CVEs from 2013

5,685 normalized CVEs published or assigned in this year.

Total

5,685

critical

critical 917

high

high 949

medium

medium 3,166

low

low 557

% Critical

16.1%

% with KEV

0.7%

% with exploit

11.6%

Top vendors

google 11,935
adobe 5,775
mozilla 5,495
ibm 5,231
ffmpeg 3,379
oracle 3,057
apple 2,597
cisco 2,092

Top products

chrome 11,665
ffmpeg 3,379
seamonkey 2,231
acrobat_reader 1,911
acrobat 1,909
itunes 1,678
firefox 1,634
moodle 1,560

Top packages

Packagist/moodle/moodle 55
PyPI/plone 47
RubyGems/actionpack 27
Packagist/typo3/cms-core 23
Packagist/typo3/cms 19
Maven/org.jenkins-ci.main:jenkins-core 18
RubyGems/activerecord 17
RubyGems/rack 17

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2013-4090	unknown	—	—				—	Varnish HTTP cache before 3.0.4: ACL bug
CVE-2013-2018	unknown	—	—				—	Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-6430	unknown	—	—				4y ago	Improper Neutralization of Input During Web Page Generation in Spring Framework
CVE-2013-2255	unknown	—	—				4y ago	HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.