| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2013-1000 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitra... | | |
| CVE-2013-1001 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitra... | | |
| CVE-2013-1002 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitra... | | |
| CVE-2013-1003 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitra... | | |
| CVE-2013-1004 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitra... | | |
| CVE-2013-1005 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitra... | | |
| CVE-2013-1006 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitra... | | |
| CVE-2013-1007 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitra... | | |
| CVE-2013-1008 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitra... | | |
| CVE-2013-1009 | WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or c... | | |
| CVE-2013-1010 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitra... | | |
| CVE-2013-1011 | WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitra... | | |
| CVE-2013-1012 | Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attack... | | |
| CVE-2013-1013 | XSS Auditor in WebKit in Apple Safari before 6.0.5 does not properly rewrite URLs, which allows remo... | | |
| CVE-2013-1014 | Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-midd... | | |
| CVE-2013-1015 | Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of ... | | |
| CVE-2013-1016 | Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or... | | |
| CVE-2013-1017 | Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or... | | |
| CVE-2013-1018 | Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or... | | |
| CVE-2013-1019 | Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or... | | |
| CVE-2013-1020 | Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of ... | | |
| CVE-2013-1021 | Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or... | | |
| CVE-2013-1022 | Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or... | | |
| CVE-2013-1023 | WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or c... | | |
| CVE-2013-1024 | CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the pr... | | |
| CVE-2013-1025 | Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute a... | | |
| CVE-2013-1026 | Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitr... | | |
| CVE-2013-1027 | Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation af... | S | |
| CVE-2013-1028 | The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify ... | | |
| CVE-2013-1029 | The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to cause a denial of service (pan... | | |
| CVE-2013-1030 | mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the comma... | S | |
| CVE-2013-1031 | Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences ... | S | |
| CVE-2013-1032 | QuickTime in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause... | | |
| CVE-2013-1033 | Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote au... | | |
| CVE-2013-1034 | Multiple cross-site scripting (XSS) vulnerabilities in Wiki Server in Apple Mac OS X Server before 2... | | |
| CVE-2013-1035 | The iTunes ActiveX control in Apple iTunes before 11.1 allows remote attackers to execute arbitrary ... | S | |
| CVE-2013-1036 | Safari in Apple iOS before 7 allows remote attackers to execute arbitrary code or cause a denial of ... | | |
| CVE-2013-1037 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a ... | | |
| CVE-2013-1038 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a ... | | |
| CVE-2013-1039 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a ... | | |
| CVE-2013-1040 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a ... | | |
| CVE-2013-1041 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a ... | | |
| CVE-2013-1042 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a ... | | |
| CVE-2013-1043 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a ... | | |
| CVE-2013-1044 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a ... | | |
| CVE-2013-1045 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a ... | | |
| CVE-2013-1046 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a ... | | |
| CVE-2013-1047 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a ... | | |
| CVE-2013-1048 | The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before... | S | |
| CVE-2013-1049 | Buffer overflow in the RFC1413 (ident) client in cfingerd 1.4.3-3 allows remote IDENT servers to cau... | S | |
| CVE-2013-1050 | The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line ... | | |
| CVE-2013-1051 | apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allow... | | |
| CVE-2013-1052 | pam-xdg-support, as used in Ubuntu 12.10, does not properly handle the PATH environment variable, wh... | | |
| CVE-2013-1053 | Insecure crypto for storing passwords | | |
| CVE-2013-1054 | Possible remote DOS in WebApps | E | |
| CVE-2013-1055 | Potential DoS through abuse of rate limit in libunity-webapps for Firefox | E | |
| CVE-2013-1056 | X.org X server 1.13.3 and earlier, when not run as root, allows local users to cause a denial of ser... | | |
| CVE-2013-1057 | Untrusted search path vulnerability in maas-import-pxe-files in MAAS before 13.10 allows local users... | E | |
| CVE-2013-1058 | maas-import-pxe-files in MAAS before 13.10 does not verify the integrity of downloaded files, which ... | | |
| CVE-2013-1059 | net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of s... | | |
| CVE-2013-1060 | A certain Ubuntu build procedure for perf, as distributed in the Linux kernel packages in Ubuntu 10.... | | |
| CVE-2013-1061 | dbus/SoftwarePropertiesDBus.py in Software Properties 0.92.17 before 0.92.17.3, 0.92.9 before 0.92.9... | S | |
| CVE-2013-1062 | ubuntu-system-service 0.2.4 before 0.2.4.1. 0.2.3 before 0.2.3.1, and 0.2.2 before 0.2.2.1 does not ... | | |
| CVE-2013-1063 | usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and 0.2.38 before 0.2.38.2 does not... | S | |
| CVE-2013-1064 | apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus ... | S | |
| CVE-2013-1065 | backend.py in Jockey before 0.9.7-0ubuntu7.11 does not properly use D-Bus for communication with a p... | S | |
| CVE-2013-1066 | language-selector 0.110.x before 0.110.1, 0.90.x before 0.90.1, and 0.79.x before 0.79.4 does not pr... | S | |
| CVE-2013-1067 | Apport 2.12.5 and earlier uses weak permissions for core dump files created by setuid binaries, whic... | | |
| CVE-2013-1068 | The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 be... | S | |
| CVE-2013-1069 | Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 uses world-readable permissions for txlongpoll.yaml, wh... | | |
| CVE-2013-1070 | Cross-site scripting (XSS) vulnerability in the API in Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 ... | E | |
| CVE-2013-1071 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-1072 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-1073 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-1074 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-1075 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-1076 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-1077 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-1079 | Directory traversal vulnerability in the ISCreateObject method in an ActiveX control in InstallShiel... | | |
| CVE-2013-1080 | The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does no... | E | |
| CVE-2013-1081 | Directory traversal vulnerability in MDM.php in Novell ZENworks Mobile Management (ZMM) 2.6.1 and 2.... | | |
| CVE-2013-1082 | Directory traversal vulnerability in DUSAP.php in Novell ZENworks Mobile Management before 2.7.1 all... | | |
| CVE-2013-1083 | Unspecified vulnerability in the login functionality in the Reporting Module in Novell Identity Mana... | | |
| CVE-2013-1084 | Directory traversal vulnerability in the GetFle method in the umaninv service in Novell ZENworks Con... | | |
| CVE-2013-1085 | Stack-based buffer overflow in the nim: protocol handler in Novell GroupWise Messenger 2.04 and earl... | | |
| CVE-2013-1086 | Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012... | | |
| CVE-2013-1087 | Cross-site scripting (XSS) vulnerability in the client in Novell GroupWise through 8.0.3 HP3, and 20... | | |
| CVE-2013-1088 | Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows rem... | | |
| CVE-2013-1090 | The SUSE horde5 package before 5.0.2-2.4.1 sets incorrect ownership for certain configuration files ... | | |
| CVE-2013-1091 | Stack-based buffer overflow in Novell iPrint Client before 5.90 allows remote attackers to execute a... | | |
| CVE-2013-1092 | Multiple unquoted Windows search path vulnerabilities in Novell ZENworks Desktop Management (ZDM) 7 ... | | |
| CVE-2013-1093 | Open redirect vulnerability in the fwdToURL function in the ZCC login page in zcc-framework.jar in N... | | |
| CVE-2013-1094 | Cross-site scripting (XSS) vulnerability in a ZCC page in zenworks-core in Novell ZENworks Configura... | | |
| CVE-2013-1095 | Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in Novell ZENworks Configuration ... | | |
| CVE-2013-1096 | Cross-site scripting (XSS) vulnerability in the Roles Based Provisioning Module 4.0.2 before Field P... | | |
| CVE-2013-1097 | Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in Novell ZENworks Configuration ... | | |
| CVE-2013-1099 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-1100 | The HTTP server in Cisco IOS on Catalyst switches does not properly handle TCP socket events, which ... | | |
| CVE-2013-1102 | The Wireless Intrusion Prevention System (wIPS) component on Cisco Wireless LAN Controller (WLC) dev... | | |
| CVE-2013-1103 | Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.220.0, 7.1 before 7.1.91.0,... | | |
| CVE-2013-1104 | The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.10... | | |
| CVE-2013-1105 | Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.3, 7.1 and 7.2 before 7... | | |
| CVE-2013-1107 | The search function in Cisco Webex Social (formerly Cisco Quad) allows remote authenticated users to... | | |
| CVE-2013-1108 | Cisco WebEx Training Center allows remote authenticated users to remove hands-on lab-session reserva... | | |
| CVE-2013-1109 | Cross-site request forgery (CSRF) vulnerability in testingLibraryAction.do in the Training Center te... | | |
| CVE-2013-1110 | Cisco WebEx Training Center allow remote authenticated users to bypass intended privilege restrictio... | | |
| CVE-2013-1111 | The Cisco ATA 187 Analog Telephone Adaptor with firmware 9.2.1.0 and 9.2.3.1 before ES build 4 does ... | | |
| CVE-2013-1112 | Cisco Carrier Routing System (CRS) allows remote attackers to cause a denial of service (packet loss... | | |
| CVE-2013-1113 | Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager allows remot... | | |
| CVE-2013-1114 | Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Express before 8.0 allow remote a... | | |
| CVE-2013-1115 | Buffer overflow in Cisco WebEx Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T27 L... | | |
| CVE-2013-1116 | Buffer overflow in Cisco WebEx Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T27 L... | | |
| CVE-2013-1117 | Buffer overflow in the exception handler in Cisco WebEx Recording Format (WRF) player T27 LD before ... | | |
| CVE-2013-1118 | Stack-based buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T2... | | |
| CVE-2013-1119 | Buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T27 L10N befor... | | |
| CVE-2013-1120 | Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software ... | | |
| CVE-2013-1121 | The regex engine in the BGP implementation in Cisco NX-OS, when a complex regular expression is conf... | | |
| CVE-2013-1122 | Cisco NX-OS on the Nexus 7000, when a certain Overlay Transport Virtualization (OTV) configuration i... | | |
| CVE-2013-1123 | Multiple cross-site scripting (XSS) vulnerabilities in the server in Cisco Unified MeetingPlace 7.0 ... | | |
| CVE-2013-1124 | The Cisco Network Admission Control (NAC) agent on Mac OS X does not verify the X.509 certificate of... | | |
| CVE-2013-1125 | The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System ... | | |
| CVE-2013-1128 | Multiple cross-site request forgery (CSRF) vulnerabilities in the server in Cisco Unified MeetingPla... | | |
| CVE-2013-1129 | Memory leak in Cisco Unity Connection 9.x allows remote attackers to cause a denial of service (memo... | | |
| CVE-2013-1130 | Cisco AnyConnect Secure Mobility Client on Mac OS X uses weak permissions for a library directory, w... | | |
| CVE-2013-1131 | Cisco Small Business Wireless Access Points WAP200, WAP2000, WAP200E, and WET200 allow remote attack... | | |
| CVE-2013-1132 | Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Communications Domain Manager a... | | |
| CVE-2013-1133 | Cisco Unified Communications Manager (CUCM) 8.6 before 8.6(2a)su2, 8.6 BE3k before 8.6(4) BE3k, and ... | | |
| CVE-2013-1134 | The Location Bandwidth Manager (LBM) Intracluster-communication feature in Cisco Unified Communicati... | | |
| CVE-2013-1135 | Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.0 allows remote atta... | | |
| CVE-2013-1136 | The crypto engine process in Cisco IOS on Aggregation Services Router (ASR) Route Processor 2 does n... | | |
| CVE-2013-1137 | Cisco Unified Presence Server (CUPS) 8.6, 9.0, and 9.1 before 9.1.1 allows remote attackers to cause... | | |
| CVE-2013-1138 | The NAT process on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause... | | |
| CVE-2013-1139 | The nsAPI interface in Cisco Cloud Portal 9.1 SP1 and SP2, and 9.3 through 9.3.2, does not properly ... | | |
| CVE-2013-1140 | The XML parser in Cisco Security Monitoring, Analysis, and Response System (MARS) allows remote atta... | | |
| CVE-2013-1141 | The mDNS snooping functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.4.1.5... | | |
| CVE-2013-1142 | Race condition in the VRF-aware NAT feature in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 all... | | |
| CVE-2013-1143 | The RSVP protocol implementation in Cisco IOS 12.2 and 15.0 through 15.2 and IOS XE 3.1.xS through 3... | | |
| CVE-2013-1144 | Memory leak in the IKEv1 implementation in Cisco IOS 15.1 allows remote attackers to cause a denial ... | | |
| CVE-2013-1145 | Memory leak in Cisco IOS 12.2, 12.4, 15.0, and 15.1, when Zone-Based Policy Firewall SIP application... | | |
| CVE-2013-1146 | The Smart Install client functionality in Cisco IOS 12.2 and 15.0 through 15.3 on Catalyst switches ... | | |
| CVE-2013-1147 | The Protocol Translation (PT) functionality in Cisco IOS 12.3 through 12.4 and 15.0 through 15.3, wh... | | |
| CVE-2013-1148 | The General Responder implementation in the IP Service Level Agreement (SLA) feature in Cisco IOS 15... | | |
| CVE-2013-1149 | Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(... | | |
| CVE-2013-1150 | The authentication-proxy implementation on Cisco Adaptive Security Appliances (ASA) devices with sof... | | |
| CVE-2013-1151 | Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(... | | |
| CVE-2013-1152 | Cisco Adaptive Security Appliances (ASA) devices with software 9.0 before 9.0(1.2) allow remote atta... | | |
| CVE-2013-1153 | Cross-site request forgery (CSRF) vulnerability in the web interface in Cisco Prime Infrastructure a... | | |
| CVE-2013-1154 | The Cisco Small Business 200 Series Smart Switch 1.2.7.76 and earlier, Small Business 300 Series Man... | | |
| CVE-2013-1155 | The auth-proxy functionality in Cisco Firewall Services Module (FWSM) software 3.1 and 3.2 before 3.... | | |
| CVE-2013-1156 | Directory traversal vulnerability in Cisco Prime Central for Hosted Collaboration Solution allows re... | | |
| CVE-2013-1157 | Cross-site scripting (XSS) vulnerability in the IBM Tivoli Monitoring (ITM) Java servlet container i... | | |
| CVE-2013-1158 | Cross-site scripting (XSS) vulnerability in the IBM Tivoli Monitoring (ITM) help menus in Cisco Prim... | | |
| CVE-2013-1159 | Cross-site scripting (XSS) vulnerability in the Netcool Impact (NCI) web menus in Cisco Prime Centra... | | |
| CVE-2013-1160 | Cross-site scripting (XSS) vulnerability in the OpenView web menus in Cisco Prime Central for Hosted... | | |
| CVE-2013-1161 | The XML parser in the Cisco Jabber IM application for Android allows remote authenticated users to c... | | |
| CVE-2013-1162 | The traffic engineering (TE) processing subsystem in Cisco IOS XR allows remote attackers to cause a... | | |
| CVE-2013-1163 | Multiple SQL injection vulnerabilities in the device-management implementation in Cisco Connected Gr... | | |
| CVE-2013-1164 | Cisco IOS XE 3.4 before 3.4.4S, 3.5, and 3.6 on 1000 series Aggregation Services Routers (ASR) does ... | | |
| CVE-2013-1165 | Cisco IOS XE 2.x and 3.x before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregatio... | | |
| CVE-2013-1166 | Cisco IOS XE 3.2 through 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggreg... | | |
| CVE-2013-1167 | Cisco IOS XE 3.2 through 3.4 before 3.4.2S, and 3.5, on 1000 series Aggregation Services Routers (AS... | | |
| CVE-2013-1168 | The web server in Cisco Unified MeetingPlace Application Server 7.x before 7.1MR1 Patch 2, 8.0 befor... | | |
| CVE-2013-1169 | Cisco Unified MeetingPlace Web Conferencing Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patc... | | |
| CVE-2013-1170 | The Cisco Prime Network Control System (NCS) appliance with software before 1.1.1.24 has a default p... | | |
| CVE-2013-1171 | Multiple cross-site scripting (XSS) vulnerabilities in the element-list implementation in Cisco Conn... | | |
| CVE-2013-1172 | The Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) do... | | |
| CVE-2013-1173 | Heap-based buffer overflow in ciscod.exe in the Cisco Security Service in Cisco AnyConnect Secure Mo... | | |
| CVE-2013-1174 | Cisco Tivoli Business Service Manager (TBSM) in Hosted Collaboration Mediation (HCM) in Cisco Hosted... | | |
| CVE-2013-1175 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This issue was announ... | R | |
| CVE-2013-1176 | The DSP card on Cisco TelePresence MCU 4500 and 4501 devices before 4.3(2.30), TelePresence MCU MSE ... | | |
| CVE-2013-1177 | SQL injection vulnerability in Cisco Network Admission Control (NAC) Manager before 4.8.3.1 and 4.9.... | | |
| CVE-2013-1178 | Multiple buffer overflows in the Cisco Discovery Protocol (CDP) implementation in Cisco NX-OS on Nex... | | |
| CVE-2013-1179 | Multiple buffer overflows in the (1) SNMP and (2) License Manager implementations in Cisco NX-OS on ... | | |
| CVE-2013-1180 | Buffer overflow in the SNMP implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5... | | |
| CVE-2013-1181 | Cisco NX-OS on Nexus 5500 devices 4.x and 5.x before 5.0(3)N2(2), Nexus 3000 devices 5.x before 5.0(... | | |
| CVE-2013-1182 | The login page in the Web Console in the Manager component in Cisco Unified Computing System (UCS) b... | | |
| CVE-2013-1183 | Buffer overflow in the Intelligent Platform Management Interface (IPMI) functionality in the Manager... | | |
| CVE-2013-1184 | The management API in the XML API management service in the Manager component in Cisco Unified Compu... | | |
| CVE-2013-1185 | The web interface in the Manager component in Cisco Unified Computing System (UCS) 1.x and 2.x befor... | | |
| CVE-2013-1186 | Cisco Unified Computing System (UCS) 1.x before 1.4(4) and 2.x before 2.0(2m) allows remote attacker... | | |
| CVE-2013-1187 | The Connection Manager in Cisco Jabber Extensible Communications Platform (aka Jabber XCP) does not ... | | |
| CVE-2013-1188 | Cisco Unified Communications Manager (CUCM) does not properly limit the rate of authentication attem... | | |
| CVE-2013-1189 | Cisco Universal Broadband (aka uBR) 10000 series routers, when an IPv4/IPv6 dual-stack modem is used... | | |
| CVE-2013-1190 | The C-Series Rack Server component 1.4 in Cisco Unified Computing System (UCS) does not properly res... | | |
| CVE-2013-1191 | Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are... | | |
| CVE-2013-1192 | The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Mana... | | |
| CVE-2013-1193 | The Secure Shell (SSH) implementation on Cisco Adaptive Security Appliances (ASA) devices, and in Ci... | | |
| CVE-2013-1194 | The ISAKMP implementation on Cisco Adaptive Security Appliances (ASA) devices generates different re... | | |
| CVE-2013-1195 | The time-based ACL implementation on Cisco Adaptive Security Appliances (ASA) devices, and in Cisco ... | | |
| CVE-2013-1196 | The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Sof... | | |
| CVE-2013-1197 | The XML parser in the server in Cisco Unified Presence (CUP) allows remote authenticated users to ca... | | |
| CVE-2013-1198 | Cross-site scripting (XSS) vulnerability in a Flash component in Cisco Unified Computing System (UCS... | | |
| CVE-2013-1199 | Race condition in the CIFS implementation in the rewriter module in the Clientless SSL VPN component... | | |
| CVE-2013-1200 | Session fixation vulnerability in Cisco Secure Access Control System (ACS) allows remote attackers t... | | |
| CVE-2013-1202 | Cisco ACE A2(3.6) allows log retention DoS.... | | |
| CVE-2013-1203 | Cisco ASA CX Context-Aware Security Software allows remote attackers to cause a denial of service (d... | | |
| CVE-2013-1204 | Memory leak in the SNMP process in Cisco IOS XR allows remote attackers to cause a denial of service... | | |
| CVE-2013-1205 | The Event Center module in Cisco WebEx Meetings Server does not perform request authentication in al... | | |
| CVE-2013-1208 | The encryption functionality in Cisco NX-OS on the Nexus 1000V does not properly handle Virtual Supe... | | |
| CVE-2013-1209 | The encryption functionality in the Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM)... | | |
| CVE-2013-1210 | Array index error in the Virtual Ethernet Module (VEM) kernel driver for VMware ESXi in Cisco NX-OS ... | | |
| CVE-2013-1211 | Cisco NX-OS on the Nexus 1000V does not properly handle authentication for Virtual Ethernet Module (... | | |
| CVE-2013-1212 | The SSL functionality in Cisco NX-OS on the Nexus 1000V does not properly verify X.509 certificates,... | | |
| CVE-2013-1213 | Cisco NX-OS on the Nexus 1000V does not assign the proper priority to heartbeat messages from a Virt... | | |
| CVE-2013-1214 | The scripts editor in Cisco Unified Contact Center Express (aka Unified CCX) does not properly manag... | | |
| CVE-2013-1215 | The vpnclient program in the Easy VPN component on Cisco Adaptive Security Appliances (ASA) 5505 dev... | | |
| CVE-2013-1216 | Memory leak in the SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial o... | | |
| CVE-2013-1217 | The generic input/output control implementation in Cisco IOS does not properly manage buffers, which... | | |
| CVE-2013-1218 | Cisco Intrusion Prevention System (IPS) Software in ASA 5500-X IPS-SSP software modules before 7.1(7... | | |
| CVE-2013-1219 | SensorApp in Cisco Intrusion Prevention System (IPS) allows local users to cause a denial of service... | | |
| CVE-2013-1220 | The CallServer component in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 al... | | |
| CVE-2013-1221 | The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1... | | |
| CVE-2013-1222 | The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1... | | |
| CVE-2013-1223 | The log viewer in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not pro... | | |
| CVE-2013-1224 | Directory traversal vulnerability in the Resource Manager in Cisco Unified Customer Voice Portal (CV... | | |
| CVE-2013-1225 | Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to rea... | | |
| CVE-2013-1226 | The Ethernet frame-forwarding implementation in Cisco NX-OS on Nexus 7000 devices allows remote atta... | | |
| CVE-2013-1227 | Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Domain... | | |
| CVE-2013-1228 | Cisco Jabber on Windows does not verify X.509 certificates from SSL servers, which allows man-in-the... | | |
| CVE-2013-1229 | TMSSNMPService.exe in TelePresence Manager in Cisco TelePresence Management Suite (TMS) on 64-bit pl... | | |
| CVE-2013-1230 | Cisco Unified Communications Domain Manager allows remote attackers to cause a denial of service (CP... | | |
| CVE-2013-1231 | The HTTP implementation in Cisco WebEx Node for MCS and WebEx Meetings Server allows remote attacker... | | |
| CVE-2013-1232 | The HTTP implementation in Cisco WebEx Node for MCS, WebEx Meetings Server, and WebEx Node for ASR 1... | | |
| CVE-2013-1233 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-1234 | The SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (proc... | | |
| CVE-2013-1235 | Cisco Wireless LAN Controller (WLC) devices do not properly address the resource consumption of term... | | |
| CVE-2013-1236 | Cisco TelePresence Supervisor MSE 8050 before 2.3(1.31) allows remote attackers to cause a denial of... | | |
| CVE-2013-1240 | The command-line interface in Cisco Unified Communications Manager (CUCM) does not properly validate... | | |
| CVE-2013-1241 | The ISM module in Cisco IOS on ISR G2 routers does not properly handle authentication-header packets... | | |
| CVE-2013-1242 | Memory leak in the web framework in the server in Cisco Unified Presence (CUP) allows remote attacke... | | |
| CVE-2013-1243 | The IP stack in Cisco Intrusion Prevention System (IPS) Software in ASA 5500-X IPS-SSP software and ... | | |
| CVE-2013-1244 | Cross-site scripting (XSS) vulnerability in the portal module in Cisco WebEx Social allows remote au... | | |
| CVE-2013-1245 | The user-management page in Cisco WebEx Social relies on client-side validation of values in the Scr... | | |
| CVE-2013-1246 | Cisco TelePresence System Software does not properly handle inactive t-shell sessions, which allows ... | | |
| CVE-2013-1247 | Cross-site scripting (XSS) vulnerability in the wireless configuration module in Cisco Prime Infrast... | | |
| CVE-2013-1248 | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows... | | |
| CVE-2013-1249 | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows... | | |
| CVE-2013-1250 | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows... | | |
| CVE-2013-1251 | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows... | | |
| CVE-2013-1252 | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows... | | |
| CVE-2013-1253 | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows... | | |
| CVE-2013-1254 | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows... | | |
| CVE-2013-1255 | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows... | | |
| CVE-2013-1256 | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows... | | |
| CVE-2013-1257 | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows... | | |
| CVE-2013-1258 | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows... | | |
| CVE-2013-1259 | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows... | | |
| CVE-2013-1260 | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows... | | |
| CVE-2013-1261 | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows... | | |
| CVE-2013-1262 | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows... | | |
| CVE-2013-1263 | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows... | | |
| CVE-2013-1264 | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows... | | |
| CVE-2013-1265 | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows... | | |
| CVE-2013-1266 | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows... | | |
| CVE-2013-1267 | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows... | | |
| CVE-2013-1268 | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows... | | |
| CVE-2013-1269 | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows... | | |
| CVE-2013-1270 | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows... | | |
| CVE-2013-1271 | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows... | | |
| CVE-2013-1272 | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows... | | |
| CVE-2013-1273 | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows... | | |
| CVE-2013-1274 | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows... | | |
| CVE-2013-1275 | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows... | | |
| CVE-2013-1276 | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows... | | |
| CVE-2013-1277 | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows... | | |
| CVE-2013-1278 | Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows V... | | |
| CVE-2013-1279 | Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows V... | | |
| CVE-2013-1280 | The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows ... | | |
| CVE-2013-1281 | The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attacker... | | |
| CVE-2013-1282 | The LDAP service in Microsoft Active Directory, Active Directory Application Mode (ADAM), Active Dir... | | |
| CVE-2013-1283 | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows... | | |
| CVE-2013-1284 | Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows loca... | | |
| CVE-2013-1285 | The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vi... | | |
| CVE-2013-1286 | The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vi... | | |
| CVE-2013-1287 | The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vi... | | |
| CVE-2013-1288 | Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arb... | | |
| CVE-2013-1289 | Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010... | | |
| CVE-2013-1290 | Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not prop... | | |
| CVE-2013-1291 | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows ... | | |
| CVE-2013-1292 | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Serv... | | |
| CVE-2013-1293 | The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1,... | | |
| CVE-2013-1294 | Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows V... | | |
| CVE-2013-1295 | The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, V... | | |
| CVE-2013-1296 | The Remote Desktop ActiveX control in mstscax.dll in Microsoft Remote Desktop Connection Client 6.1 ... | | |
| CVE-2013-1297 | Microsoft Internet Explorer 6 through 8 does not properly restrict data access by VBScript, which al... | | |
| CVE-2013-1298 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-1299 | Microsoft Windows Modern Mail allows remote attackers to spoof link targets via a crafted HTML e-mai... | | |
| CVE-2013-1300 | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, ... | E | |
| CVE-2013-1301 | Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via ... | | |
| CVE-2013-1302 | Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly ... | | |
| CVE-2013-1303 | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to ... | | |
| CVE-2013-1304 | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to ... | | |
| CVE-2013-1305 | HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to caus... | | |
| CVE-2013-1306 | Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arb... | E | |
| CVE-2013-1307 | Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execu... | | |
| CVE-2013-1308 | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to ... | | |
| CVE-2013-1309 | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to ... | E | |
| CVE-2013-1310 | Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execu... | | |
| CVE-2013-1311 | Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arb... | | |
| CVE-2013-1312 | Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to exec... | | |
| CVE-2013-1313 | Object Linking and Embedding (OLE) Automation in Microsoft Windows XP SP3 does not properly allocate... | | |
| CVE-2013-1314 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-1315 | Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 S... | E S | |
| CVE-2013-1316 | Microsoft Publisher 2003 SP3 does not properly validate the size of an unspecified array, which allo... | | |
| CVE-2013-1317 | Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code v... | | |
| CVE-2013-1318 | Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publish... | | |
| CVE-2013-1319 | Microsoft Publisher 2003 SP3 does not properly check the return value of an unspecified method, whic... | | |
| CVE-2013-1320 | Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code vi... | | |
| CVE-2013-1321 | Microsoft Publisher 2003 SP3 does not properly check the data type of an unspecified return value, w... | | |
| CVE-2013-1322 | Microsoft Publisher 2003 SP3 does not properly check table range data, which allows remote attackers... | | |
| CVE-2013-1323 | Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which ... | | |
| CVE-2013-1324 | Stack-based buffer overflow in Microsoft Office 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013... | | |
| CVE-2013-1325 | Heap-based buffer overflow in Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to exec... | | |
| CVE-2013-1326 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-1327 | Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrar... | | |
| CVE-2013-1328 | Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary co... | | |
| CVE-2013-1329 | Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrar... | | |
| CVE-2013-1330 | The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3... | | |
| CVE-2013-1331 | Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to exec... | KEV S | |
| CVE-2013-1332 | dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Wind... | | |
| CVE-2013-1333 | Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 allows local use... | | |
| CVE-2013-1334 | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, ... | | |
| CVE-2013-1335 | Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code via crafted... | | |
| CVE-2013-1336 | The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does n... | | |
| CVE-2013-1337 | Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communi... | | |
| CVE-2013-1338 | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to ... | | |
| CVE-2013-1339 | The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1,... | | |
| CVE-2013-1340 | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, ... | | |
| CVE-2013-1341 | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, ... | | |
| CVE-2013-1342 | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, ... | | |
| CVE-2013-1343 | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, ... | | |
| CVE-2013-1344 | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, ... | | |
| CVE-2013-1345 | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, ... | | |
| CVE-2013-1346 | mpengine.dll in Microsoft Malware Protection Engine before 1.1.9506.0 on x64 platforms allows remote... | S | |
| CVE-2013-1347 | Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attack... | KEV E S | |
| CVE-2013-1348 | The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attackers to execute arbitrary PHP co... | | |
| CVE-2013-1349 | Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execu... | E S | |
| CVE-2013-1350 | Verax NMS prior to 2.1.0 has multiple security bypass vulnerabilities... | | |
| CVE-2013-1351 | Verax NMS prior to 2.10 allows authentication via the encrypted password without knowing the clearte... | E | |
| CVE-2013-1352 | Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a JAR archive.... | | |
| CVE-2013-1353 | Orange HRM 2.7.1 allows XSS via the vacancy name.... | E | |
| CVE-2013-1355 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual... | R | |
| CVE-2013-1359 | An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management Syst... | E | |
| CVE-2013-1360 | An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, ... | E | |
| CVE-2013-1361 | Untrusted search path vulnerability in Lenovo Thinkpad Bluetooth with Enhanced Data Rate Software 6.... | | |
| CVE-2013-1362 | Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 mi... | E | |
| CVE-2013-1364 | The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to o... | | |
| CVE-2013-1365 | Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, be... | | |
| CVE-2013-1366 | Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, be... | | |
| CVE-2013-1367 | Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, be... | | |
| CVE-2013-1368 | Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, be... | | |
| CVE-2013-1369 | Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, be... | | |
| CVE-2013-1370 | Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, be... | | |
| CVE-2013-1371 | Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 1... | | |
| CVE-2013-1372 | Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, be... | | |
| CVE-2013-1373 | Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, be... | | |
| CVE-2013-1374 | Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 o... | | |
| CVE-2013-1375 | Heap-based buffer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on ... | | |
| CVE-2013-1376 | Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11... | | |
| CVE-2013-1377 | Adobe Digital Editions 2.x before 2.0.1 allows attackers to execute arbitrary code or cause a denial... | S | |
| CVE-2013-1378 | Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 1... | S | |
| CVE-2013-1379 | Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 1... | S | |
| CVE-2013-1380 | Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 1... | S | |
| CVE-2013-1381 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-1382 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-1383 | Buffer overflow in Adobe Shockwave Player before 12.0.2.122 allows attackers to execute arbitrary co... | S | |
| CVE-2013-1384 | Adobe Shockwave Player before 12.0.2.122 allows attackers to execute arbitrary code or cause a denia... | S | |
| CVE-2013-1385 | Adobe Shockwave Player before 12.0.2.122 does not prevent access to address information, which makes... | S | |
| CVE-2013-1386 | Adobe Shockwave Player before 12.0.2.122 allows attackers to execute arbitrary code or cause a denia... | S | |
| CVE-2013-1387 | Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, 9.0.1 before Update 9, 9.0.2 bef... | | |
| CVE-2013-1388 | Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, 9.0.1 before Update 9, 9.0.2 bef... | | |
| CVE-2013-1389 | Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 11, 9.0.1 before Update 10, 9.0.2 be... | | |
| CVE-2013-1391 | Authentication bypass vulnerability in the the web interface in Hunt CCTV, Capture CCTV, Hachi CCTV,... | E | |
| CVE-2013-1393 | Cross-site scripting (XSS) vulnerability in the CurvyCorners module 6.x-1.x and 7.x-1.x for Drupal a... | | |
| CVE-2013-1397 | Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP... | | |
| CVE-2013-1398 | The pe_mcollective module in Puppet Enterprise (PE) before 2.7.1 does not properly restrict access t... | | |
| CVE-2013-1399 | Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) node request management, (2) l... | | |
| CVE-2013-1400 | Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll Plugin 34.5 for WordPress all... | E | |
| CVE-2013-1401 | Multiple security bypass vulnerabilities in the editAnswer, deleteAnswer, addAnswer, and deletePoll ... | E | |
| CVE-2013-1402 | DigiLIBE 3.4 and possibly other versions sends a redirect but does not exit, which allows remote att... | E | |
| CVE-2013-1405 | VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMwar... | | |
| CVE-2013-1406 | The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation ... | | |
| CVE-2013-1407 | Multiple cross-site scripting (XSS) vulnerabilities in the Events Manager plugin before 5.3.5 and Ev... | E S | |
| CVE-2013-1408 | Multiple SQL injection vulnerabilities in the Wysija Newsletters plugin before 2.2.1 for WordPress a... | E | |
| CVE-2013-1409 | Cross-site scripting (XSS) vulnerability in the CommentLuv plugin before 2.92.4 for WordPress allows... | E | |
| CVE-2013-1410 | Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities... | E | |
| CVE-2013-1412 | DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] pa... | E S | |
| CVE-2013-1413 | Multiple cross-site scripting (XSS) vulnerabilities in synetics i-doit open 0.9.9-7, i-doit pro 1.0 ... | | |
| CVE-2013-1414 | Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall... | E | |
| CVE-2013-1415 | The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT i... | S | |
| CVE-2013-1416 | The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos... | S | |
| CVE-2013-1417 | do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, w... | E S | |
| CVE-2013-1418 | The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (ak... | S | |
| CVE-2013-1420 | Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.2.1 allow remote attac... | E | |
| CVE-2013-1421 | Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other... | E S | |
| CVE-2013-1422 | webcalendar before 1.2.7 shows the reason for a failed login (e.g., "no such user").... | | |
| CVE-2013-1423 | (1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3) deb-specific/fileforge.pl, (4)... | | |
| CVE-2013-1425 | ldap-git-backup before 1.0.4 exposes password hashes due to incorrect directory permissions.... | S | |
| CVE-2013-1426 | Cross-site Scripting (XSS) in Mahara before 1.5.9 and 1.6.x before 1.6.4 allows remote attackers to ... | S | |
| CVE-2013-1427 | The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux cr... | | |
| CVE-2013-1428 | Stack-based buffer overflow in the receive_tcppacket function in net_packet.c in tinc before 1.0.21 ... | | |
| CVE-2013-1429 | Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using cr... | | |
| CVE-2013-1430 | An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp se... | S | |
| CVE-2013-1431 | The Wocky module in Telepathy Gabble before 0.16.6 and 0.17.x before 0.17.4, when connecting to a "l... | S | |
| CVE-2013-1432 | Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not properly maintain references on pag... | S | |
| CVE-2013-1433 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-1434 | Multiple SQL injection vulnerabilities in (1) api_poller.php and (2) utility.php in Cacti before 0.8... | S | |
| CVE-2013-1435 | (1) snmp.php and (2) rrd.php in Cacti before 0.8.8b allows remote attackers to execute arbitrary com... | S | |
| CVE-2013-1436 | The XMonad.Hooks.DynamicLog module in xmonad-contrib before 0.11.2 allows remote attackers to execut... | E S | |
| CVE-2013-1437 | Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote at... | | |
| CVE-2013-1438 | Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw, shotwell, and othe... | | |
| CVE-2013-1439 | The "faster LJPEG decoder" in libraw 0.13.x, 0.14.x, and 0.15.x before 0.15.4 allows context-depende... | E S | |
| CVE-2013-1441 | econvert in ExactImage 0.8.9 and earlier does not properly initialize the setjmp variable, which all... | S | |
| CVE-2013-1442 | Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data fro... | | |
| CVE-2013-1443 | The authentication framework (django.contrib.auth) in Django 1.4.x before 1.4.8, 1.5.x before 1.5.4,... | S | |
| CVE-2013-1444 | A certain Debian patch for txt2man 1.5.5, as used in txt2man 1.5.5-2, 1.5.5-4, and others, allows lo... | | |
| CVE-2013-1445 | The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-rando... | E S | |
| CVE-2013-1447 | OpenJPEG 1.3 and earlier allows remote attackers to cause a denial of service (memory consumption or... | | |
| CVE-2013-1450 | Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy addres... | E | |
| CVE-2013-1451 | Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy addres... | E | |
| CVE-2013-1453 | plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows... | E | |
| CVE-2013-1454 | Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors... | | |
| CVE-2013-1455 | Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors... | | |
| CVE-2013-1461 | The ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1... | | |
| CVE-2013-1462 | Integer signedness error in the ExecuteSoapAction function in the SOAPAction handler in the HTTP ser... | | |
| CVE-2013-1463 | Cross-site scripting (XSS) vulnerability in js/tabletools/zeroclipboard.swf in the WP-Table Reloaded... | E S | |
| CVE-2013-1464 | Cross-site scripting (XSS) vulnerability in assets/player.swf in the Audio Player plugin before 2.0.... | S | |
| CVE-2013-1465 | The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows re... | E S | |
| CVE-2013-1466 | Multiple cross-site scripting (XSS) vulnerabilities in glFusion before 1.2.2.pl4 allow remote attack... | E S | |
| CVE-2013-1468 | Cross-site request forgery (CSRF) vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4... | E | |
| CVE-2013-1469 | Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to r... | E | |
| CVE-2013-1470 | Cross-site scripting (XSS) vulnerability in calendar/index.php in the Calendar plugin in Geeklog bef... | E S | |
| CVE-2013-1471 | Multiple cross-site scripting (XSS) vulnerabilities in admin/FEAdmin.html in Fortinet FortiMail befo... | E | |
| CVE-2013-1472 | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows ... | | |
| CVE-2013-1473 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 throug... | | |
| CVE-2013-1474 | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows ... | | |
| CVE-2013-1475 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 throug... | | |
| CVE-2013-1476 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 throug... | | |
| CVE-2013-1477 | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows ... | | |
| CVE-2013-1478 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 throug... | | |
| CVE-2013-1479 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 throug... | | |
| CVE-2013-1480 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 throug... | | |
| CVE-2013-1481 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 throug... | | |
| CVE-2013-1482 | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows ... | | |
| CVE-2013-1483 | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows ... | | |
| CVE-2013-1484 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | S | |
| CVE-2013-1485 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | S | |
| CVE-2013-1486 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | S | |
| CVE-2013-1487 | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 13 an... | | |
| CVE-2013-1488 | The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK ... | | |
| CVE-2013-1489 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | | |
| CVE-2013-1490 | Unspecified vulnerability in Oracle Java SE 7 Update 11 (JRE 1.7.0_11-b21) allows user-assisted remo... | | |
| CVE-2013-1491 | The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 ... | | |
| CVE-2013-1492 | Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.30, has unspecif... | | |
| CVE-2013-1493 | The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earli... | E | |
| CVE-2013-1494 | Unspecified vulnerability in Oracle Sun Solaris 10, when running on SPARC T4 servers, allows local u... | S | |
| CVE-2013-1495 | asr in Oracle Auto Service Request in Oracle Support Tools before 4.3.2 allows local users to modify... | | |
| CVE-2013-1496 | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability ... | S | |
| CVE-2013-1497 | Unspecified vulnerability in the Oracle COREid Access component in Oracle Fusion Middleware 10.1.4.3... | | |
| CVE-2013-1498 | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability ... | S | |
| CVE-2013-1499 | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unk... | | |
| CVE-2013-1500 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | | |
| CVE-2013-1501 | Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2 allows... | | |
| CVE-2013-1502 | Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local user... | | |
| CVE-2013-1503 | Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1... | | |
| CVE-2013-1504 | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2... | | |
| CVE-2013-1505 | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Servic... | | |
| CVE-2013-1506 | Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and ear... | | |
| CVE-2013-1507 | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability ... | S | |
| CVE-2013-1508 | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Middleware Products... | | |
| CVE-2013-1509 | Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 7.6.2,... | | |
| CVE-2013-1510 | Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 ... | S | |
| CVE-2013-1511 | Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote au... | | |
| CVE-2013-1512 | Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to af... | | |
| CVE-2013-1513 | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Pr... | | |
| CVE-2013-1514 | Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10... | | |
| CVE-2013-1515 | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Middleware Products... | | |
| CVE-2013-1516 | Unspecified vulnerability in the Oracle WebCenter Capture component in Oracle Fusion Middleware 10.1... | | |
| CVE-2013-1517 | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Su... | | |
| CVE-2013-1518 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | | |
| CVE-2013-1519 | Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.... | | |
| CVE-2013-1520 | Unspecified vulnerability in the Oracle Clinical Remote Data Capture Option component in Oracle Indu... | | |
| CVE-2013-1521 | Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote au... | | |
| CVE-2013-1522 | Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1... | | |
| CVE-2013-1523 | Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote au... | | |
| CVE-2013-1524 | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Su... | | |
| CVE-2013-1525 | Unspecified vulnerability in the Oracle Retail Integration Bus component in Oracle Industry Applicat... | | |
| CVE-2013-1526 | Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to af... | | |
| CVE-2013-1527 | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Pr... | | |
| CVE-2013-1528 | Unspecified vulnerability in the Oracle HRMS component in Oracle E-Business Suite 11.5.10.2, 12.0.6,... | | |
| CVE-2013-1529 | Unspecified vulnerability in the Oracle WebCenter Interaction component in Oracle Fusion Middleware ... | | |
| CVE-2013-1530 | Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via unk... | S | |
| CVE-2013-1531 | Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote au... | | |
| CVE-2013-1532 | Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and ear... | | |
| CVE-2013-1533 | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Servic... | | |
| CVE-2013-1534 | Unspecified vulnerability in the Workload Manager component in Oracle Database Server 11.2.0.2 and 1... | | |
| CVE-2013-1535 | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Servic... | | |
| CVE-2013-1536 | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain P... | | |
| CVE-2013-1537 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | | |
| CVE-2013-1538 | Unspecified vulnerability in the Network Layer component in Oracle Database Server 11.2.0.2 and 11.2... | | |
| CVE-2013-1539 | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Servic... | | |
| CVE-2013-1540 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | | |
| CVE-2013-1541 | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Servic... | | |
| CVE-2013-1542 | Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10... | | |
| CVE-2013-1543 | Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 ... | | |
| CVE-2013-1544 | Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and ear... | | |
| CVE-2013-1545 | Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, ... | | |
| CVE-2013-1546 | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Servic... | | |
| CVE-2013-1547 | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Servic... | | |
| CVE-2013-1548 | Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to af... | | |
| CVE-2013-1549 | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Servic... | | |
| CVE-2013-1550 | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Pr... | | |
| CVE-2013-1551 | Unspecified vulnerability in the Siebel Enterprise Application Integration component in Oracle Siebe... | | |
| CVE-2013-1552 | Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote au... | | |
| CVE-2013-1553 | Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 1... | | |
| CVE-2013-1554 | Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.4, 10.2.0.... | | |
| CVE-2013-1555 | Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and 5.5.29 and earlier, allows remote ... | | |
| CVE-2013-1556 | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Servic... | | |
| CVE-2013-1557 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | | |
| CVE-2013-1558 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | | |
| CVE-2013-1559 | Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1... | | |
| CVE-2013-1560 | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Servic... | | |
| CVE-2013-1561 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | | |
| CVE-2013-1562 | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Servic... | | |
| CVE-2013-1563 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | | |
| CVE-2013-1564 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | | |
| CVE-2013-1565 | Unspecified vulnerability in the Oracle GoldenGate Veridata component in Oracle Fusion Middleware 3.... | | |
| CVE-2013-1566 | Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to af... | | |
| CVE-2013-1567 | Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to af... | | |
| CVE-2013-1568 | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Servic... | | |
| CVE-2013-1569 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | | |
| CVE-2013-1570 | Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote attackers to affect avail... | | |
| CVE-2013-1571 | Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Upda... | E S | |
| CVE-2013-1572 | The dissect_oampdu_event_notification function in epan/dissectors/packet-slowprotocols.c in the IEEE... | | |
| CVE-2013-1573 | The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark... | | |
| CVE-2013-1574 | The dissect_bthci_eir_ad_data function in epan/dissectors/packet-bthci_cmd.c in the Bluetooth HCI di... | | |
| CVE-2013-1575 | The dissect_r3_cmd_alarmconfigure function in epan/dissectors/packet-assa_r3.c in the R3 dissector i... | | |
| CVE-2013-1576 | The dissect_sdp_media_attribute function in epan/dissectors/packet-sdp.c in the SDP dissector in Wir... | | |
| CVE-2013-1577 | The dissect_sip_p_charging_func_addresses function in epan/dissectors/packet-sip.c in the SIP dissec... | | |
| CVE-2013-1578 | The dissect_pw_eth_heuristic function in epan/dissectors/packet-pw-eth.c in Wireshark 1.6.x before 1... | | |
| CVE-2013-1579 | The rtps_util_add_bitmap function in epan/dissectors/packet-rtps.c in the RTPS dissector in Wireshar... | S | |
| CVE-2013-1580 | The dissect_cmstatus_tlv function in plugins/docsis/packet-cmstatus.c in the DOCSIS CM-STATUS dissec... | | |
| CVE-2013-1581 | The dissect_pft_fec_detailed function in epan/dissectors/packet-dcp-etsi.c in the DCP-ETSI dissector... | | |
| CVE-2013-1582 | The dissect_clnp function in epan/dissectors/packet-clnp.c in the CLNP dissector in Wireshark 1.6.x ... | | |
| CVE-2013-1583 | The dissect_version_4_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector i... | | |
| CVE-2013-1584 | The dissect_version_5_and_6_primary_header function in epan/dissectors/packet-dtn.c in the DTN disse... | | |
| CVE-2013-1585 | epan/tvbuff.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly validate cer... | | |
| CVE-2013-1586 | The fragment_set_tot_len function in epan/reassemble.c in Wireshark 1.6.x before 1.6.13 and 1.8.x be... | | |
| CVE-2013-1587 | The dissect_rohc_ir_packet function in epan/dissectors/packet-rohc.c in the ROHC dissector in Wiresh... | | |
| CVE-2013-1588 | Multiple buffer overflows in the dissect_pft_fec_detailed function in the DCP-ETSI dissector in epan... | | |
| CVE-2013-1589 | Double free vulnerability in epan/proto.c in the dissection engine in Wireshark 1.6.x before 1.6.13 ... | S | |
| CVE-2013-1590 | Buffer overflow in the NTLMSSP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 all... | | |
| CVE-2013-1591 | Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other produc... | E S | |
| CVE-2013-1592 | A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() functio... | E | |
| CVE-2013-1593 | A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP... | E | |
| CVE-2013-1594 | An Information Disclosure vulnerability exists via a GET request in Vivotek PT7135 IP Camera 0300a a... | E | |
| CVE-2013-1595 | A Buffer Overflow vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via a specially c... | E | |
| CVE-2013-1596 | An Authentication Bypass Vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via specia... | E | |
| CVE-2013-1597 | A Directory Traversal vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via a specia... | E | |
| CVE-2013-1598 | A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system... | E | |
| CVE-2013-1599 | A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Camera... | E | |
| CVE-2013-1600 | An Authentication Bypass vulnerability exists in upnp/asf-mp4.asf when streaming live video in D-Lin... | E | |
| CVE-2013-1601 | An Information Disclosure vulnerability exists due to a failure to restrict access on the lums.cgi s... | E | |
| CVE-2013-1602 | An Information Disclosure vulnerability exists due to insufficient validation of authentication cook... | E | |
| CVE-2013-1603 | An Authentication vulnerability exists in D-LINK WCS-1100 1.02, TESCO DCS-2121 1.05_TESCO, TESCO DCS... | E | |
| CVE-2013-1604 | Directory traversal vulnerability in MayGion IP Cameras with firmware before 2013.04.22 (05.53) allo... | E | |
| CVE-2013-1605 | Buffer overflow in MayGion IP Cameras with firmware before 2013.04.22 (05.53) allows remote attacker... | E | |
| CVE-2013-1606 | Buffer overflow in the ubnt-streamer RTSP service on the Ubiquiti UBNT AirCam with airVision firmwar... | E | |
| CVE-2013-1607 | Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability... | | |
| CVE-2013-1608 | Directory traversal vulnerability in the Management Console on the Symantec NetBackup (NBU) applianc... | | |
| CVE-2013-1609 | Multiple unquoted Windows search path vulnerabilities in the (1) File Collector and (2) File PlaceHo... | | |
| CVE-2013-1610 | Unquoted Windows search path vulnerability in RDDService in Symantec PGP Desktop 10.0.x through 10.2... | | |
| CVE-2013-1611 | Multiple cross-site scripting (XSS) vulnerabilities in administrative-interface pages in the managem... | | |
| CVE-2013-1612 | Buffer overflow in secars.dll in the management console in Symantec Endpoint Protection Manager (SEP... | | |
| CVE-2013-1613 | SQL injection vulnerability in the management console (aka Java console) on the Symantec Security In... | | |
| CVE-2013-1614 | Multiple cross-site scripting (XSS) vulnerabilities in the management console (aka Java console) on ... | | |
| CVE-2013-1615 | The management console (aka Java console) on the Symantec Security Information Manager (SSIM) applia... | | |
| CVE-2013-1616 | The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attack... | | |
| CVE-2013-1617 | Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) a... | | |
| CVE-2013-1618 | The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks ... | | |
| CVE-2013-1619 | The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does no... | E S | |
| CVE-2013-1620 | The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing ... | | |
| CVE-2013-1621 | Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a... | S | |
| CVE-2013-1622 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is not... | R | |
| CVE-2013-1623 | The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side... | | |
| CVE-2013-1624 | The TLS implementation in the Bouncy Castle Java library before 1.48 and C# library before 1.8 does ... | | |
| CVE-2013-1627 | Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Adva... | | |
| CVE-2013-1628 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2013-1629 | pip before 1.3 uses HTTP to retrieve packages from the PyPI repository, and does not perform integri... | E S | |
| CVE-2013-1630 | pyshop before 0.7.1 uses HTTP to retrieve packages from the PyPI repository, and does not perform in... | | |
| CVE-2013-1631 | Verax NMS prior to 2.1.0 leaks connection details when any user executes a Repair Table action... | E | |
| CVE-2013-1633 | easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and d... | | |
| CVE-2013-1634 | A denial of service vulnerability exists in some motherboard implementations of Intel e1000e/82574L ... | | |
| CVE-2013-1635 | ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship betw... | | |
| CVE-2013-1636 | Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash... | E S | |
| CVE-2013-1637 | Opera before 12.13 allows remote attackers to execute arbitrary code via vectors involving DOM event... | | |
| CVE-2013-1638 | Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG... | | |
| CVE-2013-1639 | Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote ... | | |
| CVE-2013-1640 | The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7... | | |
| CVE-2013-1641 | Directory traversal vulnerability in the zip download functionality in QuiXplorer before 2.5.5 allow... | E | |
| CVE-2013-1642 | Multiple cross-site scripting (XSS) vulnerabilities in QuiXplorer before 2.5.5 allow remote attacker... | E | |
| CVE-2013-1643 | The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitra... | | |
| CVE-2013-1645 | Directory traversal vulnerability in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, a... | E | |
| CVE-2013-1646 | Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22... | | |
| CVE-2013-1647 | Multiple CRLF injection vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before re... | E | |
| CVE-2013-1648 | The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.... | E | |
| CVE-2013-1649 | Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses the crypt... | | |
| CVE-2013-1650 | Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses weak perm... | E | |
| CVE-2013-1651 | OXUpdater in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 d... | E | |
| CVE-2013-1652 | Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.... | | |
| CVE-2013-1653 | Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.... | | |
| CVE-2013-1654 | Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does no... | | |
| CVE-2013-1655 | Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote a... | | |
| CVE-2013-1656 | Spree Commerce 1.0.x through 1.3.2 allows remote authenticated administrators to instantiate arbitra... | E | |
| CVE-2013-1659 | VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and 5.1 before 5.1.0b; VMware ESXi ... | | |
| CVE-2013-1660 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-1661 | VMware ESXi 4.0 through 5.1, and ESX 4.0 and 4.1, does not properly implement the Network File Copy ... | | |
| CVE-2013-1662 | vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on De... | | |
| CVE-2013-1664 | The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, ... | E | |
| CVE-2013-1665 | The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex a... | S | |
| CVE-2013-1666 | Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro.... | | |
| CVE-2013-1667 | The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a deni... | | |
| CVE-2013-1668 | The uploadFile function in upload/index.php in CosCMS before 1.822 allows remote administrators to e... | E | |
| CVE-2013-1669 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0 allow remo... | | |
| CVE-2013-1670 | The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x befo... | E | |
| CVE-2013-1671 | Mozilla Firefox before 21.0 does not properly implement the INPUT element, which allows remote attac... | | |
| CVE-2013-1672 | The Mozilla Maintenance Service in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thun... | | |
| CVE-2013-1673 | The Mozilla Updater in Mozilla Firefox before 21.0 on Windows does not properly maintain Mozilla Mai... | | |
| CVE-2013-1674 | Use-after-free vulnerability in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunder... | | |
| CVE-2013-1675 | Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderb... | KEV E | |
| CVE-2013-1676 | The SelectionIterator::GetNextSegment function in Mozilla Firefox before 21.0, Firefox ESR 17.x befo... | | |
| CVE-2013-1677 | The gfxSkipCharsIterator::SetOffsets function in Mozilla Firefox before 21.0, Firefox ESR 17.x befor... | | |
| CVE-2013-1678 | The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 1... | | |
| CVE-2013-1679 | Use-after-free vulnerability in the mozilla::plugins::child::_geturlnotify function in Mozilla Firef... | | |
| CVE-2013-1680 | Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox before 21.0,... | | |
| CVE-2013-1681 | Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox ... | | |
| CVE-2013-1682 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0, Firefox E... | | |
| CVE-2013-1683 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0 allow remo... | | |
| CVE-2013-1684 | Use-after-free vulnerability in the mozilla::dom::HTMLMediaElement::LookupMediaElementURITable funct... | | |
| CVE-2013-1685 | Use-after-free vulnerability in the nsIDocument::GetRootElement function in Mozilla Firefox before 2... | | |
| CVE-2013-1686 | Use-after-free vulnerability in the mozilla::ResetDir function in Mozilla Firefox before 22.0, Firef... | | |
| CVE-2013-1687 | The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox bef... | | |
| CVE-2013-1688 | The Profiler implementation in Mozilla Firefox before 22.0 parses untrusted data during UI rendering... | | |
| CVE-2013-1689 | Mozilla Firefox 20.0a1 and earlier allows remote attackers to cause a denial of service (crash), rel... | E | |
| CVE-2013-1690 | Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderb... | KEV | |
| CVE-2013-1692 | Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderb... | | |
| CVE-2013-1693 | The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunde... | | |
| CVE-2013-1694 | The PreserveWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, T... | | |
| CVE-2013-1695 | Mozilla Firefox before 22.0 does not properly implement certain DocShell inheritance behavior for th... | | |
| CVE-2013-1696 | Mozilla Firefox before 22.0 does not properly enforce the X-Frame-Options protection mechanism, whic... | | |
| CVE-2013-1697 | The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thund... | | |
| CVE-2013-1698 | The getUserMedia permission implementation in Mozilla Firefox before 22.0 references the URL of a to... | | |
| CVE-2013-1699 | The Internationalized Domain Name (IDN) display algorithm in Mozilla Firefox before 22.0 does not pr... | | |
| CVE-2013-1700 | The Mozilla Maintenance Service in Mozilla Firefox before 22.0 on Windows does not properly handle i... | | |
| CVE-2013-1701 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0, Firefox E... | | |
| CVE-2013-1702 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0 and SeaMon... | | |
| CVE-2013-1703 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2013-1704 | Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 a... | | |
| CVE-2013-1705 | Heap-based buffer underflow in the cryptojs_interpret_key_gen_type function in Mozilla Firefox befor... | | |
| CVE-2013-1706 | Stack-based buffer overflow in maintenanceservice.exe in the Mozilla Maintenance Service in Mozilla ... | | |
| CVE-2013-1707 | Stack-based buffer overflow in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x befo... | | |
| CVE-2013-1708 | Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of se... | | |
| CVE-2013-1709 | Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ... | | |
| CVE-2013-1710 | The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0... | | |
| CVE-2013-1711 | The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 does not pro... | | |
| CVE-2013-1712 | Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Updater in Mozilla Firefox ... | | |
| CVE-2013-1713 | Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ... | | |
| CVE-2013-1714 | The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thund... | | |
| CVE-2013-1715 | Multiple untrusted search path vulnerabilities in the (1) full installer and (2) stub installer in M... | | |
| CVE-2013-1717 | Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ... | | |
| CVE-2013-1718 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Firefox E... | | |
| CVE-2013-1719 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Thunderbi... | | |
| CVE-2013-1720 | The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tree Builder in Mozilla Firefox ... | | |
| CVE-2013-1721 | Integer overflow in the drawLineLoop function in the libGLESv2 library in Almost Native Graphics Lay... | | |
| CVE-2013-1722 | Use-after-free vulnerability in the nsAnimationManager::BuildAnimations function in the Animation Ma... | | |
| CVE-2013-1723 | The NativeKey widget in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2... | | |
| CVE-2013-1724 | Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function i... | | |
| CVE-2013-1725 | Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ES... | | |
| CVE-2013-1726 | Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 2... | | |
| CVE-2013-1727 | Mozilla Firefox before 24.0 on Android allows attackers to bypass the Same Origin Policy, and conseq... | | |
| CVE-2013-1728 | The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonk... | | |
| CVE-2013-1729 | The WebGL implementation in Mozilla Firefox before 24.0, when NVIDIA graphics drivers are used on Ma... | | |
| CVE-2013-1730 | Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ES... | | |
| CVE-2013-1731 | Untrusted search path vulnerability in the GL tracing functionality in Mozilla Firefox before 24.0 o... | | |
| CVE-2013-1732 | Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ... | | |
| CVE-2013-1733 | Cross-site request forgery (CSRF) vulnerability in process_bug.cgi in Bugzilla 4.4.x before 4.4.1 al... | E S | |
| CVE-2013-1734 | Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.0.x be... | E S | |
| CVE-2013-1735 | Use-after-free vulnerability in the mozilla::layout::ScrollbarActivity function in Mozilla Firefox b... | | |
| CVE-2013-1736 | The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17... | | |
| CVE-2013-1737 | Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ES... | | |
| CVE-2013-1738 | Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.... | | |
| CVE-2013-1739 | Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initi... | | |
| CVE-2013-1740 | The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) b... | E | |
| CVE-2013-1741 | Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attacke... | | |
| CVE-2013-1742 | Multiple cross-site scripting (XSS) vulnerabilities in editflagtypes.cgi in Bugzilla 2.x, 3.x, and 4... | E S | |
| CVE-2013-1743 | Multiple cross-site scripting (XSS) vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before... | | |
| CVE-2013-1744 | IRIS citations management tool through 1.3 allows remote attackers to execute arbitrary commands.... | E | |
| CVE-2013-1747 | channel.c in ngIRCd 20 and 20.1 allows remote attackers to cause a denial of service (assertion fail... | | |
| CVE-2013-1748 | Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute a... | E | |
| CVE-2013-1749 | Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted ... | E | |
| CVE-2013-1750 | Heap-based buffer overflow in RealNetworks RealPlayer before 16.0.1.18 and RealPlayer SP 1.0 through... | | |
| CVE-2013-1751 | TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted ... | S | |
| CVE-2013-1752 | Rejected reason: Various versions of Python do not properly restrict readline calls, which allows re... | R | |
| CVE-2013-1753 | The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attack... | S | |
| CVE-2013-1756 | The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, a... | | |
| CVE-2013-1758 | Cross-site scripting (XSS) vulnerability in the Marekkis Watermark plugin 0.9.2 for WordPress allows... | E | |
| CVE-2013-1759 | Cross-site scripting (XSS) vulnerability in the Responsive Logo Slideshow plugin for WordPress allow... | E | |
| CVE-2013-1760 | The Bug Genie before 3.2.6 has Multiple XSS and HTML Injection Vulnerabilities... | | |
| CVE-2013-1762 | stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, do... | | |
| CVE-2013-1763 | Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel be... | E S | |
| CVE-2013-1764 | The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to downgrade packages vi... | S | |
| CVE-2013-1765 | Multiple cross-site scripting (XSS) vulnerabilities in jwplayer.swf in the smart-flv plugin for Word... | | |
| CVE-2013-1766 | libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to ... | | |
| CVE-2013-1767 | Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel befo... | E S | |
| CVE-2013-1768 | The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates loca... | | |
| CVE-2013-1769 | A certain hashing algorithm in Telepathy Gabble 0.16.x before 0.16.5 and 0.17.x before 0.17.3 allows... | S | |
| CVE-2013-1770 | Cross-site scripting (XSS) vulnerability in views_view.php in Ganglia Web 3.5.7 allows remote attack... | E S | |
| CVE-2013-1771 | The web server Monkeyd produces a world-readable log (/var/log/monkeyd/master.log) on gentoo.... | | |
| CVE-2013-1772 | The log_prefix function in kernel/printk.c in the Linux kernel 3.x before 3.4.33 does not properly r... | | |
| CVE-2013-1773 | Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local us... | E | |
| CVE-2013-1774 | The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local ... | | |
| CVE-2013-1775 | sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximat... | E S | |
| CVE-2013-1776 | sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not ... | | |
| CVE-2013-1777 | The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Applica... | S | |
| CVE-2013-1778 | Cross-site scripting (XSS) vulnerability in the Creative Theme 7.x-1.x before 7.x-1.2 for Drupal all... | S | |
| CVE-2013-1779 | Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Fresh theme before 7.x-1.4 fo... | S | |
| CVE-2013-1780 | Cross-site scripting (XSS) vulnerability in the Best Responsive Theme 7.x-1.x before 7.x-1.1 for Dru... | S | |
| CVE-2013-1781 | Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Professional theme before 7.x... | S | |
| CVE-2013-1782 | Cross-site scripting (XSS) vulnerability in the Responsive Blog Theme 7.x-1.x before 7.x-1.6 for Dru... | S | |
| CVE-2013-1783 | Cross-site scripting (XSS) vulnerability in the 3 slide gallery in page--front.tpl.php in the Busine... | S | |
| CVE-2013-1784 | Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Clean Theme before 7.x-1.3 fo... | S | |
| CVE-2013-1785 | Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Premium Responsive theme befo... | S | |
| CVE-2013-1786 | Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Company theme before 7.x-1.4 ... | S | |
| CVE-2013-1787 | Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Simple Corporate theme before... | S | |
| CVE-2013-1788 | poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and po... | E S | |
| CVE-2013-1789 | splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of se... | E S | |
| CVE-2013-1790 | poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified... | E S | |
| CVE-2013-1791 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2013-1792 | Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux ke... | | |
| CVE-2013-1793 | openstack-utils openstack-db has insecure password creation... | | |
| CVE-2013-1794 | Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated user... | | |
| CVE-2013-1795 | Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote attackers to cause a denial of se... | | |
| CVE-2013-1796 | The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ens... | S | |
| CVE-2013-1797 | Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS... | | |
| CVE-2013-1798 | The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not pr... | E S | |
| CVE-2013-1799 | Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not properly validate S... | | |
| CVE-2013-1800 | The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which mi... | E S | |
| CVE-2013-1801 | The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which... | E S | |
| CVE-2013-1802 | The extlib gem 0.9.15 and earlier for Ruby does not properly restrict casts of string values, which ... | E S | |
| CVE-2013-1803 | Multiple SQL injection vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to execut... | | |
| CVE-2013-1804 | Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion before 7.02.06 allow remote attack... | | |
| CVE-2013-1805 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-1806. Reason: This issue was... | R | |
| CVE-2013-1806 | Multiple directory traversal vulnerabilities in PHP-Fusion before 7.02.06 allow remote authenticated... | E S | |
| CVE-2013-1807 | PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted director... | E S | |
| CVE-2013-1808 | Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboa... | E | |
| CVE-2013-1809 | Gambas before 3.4.0 allows remote attackers to move or manipulate directory contents or perform syml... | S | |
| CVE-2013-1810 | Multiple cross-site scripting (XSS) vulnerabilities in core/summary_api.php in MantisBT 1.2.12 allow... | | |
| CVE-2013-1811 | An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change... | | |
| CVE-2013-1812 | The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of servic... | E S | |
| CVE-2013-1813 | util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creatin... | E S | |
| CVE-2013-1814 | The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticat... | E | |
| CVE-2013-1815 | PackStack 2012.2.3 in Red Hat OpenStack Essex and Folsom can create the answer file in insecure dire... | E | |
| CVE-2013-1816 | MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of servic... | | |
| CVE-2013-1817 | MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allow... | | |
| CVE-2013-1818 | maintenance/mwdoc-filter.php in MediaWiki before 1.20.3 allows remote attackers to read arbitrary fi... | | |
| CVE-2013-1819 | The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel before 3.7.6 does not validate bl... | | |
| CVE-2013-1820 | tuned before 2.x allows local users to kill running processes due to insecure permissions with tuned... | | |
| CVE-2013-1821 | lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a d... | | |
| CVE-2013-1822 | Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.8 allow remote auth... | | |
| CVE-2013-1823 | Cross-site scripting (XSS) vulnerability in the Notifications form in Red Hat Subscription Asset Man... | E | |
| CVE-2013-1824 | The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitra... | S | |
| CVE-2013-1825 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-2546, CVE-2013-2547, CVE-20... | R | |
| CVE-2013-1826 | The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux kernel before 3.5.7 does not pr... | | |
| CVE-2013-1827 | net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a de... | E S | |
| CVE-2013-1828 | The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does ... | E S | |
| CVE-2013-1829 | calendar/managesubscriptions.php in Moodle 2.4.x before 2.4.2 does not consider capability requireme... | S | |
| CVE-2013-1830 | user/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4... | S | |
| CVE-2013-1831 | lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before ... | S | |
| CVE-2013-1832 | repository/webdav/lib.php in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and ... | S | |
| CVE-2013-1833 | Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module in Moodle 2.x through ... | S | |
| CVE-2013-1834 | notes/edit.php in Moodle 1.9.x through 1.9.19, 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before ... | S | |
| CVE-2013-1835 | Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows rem... | S | |
| CVE-2013-1836 | Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not p... | | |
| CVE-2013-1837 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2013-1838 | OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a ... | | |
| CVE-2013-1839 | The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.... | | |
| CVE-2013-1840 | The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-t... | | |
| CVE-2013-1841 | Net-Server, when the reverse-lookups option is enabled, does not check if the hostname resolves to t... | | |
| CVE-2013-1842 | SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.... | | |
| CVE-2013-1843 | Open redirect vulnerability in the Access tracking mechanism in TYPO3 4.5.x before 4.5.24, 4.6.x bef... | | |
| CVE-2013-1844 | Cross-site scripting (XSS) vulnerability in Piwik before 1.11 allows remote attackers to inject arbi... | | |
| CVE-2013-1845 | The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8... | | |
| CVE-2013-1846 | The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8... | | |
| CVE-2013-1847 | The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.... | | |
| CVE-2013-1848 | fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain ci... | E S | |
| CVE-2013-1849 | The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.... | | |
| CVE-2013-1850 | Multiple incomplete blacklist vulnerabilities in (1) import.php and (2) ajax/uploadimport.php in app... | | |
| CVE-2013-1851 | Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.13 and 4.5.x before 4.5... | | |
| CVE-2013-1852 | SQL injection vulnerability in leaguemanager.php in the LeagueManager plugin before 3.8.1 for WordPr... | E | |
| CVE-2013-1853 | Almanah Diary 0.9.0 and 0.10.0 does not encrypt the database when closed, which allows local users t... | | |
| CVE-2013-1854 | The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x bef... | | |
| CVE-2013-1855 | The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action... | | |
| CVE-2013-1856 | The ActiveSupport::XmlMini_JDOM backend in lib/active_support/xml_mini/jdom.rb in the Active Support... | | |
| CVE-2013-1857 | The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pac... | | |
| CVE-2013-1858 | The clone system-call implementation in the Linux kernel before 3.8.3 does not properly handle a com... | E | |
| CVE-2013-1859 | The Node Parameter Control module 6.x-1.x for Drupal does not properly restrict access to the config... | | |
| CVE-2013-1860 | Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Lin... | E S | |
| CVE-2013-1861 | MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and ... | E | |
| CVE-2013-1862 | mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to... | S | |
| CVE-2013-1863 | Samba 4.x before 4.0.4, when configured as an Active Directory domain controller, uses world-writabl... | S | |
| CVE-2013-1864 | The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not proper... | E S | |
| CVE-2013-1865 | OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI toke... | | |
| CVE-2013-1866 | OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability... | | |
| CVE-2013-1867 | Gemalto Tokend 2013 has an Arbitrary File Creation/Overwrite Vulnerability... | | |
| CVE-2013-1868 | Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earlier allow remote attackers to c... | | |
| CVE-2013-1869 | CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite ... | S | |
| CVE-2013-1870 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-1869. Reason: This candida... | R | |
| CVE-2013-1871 | Cross-site scripting (XSS) vulnerability in account/EditAddress.do in Spacewalk and Red Hat Network ... | S | |
| CVE-2013-1872 | The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of ser... | | |
| CVE-2013-1873 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-2634, CVE-2013-2635, CVE-201... | R | |
| CVE-2013-1874 | Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arb... | | |
| CVE-2013-1875 | command_wrap.rb in the command_wrap Gem for Ruby allows remote attackers to execute arbitrary comman... | | |
| CVE-2013-1876 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-2615. Reason: This candida... | R | |
| CVE-2013-1877 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-2616. Reason: This candida... | R | |
| CVE-2013-1878 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-2617. Reason: This candida... | R | |
| CVE-2013-1879 | Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allow... | | |
| CVE-2013-1880 | Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web applicat... | E | |
| CVE-2013-1881 | GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document conta... | | |
| CVE-2013-1883 | Mantis Bug Tracker (aka MantisBT) 1.2.12 before 1.2.15 allows remote attackers to cause a denial of ... | E S | |
| CVE-2013-1884 | The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers... | | |
| CVE-2013-1885 | Multiple cross-site scripting (XSS) vulnerabilities in the token processing system (pki-tps) in Red ... | | |
| CVE-2013-1886 | Format string vulnerability in the token processing system (pki-tps) in Red Hat Certificate System (... | | |
| CVE-2013-1887 | Multiple cross-site scripting (XSS) vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for D... | S | |
| CVE-2013-1888 | pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the... | S | |
| CVE-2013-1889 | mod_ruid2 before 0.9.8 improperly handles file descriptors which allows remote attackers to bypass s... | | |
| CVE-2013-1890 | Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 5.0.1 allow remote att... | | |
| CVE-2013-1891 | In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filemanager.php is ineffective and ... | E | |
| CVE-2013-1892 | MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper ... | E | |
| CVE-2013-1893 | SQL injection vulnerability in addressbookprovider.php in ownCloud Server before 5.0.1 allows remote... | | |
| CVE-2013-1894 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-2561. Reason: This candidate... | R | |
| CVE-2013-1895 | The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which ... | | |
| CVE-2013-1896 | mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled... | E S | |
| CVE-2013-1897 | The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20... | | |
| CVE-2013-1898 | lib/thumbshooter.rb in the Thumbshooter 0.1.5 gem for Ruby allows remote attackers to execute arbitr... | | |
| CVE-2013-1899 | Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x bef... | | |
| CVE-2013-1900 | PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, whe... | | |
| CVE-2013-1901 | PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges,... | | |
| CVE-2013-1902 | PostgreSQL, 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.... | | |
| CVE-2013-1903 | PostgreSQL, possibly 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.1... | | |
| CVE-2013-1904 | Absolute path traversal vulnerability in steps/mail/sendmail.inc in Roundcube Webmail before 0.7.3 a... | S | |
| CVE-2013-1905 | Cross-site scripting (XSS) vulnerability in the Zero Point theme 7.x-1.x before 7.x-1.9 for Drupal a... | S | |
| CVE-2013-1906 | Cross-site scripting (XSS) vulnerability in the Rules module 7.x-2.x before 7.x-2.3 for Drupal allow... | | |
| CVE-2013-1907 | The Commons Group module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, do... | | |
| CVE-2013-1908 | The Commons Wikis module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, do... | S | |
| CVE-2013-1909 | The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domai... | S | |
| CVE-2013-1910 | yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and... | | |
| CVE-2013-1911 | lib/ldoce/word.rb in the ldoce 0.0.2 gem for Ruby allows remote attackers to execute arbitrary comma... | E | |
| CVE-2013-1912 | Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is... | | |
| CVE-2013-1913 | Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP... | | |
| CVE-2013-1914 | Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Libr... | | |
| CVE-2013-1915 | ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intr... | S | |
| CVE-2013-1916 | In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and i... | E S | |
| CVE-2013-1917 | Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using ... | | |
| CVE-2013-1918 | Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, whi... | | |
| CVE-2013-1919 | Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which allows local stub domain client... | | |
| CVE-2013-1920 | Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running "under memory pressure" and the Xen Se... | S | |
| CVE-2013-1921 | PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users... | | |
| CVE-2013-1922 | qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the heade... | | |
| CVE-2013-1923 | rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI au... | | |
| CVE-2013-1924 | Commerce Skrill (Formerly Moneybookers) has an Access bypass vulnerability in all versions prior to ... | | |
| CVE-2013-1925 | The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict no... | S | |
| CVE-2013-1926 | The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets wi... | | |
| CVE-2013-1927 | The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitr... | | |
| CVE-2013-1928 | The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspe... | | |
| CVE-2013-1929 | Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in th... | E S | |
| CVE-2013-1930 | MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close is... | | |
| CVE-2013-1931 | A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbi... | S | |
| CVE-2013-1932 | A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) ... | | |
| CVE-2013-1933 | The extract_from_ocr function in lib/docsplit/text_extractor.rb in the Karteek Docsplit (karteek-doc... | | |
| CVE-2013-1934 | A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) ... | S | |
| CVE-2013-1935 | A certain Red Hat patch to the KVM subsystem in the kernel package before 2.6.32-358.11.1.el6 on Red... | | |
| CVE-2013-1936 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2013-1937 | Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x... | E | |
| CVE-2013-1938 | Zimbra 2013 has XSS in aspell.php... | E S | |
| CVE-2013-1939 | The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.7.7, and 1.8.x before 1.8.5, as use... | | |
| CVE-2013-1940 | X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input even... | | |
| CVE-2013-1941 | The installation routine in ownCloud Server before 4.0.14, 4.5.x before 4.5.9, and 5.0.x before 5.0.... | | |
| CVE-2013-1942 | Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF comp... | E S | |
| CVE-2013-1943 | The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specifi... | S | |
| CVE-2013-1944 | The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the pat... | | |
| CVE-2013-1945 | ruby193 uses an insecure LD_LIBRARY_PATH setting.... | | |
| CVE-2013-1946 | The RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.0-alpha5 fo... | S | |
| CVE-2013-1947 | kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands ... | | |
| CVE-2013-1948 | converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrar... | | |
| CVE-2013-1949 | Social Media Widget (social-media-widget) plugin 4.0 for WordPress contains an externally introduced... | E | |
| CVE-2013-1950 | The svc_dg_getargs function in libtirpc 0.2.3 and earlier allows remote attackers to cause a denial ... | | |
| CVE-2013-1951 | A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and a... | | |
| CVE-2013-1952 | Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, does not properly check the s... | | |
| CVE-2013-1953 | Integer underflow in the input_bmp_reader function in input-bmp.c in AutoTrace 0.31.1 allows context... | | |
| CVE-2013-1954 | The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remo... | E | |
| CVE-2013-1955 | Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php and (2) datePicker.php in Easy ... | | |
| CVE-2013-1956 | The create_user_ns function in kernel/user_namespace.c in the Linux kernel before 3.8.6 does not che... | | |
| CVE-2013-1957 | The clone_mnt function in fs/namespace.c in the Linux kernel before 3.8.6 does not properly restrict... | | |
| CVE-2013-1958 | The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.8.6 does not properly en... | | |
| CVE-2013-1959 | kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requir... | E | |
| CVE-2013-1960 | Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and e... | | |
| CVE-2013-1961 | Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 a... | | |
| CVE-2013-1962 | The remoteDispatchStoragePoolListAllVolumes function in the storage pool manager in libvirt 1.0.5 al... | | |
| CVE-2013-1963 | The contacts application in ownCloud before 4.5.10 and 5.x before 5.0.5 does not properly check the ... | | |
| CVE-2013-1964 | Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive g... | | |
| CVE-2013-1965 | Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote ... | | |
| CVE-2013-1966 | Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted... | | |
| CVE-2013-1967 | Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, ... | E S | |
| CVE-2013-1968 | Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial... | | |
| CVE-2013-1969 | Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow con... | E | |
| CVE-2013-1970 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-1969. Reason: This candida... | R | |
| CVE-2013-1971 | Cross-site scripting (XSS) vulnerability in the MP3 Player module for Drupal 6.x allows remote authe... | | |
| CVE-2013-1972 | Cross-site request forgery (CSRF) vulnerability in the elFinder file manager module 6.x-0.x before 6... | | |
| CVE-2013-1973 | The autocomplete callback in Autocomplete Widgets for Text and Number Fields (autocomplete_widgets) ... | S | |
| CVE-2013-1976 | The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomca... | | |
| CVE-2013-1977 | OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to ob... | E | |
| CVE-2013-1978 | Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) pl... | | |
| CVE-2013-1979 | The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid ... | | |
| CVE-2013-1980 | Buffer overflow in the get_dsmp function in loaders/masi_load.c in libxmp before 4.1.0 allows remote... | E S | |
| CVE-2013-1981 | Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to trigg... | | |
| CVE-2013-1982 | Multiple integer overflows in X.org libXext 1.3.1 and earlier allow X servers to trigger allocation ... | S | |
| CVE-2013-1983 | Integer overflow in X.org libXfixes 5.0 and earlier allows X servers to trigger allocation of insuff... | | |
| CVE-2013-1984 | Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X servers to trigger allocation of... | | |
| CVE-2013-1985 | Integer overflow in X.org libXinerama 1.1.2 and earlier allows X servers to trigger allocation of in... | | |
| CVE-2013-1986 | Multiple integer overflows in X.org libXrandr 1.4.0 and earlier allow X servers to trigger allocatio... | | |
| CVE-2013-1987 | Multiple integer overflows in X.org libXrender 0.9.7 and earlier allow X servers to trigger allocati... | | |
| CVE-2013-1988 | Multiple integer overflows in X.org libXRes 1.0.6 and earlier allow X servers to trigger allocation ... | | |
| CVE-2013-1989 | Multiple integer overflows in X.org libXv 1.0.7 and earlier allow X servers to trigger allocation of... | | |
| CVE-2013-1990 | Multiple integer overflows in X.org libXvMC 1.0.7 and earlier allow X servers to trigger allocation ... | | |
| CVE-2013-1991 | Multiple integer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to trigger allocat... | | |
| CVE-2013-1992 | Multiple integer overflows in X.org libdmx 1.1.2 and earlier allow X servers to trigger allocation o... | | |
| CVE-2013-1993 | Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allo... | | |
| CVE-2013-1994 | Multiple integer overflows in X.org libchromeXvMC and libchromeXvMCPro in openChrome 0.3.2 and earli... | | |
| CVE-2013-1995 | X.org libXi 1.7.1 and earlier allows X servers to trigger allocation of insufficient memory and a bu... | | |
| CVE-2013-1996 | X.org libFS 1.0.4 and earlier allows X servers to trigger allocation of insufficient memory and a bu... | | |
| CVE-2013-1997 | Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause ... | | |
| CVE-2013-1998 | Multiple buffer overflows in X.org libXi 1.7.1 and earlier allow X servers to cause a denial of serv... | | |
| CVE-2013-1999 | Buffer overflow in X.org libXvMC 1.0.7 and earlier allows X servers to cause a denial of service (cr... | |