CVEs from 2013
Total
5,687
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-3585 | medium | — | 6.0 | 13y ago | Samsung Web Viewer for Samsung DVR devices stores credentials in cleartext, which allows context-dependent attackers to obtain sensitive information via vectors involving (1) direct access to a file … | |||
| CVE-2013-3369 | medium | — | 6.0 | 13y ago | Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote authenticated users with the permissions to view the administration pages to execute arbitrary private components via un… | |||
| CVE-2013-4230 | medium | — | 6.0 | 13y ago | The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authe… | |||
| CVE-2013-2160 | medium | — | 6.0 | 13y ago | Missing XML Validation in Apache CXF | |||
| CVE-2013-3319 | medium | — | 6.0 | 13y ago | The GetComputerSystem method in the HostControl service in SAP Netweaver 7.03 allows remote attackers to obtain sensitive information via a crafted SOAP request to TCP port 1128. | |||
| CVE-2013-3992 | medium | — | 6.0 | 13y ago | Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere BigInsights 2.0 through 2.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | |||
| CVE-2013-4124 | medium | — | 6.0 | 13y ago | Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (… | |||
| CVE-2013-3724 | medium | — | 6.0 | 13y ago | The mk_request_header_process function in mk_request.c in Monkey 1.1.1 allows remote attackers to cause a denial of service (thread crash and service outage) via a '\0' character in an HTTP request. | |||
| CVE-2013-4671 | medium | — | 6.0 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote authenticated users to hijack the authentication of un… | |||
| CVE-2013-3786 | medium | — | 6.0 | 13y ago | Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel. | |||
| CVE-2013-2765 | medium | — | 6.0 | 13y ago | The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request … | |||
| CVE-2013-4098 | medium | — | 6.0 | 13y ago | ServerAdmin/ErrorViewer.jsp in DS3 Authentication Server allow remote attackers to inject arbitrary error-page text via the message parameter. | |||
| CVE-2013-4097 | medium | — | 6.0 | 13y ago | ServerAdmin/TestDRConnection.jsp in DS3 Authentication Server allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in a -REG-E-OPEN error … | |||
| CVE-2013-4093 | medium | — | 6.0 | 13y ago | The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote attackers to obtain sensitive information via (1) a direct request to dwr/call/plaincall/Asyn… | |||
| CVE-2013-4092 | medium | — | 6.0 | 13y ago | The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows context-dependent attackers to obtain sensitive information by leveraging the presence of (1) a sess… | |||
| CVE-2013-2323 | medium | — | 6.0 | 13y ago | HP SQL/MX 3.0 through 3.2 on NonStop servers, when SQL/MP Objects are used, allows remote authenticated users to bypass intended access restrictions and modify data via unspecified vectors, aka the "… | |||
| CVE-2013-4615 | medium | — | 6.0 | 13y ago | The Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers allow remote attackers to cause a denial of service (device hang) via a crafted LAN_TXT24 parameter to English/… | |||
| CVE-2013-3575 | medium | — | 6.0 | 13y ago | hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary hpdiags/front… | |||
| CVE-2013-4074 | medium | — | 6.0 | 13y ago | The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an er… | |||
| CVE-2013-2851 | medium | — | 6.0 | 13y ago | Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string … | |||
| CVE-2013-2059 | medium | — | 6.0 | 13y ago | OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, w… | |||
| CVE-2013-0145 | medium | — | 6.0 | 13y ago | Buffer overflow in the TFTPD service in Serva32 2.1.0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long string in a read request. | |||
| CVE-2013-3336 | medium | — | 6.0 | 13y ago | Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors. | |||
| CVE-2013-1884 | medium | — | 6.0 | 13y ago | The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an inval… | |||
| CVE-2013-1847 | medium | — | 6.0 | 13y ago | The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an … | |||
| CVE-2013-3063 | medium | — | 6.0 | 13y ago | SAP BASIS Communication Services 4.6B through 7.30 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | |||
| CVE-2013-2419 | medium | — | 6.0 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allow… | |||
| CVE-2013-2398 | medium | — | 6.0 | 13y ago | Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknow… | |||
| CVE-2013-1551 | medium | — | 6.0 | 13y ago | Unspecified vulnerability in the Siebel Enterprise Application Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality, integrity, and a… | |||
| CVE-2013-1861 | medium | — | 6.0 | 13y ago | MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers… | |||
| CVE-2013-0489 | medium | — | 6.0 | 13y ago | Cross-site request forgery (CSRF) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote authenticated users to hijack the authentication of administrators. | |||
| CVE-2013-0335 | medium | — | 6.0 | 13y ago | OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM t… | |||
| CVE-2013-0332 | medium | — | 6.0 | 13y ago | Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) view, (2) request, or (3) action parameter. | |||
| CVE-2013-1863 | medium | — | 6.0 | 13y ago | Samba 4.x before 4.0.4, when configured as an Active Directory domain controller, uses world-writable permissions on non-default CIFS shares, which allows remote authenticated users to read, modify, … | |||
| CVE-2013-0226 | medium | — | 6.0 | 13y ago | The Keyboard Shortcut Utility module 7.x-1.x before 7.x-1.1 for Drupal does not properly check node restrictions, which allows (1) remote authenticated users with the "view shortcuts" permission to r… | |||
| CVE-2013-0206 | medium | — | 6.0 | 13y ago | Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x before 6.x-2.1 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "administer CSS" permissions to e… | |||
| CVE-2013-0477 | medium | — | 6.0 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 and 10.1 before FP1 and InfoSphere Master Data Management Server for Product … | |||
| CVE-2013-1402 | medium | — | 6.0 | 14y ago | DigiLIBE 3.4 and possibly other versions sends a redirect but does not exit, which allows remote attackers to obtain sensitive configuration information via a direct request to configuration/general_… | |||
| CVE-2013-0701 | medium | — | 6.0 | 14y ago | SQL injection vulnerability in Cybozu Garoon 2.5.0 through 3.5.3 allows remote authenticated users to execute arbitrary SQL commands by leveraging a logging privilege. | |||
| CVE-2013-0238 | medium | — | 6.0 | 14y ago | The try_parse_v4_netmask function in hostmask.c in IRCD-Hybrid before 8.0.6 does not properly validate masks, which allows remote attackers to cause a denial of service (crash) via a mask that causes… | |||
| CVE-2013-0415 | medium | — | 6.0 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Bind/Postinstall script for Bind packag… | |||
| CVE-2013-7440 | medium | 5.9 | 5.9 | 10y ago | The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof serve… | |||
| CVE-2013-6673 | medium | 5.9 | 5.9 | 13y ago | Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it e… | |||
| CVE-2013-4394 | medium | — | 5.9 | 13y ago | The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the … | |||
| CVE-2013-3661 | medium | — | 5.9 | 13y ago | The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Se… | |||
| CVE-2013-0411 | medium | — | 5.9 | 13y ago | Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via vectors related to RBAC Configuration. | |||
| CVE-2013-1909 | medium | — | 5.8 | 4y ago | The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which al… | |||
| CVE-2013-6078 | medium | — | 5.8 | 12y ago | The default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager (DPM) 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm, which mak… | |||
| CVE-2013-4596 | medium | — | 5.8 | 12y ago | The Node Access Keys module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote attackers to bypass access restrictions via a node listing. | |||
| CVE-2013-4347 | medium | — | 5.8 | 12y ago | The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess… | |||
| CVE-2013-6444 | medium | — | 5.8 | 12y ago | PyWBEM 0.7 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middl… | |||
| CVE-2013-6418 | medium | — | 5.8 | 12y ago | PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the-middle attackers to spoof a peer via an arbitrary certificate. | |||
| CVE-2013-7065 | medium | — | 5.8 | 12y ago | The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the … | |||
| CVE-2013-4723 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allows remote attackers to redirect users to arbitrary web sites … | |||
| CVE-2013-6456 | medium | — | 5.8 | 12y ago | The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the contain… | |||
| CVE-2013-0740 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in Dell OpenManage Server Administrator (OMSA) before 7.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the … | |||
| CVE-2013-2694 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in invite.php in the WP Symposium plugin 13.04 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the… | |||
| CVE-2013-2044 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in the Login Page (index.php) in ownCloud before 5.0.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redir… | |||
| CVE-2013-6442 | medium | — | 5.8 | 12y ago | The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass … | |||
| CVE-2013-4195 | medium | — | 5.8 | 12y ago | Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) publish.py, and (3) principiaredirect.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attac… | |||
| CVE-2013-4191 | medium | — | 5.8 | 12y ago | zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce access restrictions when including content in a zip archive, which allows remote attackers to o… | |||
| CVE-2013-6666 | medium | — | 5.8 | 12y ago | The PepperFlashRendererHost::OnNavigate function in renderer/pepper/pepper_flash_renderer_host.cc in Google Chrome before 33.0.1750.146 does not verify that all headers are Cross-Origin Resource Shar… | |||
| CVE-2013-4286 | medium | — | 5.8 | 12y ago | Apache Tomcat is vulnerable to HTTP request-smuggling | |||
| CVE-2013-4420 | medium | — | 5.8 | 13y ago | Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files via a .. (d… | |||
| CVE-2013-6396 | medium | — | 5.8 | 13y ago | The OpenStack Python client library for Swift (python-swiftclient) 1.0 through 1.9.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and… | |||
| CVE-2013-7328 | medium | — | 5.8 | 13y ago | Multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allow remote attackers to cause a denial of service (application crash) or obtain sensitive inf… | |||
| CVE-2013-6722 | medium | — | 5.8 | 13y ago | Unrestricted file upload vulnerability in the Registration/Edit My Profile portlet in IBM WebSphere Portal 7.x before 7.0.0.2 CF27 and 8.x through 8.0.0.1 CF09 allows remote attackers to cause a deni… | |||
| CVE-2013-6728 | medium | — | 5.8 | 13y ago | The charting component in IBM WebSphere Dashboard Framework (WDF) 6.1.5 and 7.0.1 allows remote attackers to view or delete image files by leveraging incorrect security constraints for a temporary di… | |||
| CVE-2013-1740 | medium | — | 5.8 | 13y ago | The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to sp… | |||
| CVE-2013-7255 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in Opsview before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||
| CVE-2013-6450 | medium | — | 5.8 | 13y ago | The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-t… | |||
| CVE-2013-6812 | medium | — | 5.8 | 13y ago | The ONEDC app before 1.7 for iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted… | |||
| CVE-2013-6006 | medium | — | 5.8 | 13y ago | Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request. | |||
| CVE-2013-7080 | medium | — | 5.8 | 13y ago | TYPO3 is vulnerable to Mass Assignment in the Extension table administration library | |||
| CVE-2013-7079 | medium | — | 5.8 | 13y ago | TYPO3 OpenID extension Open redirect vulnerability | |||
| CVE-2013-4046 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to redirect users to arbitrary web sites and conduct … | |||
| CVE-2013-7067 | medium | — | 5.8 | 13y ago | The OG Features module 6.x-1.x before 6.x-1.4 for Drupal does not properly override pages that have an access callback set to false, which allows remote attackers to bypass intended access restrictio… | |||
| CVE-2013-6966 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36031. | |||
| CVE-2013-6971 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul57140. | |||
| CVE-2013-6967 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in the mobile-browser subsystem in Cisco WebEx Sales Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified v… | |||
| CVE-2013-6959 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in Cisco WebEx Sales Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul25557. | |||
| CVE-2013-7085 | medium | — | 5.8 | 13y ago | Uscan in devscripts 2.13.5, when USCAN_EXCLUSION is enabled, allows remote attackers to delete arbitrary files via a whitespace character in a filename. | |||
| CVE-2013-6391 | medium | — | 5.8 | 13y ago | The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to … | |||
| CVE-2013-5611 | medium | — | 5.8 | 13y ago | Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing… | |||
| CVE-2013-6171 | medium | — | 5.8 | 13y ago | checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attachin… | |||
| CVE-2013-6389 | medium | — | 5.8 | 13y ago | Drupal has open redirect vulnerability in the Overlay module | |||
| CVE-2013-6918 | medium | — | 5.8 | 13y ago | The web interface on the Satechi travel router 1.5, when Wi-Fi is used for WAN access, exposes the console without authentication on the WAN IP address regardless of the "Web Management via WAN" sett… | |||
| CVE-2013-1058 | medium | — | 5.8 | 13y ago | maas-import-pxe-files in MAAS before 13.10 does not verify the integrity of downloaded files, which allows remote attackers to modify these files via a man-in-the-middle (MITM) attack. | |||
| CVE-2013-5999 | medium | — | 5.8 | 13y ago | Kingsoft KDrive Personal before 1.21.0.1880 on Windows does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information … | |||
| CVE-2013-6174 | medium | — | 5.8 | 13y ago | Multiple open redirect vulnerabilities in xAdmin in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Ed… | |||
| CVE-2013-6814 | medium | — | 5.8 | 13y ago | The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPP… | |||
| CVE-2013-6802 | medium | — | 5.8 | 13y ago | Google Chrome before 31.0.1650.57 allows remote attackers to bypass intended sandbox restrictions by leveraging access to a renderer process, as demonstrated during a Mobile Pwn2Own competition at Pa… | |||
| CVE-2013-5606 | medium | — | 5.8 | 13y ago | The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when… | |||
| CVE-2013-6798 | medium | — | 5.8 | 13y ago | BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not properly determine the user account for execution of Peer Manager in certain situations involving successive … | |||
| CVE-2013-6077 | medium | — | 5.8 | 13y ago | Citrix XenDesktop 7.0, when upgraded from XenDesktop 5.x, does not properly enforce policy rule permissions, which allows remote attackers to bypass intended restrictions. | |||
| CVE-2013-5431 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8 and Tivoli Federated Identity Manager Business Gateway… | |||
| CVE-2013-6020 | medium | — | 5.8 | 13y ago | passwordRequestPOST.jsp in Tyler Technologies TaxWeb 3.13.3.1 sends different HTTP status codes for invalid password-recovery requests depending on whether the user account exists, which allows remot… | |||
| CVE-2013-5189 | medium | — | 5.8 | 13y ago | Apple Mac OS X before 10.9 does not preserve a certain administrative system-preferences setting across software updates, which allows context-dependent attackers to bypass intended access restrictio… | |||
| CVE-2013-4390 | medium | — | 5.8 | 13y ago | Apache Sling Auth Core bundle vulnerable to Open Redirection | |||
| CVE-2013-5761 | medium | — | 5.8 | 13y ago | Unspecified vulnerability in the Siebel Core - Server BizLogic Script component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality and integrity via unknown vector… |