.8 | 14y ago | Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure. | |||
| CVE-2013-0384 | medium | — | 6.8 | 14y ago | Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to I… | |||
| CVE-2013-0836 | medium | — | 6.8 | 14y ago | Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.52, does not properly implement garbage collection, which allows remote attackers to cause a denial of service (application crash)… | |||
| CVE-2013-0828 | medium | — | 6.8 | 14y ago | The PDF functionality in Google Chrome before 24.0.1312.52 does not properly perform a cast of an unspecified variable during processing of the root of the structure tree, which allows remote attacke… | |||
| CVE-2013-0747 | medium | — | 6.8 | 14y ago | The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMon… | |||
| CVE-2013-1608 | medium | — | 6.7 | 13y ago | Directory traversal vulnerability in the Management Console on the Symantec NetBackup (NBU) appliance 2.0.x allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2013-3734 | medium | 6.6 | 6.6 | 9y ago | The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses, which might allow (1) man-in-the-middle attackers to obtain sensitive… | |||
| CVE-2013-2598 | medium | — | 6.6 | 12y ago | app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to overwrite s… | |||
| CVE-2013-6685 | medium | — | 6.6 | 13y ago | The firmware on Cisco Unified IP phones 8961, 9951, and 9971 uses weak permissions for memory block devices, which allows local users to gain privileges by mounting a device with a setuid file in its… | |||
| CVE-2013-5175 | medium | — | 6.6 | 13y ago | The kernel in Apple Mac OS X before 10.9 allows local users to obtain sensitive information or cause a denial of service (out-of-bounds read and system crash) via a crafted Mach-O file. | |||
| CVE-2013-5506 | medium | — | 6.6 | 13y ago | The authorization functionality in Cisco Firewall Services Module (FWSM) 3.1.x and 3.2.x before 3.2(25) and 4.x before 4.1(13), when multiple-context mode is enabled, allows local users to read or mo… | |||
| CVE-2013-5163 | medium | — | 6.6 | 13y ago | Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified vecto… | |||
| CVE-2013-4651 | medium | — | 6.6 | 13y ago | Siemens Scalance W7xx devices with firmware before 4.5.4 use the same hardcoded X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-… | |||
| CVE-2013-2786 | medium | — | 6.6 | 13y ago | Alstom Grid MiCOM S1 Agile before 1.0.3 and Alstom Grid MiCOM S1 Studio use weak permissions for the MiCOM S1 %PROGRAMFILES% directory, which allows local users to gain privileges via a Trojan horse … | |||
| CVE-2013-3399 | medium | — | 6.6 | 13y ago | Buffer overflow in an unspecified Android API on the Cisco Desktop Collaboration Experience DX650 allows attackers to execute arbitrary code via vectors that leverage incorrect memory allocation, aka… | |||
| CVE-2013-0687 | medium | — | 6.6 | 13y ago | The installer routine in Schneider Electric MiCOM S1 Studio uses world-writable permissions for executable files, which allows local users to modify the service or the configuration files, and conseq… | |||
| CVE-2013-1173 | medium | — | 6.6 | 13y ago | Heap-based buffer overflow in ciscod.exe in the Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) allows local users to gain privileges via unspecified vec… | |||
| CVE-2013-1172 | medium | — | 6.6 | 13y ago | The Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) does not properly verify files, which allows local users to gain privileges via unspecified vectors, … | |||
| CVE-2013-1762 | medium | — | 6.6 | 13y ago | stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary… | |||
| CVE-2013-0310 | medium | — | 6.6 | 14y ago | The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux kernel before 3.4.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have u… | |||
| CVE-2013-0400 | medium | — | 6.6 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Filesystem/cachefs. | |||
| CVE-2013-0399 | medium | — | 6.6 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Umount. | |||
| CVE-2013-0385 | medium | — | 6.6 | 14y ago | Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to… | |||
| CVE-2013-0270 | medium | 6.5 | 6.5 | 4y ago | A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This … | |||
| CVE-2013-7449 | medium | 6.5 | 6.5 | 10y ago | The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows m… | |||
| CVE-2013-7447 | medium | 6.5 | 6.5 | 10y ago | Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, all… | |||
| CVE-2013-7418 | medium | — | 6.5 | 12y ago | cgi-bin/iptablesgui.cgi in IPCop (aka IPCop Firewall) before 2.1.5 allows remote authenticated users to execute arbitrary code via shell metacharacters in the TABLE parameter. NOTE: this can be expl… | |||
| CVE-2013-6311 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-5465 | medium | — | 6.5 | 12y ago | IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, and 7.5.0.4 before IFIX011; S… | |||
| CVE-2013-4016 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027… | |||
| CVE-2013-4321 | medium | — | 6.5 | 12y ago | TYPO3 vulnerable to remote authenticated arbitrary code execution | |||
| CVE-2013-4250 | medium | — | 6.5 | 12y ago | TYPO3 doesn't properly check file extensions | |||
| CVE-2013-4546 | medium | — | 6.5 | 12y ago | The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL. | |||
| CVE-2013-0187 | medium | — | 6.5 | 12y ago | Foreman before 1.1 allows remote authenticated users to gain privileges via a (1) XMLHttpRequest or (2) AJAX request. | |||
| CVE-2013-7354 | medium | 6.5 | 6.5 | 12y ago | Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which tr… | |||
| CVE-2013-7353 | medium | 6.5 | 6.5 | 12y ago | Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash)… | |||
| CVE-2013-6469 | medium | — | 6.5 | 12y ago | JBoss Overlord Run Time Governance (RTGov) 1.0 for JBossAS allows remote authenticated users to execute arbitrary Java code via an MVFLEX Expression Language (MVEL) expression. NOTE: some of these d… | |||
| CVE-2013-6212 | medium | — | 6.5 | 12y ago | Unspecified vulnerability in HP Database and Middleware Automation 10.0, 10.01, 10.10, and 10.20 before 10.20.100 allows remote authenticated users to obtain sensitive information via unknown vectors. | |||
| CVE-2013-7196 | medium | — | 6.5 | 12y ago | static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote authenticated users to bypass intended "Only Me" restrictions and comment on a private publication via a request with a modified val[it… | |||
| CVE-2013-6468 | medium | — | 6.5 | 12y ago | JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a (1) MVFLEX Expression Language (MVEL) or… | |||
| CVE-2013-7344 | medium | — | 6.5 | 12y ago | Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue … | |||
| CVE-2013-0303 | medium | — | 6.5 | 12y ago | Unspecified vulnerability in core/ajax/translations.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: th… | |||
| CVE-2013-4058 | medium | — | 6.5 | 12y ago | Multiple SQL injection vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote authenticated users to execute arbitrary… | |||
| CVE-2013-2048 | medium | — | 6.5 | 12y ago | ownCloud before 5.0.6 does not properly check permissions, which allows remote authenticated users to execute arbitrary API commands via unspecified vectors. NOTE: this can be leveraged using CSRF t… | |||
| CVE-2013-1850 | medium | — | 6.5 | 12y ago | Multiple incomplete blacklist vulnerabilities in (1) import.php and (2) ajax/uploadimport.php in apps/contacts/ in ownCloud before 4.0.13 and 4.5.x before 4.5.8 allow remote authenticated users to ex… | |||
| CVE-2013-4189 | medium | — | 6.5 | 12y ago | Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get.py, and (3) traverseName.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users w… | |||
| CVE-2013-2046 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vector… | |||
| CVE-2013-2045 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-1893 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in addressbookprovider.php in ownCloud Server before 5.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to the cont… | |||
| CVE-2013-6720 | medium | — | 6.5 | 12y ago | Directory traversal vulnerability in download.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authent… | |||
| CVE-2013-6331 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in Algo… | |||
| CVE-2013-6302 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in Algo… | |||
| CVE-2013-5012 | medium | — | 6.5 | 13y ago | Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.2 allow remote authenticated users to execute arbitrary SQL commands via unspecif… | |||
| CVE-2013-4662 | medium | — | 6.5 | 13y ago | CiviCRM SQL injection vulnerability via Quick Search API | |||
| CVE-2013-2747 | medium | — | 6.5 | 13y ago | The password reset feature in Courion Access Risk Management Suite Version 8 Update 9 allows remote authenticated users to bypass intended Internet Explorer usage restrictions and execute arbitrary c… | |||
| CVE-2013-6931 | medium | — | 6.5 | 13y ago | SQL injection vulnerability in the API in Cybozu Garoon 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than … | |||
| CVE-2013-6930 | medium | — | 6.5 | 13y ago | SQL injection vulnerability in the page-navigation implementation in Cybozu Garoon 2.0.0 through 2.0.6, 2.1.0 through 2.1.3, 2.5.0 through 2.5.4, 3.0.0 through 3.0.3, 3.5.0 through 3.5.5, and 3.7.x b… | |||
| CVE-2013-7175 | medium | — | 6.5 | 13y ago | Multiple SQL injection vulnerabilities in Avanset Visual CertExam Manager 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) Title, (2) File name, or (3) C… | |||
| CVE-2013-7108 | medium | — | 6.5 | 13y ago | Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information… | |||
| CVE-2013-7106 | medium | — | 6.5 | 13y ago | Multiple stack-based buffer overflows in Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbit… | |||
| CVE-2013-6954 | medium | 6.5 | 6.5 | 13y ago | The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (… | |||
| CVE-2013-7242 | medium | — | 6.5 | 13y ago | SQL injection vulnerability in zp-core/zp-extensions/wordpress_import.php in Zenphoto before 1.4.5.4 allows remote authenticated administrators to execute arbitrary SQL commands via the tableprefix p… | |||
| CVE-2013-6983 | medium | — | 6.5 | 13y ago | SQL injection vulnerability in the web interface in Cisco Unified Presence Server allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh35615. | |||
| CVE-2013-6929 | medium | — | 6.5 | 13y ago | SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted API input. | |||
| CVE-2013-7225 | medium | — | 6.5 | 13y ago | Fat Free CRM vulnerable to SQL Injection | |||
| CVE-2013-7075 | medium | — | 6.5 | 13y ago | TYPO3 vulnerable to Insecure Unserialize via Content Editing Wizards component | |||
| CVE-2013-4404 | medium | — | 6.5 | 13y ago | cumin in Red Hat Enterprise MRG Grid 2.4 does not properly enforce user roles, which allows remote authenticated users to bypass intended role restrictions and obtain sensitive information or perform… | |||
| CVE-2013-5409 | medium | — | 6.5 | 13y ago | Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-7092 | medium | — | 6.5 | 13y ago | Multiple SQL injection vulnerabilities in /admin/cgi-bin/rpc/doReport/18 in McAfee Email Gateway 7.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) events_col, (2) eve… | |||
| CVE-2013-6001 | medium | — | 6.5 | 13y ago | SQL injection vulnerability in the Space function in Cybozu Garoon before 3.7 SP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-6176 | medium | — | 6.5 | 13y ago | Multiple SQL injection vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publ… | |||
| CVE-2013-5688 | medium | — | 6.5 | 13y ago | Multiple directory traversal vulnerabilities in index.php in AjaXplorer 5.0.2 and earlier allow remote authenticated users to read arbitrary files via a ../%00 (dot dot backslash encoded null byte) i… | |||
| CVE-2013-4489 | medium | — | 6.5 | 13y ago | GitLab Grit Gem for Ruby contains a flaw allowing arbitrary commands to be executed | |||
| CVE-2013-5525 | medium | — | 6.5 | 13y ago | SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a… | |||
| CVE-2013-4396 | medium | — | 6.5 | 13y ago | Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon … | |||
| CVE-2013-5381 | medium | — | 6.5 | 13y ago | IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to gain privileges via unspecified vectors. | |||
| CVE-2013-4027 | medium | — | 6.5 | 13y ago | IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors. | |||
| CVE-2013-4021 | medium | — | 6.5 | 13y ago | IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to conduct unspecified file-inclusion attacks via unknown vectors. | |||
| CVE-2013-4017 | medium | — | 6.5 | 13y ago | SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-3973 | medium | — | 6.5 | 13y ago | SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-3047 | medium | — | 6.5 | 13y ago | IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors. | |||
| CVE-2013-0451 | medium | — | 6.5 | 13y ago | SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 through 7.1.1.12 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-4222 | medium | — | 6.5 | 13y ago | OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users … | |||
| CVE-2013-4329 | medium | — | 6.5 | 13y ago | The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows loca… | |||
| CVE-2013-4619 | medium | — | 6.5 | 13y ago | Multiple SQL injection vulnerabilities in OpenEMR 4.1.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) start or (2) end parameter to interface/reports/custom_report_ra… | |||
| CVE-2013-5003 | medium | — | 6.5 | 13y ago | Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitrary SQL commands via (1) the scale parameter to pm… | |||
| CVE-2013-3033 | medium | — | 6.5 | 13y ago | SQL injection vulnerability in the server component in IBM Tivoli Remote Control 5.1.2 before 5.1.2-TIV-TRC512-IF0015 allows remote authenticated users to execute arbitrary SQL commands via unspecifi… | |||
| CVE-2013-3437 | medium | — | 6.5 | 13y ago | SQL injection vulnerability in the management application in Cisco Unified Operations Manager allows remote authenticated users to execute arbitrary SQL commands via an entry field, aka Bug ID CSCud8… | |||
| CVE-2013-3412 | medium | — | 6.5 | 13y ago | SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug I… | |||
| CVE-2013-3402 | medium | — | 6.5 | 13y ago | An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440. | |||
| CVE-2013-3789 | medium | — | 6.5 | 13y ago | Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect confidentiality, integ… | |||
| CVE-2013-3763 | medium | — | 6.5 | 13y ago | Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 7.4.0 and 7.5.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vec… | |||
| CVE-2013-4650 | medium | — | 6.5 | 13y ago | MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote authenticated users to obtain internal system privileges by leveraging a username of __system in an arbitrary database. | |||
| CVE-2013-2984 | medium | — | 6.5 | 13y ago | Directory traversal vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote authenticated users to read or modify files via unspecified vectors. | |||
| CVE-2013-2982 | medium | — | 6.5 | 13y ago | IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to upload arbitrary files via unspecified vectors. | |||
| CVE-2013-0560 | medium | — | 6.5 | 13y ago | Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to execute arbitrary SQL commands via unspecif… | |||
| CVE-2013-4604 | medium | — | 6.5 | 13y ago | Fortinet FortiOS before 5.0.3 on FortiGate devices does not properly restrict Guest capabilities, which allows remote authenticated users to read, modify, or delete the records of arbitrary users by … | |||
| CVE-2013-4609 | medium | — | 6.5 | 13y ago | REDCap before 5.0.4 and 5.1.x before 5.1.3 does not reject certain undocumented syntax within branching logic and calculations, which allows remote authenticated users to bypass intended access restr… | |||
| CVE-2013-2970 | medium | — | 6.5 | 13y ago | Unspecified vulnerability in IBM QRadar Security Information and Event Manager (SIEM) 7.x before 7.1 MR2 Patch 1 allows remote authenticated users to execute operating-system commands via unknown vec… | |||
| CVE-2013-3315 | medium | — | 6.5 | 13y ago | The server in TIBCO Silver Mobile 1.1.0 does not properly verify access to the administrator role before executing a command, which allows authenticated users to gain privileges via unspecified vecto… |