| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2013-4000 | Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Cognos Command Center before 10.2 ... | | |
| CVE-2013-4001 | Session fixation vulnerability in IBM Cognos Command Center before 10.2 allows remote attackers to h... | | |
| CVE-2013-4002 | XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment... | S | |
| CVE-2013-4003 | Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x ... | | |
| CVE-2013-4004 | Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application ... | | |
| CVE-2013-4005 | Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application ... | | |
| CVE-2013-4006 | IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.5.1 uses weak permissions for ... | | |
| CVE-2013-4007 | Cross-site scripting (XSS) vulnerability in adv_sw.php in the Advanced Management Module (AMM) with ... | | |
| CVE-2013-4011 | Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.... | | |
| CVE-2013-4012 | IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF09, when Content Template Catalog 4.0 is used, does no... | S | |
| CVE-2013-4013 | IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.2 allows r... | | |
| CVE-2013-4014 | Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 befor... | | |
| CVE-2013-4015 | Microsoft Internet Explorer 6 through 10 allows local users to bypass the elevation policy check in ... | | |
| CVE-2013-4016 | SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7... | | |
| CVE-2013-4017 | SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 allows remote attacke... | | |
| CVE-2013-4018 | IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows re... | | |
| CVE-2013-4019 | Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 be... | | |
| CVE-2013-4020 | IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows r... | | |
| CVE-2013-4021 | IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows re... | | |
| CVE-2013-4022 | IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Opt... | | |
| CVE-2013-4024 | IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Opt... | | |
| CVE-2013-4025 | IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Opt... | | |
| CVE-2013-4027 | IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.5 allows r... | | |
| CVE-2013-4030 | Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers suppo... | | |
| CVE-2013-4031 | The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module ... | | |
| CVE-2013-4032 | The Fast Communications Manager (FCM) in IBM DB2 Enterprise Server Edition and Advanced Enterprise S... | | |
| CVE-2013-4033 | IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 all... | | |
| CVE-2013-4034 | IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 befo... | | |
| CVE-2013-4035 | IBM Sterling Connect:Direct for OpenVMS 3.4.00, 3.4.01, 3.5.00, 3.6.0, and 3.6.0.1 allow remote atta... | | |
| CVE-2013-4036 | Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Server for Product... | | |
| CVE-2013-4037 | The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in ... | | |
| CVE-2013-4038 | The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module ... | | |
| CVE-2013-4039 | IBM WebSphere Extended Deployment Compute Grid 8.0 before 8.0.0.3 allows remote authenticated users ... | | |
| CVE-2013-4040 | IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2.x before 7.2.1.5 and 7.2.x before ... | S | |
| CVE-2013-4041 | Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 before SR6, 6.0.1 before SR7,... | | |
| CVE-2013-4042 | Unspecified vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 and 5.0 through FP... | | |
| CVE-2013-4043 | The server in IBM SPSS Collaboration and Deployment Services 4.x before 4.2.1.3 IF3, 5.x before 5.0 ... | | |
| CVE-2013-4044 | IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows re... | | |
| CVE-2013-4045 | Cross-site scripting (XSS) vulnerability in the Portal application in IBM SPSS Collaboration and Dep... | | |
| CVE-2013-4046 | Open redirect vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 I... | | |
| CVE-2013-4047 | Cross-site scripting (XSS) vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, ... | | |
| CVE-2013-4048 | Cross-site scripting (XSS) vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, ... | | |
| CVE-2013-4049 | Unrestricted file upload vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.... | | |
| CVE-2013-4050 | Cross-site request forgery (CSRF) vulnerability in webadmin.nsf in Domino Web Administrator in IBM D... | | |
| CVE-2013-4051 | Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8... | | |
| CVE-2013-4052 | Cross-site scripting (XSS) vulnerability in the UDDI Administrative console in IBM WebSphere Applica... | | |
| CVE-2013-4053 | The WS-Security implementation in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 be... | | |
| CVE-2013-4054 | Directory traversal vulnerability in WMQ Telemetry in IBM WebSphere MQ 7.5 before 7.5.0.3 allows rem... | | |
| CVE-2013-4055 | Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8... | | |
| CVE-2013-4056 | Cross-site request forgery (CSRF) vulnerability in the Data Quality Console and Information Analyzer... | | |
| CVE-2013-4057 | Cross-site request forgery (CSRF) vulnerability in the XML Pack in IBM InfoSphere Information Server... | | |
| CVE-2013-4058 | Multiple SQL injection vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7... | | |
| CVE-2013-4059 | Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Information Server 8.x through... | | |
| CVE-2013-4061 | IBM Rational Policy Tester 8.5 before 8.5.0.5 does not properly check authorization for changes to t... | | |
| CVE-2013-4062 | IBM Rational Policy Tester 8.5 before 8.5.0.5 does not verify X.509 certificates from SSL servers, w... | | |
| CVE-2013-4063 | Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x be... | | |
| CVE-2013-4064 | Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x be... | | |
| CVE-2013-4065 | Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x be... | | |
| CVE-2013-4066 | IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to... | | |
| CVE-2013-4067 | IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to... | | |
| CVE-2013-4068 | Buffer overflow in iNotes in IBM Domino 8.5.3 before FP5 IF1 and 9.0 before IF4 allows remote authen... | S | |
| CVE-2013-4069 | The Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 an... | | |
| CVE-2013-4070 | The Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 an... | | |
| CVE-2013-4073 | The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7... | | |
| CVE-2013-4074 | The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wires... | E | |
| CVE-2013-4075 | epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector in Wireshark 1.8.x before 1.8.8 does ... | | |
| CVE-2013-4076 | Buffer overflow in the dissect_iphc_crtp_fh function in epan/dissectors/packet-ppp.c in the PPP diss... | | |
| CVE-2013-4077 | Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to c... | | |
| CVE-2013-4078 | epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x before 1.8.8 does not validate ... | | |
| CVE-2013-4079 | The dissect_schedule_message function in epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector... | | |
| CVE-2013-4080 | The dissect_r3_upstreamcommand_queryconfig function in epan/dissectors/packet-assa_r3.c in the Assa ... | | |
| CVE-2013-4081 | The http_payload_subdissector function in epan/dissectors/packet-http.c in the HTTP dissector in Wir... | | |
| CVE-2013-4082 | The vwr_read function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before ... | S | |
| CVE-2013-4083 | The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark... | S | |
| CVE-2013-4088 | Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.21, 3.1.x... | | |
| CVE-2013-4090 | Varnish HTTP cache before 3.0.4: ACL bug... | E S | |
| CVE-2013-4091 | The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 does not... | | |
| CVE-2013-4092 | The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows c... | | |
| CVE-2013-4093 | The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows r... | | |
| CVE-2013-4094 | The Key Management feature in the SecureSphere Operations Manager (SOM) Management Server in Imperva... | | |
| CVE-2013-4095 | plain/actionsets.html in the SecureSphere Operations Manager (SOM) Management Server in Imperva Secu... | | |
| CVE-2013-4096 | ServerAdmin/TestTelnetConnection.jsp in DS3 Authentication Server allows remote authenticated users ... | | |
| CVE-2013-4097 | ServerAdmin/TestDRConnection.jsp in DS3 Authentication Server allows remote attackers to obtain sens... | | |
| CVE-2013-4098 | ServerAdmin/ErrorViewer.jsp in DS3 Authentication Server allow remote attackers to inject arbitrary ... | | |
| CVE-2013-4099 | Multiple unspecified vulnerabilities in OpenAL32.dll in JOAL 2.0-rc11, as used in JOGAMP, allow cont... | E | |
| CVE-2013-4100 | Cryptocat before 2.0.22 has Remote Denial of Service via username... | | |
| CVE-2013-4101 | Cryptocat before 2.0.22 Link Markup Decorator HTML Handling Weakness... | | |
| CVE-2013-4102 | Cryptocat before 2.0.22 strophe.js Math.random() Random Number Generator Weakness... | | |
| CVE-2013-4103 | Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input... | | |
| CVE-2013-4104 | Cryptocat before 2.0.22 has weak encryption in the Socialist Millionnaire Protocol... | | |
| CVE-2013-4105 | Cryptocat before 2.0.22 has Multiparty Encryption Scheme Information Disclosure... | | |
| CVE-2013-4106 | A Cross-site scripting (XSS) vulnerability exists in Conversation Overview Nickname in Cryptocat bef... | | |
| CVE-2013-4107 | Cryptocat before 2.0.22: cryptocat.js handlePresence() has cross site scripting... | | |
| CVE-2013-4108 | Multiple unspecified vulnerabilities in Cryptocat Project Cryptocat 2.0.18 have unknown impact and a... | | |
| CVE-2013-4109 | An unspecified cross-site scripting (XSS) vulnerability exists in Cryptocat Message Handling 1.1.165... | | |
| CVE-2013-4110 | Cryptocat has an Unspecified Chat Participant User List Disclosure... | | |
| CVE-2013-4111 | The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the... | | |
| CVE-2013-4112 | The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows rem... | | |
| CVE-2013-4113 | ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote att... | | |
| CVE-2013-4114 | The automatic update request in Nagstamont before 0.9.10 uses a cleartext base64 format for transmis... | | |
| CVE-2013-4115 | Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 t... | S | |
| CVE-2013-4116 | lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary fil... | S | |
| CVE-2013-4117 | Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php in the Category Grid View Galle... | | |
| CVE-2013-4118 | FreeRDP before 1.1.0-beta1 allows remote attackers to cause a denial of service (NULL pointer derefe... | S | |
| CVE-2013-4119 | FreeRDP before 1.1.0-beta+2013071101 allows remote attackers to cause a denial of service (NULL poin... | S | |
| CVE-2013-4120 | Katello has a Denial of Service vulnerability in API OAuth authentication... | | |
| CVE-2013-4121 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2013-4122 | Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon a... | E S | |
| CVE-2013-4123 | client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers t... | S | |
| CVE-2013-4124 | Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.2... | S | |
| CVE-2013-4125 | The fib6_add_rt2node function in net/ipv6/ip6_fib.c in the IPv6 stack in the Linux kernel through 3.... | E S | |
| CVE-2013-4126 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2013-4127 | Use-after-free vulnerability in the vhost_net_set_backend function in drivers/vhost/net.c in the Lin... | E S | |
| CVE-2013-4128 | Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by... | | |
| CVE-2013-4129 | The bridge multicast implementation in the Linux kernel through 3.10.3 does not check whether a cert... | E S | |
| CVE-2013-4130 | The (1) red_channel_pipes_add_type and (2) red_channel_pipes_add_empty_msg functions in server/red_c... | S | |
| CVE-2013-4131 | The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1... | | |
| CVE-2013-4132 | KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt a... | | |
| CVE-2013-4133 | kde-workspace before 4.10.5 has a memory leak in plasma desktop... | E S | |
| CVE-2013-4134 | OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Ke... | | |
| CVE-2013-4135 | The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrit... | | |
| CVE-2013-4136 | ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to ... | | |
| CVE-2013-4137 | Multiple SQL injection vulnerabilities in StatusNet 1.0 before 1.0.2 and 1.1.0 allow remote attacker... | S | |
| CVE-2013-4138 | Cross-site scripting (XSS) vulnerability in the Hatch theme 7.x-1.x before 7.x-1.4 for Drupal allows... | S | |
| CVE-2013-4139 | The Stage File Proxy module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to cause a den... | S | |
| CVE-2013-4140 | Cross-site scripting (XSS) vulnerability in the TinyBox (Simple Splash) module before 7.x-2.2 for Dr... | S | |
| CVE-2013-4141 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-4125. Reason: This candida... | R | |
| CVE-2013-4142 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-3969. Reason: This candida... | R | |
| CVE-2013-4143 | The (1) checkPasswd and (2) checkGroupXlockPasswds functions in xlockmore before 5.43 do not properl... | | |
| CVE-2013-4144 | There is an object injection vulnerability in swfupload plugin for wordpress.... | | |
| CVE-2013-4145 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3414. Reason: This candida... | R | |
| CVE-2013-4146 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3414. Reason: This candidate... | R | |
| CVE-2013-4147 | Multiple format string vulnerabilities in Yet Another Radius Daemon (YARD RADIUS) 1.1.2 allow contex... | | |
| CVE-2013-4148 | Integer signedness error in the virtio_net_load function in hw/net/virtio-net.c in QEMU 1.x before 1... | S | |
| CVE-2013-4149 | Buffer overflow in virtio_net_load function in net/virtio-net.c in QEMU 1.3.0 through 1.7.x before 1... | S | |
| CVE-2013-4150 | The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows ... | S | |
| CVE-2013-4151 | The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to exec... | S | |
| CVE-2013-4152 | The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller... | E S | |
| CVE-2013-4153 | Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemu_agent.c in libvirt 1.0.6 th... | E S | |
| CVE-2013-4154 | The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows ... | E S | |
| CVE-2013-4155 | OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a de... | | |
| CVE-2013-4156 | Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory ... | | |
| CVE-2013-4157 | Red Hat Storage 2.0 allows local users to overwrite arbitrary files via a symlink attack on the (1) ... | S | |
| CVE-2013-4158 | smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790)... | | |
| CVE-2013-4159 | ctdb before 2.3 in OpenSUSE 12.3 and 13.1 does not create temporary files securely, which has unspec... | | |
| CVE-2013-4160 | Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attac... | | |
| CVE-2013-4161 | gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was imprope... | | |
| CVE-2013-4162 | The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux ke... | | |
| CVE-2013-4163 | The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 implementation in the Linux ke... | E S | |
| CVE-2013-4164 | Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1... | E S | |
| CVE-2013-4165 | The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 provides information about authentic... | | |
| CVE-2013-4166 | The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier... | S | |
| CVE-2013-4167 | Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) before 1.11.7 allows remote atta... | | |
| CVE-2013-4168 | Cross-site scripting (XSS) vulnerability in SmokePing 2.6.9 in the start and end time fields.... | | |
| CVE-2013-4169 | GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary dire... | S | |
| CVE-2013-4170 | In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that... | S | |
| CVE-2013-4171 | Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.2 allow remote attac... | S | |
| CVE-2013-4172 | The Red Hat CloudForms Management Engine 5.1 allow remote administrators to execute arbitrary Ruby c... | | |
| CVE-2013-4173 | Directory traversal vulnerability in the trend-data daemon (xymond_rrd) in Xymon 4.x before 4.3.12 a... | S | |
| CVE-2013-4174 | Multiple cross-site scripting (XSS) vulnerabilities in the Scald module 7.x-1.x before 7.x-1.1 for D... | E S | |
| CVE-2013-4175 | MySecureShell 1.31 has a Local Denial of Service Vulnerability... | E | |
| CVE-2013-4176 | mysecureshell 1.31: Local Information Disclosure Vulnerability... | E | |
| CVE-2013-4177 | The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal d... | S | |
| CVE-2013-4178 | The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal a... | | |
| CVE-2013-4179 | The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, a... | E S | |
| CVE-2013-4180 | The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote a... | S | |
| CVE-2013-4181 | Cross-site scripting (XSS) vulnerability in the addAlert function in the RedirectServlet servlet in ... | | |
| CVE-2013-4182 | app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access... | S | |
| CVE-2013-4183 | The clear_volume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 do... | S | |
| CVE-2013-4184 | Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks... | | |
| CVE-2013-4185 | Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before h... | E S | |
| CVE-2013-4186 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2013-4187 | The Flippy module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to nodes, whic... | | |
| CVE-2013-4188 | traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote at... | S | |
| CVE-2013-4189 | Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get.py, and (3) traverseName.py in Plo... | S | |
| CVE-2013-4190 | Multiple cross-site scripting (XSS) vulnerabilities in (1) spamProtect.py, (2) pts.py, and (3) reque... | S | |
| CVE-2013-4191 | zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enfo... | S | |
| CVE-2013-4192 | sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authe... | S | |
| CVE-2013-4193 | typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not prope... | S | |
| CVE-2013-4194 | The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through ... | S | |
| CVE-2013-4195 | Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) publish.py, and (3) principiare... | S | |
| CVE-2013-4196 | The object manager implementation (objectmanager.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, ... | S | |
| CVE-2013-4197 | member_portrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows rem... | S | |
| CVE-2013-4198 | mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remot... | S | |
| CVE-2013-4199 | (1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x t... | S | |
| CVE-2013-4200 | The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x throug... | S | |
| CVE-2013-4201 | Katello allows remote authenticated users to call the "system remove_deletion" CLI command via vecto... | | |
| CVE-2013-4202 | The (1) backup (api/contrib/backups.py) and (2) volume transfer (contrib/volume_transfer.py) APIs in... | S | |
| CVE-2013-4203 | The self.run_gpg function in lib/rgpg/gpg_helper.rb in the rgpg gem before 0.2.3 for Ruby allows rem... | E S | |
| CVE-2013-4204 | Multiple cross-site scripting (XSS) vulnerabilities in the JUnit files in the GWTTestCase in Google ... | S | |
| CVE-2013-4205 | Memory leak in the unshare_userns function in kernel/user_namespace.c in the Linux kernel before 3.1... | E S | |
| CVE-2013-4206 | Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH... | S | |
| CVE-2013-4207 | Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of servi... | | |
| CVE-2013-4208 | The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use a... | | |
| CVE-2013-4209 | Automatic Bug Reporting Tool (ABRT) before 2.1.6 allows local users to obtain sensitive information ... | | |
| CVE-2013-4210 | The org.jboss.remoting.transport.socket.ServerThread class in Red Hat JBoss Remoting for Red Hat JBo... | | |
| CVE-2013-4211 | A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.... | E | |
| CVE-2013-4212 | Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote a... | E S | |
| CVE-2013-4213 | Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by... | | |
| CVE-2013-4214 | rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows ... | | |
| CVE-2013-4215 | The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain p... | | |
| CVE-2013-4216 | The Trace_OpenLogFile function in InfraStack/OSDependent/Linux/InfraStackModules/TraceModule/TraceMo... | | |
| CVE-2013-4217 | The OSAL_Crypt_SetEncryptedPassword function in InfraStack/OSDependent/Linux/OSAL/Services/wimax_osa... | | |
| CVE-2013-4218 | The InitMethodAndPassword function in InfraStack/OSAgnostic/WiMax/Agents/Supplicant/Source/Supplican... | | |
| CVE-2013-4219 | Multiple integer overflows in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX... | | |
| CVE-2013-4220 | The bad_mode function in arch/arm64/kernel/traps.c in the Linux kernel before 3.9.5 on the ARM64 pla... | E S | |
| CVE-2013-4221 | The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes obj... | S | |
| CVE-2013-4222 | OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does ... | | |
| CVE-2013-4223 | The Gentoo Nullmailer package before 1.11-r2 uses world-readable permissions for /etc/nullmailer/rem... | | |
| CVE-2013-4224 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-4187. Reason: This candidate... | R | |
| CVE-2013-4225 | The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupa... | S | |
| CVE-2013-4226 | The Authenticated User Page Caching (Authcache) module 7.x-1.x before 7.x-1.5 for Drupal does not pr... | | |
| CVE-2013-4227 | Cross-site request forgery (CSRF) vulnerability in the persona_xsrf_token function in persona.module... | S | |
| CVE-2013-4228 | The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before... | | |
| CVE-2013-4229 | Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Dru... | E S | |
| CVE-2013-4230 | The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-... | S | |
| CVE-2013-4231 | Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of servic... | | |
| CVE-2013-4232 | Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff ... | S | |
| CVE-2013-4233 | Integer overflow in the abc_set_parts function in load_abc.cpp in libmodplug 0.8.8.4 and earlier all... | E | |
| CVE-2013-4234 | Multiple heap-based buffer overflows in the (1) abc_MIDI_drum and (2) abc_MIDI_gchord functions in l... | E | |
| CVE-2013-4235 | shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees... | | |
| CVE-2013-4236 | VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host ... | | |
| CVE-2013-4237 | sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-... | S | |
| CVE-2013-4238 | The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle... | S | |
| CVE-2013-4239 | The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1 allows remote authe... | E S | |
| CVE-2013-4240 | Multiple cross-site request forgery (CSRF) vulnerabilities in the HMS Testimonials plugin before 2.0... | | |
| CVE-2013-4241 | Multiple cross-site scripting (XSS) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for... | E | |
| CVE-2013-4242 | GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, ... | | |
| CVE-2013-4243 | Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and ea... | S | |
| CVE-2013-4244 | The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent atta... | S | |
| CVE-2013-4245 | Orca has arbitrary code execution due to insecure Python module load... | | |
| CVE-2013-4246 | libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users ... | S | |
| CVE-2013-4247 | Off-by-one error in the build_unc_path_to_root function in fs/cifs/connect.c in the Linux kernel bef... | E S | |
| CVE-2013-4248 | The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x be... | | |
| CVE-2013-4249 | Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.... | E S | |
| CVE-2013-4250 | The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6... | | |
| CVE-2013-4251 | The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories.... | S | |
| CVE-2013-4252 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2013-4253 | The deployment script in the unsupported "OpenShift Extras" set of add-on scripts, in Red Hat Opensh... | S | |
| CVE-2013-4254 | The validate_event function in arch/arm/kernel/perf_event.c in the Linux kernel before 3.10.8 on the... | S | |
| CVE-2013-4255 | The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attribu... | | |
| CVE-2013-4256 | Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1.9.3 allow local... | E S | |
| CVE-2013-4257 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-4256. Reason: This issue w... | R | |
| CVE-2013-4258 | Format string vulnerability in the osLogMsg function in server/os/aulog.c in Network Audio System (N... | E | |
| CVE-2013-4259 | runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local us... | S | |
| CVE-2013-4260 | lib/ansible/playbook/__init__.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an... | S | |
| CVE-2013-4261 | OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, d... | E S | |
| CVE-2013-4262 | svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foregro... | | |
| CVE-2013-4263 | libavfilter in FFmpeg before 2.0.1 has unspecified impact and remote vectors related to a crafted "p... | | |
| CVE-2013-4264 | The kempf_decode_tile function in libavcodec/g2meet.c in FFmpeg before 2.0.1 allows remote attackers... | E S | |
| CVE-2013-4265 | The av_reallocp_array function in libavutil/mem.c in FFmpeg before 2.0.1 has an unspecified impact a... | E S | |
| CVE-2013-4266 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-5123. Reason: This candida... | R | |
| CVE-2013-4267 | Ajaxeplorer before 5.0.1 allows remote attackers to execute arbitrary commands via shell metacharact... | S | |
| CVE-2013-4268 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-4267. Reason: This issue was... | R | |
| CVE-2013-4269 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-4267. Reason: This issue was... | R | |
| CVE-2013-4270 | The net_ctl_permissions function in net/sysctl_net.c in the Linux kernel before 3.11.5 does not prop... | E S | |
| CVE-2013-4271 | The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes obj... | S | |
| CVE-2013-4272 | The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6, 7.x-2.x before 7.x-2.1, and 7.x-3.x before... | S | |
| CVE-2013-4273 | The Entity API module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to node co... | S | |
| CVE-2013-4274 | Cross-site scripting (XSS) vulnerability in the password_policy_admin_view function in password_poli... | E S | |
| CVE-2013-4275 | Cross-site scripting (XSS) vulnerability in the zen_breadcrumb function in template.php in the Zen t... | E | |
| CVE-2013-4276 | Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcms) 1.19 and earlier allow remo... | S | |
| CVE-2013-4277 | Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to ove... | | |
| CVE-2013-4278 | The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not proper... | S | |
| CVE-2013-4279 | imapsync 1.564 and earlier performs a release check by default, which sends sensitive information (i... | E | |
| CVE-2013-4280 | Insecure temporary file vulnerability in RedHat vsdm 4.9.6.... | E | |
| CVE-2013-4281 | In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem f... | S | |
| CVE-2013-4282 | Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allo... | E S | |
| CVE-2013-4283 | ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service... | S | |
| CVE-2013-4284 | Cumin, as used in Red Hat Enterprise MRG 2.4, allows remote attackers to cause a denial of service (... | | |
| CVE-2013-4285 | A certain Gentoo patch for the PAM S/Key module does not properly clear credentials from memory, whi... | | |
| CVE-2013-4286 | Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or ... | | |
| CVE-2013-4287 | Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in ... | S | |
| CVE-2013-4288 | Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restriction... | S | |
| CVE-2013-4289 | Multiple integer overflows in lib/openjp3d/jp3d.c in OpenJPEG before 1.5.2 allow remote attackers to... | | |
| CVE-2013-4290 | Stack-based buffer overflow in OpenJPEG before 1.5.2 allows remote attackers to have unspecified imp... | E | |
| CVE-2013-4291 | The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the dom... | S | |
| CVE-2013-4292 | libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of service (memory consumption) via a l... | | |
| CVE-2013-4293 | The server in Red Hat JBoss Operations Network (JON) 3.1.2 logs passwords in plaintext, which allows... | | |
| CVE-2013-4294 | The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Gri... | S | |
| CVE-2013-4295 | The gadget renderer in Apache Shindig 2.5.0 for PHP allows remote attackers to obtain sensitive info... | S | |
| CVE-2013-4296 | The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0... | S | |
| CVE-2013-4297 | The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote ... | E S | |
| CVE-2013-4298 | The ReadGIFImage function in coders/gif.c in ImageMagick before 6.7.8-8 allows remote attackers to c... | E | |
| CVE-2013-4299 | Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows... | E S | |
| CVE-2013-4300 | The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability... | E S | |
| CVE-2013-4301 | includes/resourceloader/ResourceLoaderContext.php in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1... | E S | |
| CVE-2013-4302 | (1) ApiBlock.php, (2) ApiCreateAccount.php, (3) ApiLogin.php, (4) ApiMain.php, (5) ApiQueryDeletedre... | S | |
| CVE-2013-4303 | includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x befo... | E S | |
| CVE-2013-4304 | The CentralAuth extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x befor... | E S | |
| CVE-2013-4305 | Cross-site scripting (XSS) vulnerability in contrib/example.php in the SyntaxHighlight GeSHi extensi... | E S | |
| CVE-2013-4306 | Cross-site request forgery (CSRF) vulnerability in api/ApiQueryCheckUser.php in the CheckUser extens... | S | |
| CVE-2013-4307 | Multiple cross-site scripting (XSS) vulnerabilities in repo/includes/EntityView.php in the Wikibase ... | S | |
| CVE-2013-4308 | Cross-site scripting (XSS) vulnerability in pages/TalkpageHistoryView.php in the LiquidThreads (LQT)... | S | |
| CVE-2013-4309 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2013-4310 | Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted... | S | |
| CVE-2013-4311 | libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local ... | S | |
| CVE-2013-4312 | The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial... | | |
| CVE-2013-4313 | Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not preve... | S | |
| CVE-2013-4314 | The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain n... | | |
| CVE-2013-4315 | Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x before 1.5.3, and 1.6.x before... | S | |
| CVE-2013-4316 | Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown... | S | |
| CVE-2013-4317 | In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a ... | | |
| CVE-2013-4318 | File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious ... | E | |
| CVE-2013-4319 | pbs_mom in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.5.x, 4.x... | S | |
| CVE-2013-4320 | The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properl... | | |
| CVE-2013-4321 | The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.4 allows remote au... | | |
| CVE-2013-4322 | Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer... | | |
| CVE-2013-4323 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2013-4324 | spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_... | | |
| CVE-2013-4325 | The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.... | | |
| CVE-2013-4326 | RealtimeKit (aka rtkit) 0.5 does not properly use D-Bus for communication with a polkit authority, w... | S | |
| CVE-2013-4327 | systemd does not properly use D-Bus for communication with a polkit authority, which allows local us... | S | |
| CVE-2013-4328 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-4238. Reason: This candidat... | R | |
| CVE-2013-4329 | The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to ... | S | |
| CVE-2013-4330 | Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote atta... | | |
| CVE-2013-4331 | Light Display Manager (aka LightDM) 1.4.x before 1.4.3, 1.6.x before 1.6.2, and 1.7.x before 1.7.14 ... | | |
| CVE-2013-4332 | Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and ear... | E S | |
| CVE-2013-4333 | OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulner... | S | |
| CVE-2013-4334 | opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0: XXE Vulnerabilities... | S | |
| CVE-2013-4335 | opOpenSocialPlugin 0.8.2.1, > 0.9.9.2, 0.9.13, 1.2.6: Multiple XML External Entity Injection Vulnera... | | |
| CVE-2013-4336 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-5964. Reason: This candidate... | R | |
| CVE-2013-4337 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-5965. Reason: This candida... | R | |
| CVE-2013-4338 | wp-includes/functions.php in WordPress before 3.6.1 does not properly determine whether data has bee... | E S | |
| CVE-2013-4339 | WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows ... | E S | |
| CVE-2013-4340 | wp-admin/includes/post.php in WordPress before 3.6.1 allows remote authenticated users to spoof the ... | E S | |
| CVE-2013-4341 | Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.... | E | |
| CVE-2013-4342 | xinetd does not enforce the user and group configuration directives for TCPMUX services, which cause... | E S | |
| CVE-2013-4343 | Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel through 3.11.1 allows local us... | | |
| CVE-2013-4344 | Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more ... | | |
| CVE-2013-4345 | Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3... | S | |
| CVE-2013-4346 | The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows... | | |
| CVE-2013-4347 | The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oaut... | | |
| CVE-2013-4348 | The skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel through 3.12 allows r... | E S | |
| CVE-2013-4349 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4540. Reason: This candida... | R | |
| CVE-2013-4350 | The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structu... | E S | |
| CVE-2013-4351 | GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted... | | |
| CVE-2013-4352 | The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache... | | |
| CVE-2013-4353 | The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers... | | |
| CVE-2013-4354 | The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for loc... | | |
| CVE-2013-4355 | Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obta... | | |
| CVE-2013-4356 | Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when live migration is performed o... | | |
| CVE-2013-4357 | The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use... | E S | |
| CVE-2013-4358 | libavcodec/h264.c in FFmpeg before 0.11.4 allows remote attackers to cause a denial of service (cras... | | |
| CVE-2013-4359 | Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 allows remote attackers to ca... | E S | |
| CVE-2013-4360 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2013-4361 | The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the ... | | |
| CVE-2013-4362 | WEB-DAV Linux File System (davfs2) 1.4.6 and 1.4.7 allow local users to gain privileges via unknown ... | S | |
| CVE-2013-4363 | Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/versi... | S | |
| CVE-2013-4364 | (1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in R... | | |
| CVE-2013-4365 | Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcg... | S | |
| CVE-2013-4366 | http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that... | S | |
| CVE-2013-4367 | ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to ... | S | |
| CVE-2013-4368 | The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segmen... | | |
| CVE-2013-4369 | The xlu_vif_parse_rate function in the libxlu library in Xen 4.2.x and 4.3.x allows local users to c... | | |
| CVE-2013-4370 | The ocaml binding for the xc_vcpu_getaffinity function in Xen 4.2.x and 4.3.x frees certain memory t... | | |
| CVE-2013-4371 | Use-after-free vulnerability in the libxl_list_cpupool function in the libxl toolstack library in Xe... | | |
| CVE-2013-4372 | Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management Console in Red Hat JBoss Fuse... | E S | |
| CVE-2013-4373 | The storeFiles method in JPADriftServerBean in Red Hat JBoss Operations Network (JON) 3.1.2 allows l... | | |
| CVE-2013-4374 | An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 wh... | | |
| CVE-2013-4375 | The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other ve... | | |
| CVE-2013-4376 | The setgid wrapper libx2go-server-db-sqlite3-wrapper.c in X2Go Server before 4.0.0.2 allows remote a... | | |
| CVE-2013-4377 | Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows loc... | S | |
| CVE-2013-4378 | Cross-site scripting (XSS) vulnerability in HtmlSessionInformationsReport.java in JavaMelody 1.46 an... | E S | |
| CVE-2013-4379 | The Make Meeting Scheduler module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to bypas... | S | |
| CVE-2013-4380 | Cross-site scripting (XSS) vulnerability in the MediaFront module 6.x-1.x before 6.x-1.6, 7.x-1.x be... | S | |
| CVE-2013-4381 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-5938. Reason: This candida... | R | |
| CVE-2013-4382 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-5937. Reason: This candida... | R | |
| CVE-2013-4383 | Cross-site scripting (XSS) vulnerability in the jQuery Countdown module 7.x-1.x before 7.x-1.1 for D... | S | |
| CVE-2013-4384 | Cross-site scripting (XSS) vulnerability in Google Site Search module 6.x-1.x before 6.x-1.4 and 7.x... | | |
| CVE-2013-4385 | Buffer overflow in the "read-string!" procedure in the "extras" unit in CHICKEN stable before 4.8.0.... | S | |
| CVE-2013-4386 | Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3... | S | |
| CVE-2013-4387 | net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not properly determine the need for UD... | E S | |
| CVE-2013-4388 | Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Playe... | | |
| CVE-2013-4389 | Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in... | E | |
| CVE-2013-4390 | Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sl... | | |
| CVE-2013-4391 | Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows rem... | E S | |
| CVE-2013-4392 | systemd, when updating file permissions, allows local users to change the permissions and SELinux se... | | |
| CVE-2013-4393 | journald in systemd, when the origin of native messages is set to file, allows local users to cause ... | S | |
| CVE-2013-4394 | The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the ... | S | |
| CVE-2013-4395 | Simple Machines Forum (SMF) through 2.0.5 has XSS... | | |
| CVE-2013-4396 | Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module... | S | |
| CVE-2013-4397 | Multiple integer overflows in the th_read function in lib/block.c in libtar before 1.2.20 allow remo... | E S | |
| CVE-2013-4398 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2013-4399 | The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, do... | S | |
| CVE-2013-4400 | virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and ... | S | |
| CVE-2013-4401 | The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:r... | S | |
| CVE-2013-4402 | The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote atta... | | |
| CVE-2013-4403 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-4404. Reason: This candida... | R | |
| CVE-2013-4404 | cumin in Red Hat Enterprise MRG Grid 2.4 does not properly enforce user roles, which allows remote a... | | |
| CVE-2013-4405 | Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface for cumin in Red Hat... | | |
| CVE-2013-4406 | The Quick Tabs module 6.x-2.x before 6.x-2.2, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.6 for... | S | |
| CVE-2013-4407 | HTTP::Body::Multipart in the HTTP-Body module for Perl (1.07 through 1.22, before 1.23) uses the par... | | |
| CVE-2013-4408 | Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c... | | |
| CVE-2013-4409 | An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board... | | |
| CVE-2013-4410 | ReviewBoard: has an access-control problem in REST API... | | |
| CVE-2013-4411 | Review Board: URL processing gives unauthorized users access to review lists... | | |
| CVE-2013-4412 | slim has NULL pointer dereference when using crypt() method from glibc 2.17... | | |
| CVE-2013-4413 | Directory traversal vulnerability in controller/concerns/render_redirect.rb in the Wicked gem before... | E S | |
| CVE-2013-4414 | Cross-site scripting (XSS) vulnerability in the web interface for cumin in Red Hat Enterprise MRG Gr... | | |
| CVE-2013-4415 | Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite... | S | |
| CVE-2013-4416 | The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, and 4.3.x allows local guest do... | | |
| CVE-2013-4417 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2013-4418 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2013-4419 | The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --liste... | S | |
| CVE-2013-4420 | Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all fun... | | |
| CVE-2013-4421 | The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attacker... | S | |
| CVE-2013-4422 | SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 o... | | |
| CVE-2013-4423 | CloudForms stores user passwords in recoverable format... | | |
| CVE-2013-4424 | Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal component in Red Hat JBoss ... | | |
| CVE-2013-4425 | The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starting up, encrypts the TLS privat... | | |
| CVE-2013-4426 | pyxtrlock before 0.1 uses an incorrect variable name, which allows physically proximate attackers to... | | |
| CVE-2013-4427 | pyxtrlock before 0.2 does not properly check the return values of the (1) xcb_grab_pointer and (2) x... | | |
| CVE-2013-4428 | OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana b... | E S | |
| CVE-2013-4429 | Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly restrict access t... | | |
| CVE-2013-4430 | Cross-site scripting (XSS) vulnerability in Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x befo... | | |
| CVE-2013-4431 | Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly prevent access to... | | |
| CVE-2013-4432 | Mahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does not properly restrict access t... | | |
| CVE-2013-4433 | Cross-site scripting (XSS) vulnerability in XHProf before 0.9.4 allows remote attackers to inject ar... | | |
| CVE-2013-4434 | Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with differen... | S | |
| CVE-2013-4435 | Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external ... | S | |
| CVE-2013-4436 | The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host... | S | |
| CVE-2013-4437 | Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 has unspecified impact and vect... | S | |
| CVE-2013-4438 | Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspec... | S | |
| CVE-2013-4439 | Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate... | S | |
| CVE-2013-4440 | Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier f... | S | |
| CVE-2013-4441 | The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-d... | | |
| CVE-2013-4442 | Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is u... | S | |
| CVE-2013-4443 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2013-4444 | Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations inv... | S | |
| CVE-2013-4445 | The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x... | S | |
| CVE-2013-4446 | The _json_decode function in plugins/context_reaction_block.inc in the Context module 6.x-2.x before... | S | |
| CVE-2013-4447 | Cross-site scripting (XSS) vulnerability in the API in the Simplenews module 6.x-1.x before 6.x-1.5 ... | S | |
| CVE-2013-4448 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5111. Reason: This candidate... | R | |
| CVE-2013-4449 | The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which al... | | |
| CVE-2013-4450 | The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to ... | E S | |
| CVE-2013-4451 | gitolite commit fa06a34 through 3.5.3 might allow attackers to have unspecified impact via vectors i... | S | |
| CVE-2013-4452 | Red Hat JBoss Operations Network 3.1.2 uses world-readable permissions for the (1) server and (2) ag... | | |
| CVE-2013-4453 | Cross-site scripting (XSS) vulnerability in templates/login.php in LDAP Account Manager (LAM) 4.3 an... | S | |
| CVE-2013-4454 | WordPress Portable phpMyAdmin Plugin 1.4.1 has Multiple Security Bypass Vulnerabilities... | | |
| CVE-2013-4455 | Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-nod... | E S | |
| CVE-2013-4456 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2013-4457 | The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary... | | |
| CVE-2013-4458 | Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Libr... | E S | |
| CVE-2013-4459 | LightDM 1.7.5 through 1.8.3 and 1.9.x before 1.9.2 does not apply the AppArmor profile to the Guest ... | E | |
| CVE-2013-4460 | Cross-site scripting (XSS) vulnerability in account_sponsor_page.php in MantisBT 1.0.0 through 1.2.1... | E S | |
| CVE-2013-4461 | SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows... | | |
| CVE-2013-4462 | WordPress Portable phpMyAdmin Plugin has an authentication bypass vulnerability... | | |
| CVE-2013-4463 | OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly verify the virtual size of a ... | | |
| CVE-2013-4464 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2013-4465 | Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum b... | | |
| CVE-2013-4466 | Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before... | S | |
| CVE-2013-4467 | Multiple SQL injection vulnerabilities in the agent interface (agc/) in VICIDIAL dialer (aka Asteris... | E | |
| CVE-2013-4468 | VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allows remote authentic... | E | |
| CVE-2013-4469 | OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not ... | E S | |
| CVE-2013-4470 | The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly ini... | E S | |
| CVE-2013-4471 | The Identity v3 API in OpenStack Dashboard (Horizon) before 2013.2 does not require the current pass... | S | |
| CVE-2013-4472 | The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a ... | | |
| CVE-2013-4473 | Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0... | E S | |
| CVE-2013-4474 | Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0... | | |
| CVE-2013-4475 | Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_strea... | | |
| CVE-2013-4476 | Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world... | | |
| CVE-2013-4477 | The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tena... | E S | |
| CVE-2013-4478 | Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands... | E S | |
| CVE-2013-4479 | lib/sup/message_chunks.rb in Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers ... | E S | |
| CVE-2013-4480 | Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the firs... | S | |
| CVE-2013-4481 | Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions bef... | | |
| CVE-2013-4482 | Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started... | | |
| CVE-2013-4483 | The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a... | E S | |
| CVE-2013-4484 | Varnish before 3.0.5 allows remote attackers to cause a denial of service (child-process crash and t... | E S | |
| CVE-2013-4485 | 389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authent... | | |
| CVE-2013-4486 | Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging... | S | |
| CVE-2013-4487 | Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 an... | E S | |
| CVE-2013-4488 | libgadu before 1.12.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-m... | | |
| CVE-2013-4489 | The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authen... | S | |
| CVE-2013-4490 | The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 ... | S | |
| CVE-2013-4491 | Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/translation_helper.rb... | | |
| CVE-2013-4492 | Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allo... | S | |
| CVE-2013-4493 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2013-4494 | Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the sam... | | |
| CVE-2013-4495 | The send_the_mail function in server/svr_mail.c in Terascale Open-Source Resource and Queue Manager ... | | |
| CVE-2013-4496 | Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-g... | | |
| CVE-2013-4497 | The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not pr... | | |
| CVE-2013-4498 | The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly del... | S | |
| CVE-2013-4499 | Cross-site scripting (XSS) vulnerability in the Bean module 7.x-1.x before 7.x-1.5 for Drupal allows... | S | |
| CVE-2013-4500 | The Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote authenticated users with the "view a... | S | |
| CVE-2013-4501 | The default views in the Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote attackers to ob... | S | |
| CVE-2013-4502 | The FileField Sources module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.9 for Drupal does not p... | S | |
| CVE-2013-4503 | Cross-site scripting (XSS) vulnerability in the Feed Element Mapper module for Drupal allows remote ... | | |
| CVE-2013-4504 | The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comm... | S | |
| CVE-2013-4505 | The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 th... | S | |
| CVE-2013-4506 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2013-4507 | Cross-site scripting (XSS) vulnerability in CollectiveAccess Providence and Pawtucket before 1.3.1 a... | S | |
| CVE-2013-4508 | lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for ... | E M | |
| CVE-2013-4509 | The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASS... | S | |
| CVE-2013-4510 | Directory traversal vulnerability in the client in Tryton 3.0.0, as distributed before 20131104 and ... | E S | |
| CVE-2013-4511 | Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow... | E S | |
| CVE-2013-4512 | Buffer overflow in the exitcode_proc_write function in arch/um/kernel/exitcode.c in the Linux kernel... | E S | |
| CVE-2013-4513 | Buffer overflow in the oz_cdev_write function in drivers/staging/ozwpan/ozcdev.c in the Linux kernel... | S | |
| CVE-2013-4514 | Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 al... | E S | |
| CVE-2013-4515 | The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does no... | S | |
| CVE-2013-4516 | The mp_get_count function in drivers/staging/sb105x/sb_pci_mp.c in the Linux kernel before 3.12 does... | E S | |
| CVE-2013-4517 | Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attacke... | | |
| CVE-2013-4518 | RHUI (Red Hat Update Infrastructure) 2.1.3 has world readable PKI entitlement certificates... | E | |
| CVE-2013-4519 | Multiple cross-site scripting (XSS) vulnerabilities in Review Board 1.6.x before 1.6.21 and 1.7.x be... | | |
| CVE-2013-4520 | xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (cra... | E S | |
| CVE-2013-4521 | RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restric... | S | |
| CVE-2013-4522 | lib/filelib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before ... | E S | |
| CVE-2013-4523 | Cross-site scripting (XSS) vulnerability in message/lib.php in Moodle through 2.2.11, 2.3.x before 2... | E S | |
| CVE-2013-4524 | Directory traversal vulnerability in repository/filesystem/lib.php in Moodle through 2.2.11, 2.3.x b... | E S | |
| CVE-2013-4525 | Cross-site scripting (XSS) vulnerability in mod/quiz/report/responses/responses_table.php in Moodle ... | E S | |
| CVE-2013-4526 | Buffer overflow in hw/ide/ahci.c in QEMU before 1.7.2 allows remote attackers to cause a denial of s... | S | |
| CVE-2013-4527 | Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbi... | S | |
| CVE-2013-4528 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2013-4529 | Buffer overflow in hw/pci/pcie_aer.c in QEMU before 1.7.2 allows remote attackers to cause a denial ... | S | |
| CVE-2013-4530 | Buffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2 allows remote attackers to cause a denial of ... | S | |
| CVE-2013-4531 | Buffer overflow in target-arm/machine.c in QEMU before 1.7.2 allows remote attackers to cause a deni... | S | |
| CVE-2013-4532 | Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrar... | S | |
| CVE-2013-4533 | Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in QEMU before 1.7.2 allows remot... | S | |
| CVE-2013-4534 | Buffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows remote attackers to cause a denial ... | S | |
| CVE-2013-4535 | The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to ... | | |
| CVE-2013-4536 | An user able to alter the savevm data (either on the disk or over the wire during migration) could u... | S | |
| CVE-2013-4537 | The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execu... | S | |
| CVE-2013-4538 | Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 ... | S | |
| CVE-2013-4539 | Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 mi... | S | |
| CVE-2013-4540 | Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to ex... | S | |
| CVE-2013-4541 | The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers ... | S | |
| CVE-2013-4542 | The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote ... | S | |
| CVE-2013-4543 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2013-4544 | hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of... | | |
| CVE-2013-4545 | cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN... | | |
| CVE-2013-4546 | The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authent... | S | |
| CVE-2013-4547 | nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restric... | M | |
| CVE-2013-4548 | The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM ... | | |
| CVE-2013-4549 | QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (m... | | |
| CVE-2013-4550 | Bip before 0.8.9, when running as a daemon, writes SSL handshake errors to an unexpected file descri... | S | |
| CVE-2013-4551 | Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation p... | | |
| CVE-2013-4552 | lib/Auth/Source/External.php in the drupalauth module before 1.2.2 for simpleSAMLphp allows remote a... | S | |
| CVE-2013-4553 | The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obta... | | |
| CVE-2013-4554 | Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does ... | | |
| CVE-2013-4555 | Cross-site request forgery (CSRF) vulnerability in ecrire/action/logout.php in SPIP before 2.1.24 al... | E S | |
| CVE-2013-4556 | Cross-site scripting (XSS) vulnerability in the author page (prive/formulaires/editer_auteur.php) in... | S | |
| CVE-2013-4557 | The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3.0.... | E S | |
| CVE-2013-4558 | The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion ... | S | |
| CVE-2013-4559 | lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgrou... | | |
| CVE-2013-4560 | Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of ... | | |
| CVE-2013-4561 | In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary fil... | E S | |
| CVE-2013-4562 | The omniauth-facebook gem 1.4.1 before 1.5.0 does not properly store the session parameter, which al... | E S | |
| CVE-2013-4563 | The udp6_ufo_fragment function in net/ipv6/udp_offload.c in the Linux kernel through 3.12, when UDP ... | E S | |
| CVE-2013-4564 | Libreswan 3.6 allows remote attackers to cause a denial of service (crash) via a small length value ... | S | |
| CVE-2013-4565 | Heap-based buffer overflow in the __OLEdecode function in ppthtml 0.5.1 and earlier allows remote at... | E | |
| CVE-2013-4566 | mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does no... | | |
| CVE-2013-4567 | Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before ... | | |
| CVE-2013-4568 | Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before ... | | |
| CVE-2013-4569 | The CleanChanges extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21... | | |
| CVE-2013-4570 | The zend_inline_hash_func function in php-luasandbox in the Scribuntu extension for MediaWiki before... | S | |
| CVE-2013-4571 | Buffer overflow in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x befo... | S | |
| CVE-2013-4572 | The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.2... | S | |
| CVE-2013-4573 | Cross-site scripting (XSS) vulnerability in the ZeroRatedMobileAccess extension for MediaWiki 1.19.x... | S | |
| CVE-2013-4574 | Cross-site scripting (XSS) vulnerability in the TimeMediaHandler extension for MediaWiki before 1.19... | S | |
| CVE-2013-4575 | Heap-based buffer overflow in the utility program in the Linux agent in Symantec Backup Exec 2010 R3... | | |
| CVE-2013-4576 | GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns th... | S | |
| CVE-2013-4577 | A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local... | S | |
| CVE-2013-4578 | jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing... | S | |
| CVE-2013-4579 | The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux ... | E | |
| CVE-2013-4580 | GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using... | S | |
| CVE-2013-4581 | GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-... | S | |
| CVE-2013-4582 | The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/git... | | |
| CVE-2013-4583 | The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6... | S | |
| CVE-2013-4584 | Perdition before 2.2 may have weak security when handling outbound connections, caused by an error i... | S | |
| CVE-2013-4585 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2013-4586 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2013-4587 | Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsyst... | S | |
| CVE-2013-4588 | Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2... | S | |
| CVE-2013-4589 | The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 might allow remote a... | E S | |
| CVE-2013-4590 | Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain... | | |
| CVE-2013-4591 | Buffer overflow in the __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the Linux kernel bef... | E S | |
| CVE-2013-4592 | Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel befor... | E S | |
| CVE-2013-4593 | RubyGem omniauth-facebook has an access token security vulnerability... | S | |
| CVE-2013-4594 | The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does not restrict access by anonymo... | S | |
| CVE-2013-4595 | The Secure Pages module 6.x-2.x before 6.x-2.0 for Drupal does not properly match URLs, which causes... | S | |
| CVE-2013-4596 | The Node Access Keys module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, w... | S | |
| CVE-2013-4597 | The Revisioning module 7.x-1.x before 7.x-1.6 for Drupal does not properly check node access permiss... | S | |
| CVE-2013-4598 | The Groups, Communities and Co (GCC) module 7.x-1.x before 7.x-1.1 for Drupal does not properly chec... | S | |
| CVE-2013-4599 | The Misery module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.2 for Drupal, when the "delay mise... | S | |
| CVE-2013-4600 | Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms before 8.5.2 allow remote att... | E | |
| CVE-2013-4602 | A Denial of Service (infinite loop) vulnerability exists in Avira AntiVir Engine before 8.2.12.58 vi... | | |
| CVE-2013-4604 | Fortinet FortiOS before 5.0.3 on FortiGate devices does not properly restrict Guest capabilities, wh... | | |
| CVE-2013-4608 | Cross-site scripting (XSS) vulnerability in REDCap before 5.0.6 allows remote attackers to inject ar... | | |
| CVE-2013-4609 | REDCap before 5.0.4 and 5.1.x before 5.1.3 does not reject certain undocumented syntax within branch... | | |
| CVE-2013-4610 | Unspecified vulnerability in the Data Search utility in data-entry forms in REDCap before 5.0.3 and ... | | |
| CVE-2013-4611 | Multiple unspecified vulnerabilities in REDCap before 5.1.1 allow remote attackers to have an unknow... | | |
| CVE-2013-4612 | Multiple cross-site scripting (XSS) vulnerabilities in REDCap before 5.1.0 allow remote attackers to... | | |
| CVE-2013-4613 | The default configuration of the administrative interface on the Canon MG3100, MG5300, MG6100, MP495... | | |
| CVE-2013-4614 | English/pages_MacUS/wls_set_content.html on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, M... | | |
| CVE-2013-4615 | The Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers allow remote... | | |
| CVE-2013-4616 | The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier ... | | |
| CVE-2013-4617 | Jahia xCM before 6.6.2 does not include the HTTPOnly flag in a Set-Cookie header for the JSESSIONID ... | E | |
| CVE-2013-4619 | Multiple SQL injection vulnerabilities in OpenEMR 4.1.1 allow remote authenticated users to execute ... | S | |
| CVE-2013-4620 | Cross-site scripting (XSS) vulnerability in interface/main/onotes/office_comments_full.php in OpenEM... | S | |
| CVE-2013-4621 | Magnolia CMS before 4.5.9 has multiple access bypass vulnerabilities... | | |
| CVE-2013-4622 | The 3G Mobile Hotspot feature on the HTC Droid Incredible has a default WPA2 PSK passphrase of 12345... | | |
| CVE-2013-4623 | The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 and 1.2.x before 1.2.8 does not ... | E S | |
| CVE-2013-4624 | Multiple cross-site scripting (XSS) vulnerabilities in Jahia xCM 6.6.1.0 before hotfix 7 allow remot... | E | |
| CVE-2013-4625 | Cross-site scripting (XSS) vulnerability in files/installer.cleanup.php in the Duplicator plugin bef... | | |
| CVE-2013-4626 | Cross-site scripting (XSS) vulnerability in the BackWPup plugin before 3.0.13 for WordPress allows r... | E S | |
| CVE-2013-4627 | Unspecified vulnerability in bitcoind and Bitcoin-Qt 0.8.x allows remote attackers to cause a denial... | | |
| CVE-2013-4628 | The firewall module on the Huawei Quidway Service Process Unit (SPU) board S7700, S9300, and S9700 o... | | |
| CVE-2013-4629 | The Huawei viewpoint VP9610 and VP9620 units for the Huawei Video Conference system do not update th... | | |
| CVE-2013-4630 | Stack-based buffer overflow on Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 debuggi... | E | |
| CVE-2013-4631 | Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 is enabled, allow remote attackers to ... | | |
| CVE-2013-4632 | The Huawei Access Router (AR) before V200R002SPC003 allows remote attackers to cause a denial of ser... | | |
| CVE-2013-4633 | Huawei Seco Versatile Security Manager (VSM) before V200R002C00SPC300 allows remote authenticated us... | | |
| CVE-2013-4634 | SQL injection vulnerability in the jQuery autocomplete for indexed_search (rzautocomplete) extension... | | |
| CVE-2013-4635 | Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3... | | |
| CVE-2013-4636 | The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allow... | | |
| CVE-2013-4649 | Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allow... | E S | |
| CVE-2013-4650 | MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote authenticated users to obtain intern... | | |
| CVE-2013-4651 | Siemens Scalance W7xx devices with firmware before 4.5.4 use the same hardcoded X.509 certificate ac... | | |
| CVE-2013-4652 | Unspecified vulnerability in the command-line management interface on Siemens Scalance W7xx devices ... | | |
| CVE-2013-4653 | Multiple cross-site scripting (XSS) vulnerabilities in the signin functionality of ics in MyTeamwork... | | |
| CVE-2013-4654 | Symlink Traversal vulnerability in TP-LINK TL-WDR4300 and TL-1043ND..... | M | |
| CVE-2013-4655 | Symlink Traversal vulnerability in Belkin N900 due to misconfiguration in the SMB service.... | E M | |
| CVE-2013-4656 | Symlink Traversal vulnerability in ASUS RT-AC66U and RT-N56U due to misconfiguration in the SMB serv... | M | |
| CVE-2013-4657 | Symlink Traversal vulnerability in NETGEAR WNR3500U and WNR3500L due to misconfiguration in the SMB ... | | |
| CVE-2013-4658 | Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be created to locations outside ... | E | |
| CVE-2013-4659 | Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string... | E | |
| CVE-2013-4660 | The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!j... | E | |
| CVE-2013-4661 | CiviCRM 2.0.0 through 4.2.9 and 4.3.0 through 4.3.3 does not properly enforce role-based access cont... | | |
| CVE-2013-4662 | The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through 4.3.3 allows remote authentica... | | |
| CVE-2013-4663 | git_http_controller.rb in the redmine_git_hosting plugin for Redmine allows remote attackers to exec... | E | |
| CVE-2013-4664 | SPBAS Business Automation Software 2012 has XSS.... | E | |
| CVE-2013-4665 | SPBAS Business Automation Software 2012 has CSRF.... | E | |
| CVE-2013-4668 | Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x b... | S | |
| CVE-2013-4669 | FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; Fo... | | |
| CVE-2013-4670 | Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Ga... | | |
| CVE-2013-4671 | Cross-site request forgery (CSRF) vulnerability in the management console on the Symantec Web Gatewa... | | |
| CVE-2013-4672 | The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 has an incorrect sud... | | |
| CVE-2013-4673 | The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 does not properly im... | | |
| CVE-2013-4674 | Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryptio... | | |
| CVE-2013-4676 | Multiple cross-site scripting (XSS) vulnerabilities in Symantec Backup Exec 2010 R3 before 2010 R3 S... | | |
| CVE-2013-4677 | Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 uses weak permissions (Everyone:... | | |
| CVE-2013-4678 | The NDMP protocol implementation in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before ... | | |
| CVE-2013-4679 | Symantec Workspace Virtualization before 6.x before 6.4.1953.0, when a virtual application layer is ... | E | |
| CVE-2013-4680 | Open redirect vulnerability in Maag Form Captcha extension 2.0.0 and earlier for TYPO3 allows remote... | | |
| CVE-2013-4681 | SQL injection vulnerability in the sofortueberweisung2commerce extension before 2.0.1 for TYPO3 allo... | | |
| CVE-2013-4682 | SQL injection vulnerability in the Multishop extension before 2.0.39 for TYPO3 allows remote attacke... | S | |
| CVE-2013-4683 | SQL injection vulnerability in the meta_feedit extension 0.1.10 and earlier for TYPO3 allows remote ... | | |
| CVE-2013-4684 | flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R8, 12.1 before 12.1R7, and 12.1X44 befo... | | |
| CVE-2013-4685 | Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R... | | |
| CVE-2013-4686 | The kernel in Juniper Junos 10.4 before 10.4R14, 11.4 before 11.4R8, 11.4X27 before 11.4X27.43, 12.1... | | |
| CVE-2013-4687 | flowd in Juniper Junos 10.4 before 10.4S14, 11.2 and 11.4 before 11.4R6-S2, and 12.1 before 12.1R6 o... | | |
| CVE-2013-4688 | flowd in Juniper Junos 10.4 before 10.4R11 on SRX devices, when the MSRPC Application Layer Gateway ... | | |
| CVE-2013-4689 | J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1R before 12.1R6, 12.1X44 before 12.1X... | | |
| CVE-2013-4690 | Juniper Junos 10.4 before 10.4S13, 11.4 before 11.4R7-S1, 12.1 before 12.1R5-S3, 12.1X44 before 12.1... | | |
| CVE-2013-4691 | Sencha Labs Connect has XSS with connect.methodOverride()... | | |
| CVE-2013-4692 | Xorbin Analog Flash Clock 1.0 extension for Joomia has XSS... | E | |
| CVE-2013-4693 | WordPress Xorbin Digital Flash Clock 1.0 has XSS... | E | |
| CVE-2013-4694 | Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attacke... | E S | |
| CVE-2013-4695 | Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Execution... | E | |
| CVE-2013-4696 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4696. Reason: This candida... | R | |
| CVE-2013-4697 | Multiple unspecified vulnerabilities in Hitachi JP1/IT Desktop Management - Manager 09-50 through 09... | | |
| CVE-2013-4698 | Cybozu Mailwise 5.0.4 and 5.0.5 allows remote authenticated users to obtain sensitive e-mail content... | | |
| CVE-2013-4699 | The Yahoo! Japan Yafuoku! application 4.3.0 and earlier for iOS and Android does not verify X.509 ce... | | |
| CVE-2013-4700 | The Yahoo! Japan Shopping application 1.4 and earlier for Android does not verify X.509 certificates... | | |
| CVE-2013-4701 | Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary... | E S | |
| CVE-2013-4702 | Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SC_Api_Op... | E S | |
| CVE-2013-4703 | Cross-site scripting (XSS) vulnerability in the top-page customization feature in Cybozu Office befo... | | |
| CVE-2013-4704 | Cross-site scripting (XSS) vulnerability in ChamaNet ChamaCargo 7.0000 and earlier allows remote att... | | |
| CVE-2013-4705 | Cross-site scripting (XSS) vulnerability in Opera before 15.00 allows remote attackers to inject arb... | | |
| CVE-2013-4706 | The SSH implementation on the D-Link Japan DWL-2100AP with firmware before R252JP-RC572 allows remot... | | |
| CVE-2013-4707 | The SSH implementation on D-Link Japan DES-3810 devices with firmware before R2.20.011 allows remote... | | |
| CVE-2013-4708 | The PPP Access Concentrator (PPPAC) in Internet Initiative Japan Inc. SEIL/x86 1.00 through 2.80, SE... | | |
| CVE-2013-4709 | Buffer overflow in the PPP Access Concentrator (PPPAC) on the SEIL/x86 with firmware before 2.82, SE... | | |
| CVE-2013-4710 | Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices d... | | |
| CVE-2013-4711 | Cross-site scripting (XSS) vulnerability in Accela BizSearch 3.2 on Linux and Solaris allows remote ... | | |
| CVE-2013-4712 | I-O DATA DEVICE HDL-A and HDL2-A devices with firmware 1.07 and earlier do not properly manage sessi... | | |
| CVE-2013-4713 | Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0... | S | |
| CVE-2013-4714 | Cross-site scripting (XSS) vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS befo... | | |
| CVE-2013-4715 | SQL injection vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10... | | |
| CVE-2013-4716 | Cross-site scripting (XSS) vulnerability in Tattyan HP TOWN 5_9_3 and earlier allows remote attacker... | | |
| CVE-2013-4717 | Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3... | S | |
| CVE-2013-4718 | Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x before 3.0.... | S | |
| CVE-2013-4719 | SQL injection vulnerability in the SEO Pack for tt_news extension before 1.3.3 for TYPO3 allows remo... | | |
| CVE-2013-4720 | SQL injection vulnerability in the WEC Discussion Forum extension before 2.1.2 for TYPO3 allows remo... | S | |
| CVE-2013-4721 | SQL injection vulnerability in the RSS feed from records extension 1.0.0 and earlier for TYPO3 allow... | | |
| CVE-2013-4722 | Multiple cross-site scripting (XSS) vulnerabilities in Admin/login/default.asp in DDSN Interactive c... | E | |
| CVE-2013-4723 | Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1... | E | |
| CVE-2013-4724 | DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versio... | | |
| CVE-2013-4725 | DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versio... | | |
| CVE-2013-4726 | Cross-site request forgery (CSRF) vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a... | E | |
| CVE-2013-4727 | DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versio... | | |
| CVE-2013-4728 | DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versio... | | |
| CVE-2013-4729 | import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to ... | E S | |
| CVE-2013-4730 | Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a ... | E | |
| CVE-2013-4731 | ajax.cgi in the web interface on the Choice Wireless Green Packet WIXFMR-111 4G WiMax modem allows r... | E | |
| CVE-2013-4732 | The administrative web server on the Digital Alert Systems DASDEC EAS device through 2.0-2 and the M... | | |
| CVE-2013-4733 | The web server on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronic... | | |
| CVE-2013-4734 | dasdec_mkuser on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics... | | |
| CVE-2013-4735 | The Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS... | | |
| CVE-2013-4736 | Multiple integer overflows in the JPEG engine drivers in the MSM camera driver for the Linux kernel ... | S | |
| CVE-2013-4737 | The CONFIG_STRICT_MEMORY_RWX implementation for the Linux kernel 3.x, as used in Qualcomm Innovation... | S | |
| CVE-2013-4738 | Multiple stack-based buffer overflows in the MSM camera driver for the Linux kernel 3.x, as used in ... | | |
| CVE-2013-4739 | The MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android... | | |
| CVE-2013-4740 | goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm I... | E S | |
| CVE-2013-4742 | Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service ... | | |
| CVE-2013-4743 | Static HTTP Server 1.0 has a Local Overflow... | E | |
| CVE-2013-4744 | Cross-site scripting (XSS) vulnerability in the PHPUnit extension before 3.5.15 for TYPO3 allows rem... | S | |
| CVE-2013-4745 | SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 al... | | |
| CVE-2013-4746 | Cross-site scripting (XSS) vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6... | | |
| CVE-2013-4747 | Cross-site scripting (XSS) vulnerability in the Accessible browse results for indexed search (access... | | |
| CVE-2013-4748 | SQL injection vulnerability in the News system (news) extension before 1.3.3 for TYPO3 allows remote... | | |
| CVE-2013-4749 | Cross-site scripting (XSS) vulnerability in the UserTask Center, Messaging (sys_messages) extension ... | | |
| CVE-2013-4751 | php-symfony2-Validator has loss of information during serialization... | S | |
| CVE-2013-4752 | Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an... | S | |
| CVE-2013-4753 | Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.11.9 and earlier allow remote aut... | E | |
| CVE-2013-4754 | Multiple cross-site scripting (XSS) vulnerabilities in Owl Intranet Knowledgebase 1.10 allow remote ... | E | |
| CVE-2013-4758 | Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearc... | S | |
| CVE-2013-4759 | Multiple cross-site scripting (XSS) vulnerabilities in the Magnolia Form module 1.x before 1.4.7 and... | E | |
| CVE-2013-4761 | Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterpris... | | |
| CVE-2013-4762 | Puppet Enterprise before 3.0.1 does not sufficiently invalidate a session when a user logs out, whic... | | |
| CVE-2013-4763 | Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without r... | | |
| CVE-2013-4764 | Samsung Galaxy S3/S4 exposes an unprotected component allowing an unprivileged app to send arbitrary... | | |
| CVE-2013-4766 | The gather log service in Eucalyptus before 3.3.1 allows remote attackers to read log files via an u... | | |
| CVE-2013-4767 | Unspecified vulnerability in Eucalyptus before 3.3.2 has unknown impact and attack vectors.... | | |
| CVE-2013-4768 | The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote attackers to cause a denial of se... | | |
| CVE-2013-4769 | The cloud controller (aka CLC) component in Eucalyptus 3.3.x and 3.4.x before 3.4.2, when the dns.re... | | |
| CVE-2013-4770 | Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.1 a... | | |
| CVE-2013-4772 | D-Link DIR-505L SharePort Mobile Companion 1.01 and DIR-826L Wireless N600 Cloud Router 1.02 allows ... | | |
| CVE-2013-4775 | NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4... | E | |
| CVE-2013-4776 | NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS5... | E | |
| CVE-2013-4777 | A certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless uses in... | E | |
| CVE-2013-4778 | core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Co... | | |
| CVE-2013-4779 | Cross-site scripting (XSS) vulnerability in core/handleTw.php on the Siemens Enterprise OpenScape Br... | | |
| CVE-2013-4780 | core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Co... | | |
| CVE-2013-4781 | core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Co... | | |
| CVE-2013-4782 | The Supermicro BMC implementation allows remote attackers to bypass authentication and execute arbit... | | |
| CVE-2013-4783 | The Dell iDRAC6 with firmware 1.x before 1.92 and 2.x and 3.x before 3.42, and iDRAC7 with firmware ... | | |
| CVE-2013-4784 | The HP Integrated Lights-Out (iLO) BMC implementation allows remote attackers to bypass authenticati... | | |
| CVE-2013-4785 | The web interface on the Dell iDRAC6 with firmware before 1.95 allows remote attackers to modify the... | | |
| CVE-2013-4786 | The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication,... | | |
| CVE-2013-4787 | Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applic... | | |
| CVE-2013-4788 | The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and ... | E S | |
| CVE-2013-4789 | SQL injection vulnerability in modules/rss/rss.php in Cotonti before 0.9.14 allows remote attackers ... | E S | |
| CVE-2013-4790 | Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 before rev10, and 7.2.2 before r... | E | |
| CVE-2013-4791 | PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to in... | E | |
| CVE-2013-4792 | PrestaShop before 1.4.11 allows logout CSRF.... | E | |
| CVE-2013-4793 | The update function in umbraco.webservices/templates/templateService.cs in the TemplateService compo... | | |
| CVE-2013-4795 | Cross-site scripting (XSS) vulnerability in the Submitters list in Review Board 1.6.x before 1.6.18 ... | | |
| CVE-2013-4796 | ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to review request... | | |
| CVE-2013-4797 | Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary... | | |
| CVE-2013-4798 | Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary... | | |
| CVE-2013-4799 | Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary... | | |
| CVE-2013-4800 | Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary... | | |
| CVE-2013-4801 | Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary... | | |
| CVE-2013-4802 | Cross-site scripting (XSS) vulnerability in HP Application Lifecycle Management (ALM) Quality Center... | | |
| CVE-2013-4803 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-4804 | Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch 1 and 9.22 patch 1 allows remo... | | |
| CVE-2013-4805 | Unspecified vulnerability in HP Integrated Lights-Out 3 (aka iLO3) firmware before 1.60 and 4 (aka i... | | |
| CVE-2013-4806 | The OSPF implementation on HP JD9##A routers; HP J4###A, J484#B, J8###A, JD3##A, JE###A, and JF55#A ... | | |
| CVE-2013-4807 | Unspecified vulnerability on the HP LaserJet Pro P1102w, P1606dn, M1212nf MFP, M1213nf MFP, M1214nfh... | | |
| CVE-2013-4808 | Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, and 9.31 and Service Center 6.2.8 ... | | |
| CVE-2013-4809 | Multiple SQL injection vulnerabilities in GetEventsServlet in HP ProCurve Manager (PCM) 3.20 and 4.0... | | |
| CVE-2013-4810 | HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Ap... | KEV E | |
| CVE-2013-4811 | UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and ... | | |
| CVE-2013-4812 | UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0,... | | |
| CVE-2013-4813 | The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0... | | |
| CVE-2013-4814 | Cross-site scripting (XSS) vulnerability in HP XP P9000 Command View Advanced Edition Suite Software... | | |
| CVE-2013-4815 | Cross-site scripting (XSS) vulnerability in the web interface in HP ArcSight Enterprise Security Man... | | |
| CVE-2013-4816 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2013-4817 | Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote attackers to... | | |
| CVE-2013-4818 | Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 1... | | |
| CVE-2013-4819 | Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote authenticate... | | |
| CVE-2013-4820 | Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 1... | | |
| CVE-2013-4821 | Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenti... | | |
| CVE-2013-4822 | Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Ma... | | |
| CVE-2013-4823 | Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Ma... | | |
| CVE-2013-4824 | Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Man... | | |
| CVE-2013-4825 | Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Man... | | |
| CVE-2013-4826 | Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Man... | | |
| CVE-2013-4827 | SQL injection vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation M... | | |
| CVE-2013-4828 | HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c... | | |
| CVE-2013-4829 | HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c... | | |
| CVE-2013-4830 | HP Service Manager 9.30 through 9.32 allows remote attackers to execute arbitrary code via an unspec... | | |
| CVE-2013-4831 | HP Service Manager 9.30 through 9.32 does not properly manage privileges, which allows remote authen... | | |
| CVE-2013-4832 | HP Service Manager 9.30 through 9.32 allows remote authenticated users to obtain sensitive informati... | | |
| CVE-2013-4833 | Cross-site scripting (XSS) vulnerability in HP Service Manager 9.30 through 9.32 allows remote attac... | | |
| CVE-2013-4834 | Unspecified vulnerability in the client component in HP Application LifeCycle Management (ALM) befor... | | |
| CVE-2013-4835 | The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attacker... | E | |
| CVE-2013-4836 | Unspecified vulnerability in the GossipService SOAP Request implementation in the Synchronizer compo... | | |
| CVE-2013-4837 | Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote atta... | | |
| CVE-2013-4838 | Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote atta... | | |
| CVE-2013-4839 | Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote atta... | | |
| CVE-2013-4840 | Unspecified vulnerability in HP and H3C VPN Firewall Module products SECPATH1000FE before 5.20.R3177... | | |
| CVE-2013-4841 | Unspecified vulnerability in dbd_manager in LeftHand OS before 11.0 in HP StoreVirtual 4000 and Stor... | | |
| CVE-2013-4842 | Cross-site scripting (XSS) vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1... | | |
| CVE-2013-4843 | Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remo... | | |
| CVE-2013-4844 | Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, 9.31, and 9.32, and ServiceCenter ... | S | |
| CVE-2013-4845 | Cross-site scripting (XSS) vulnerability on HP Officejet Pro 8500 (aka A909) All-in-One printers all... | | |
| CVE-2013-4846 | Unspecified vulnerability in HP System Management Homepage (SMH) before 7.3 allows remote attackers ... | S | |
| CVE-2013-4848 | TP-Link TL-WDR4300 version 3.13.31 has multiple CSRF vulnerabilities.... | E | |
| CVE-2013-4851 | The vfs_hang_addrlist function in sys/kern/vfs_export.c in the NFS server implementation in the kern... | | |
| CVE-2013-4852 | Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY a... | | |
| CVE-2013-4854 | The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x b... | | |
| CVE-2013-4855 | D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbol... | | |
| CVE-2013-4856 | D-Link DIR-865L has Information Disclosure.... | | |
| CVE-2013-4857 | D-Link DIR-865L has PHP File Inclusion in the router xml file.... | E M | |
| CVE-2013-4858 | Microsoft Windows Movie Maker 2.1.4026.0 on Windows XP SP3 allows remote attackers to cause a denial... | E | |
| CVE-2013-4859 | INSTEON Hub 2242-222 lacks Web and API authentication... | E | |
| CVE-2013-4860 | Radio Thermostat CT80 And CT50 with firmware 1.4.64 and earlier does not restrict access to the API,... | | |
| CVE-2013-4861 | Directory traversal vulnerability in cgi-bin/cmh/get_file.sh in MiCasaVerde VeraLite with firmware 1... | E | |
| CVE-2013-4862 | MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote au... | E | |
| CVE-2013-4863 | The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote at... | E | |
| CVE-2013-4864 | MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to send HTTP requests to intranet... | E | |
| CVE-2013-4865 | Cross-site request forgery (CSRF) vulnerability in upgrade_step2.sh in MiCasaVerde VeraLite with fir... | E | |
| CVE-2013-4866 | The LIXIL Corporation My SATIS Genius Toilet application for Android has a hardcoded Bluetooth PIN, ... | | |
| CVE-2013-4867 | Electronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python module hijacking... | E | |
| CVE-2013-4868 | Karotz API 12.07.19.00: Session Token Information Disclosure... | E | |
| CVE-2013-4869 | Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and the IM & Presence Service in C... | | |
| CVE-2013-4870 | SQL injection vulnerability in the News Search (news_search) extension 0.1.0 for TYPO3 allows remote... | | |
| CVE-2013-4871 | Cross-site request forgery (CSRF) vulnerability in the TEQneers SEO Enhancements (tq_seo) extension ... | | |
| CVE-2013-4872 | Google Glass before XE6 does not properly restrict the processing of QR codes, which allows physical... | | |
| CVE-2013-4873 | The Yahoo! Tumblr app before 3.4.1 for iOS sends cleartext credentials, which allows remote attacker... | S | |
| CVE-2013-4874 | The Uboot bootloader on the Verizon Wireless Network Extender SCS-26UC4 allows physically proximate ... | | |
| CVE-2013-4875 | The Uboot bootloader on the Verizon Wireless Network Extender SCS-2U01 allows physically proximate a... | | |
| CVE-2013-4876 | The Verizon Wireless Network Extender SCS-2U01 has a hardcoded password for the root account, which ... | | |
| CVE-2013-4877 | The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which... | | |
| CVE-2013-4878 | The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel... | | |
| CVE-2013-4879 | SQL injection vulnerability in core/inc/bigtree/cms.php in BigTree CMS 4.0 RC2 and earlier allows re... | E S | |
| CVE-2013-4880 | Cross-site scripting (XSS) vulnerability in core/admin/modules/developer/modules/views/add.php in Bi... | E S | |
| CVE-2013-4881 | Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/create.php in BigTree CM... | | |
| CVE-2013-4882 | Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePo... | | |
| CVE-2013-4883 | Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier... | | |
| CVE-2013-4884 | Cross-site scripting (XSS) vulnerability in McAfee SuperScan 4.0 allows remote attackers to inject a... | E | |
| CVE-2013-4885 | The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is ... | E S | |
| CVE-2013-4887 | SQL injection vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to ex... | | |
| CVE-2013-4888 | Cross-site scripting (XSS) vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote at... | E | |
| CVE-2013-4889 | Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Digital Signage Xibo 1.4.... | E | |
| CVE-2013-4890 | The DMCRUIS/0.1 web server on the Samsung PS50C7700 TV allows remote attackers to cause a denial of ... | E | |
| CVE-2013-4891 | The xss_clean function in CodeIgniter before 2.1.4 might allow remote attackers to bypass an intende... | E | |
| CVE-2013-4897 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual... | R | |
| CVE-2013-4898 | Unrestricted file upload vulnerability in the user profile page feature in the Timeline Plugin 4.2.5... | E | |
| CVE-2013-4899 | Cross-site scripting (XSS) vulnerability in Twilight CMS 5.17 and possibly earlier allows remote att... | E | |
| CVE-2013-4900 | Directory traversal vulnerability in DeWeS web server 0.4.2 and possibly earlier, as used in Twiligh... | E | |
| CVE-2013-4911 | Cross-site request forgery (CSRF) vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP... | | |
| CVE-2013-4912 | Open redirect vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote atta... | | |
| CVE-2013-4920 | The P1 dissector in Wireshark 1.10.x before 1.10.1 does not properly initialize a global variable, w... | S | |
| CVE-2013-4921 | Off-by-one error in the dissect_radiotap function in epan/dissectors/packet-ieee80211-radiotap.c in ... | S | |
| CVE-2013-4922 | Double free vulnerability in the dissect_dcom_ActivationProperties function in epan/dissectors/packe... | S | |
| CVE-2013-4923 | Memory leak in the dissect_dcom_ActivationProperties function in epan/dissectors/packet-dcom-sysact.... | S | |
| CVE-2013-4924 | epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x befo... | S | |
| CVE-2013-4925 | Integer signedness error in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissec... | S | |
| CVE-2013-4926 | epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x befo... | S | |
| CVE-2013-4927 | Integer signedness error in the get_type_length function in epan/dissectors/packet-btsdp.c in the Bl... | S | |
| CVE-2013-4928 | Integer signedness error in the dissect_headers function in epan/dissectors/packet-btobex.c in the B... | S | |
| CVE-2013-4929 | The parseFields function in epan/dissectors/packet-dis-pdus.c in the DIS dissector in Wireshark 1.8.... | S | |
| CVE-2013-4930 | The dissect_dvbci_tpdu_hdr function in epan/dissectors/packet-dvbci.c in the DVB-CI dissector in Wir... | S | |
| CVE-2013-4931 | epan/proto.c in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cau... | S | |
| CVE-2013-4932 | Multiple array index errors in epan/dissectors/packet-gsm_a_common.c in the GSM A Common dissector i... | S | |
| CVE-2013-4933 | The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8... | S | |
| CVE-2013-4934 | The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8... | S | |
| CVE-2013-4935 | The dissect_per_length_determinant function in epan/dissectors/packet-per.c in the ASN.1 PER dissect... | S | |
| CVE-2013-4936 | The IsDFP_Frame function in plugins/profinet/packet-pn-rt.c in the PROFINET Real-Time dissector in W... | S | |
| CVE-2013-4937 | Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, ... | | |
| CVE-2013-4938 | The LTI (aka IMS-LTI) mod_form implementation in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x b... | | |
| CVE-2013-4939 | Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 t... | S | |
| CVE-2013-4940 | Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2,... | S | |
| CVE-2013-4941 | Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2... | | |
| CVE-2013-4942 | Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YU... | S | |
| CVE-2013-4943 | The client application in Siemens COMOS before 9.1 Update 458, 9.2 before 9.2.0.6.37, and 10.0 befor... | | |
| CVE-2013-4944 | Cross-site scripting (XSS) vulnerability in the BuddyPress Extended Friendship Request plugin before... | | |
| CVE-2013-4945 | Multiple SQL injection vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote atta... | E | |
| CVE-2013-4946 | Multiple cross-site scripting (XSS) vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allo... | E | |
| CVE-2013-4947 | Unspecified vulnerability in the update and build database page in Sawmill before 8.6.3 allows remot... | | |
| CVE-2013-4948 | SQL injection vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary S... | E | |
| CVE-2013-4949 | Unrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute ... | E | |
| CVE-2013-4950 | Cross-site scripting (XSS) vulnerability in view.php in Machform 2 allows remote attackers to inject... | E | |
| CVE-2013-4951 | Multiple cross-site scripting (XSS) vulnerabilities in Mintboard 0.3 allow remote attackers to injec... | | |
| CVE-2013-4952 | SQL injection vulnerability in functions/global.php in Elemata CMS RC 3.0 allows remote attackers to... | E | |
| CVE-2013-4953 | SQL injection vulnerability in play.php in Top Games Script 1.2 allows remote attackers to execute a... | E | |
| CVE-2013-4954 | Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Genetech Solutions Pie-Re... | E S | |
| CVE-2013-4955 | Open redirect vulnerability in the login page in Puppet Enterprise before 3.0.1 allows remote attack... | | |
| CVE-2013-4956 | Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet E... | | |
| CVE-2013-4957 | The dashboard report in Puppet Enterprise before 3.0.1 allows attackers to execute arbitrary YAML co... | | |
| CVE-2013-4958 | Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers t... | | |
| CVE-2013-4959 | Puppet Enterprise before 3.0.1 uses HTTP responses that contain sensitive information without the "n... | | |
| CVE-2013-4961 | Puppet Enterprise before 3.0.1 includes version information for the Apache and Phusion Passenger pro... | | |
| CVE-2013-4962 | The reset password page in Puppet Enterprise before 3.0.1 does not force entry of the current passwo... | | |
| CVE-2013-4963 | Multiple cross-site request forgery (CSRF) vulnerabilities in Puppet Enterprise (PE) before 3.0.1 al... | | |
| CVE-2013-4964 | Puppet Enterprise before 3.0.1 does not set the secure flag for the session cookie in an https sessi... | | |
| CVE-2013-4965 | Puppet Enterprise before 3.1.0 does not properly restrict the number of authentication attempts by a... | | |
| CVE-2013-4966 | The master external node classification script in Puppet Enterprise before 3.2.0 does not verify the... | | |
| CVE-2013-4967 | Puppet Enterprise before 3.0.1 allows remote attackers to obtain the database password via vectors r... | | |
| CVE-2013-4968 | Puppet Enterprise before 3.0.1 allows remote attackers to (1) conduct clickjacking attacks via unspe... | | |
| CVE-2013-4969 | Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.... | | |
| CVE-2013-4971 | Puppet Enterprise before 3.2.0 does not properly restrict access to node endpoints in the console, w... | | |
| CVE-2013-4973 | Stack-based buffer overflow in RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 throu... | | |
| CVE-2013-4974 | RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attacke... | | |
| CVE-2013-4975 | Hikvision DS-2CD7153-E IP Camera has Privilege Escalation... | E | |
| CVE-2013-4976 | Hikvision DS-2CD7153-E IP Camera has security bypass via hardcoded credentials... | E | |
| CVE-2013-4977 | Buffer overflow in the RTSP Packet Handler in Hikvision DS-2CD7153-E IP camera with firmware 4.1.0 b... | E | |
| CVE-2013-4978 | Stack-based buffer overflow in AloahaPDFViewer 5.0.0.7 and earlier in Aloaha PDF Suite FREE allows r... | E | |
| CVE-2013-4979 | Buffer overflow in the gldll32.dll module in EPS Viewer 3.2 and earlier allows remote attackers to e... | E | |
| CVE-2013-4980 | Buffer overflow in the RTSP Packet Handler in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 an... | E | |
| CVE-2013-4981 | Buffer overflow in cgi-bin/user/Config.cgi in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 an... | E | |
| CVE-2013-4982 | AVTECH AVN801 DVR has a security bypass via the administration login captcha... | E | |
| CVE-2013-4983 | The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 b... | E | |
| CVE-2013-4984 | The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 ... | E | |
| CVE-2013-4985 | Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream... | E | |
| CVE-2013-4986 | Stack-based buffer overflow in PDFAX0722_IconCool.dll 7.22.1125.2121 in IconCool PDFCool Studio 3.32... | E | |
| CVE-2013-4987 | PineApp Mail-SeCure before 3.70 allows remote authenticated users to gain privileges by leveraging c... | E | |
| CVE-2013-4988 | Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary co... | E | |
| CVE-2013-4995 | Cross-site scripting (XSS) vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2... | | |
| CVE-2013-4996 | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x bef... | | |
| CVE-2013-4997 | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote ... | | |
| CVE-2013-4998 | phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive... | | |
| CVE-2013-4999 | phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an inval... | |