CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2013-4708 The PPP Access Concentrator (PPPAC) in Internet Initiative Japan Inc. SEIL/x86 1.00 through 2.80, SEIL/X1 1.00 through 4.30, SEIL/X2 1.00 through 4.30, SEIL/B1 1.00 through 4.30, SEIL/Turbo 1.80 throu... | N/A | NONE | — | 0 |
| CVE-2013-5745 The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error c... | N/A | NONE | — | 0 |
| CVE-2013-3539 Cross-site request forgery (CSRF) vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and poss... | N/A | NONE | — | 0 |
| CVE-2013-3688 The TP-Link IP Cameras TL-SC3171, TL-SC3130, TL-SC3130G, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6, does not properly restrict access to certain administrative func... | N/A | NONE | — | 0 |
| CVE-2013-3690 Cross-site request forgery (CSRF) vulnerability in cgi-bin/users.cgi in Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.1.0.8 an... | N/A | NONE | — | 0 |
| CVE-2013-3962 Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera model... | N/A | NONE | — | 0 |
| CVE-2013-3963 Cross-site request forgery (CSRF) vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and... | N/A | NONE | — | 0 |
| CVE-2013-3964 Cross-site scripting (XSS) vulnerability in Samsung SHR-5162, SHR-5082, and possibly other models, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | N/A | NONE | — | 0 |
| CVE-2013-5580 The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions in conn.c in ngIRCd 18 through 20.2, when the configuration option NoticeAuth is enabled, does not properly handle the return code for... | N/A | NONE | — | 0 |
| CVE-2013-1892 MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (inva... | N/A | NONE | — | 0 |
| CVE-2013-5975 The access policy logon page (logon.inc) in F5 BIG-IP APM 11.1.0 through 11.2.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | N/A | NONE | — | 0 |
| CVE-2013-5976 Cross-site scripting (XSS) vulnerability in the access policy logout page (logout.inc) in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.1.0 through 11.3.0 allows remote attackers to inject arbitrary web ... | N/A | NONE | — | 0 |
| CVE-2013-2906 Multiple race conditions in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allow remote attackers to cause a denial of service or possibly have unspecified other ... | N/A | NONE | — | 0 |
| CVE-2013-2907 The Window.prototype object implementation in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | N/A | NONE | — | 0 |
| CVE-2013-2908 Google Chrome before 30.0.1599.66 uses incorrect function calls to determine the values of NavigationEntry objects, which allows remote attackers to spoof the address bar via vectors involving a respo... | N/A | NONE | — | 0 |
| CVE-2013-0692 The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows rem... | N/A | NONE | — | 0 |
| CVE-2013-0693 The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier performs n... | N/A | NONE | — | 0 |
| CVE-2013-0694 The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a ROM,... | N/A | NONE | — | 0 |
| CVE-2013-3593 Baramundi Management Suite 7.5 through 8.9 uses cleartext for (1) client-server communication and (2) data storage, which allows remote attackers to obtain sensitive information by sniffing the networ... | N/A | NONE | — | 0 |
| CVE-2025-7161 A vulnerability classified as critical was found in PHPGurukul Zoo Management System 2.1. This vulnerability affects unknown code of the file /admin/add-normal-ticket.php. The manipulation of the argu... | 6.3 | MEDIUM | — | 0 |
| CVE-2013-5944 The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which al... | N/A | NONE | — | 0 |
| CVE-2013-5690 Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) content with the text/xml MIME... | N/A | NONE | — | 0 |
| CVE-2013-6009 CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain conditions, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting a... | N/A | NONE | — | 0 |
| CVE-2013-5701 Multiple untrusted search path vulnerabilities in (1) Watchguard Log Collector (wlcollector.exe) and (2) Watchguard WebBlocker Server (wbserver.exe) in WatchGuard Server Center 11.7.4, 11.7.3, and pos... | N/A | NONE | — | 0 |
| CVE-2013-1061 dbus/SoftwarePropertiesDBus.py in Software Properties 0.92.17 before 0.92.17.3, 0.92.9 before 0.92.9.3, and 0.82.7 before 0.82.7.5 does not properly use D-Bus for communication with a polkit authority... | N/A | NONE | — | 0 |
| CVE-2013-1062 ubuntu-system-service 0.2.4 before 0.2.4.1. 0.2.3 before 0.2.3.1, and 0.2.2 before 0.2.2.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass int... | N/A | NONE | — | 0 |
| CVE-2013-1063 usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and 0.2.38 before 0.2.38.2 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass in... | N/A | NONE | — | 0 |
| CVE-2013-1064 apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restri... | N/A | NONE | — | 0 |
| CVE-2013-1065 backend.py in Jockey before 0.9.7-0ubuntu7.11 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a Pol... | N/A | NONE | — | 0 |
| CVE-2013-1066 language-selector 0.110.x before 0.110.1, 0.90.x before 0.90.1, and 0.79.x before 0.79.4 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass inten... | N/A | NONE | — | 0 |
| CVE-2013-4288 Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is perfo... | N/A | NONE | — | 0 |
| CVE-2013-4311 libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race co... | N/A | NONE | — | 0 |
| CVE-2013-4711 Cross-site scripting (XSS) vulnerability in Accela BizSearch 3.2 on Linux and Solaris allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | N/A | NONE | — | 0 |
| CVE-2013-4324 spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by le... | N/A | NONE | — | 0 |
| CVE-2013-4326 RealtimeKit (aka rtkit) 0.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess Pol... | N/A | NONE | — | 0 |
| CVE-2013-4327 systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race cond... | N/A | NONE | — | 0 |
| CVE-2013-0742 Stack-based buffer overflow in Corel PDF Fusion 1.11 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long ZIP directory entry name in an XPS fi... | N/A | NONE | — | 0 |
| CVE-2013-3248 Untrusted search path vulnerability in Corel PDF Fusion 1.11 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory... | N/A | NONE | — | 0 |
| CVE-2013-2221 Heap-based buffer overflow in the ZRtp::storeMsgTemp function in GNU ZRTPCPP before 3.2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large p... | N/A | NONE | — | 0 |
| CVE-2013-2222 Multiple stack-based buffer overflows in GNU ZRTPCPP before 3.2.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ZRTP Hello packet to the... | N/A | NONE | — | 0 |
| CVE-2013-2223 GNU ZRTPCPP before 3.2.0 allows remote attackers to obtain sensitive information (uninitialized heap memory) or cause a denial of service (out-of-bounds read) via a crafted packet, as demonstrated by ... | N/A | NONE | — | 0 |
| CVE-2013-4157 Red Hat Storage 2.0 allows local users to overwrite arbitrary files via a symlink attack on the (1) e, (2) local-bricks.list, (3) bricks.err, or (4) limits.conf files in /tmp. | N/A | NONE | — | 0 |
| CVE-2013-4249 Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitr... | N/A | NONE | — | 0 |
| CVE-2013-4344 Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a RE... | N/A | NONE | — | 0 |
| CVE-2013-4758 Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows re... | N/A | NONE | — | 0 |
| CVE-2013-4788 The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it e... | N/A | NONE | — | 0 |
| CVE-2013-5915 The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly perform Montgomery multiplication, which might allow remote attackers to conduct a timing side-channel attack and retrieve RSA pri... | N/A | NONE | — | 0 |
| CVE-2013-6011 Citrix NetScaler Application Delivery Controller (ADC) 10.0 before 10.0-76.7 allows remote attackers to cause a denial of service (nsconfigd crash and appliance reboot) via a crafted request. | N/A | NONE | — | 0 |
| CVE-2013-3885 Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulne... | N/A | NONE | — | 0 |
| CVE-2013-6044 The is_safe_url function in utils/http.py in Django 1.4.x before 1.4.6, 1.5.x before 1.5.2, and 1.6 before beta 2 treats a URL's scheme as safe even if it is not HTTP or HTTPS, which might introduce c... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.