CVEs from 2013

5,687 normalized CVEs published or assigned in this year.

Total

5,687

critical

critical 917

high

high 949

medium

medium 3,166

low

low 557

% Critical

16.1%

% with KEV

0.7%

% with exploit

11.6%

Top vendors

google 11,935
adobe 5,775
mozilla 5,495
ibm 5,231
ffmpeg 3,379
oracle 3,057
apple 2,597
cisco 2,092

Top products

chrome 11,665
ffmpeg 3,379
seamonkey 2,231
acrobat_reader 1,911
acrobat 1,909
itunes 1,678
firefox 1,634
moodle 1,560

Top packages

Packagist/moodle/moodle 55
PyPI/plone 47
RubyGems/actionpack 27
Packagist/typo3/cms-core 23
Packagist/typo3/cms 19
Maven/org.jenkins-ci.main:jenkins-core 18
RubyGems/activerecord 17
RubyGems/rack 17

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2013-4536	unknown	—	—				—	An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially r…
CVE-2013-0326	unknown	—	—				—	OpenStack nova base images permissions are world readable
CVE-2013-1424	unknown	—	—				—	Buffer overflow vulnerability in matplotlib.This issue affects matplotlib: before upstream commit ba4016014cb4fb4927e36ce8ea429fed47dcb787.
CVE-2013-1429	unknown	—	—				—	Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks.
CVE-2013-4535	unknown	—	—				—	The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read.
CVE-2013-3718	unknown	—	—				—	evince is missing a check on number of pages which can lead to a segmentation fault
CVE-2013-4532	unknown	—	—				—	Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
CVE-2013-2018	unknown	—	—				—	Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-6430	unknown	—	—				4y ago	Improper Neutralization of Input During Web Page Generation in Spring Framework
CVE-2013-2255	unknown	—	—				4y ago	HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.