CVEs from 2013
Total
5,684
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-1958 | low | — | 1.9 | 13y ago | The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.8.6 does not properly enforce capability requirements for controlling the PID value associated with a UNIX domain socket, w… | |||
| CVE-2013-0541 | low | — | 1.9 | 13y ago | Buffer overflow in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Windows, when a localOS registry is used in conjuncti… | |||
| CVE-2013-0122 | low | — | 1.9 | 13y ago | The avast! Mobile Security application before 2.0.4400 for Android allows attackers to cause a denial of service (application crash) via a crafted application that sends an intent to com.avast.androi… | |||
| CVE-2013-0403 | low | — | 1.9 | 13y ago | Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Utility. | |||
| CVE-2013-2302 | low | — | 1.9 | 13y ago | TransWARE Active! mail 6, when an external public interface is used, allows local users to obtain sensitive information belonging to arbitrary users by leveraging shell access, as demonstrated by a T… | |||
| CVE-2013-2636 | low | — | 1.9 | 13y ago | net/bridge/br_mdb.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application. | |||
| CVE-2013-2635 | low | — | 1.9 | 13y ago | The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux kernel before 3.8.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from ke… | |||
| CVE-2013-2634 | low | — | 1.9 | 13y ago | net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. | |||
| CVE-2013-1427 | low | — | 1.9 | 13y ago | The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP con… | |||
| CVE-2013-0979 | low | — | 1.9 | 13y ago | lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of… | |||
| CVE-2013-0200 | low | — | 1.9 | 13y ago | HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/h… | |||
| CVE-2013-0349 | low | — | 1.9 | 14y ago | The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6 does not properly copy a certain name field, which allows local users to obtain sensitive information from ke… | |||
| CVE-2013-0154 | low | — | 1.9 | 14y ago | The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled, allows local PV or HVM guest administrators to cause a denial of service (assertion failure and hypervisor crash… | |||
| CVE-2013-7291 | low | — | 1.8 | 13y ago | memcached before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (crash) via a request that triggers an "unbounded key print" during logging, related to an … | |||
| CVE-2013-7290 | low | — | 1.8 | 13y ago | The do_item_get function in items.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a … | |||
| CVE-2013-0179 | low | — | 1.8 | 13y ago | The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fa… | |||
| CVE-2013-5885 | low | — | 1.7 | 13y ago | Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect integrity via unknown vectors related to Audit. | |||
| CVE-2013-5874 | low | — | 1.7 | 13y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, and 12.2.2 allows local users to affect confidentiality via unknown … | |||
| CVE-2013-5865 | low | — | 1.7 | 13y ago | Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect availability via unknown vectors related to Utility/User administration. | |||
| CVE-2013-2997 | low | — | 1.7 | 13y ago | IBM Security AppScan Enterprise before 8.7 does not invalidate the session context upon a logout action, which allows remote attackers to hijack sessions by leveraging an unattended workstation. | |||
| CVE-2013-0982 | low | — | 1.7 | 13y ago | The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypa… | |||
| CVE-2013-2382 | low | — | 1.7 | 13y ago | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 12.0.1 allows local users to affect confidentiality via vectors related t… | |||
| CVE-2013-1499 | low | — | 1.7 | 13y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Network Configuration. | |||
| CVE-2013-0648 | unknown | — | 1.5 | 2y ago | Adobe Flash Player contains an unspecified vulnerability in the ExternalInterface ActionScript functionality that allows a remote attacker to execute arbitrary code via crafted SWF content. | |||
| CVE-2013-0643 | unknown | — | 1.5 | 2y ago | Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote attacker to execute arbitrary code via crafted SWF content. | |||
| CVE-2013-2597 | unknown | — | 1.5 | 4y ago | The Code Aurora audio calibration database (acdb) audio driver contains a stack-based buffer overflow vulnerability that allows for privilege escalation. Code Aurora is used in third-party products s… | |||
| CVE-2013-2596 | unknown | — | 1.5 | 4y ago | Linux kernel fb_mmap function in drivers/video/fbmem.c contains an integer overflow vulnerability that allows for privilege escalation. | |||
| CVE-2013-1331 | unknown | — | 1.5 | 4y ago | Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via crafted PNG data in an Office document. | |||
| CVE-2013-3993 | unknown | — | 1.5 | 4y ago | Certain APIs within BigInsights can take invalid input that might allow attackers unauthorized access to read, write, modify, or delete data. | |||
| CVE-2013-0631 | unknown | — | 1.5 | 4y ago | Adobe Coldfusion contains an unspecified vulnerability, which could result in information disclosure from a compromised server. | |||
| CVE-2013-1675 | unknown | — | 1.5 | 4y ago | Mozilla Firefox does not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive in… | |||
| CVE-2013-0641 | unknown | — | 1.5 | 4y ago | A buffer overflow vulnerability exists in Adobe Reader which allows an attacker to perform remote code execution. | |||
| CVE-2013-3900 | unknown | — | 1.5 | 5y ago | A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files. | |||
| CVE-2013-5763 | low | — | 1.5 | 13y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 allows context-dependent attackers to affect availability via unknown vectors related to Outs… | |||
| CVE-2013-4829 | low | — | 1.5 | 13y ago | HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c; Color LaserJet CM4540, M575, and M775; and ScanJet Enterprise 8500fn1 FutureSmart devices allow l… | |||
| CVE-2013-4355 | low | — | 1.5 | 13y ago | Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified o… | |||
| CVE-2013-2393 | low | — | 1.5 | 13y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4.0 allows context-dependent attackers to affect availability via unknown vectors relat… | |||
| CVE-2013-1546 | low | — | 1.5 | 13y ago | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 3.1.0 and 5.0.2 through 12.0.1 allows local users to affect confidentiali… | |||
| CVE-2013-1502 | low | — | 1.5 | 13y ago | Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition. | |||
| CVE-2013-0525 | low | — | 1.5 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in IBM iNotes 8.5.x allow local users to inject arbitrary web script or HTML via a shared mail file, aka SPR DKEN8PDNTX. | |||
| CVE-2013-6891 | low | — | 1.2 | 13y ago | lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cup… | |||
| CVE-2013-4476 | low | — | 1.2 | 13y ago | Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information b… | |||
| CVE-2013-1442 | low | — | 1.2 | 13y ago | Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCP… | |||
| CVE-2013-2217 | low | — | 1.2 | 13y ago | cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name … | |||
| CVE-2013-5123 | unknown | — | 1.0 | 4y ago | The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. | |||
| CVE-2013-7285 | unknown | — | 1.0 | 7y ago | Command Injection in Xstream | |||
| CVE-2013-4535 | unknown | — | — | — | The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read. | |||
| CVE-2013-2018 | unknown | — | — | — | Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-4536 | unknown | — | — | — | An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially r… | |||
| CVE-2013-4532 | unknown | — | — | — | Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. | |||
| CVE-2013-4090 | unknown | — | — | — | Varnish HTTP cache before 3.0.4: ACL bug | |||
| CVE-2013-7470 | unknown | — | — | — | cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstr… | |||
| CVE-2013-7491 | unknown | — | — | — | An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated. | |||
| CVE-2013-1429 | unknown | — | — | — | Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks. | |||
| CVE-2013-1424 | unknown | — | — | — | Buffer overflow vulnerability in matplotlib.This issue affects matplotlib: before upstream commit ba4016014cb4fb4927e36ce8ea429fed47dcb787. | |||
| CVE-2013-7490 | unknown | — | — | — | An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption. | |||
| CVE-2013-2016 | unknown | — | — | — | A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, suc… | |||
| CVE-2013-0326 | unknown | — | — | — | OpenStack nova base images permissions are world readable | |||
| CVE-2013-1437 | unknown | — | — | — | Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value. | |||
| CVE-2013-3718 | unknown | — | — | — | evince is missing a check on number of pages which can lead to a segmentation fault | |||
| CVE-2013-6430 | unknown | — | — | 4y ago | Improper Neutralization of Input During Web Page Generation in Spring Framework | |||
| CVE-2013-2255 | unknown | — | — | 4y ago | HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. |