CVEs from 2013
Total
5,685
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-3900 | unknown | — | 1.5 | 5y ago | A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files. | |||
| CVE-2013-5763 | low | — | 1.5 | 13y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 allows context-dependent attackers to affect availability via unknown vectors related to Outs… | |||
| CVE-2013-4829 | low | — | 1.5 | 13y ago | HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c; Color LaserJet CM4540, M575, and M775; and ScanJet Enterprise 8500fn1 FutureSmart devices allow l… | |||
| CVE-2013-4355 | low | — | 1.5 | 13y ago | Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified o… | |||
| CVE-2013-2393 | low | — | 1.5 | 13y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4.0 allows context-dependent attackers to affect availability via unknown vectors relat… | |||
| CVE-2013-1546 | low | — | 1.5 | 13y ago | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 3.1.0 and 5.0.2 through 12.0.1 allows local users to affect confidentiali… | |||
| CVE-2013-1502 | low | — | 1.5 | 13y ago | Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition. | |||
| CVE-2013-0525 | low | — | 1.5 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in IBM iNotes 8.5.x allow local users to inject arbitrary web script or HTML via a shared mail file, aka SPR DKEN8PDNTX. | |||
| CVE-2013-6891 | low | — | 1.2 | 13y ago | lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cup… | |||
| CVE-2013-4476 | low | — | 1.2 | 13y ago | Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information b… | |||
| CVE-2013-1442 | low | — | 1.2 | 13y ago | Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCP… | |||
| CVE-2013-2217 | low | — | 1.2 | 13y ago | cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name … | |||
| CVE-2013-5123 | unknown | — | 1.0 | 4y ago | The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. | |||
| CVE-2013-7285 | unknown | — | 1.0 | 7y ago | Command Injection in Xstream | |||
| CVE-2013-7490 | unknown | — | — | — | An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption. | |||
| CVE-2013-4535 | unknown | — | — | — | The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read. | |||
| CVE-2013-7491 | unknown | — | — | — | An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated. | |||
| CVE-2013-3718 | unknown | — | — | — | evince is missing a check on number of pages which can lead to a segmentation fault | |||
| CVE-2013-7470 | unknown | — | — | — | cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstr… | |||
| CVE-2013-4532 | unknown | — | — | — | Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. | |||
| CVE-2013-2016 | unknown | — | — | — | A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, suc… | |||
| CVE-2013-4536 | unknown | — | — | — | An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially r… | |||
| CVE-2013-1429 | unknown | — | — | — | Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks. | |||
| CVE-2013-1424 | unknown | — | — | — | Buffer overflow vulnerability in matplotlib.This issue affects matplotlib: before upstream commit ba4016014cb4fb4927e36ce8ea429fed47dcb787. | |||
| CVE-2013-4090 | unknown | — | — | — | Varnish HTTP cache before 3.0.4: ACL bug | |||
| CVE-2013-2018 | unknown | — | — | — | Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-0326 | unknown | — | — | — | OpenStack nova base images permissions are world readable | |||
| CVE-2013-6430 | unknown | — | — | 4y ago | Improper Neutralization of Input During Web Page Generation in Spring Framework | |||
| CVE-2013-2255 | unknown | — | — | 4y ago | HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. |