CVEs from 2013
Total
5,685
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-3751 | critical | — | 9.0 | 13y ago | Unspecified vulnerability in the XML Parser component in Oracle Database Server 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availabili… | |||
| CVE-2013-3578 | critical | — | 9.0 | 13y ago | SQL injection vulnerability in the Help Desk application in Wave EMBASSY Remote Administration Server (ERAS) allows remote authenticated users to execute arbitrary SQL commands via the ct100$4MainCon… | |||
| CVE-2013-3003 | critical | — | 9.0 | 13y ago | Unspecified vulnerability in SOAP Gateway in IBM IMS Enterprise Suite 1.1, 2.1, and 2.2 allows remote authenticated users to execute arbitrary commands via unknown vectors. | |||
| CVE-2013-3384 | critical | — | 9.0 | 13y ago | The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550; Email Security Appliance devices before 7.1.5-104, 7.3 … | |||
| CVE-2013-3383 | critical | — | 9.0 | 13y ago | The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550 allows remote authenticated users to execute arbitrary c… | |||
| CVE-2013-4633 | critical | — | 9.0 | 13y ago | Huawei Seco Versatile Security Manager (VSM) before V200R002C00SPC300 allows remote authenticated users to gain privileges via a certain change to a group configuration setting. | |||
| CVE-2013-1339 | critical | — | 9.0 | 13y ago | The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of … | |||
| CVE-2013-3080 | critical | — | 9.0 | 13y ago | VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to create or overwrite arbitrary files, and consequently execute arbitrary code or cause a denial of servi… | |||
| CVE-2013-3079 | critical | — | 9.0 | 13y ago | VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to execute arbitrary programs with root privileges by leveraging Virtual Appliance Management Interface (V… | |||
| CVE-2013-1180 | critical | — | 9.0 | 13y ago | Buffer overflow in the SNMP implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allows remote authentica… | |||
| CVE-2013-1179 | critical | — | 9.0 | 13y ago | Multiple buffer overflows in the (1) SNMP and (2) License Manager implementations in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x… | |||
| CVE-2013-1640 | critical | — | 9.0 | 13y ago | The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2… | |||
| CVE-2013-0706 | critical | — | 9.0 | 14y ago | NEC Universal RAID Utility 1.40 Rev 680 and earlier, 2.31 Rev 1492 and earlier, and 2.5 Rev 2244 and earlier does not provide access control, which allows remote attackers to perform arbitrary RAID d… | |||
| CVE-2013-1111 | critical | — | 9.0 | 14y ago | The Cisco ATA 187 Analog Telephone Adaptor with firmware 9.2.1.0 and 9.2.3.1 before ES build 4 does not properly implement access control, which allows remote attackers to execute operating-system co… | |||
| CVE-2013-0022 | critical | 9.0 | 9.0 | 14y ago | Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer… | |||
| CVE-2013-1105 | critical | — | 9.0 | 14y ago | Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.3, 7.1 and 7.2 before 7.2.111.3, and 7.3 before 7.3.101.0 allow remote authenticated users to bypass wireless-management s… | |||
| CVE-2013-1104 | critical | — | 9.0 | 14y ago | The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent heade… | |||
| CVE-2013-3918 | unknown | — | 2.5 | 8mo ago | Microsoft Windows contains an out-of-bounds write vulnerability in the InformationCardSigninHelper Class ActiveX control, icardie.dll. An attacker could exploit the vulnerability by constructing a sp… | |||
| CVE-2013-3893 | unknown | — | 2.5 | 10mo ago | Microsoft Internet Explorer contains a memory corruption vulnerability that allows for remote code execution. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users shoul… | |||
| CVE-2013-3163 | unknown | — | 2.5 | 3y ago | Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial of service via a crafted website. | |||
| CVE-2013-6282 | unknown | — | 2.5 | 4y ago | The get_user and put_user API functions of the Linux kernel fail to validate the target address when being used on ARM v6k/v7 platforms. This allows an application to read and write kernel memory whi… | |||
| CVE-2013-2094 | unknown | — | 2.5 | 4y ago | Linux kernel fails to check all 64 bits of attr.config passed by user space, resulting to out-of-bounds access of the perf_swevent_enabled array in sw_perf_event_destroy(). Explotation allows for pri… | |||
| CVE-2013-3896 | unknown | — | 2.5 | 4y ago | Microsoft Silverlight does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application. | |||
| CVE-2013-0431 | unknown | — | 2.5 | 4y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle allows remote attackers to bypass the Java security sandbox. | |||
| CVE-2013-2423 | unknown | — | 2.5 | 4y ago | Unspecified vulnerability in hotspot for Java Runtime Environment (JRE) allows remote attackers to affect integrity. | |||
| CVE-2013-0074 | unknown | — | 2.5 | 4y ago | Microsoft Silverlight does not properly validate pointers during HTML object rendering, which allows remote attackers to execute code via a crafted Silverlight application. | |||
| CVE-2013-0422 | unknown | — | 2.5 | 4y ago | A vulnerability in the way Java restricts the permissions of Java applets could allow an attacker to execute commands on a vulnerable system. | |||
| CVE-2013-7331 | unknown | — | 2.5 | 4y ago | An information disclosure vulnerability exists in Internet Explorer which allows resources loaded into memory to be queried. This vulnerability could allow an attacker to detect anti-malware applicat… | |||
| CVE-2013-2251 | unknown | — | 2.5 | 4y ago | Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language (OGNL) expressions. | |||
| CVE-2013-3660 | unknown | — | 2.5 | 4y ago | The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft does not properly initialize a pointer for the next object in a certain list, which allows local users to ga… | |||
| CVE-2013-2729 | unknown | — | 2.5 | 4y ago | Integer overflow vulnerability in Adobe Reader and Acrobat allows attackers to execute remote code. | |||
| CVE-2013-2551 | unknown | — | 2.5 | 4y ago | Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute remote code via a crafted web site that triggers access to a deleted object. | |||
| CVE-2013-1690 | unknown | — | 2.5 | 4y ago | Mozilla Firefox and Thunderbird do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial-of-service (DoS) or possibly execu… | |||
| CVE-2013-2465 | unknown | — | 2.5 | 4y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related … | |||
| CVE-2013-5223 | unknown | — | 2.5 | 4y ago | A cross-site scripting (XSS) vulnerability exists in the D-Link DSL-2760U gateway, allowing remote authenticated users to inject arbitrary web script or HTML. | |||
| CVE-2013-4810 | unknown | — | 2.5 | 4y ago | HP ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet … | |||
| CVE-2013-0629 | unknown | — | 2.5 | 4y ago | Adobe Coldfusion contains a directory traversal vulnerability, which could permit an unauthorized user access to restricted directories. | |||
| CVE-2013-0625 | unknown | — | 2.5 | 4y ago | Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access. | |||
| CVE-2013-5065 | unknown | — | 2.5 | 4y ago | Microsoft Windows NDProxy.sys in the kernel contains an improper input validation vulnerability which can allow a local attacker to escalate privileges. | |||
| CVE-2013-0640 | unknown | — | 2.5 | 4y ago | An memory corruption vulnerability exists in the acroform.dll in Adobe Reader that allows an attacker to perform remote code execution. | |||
| CVE-2013-0632 | unknown | — | 2.5 | 4y ago | An authentication bypass vulnerability exists in Adobe ColdFusion which could result in an unauthorized user gaining administrative access. | |||
| CVE-2013-3897 | unknown | — | 2.5 | 4y ago | A use-after-free vulnerability exists within CDisplayPointer in Microsoft Internet Explorer that allows an attacker to remotely execute arbitrary code. | |||
| CVE-2013-1347 | unknown | — | 2.5 | 4y ago | This vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. | |||
| CVE-2013-3346 | unknown | — | 2.5 | 4y ago | Adobe Reader and Acrobat contain a memory corruption vulnerability which can allow attackers to execute arbitrary code or cause a denial of service. | |||
| CVE-2013-3906 | unknown | — | 2.5 | 4y ago | Microsoft Graphics Component contains a memory corruption vulnerability which can allow for remote code execution. | |||
| CVE-2013-0643 | unknown | — | 1.5 | 2y ago | Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote attacker to execute arbitrary code via crafted SWF content. | |||
| CVE-2013-0648 | unknown | — | 1.5 | 2y ago | Adobe Flash Player contains an unspecified vulnerability in the ExternalInterface ActionScript functionality that allows a remote attacker to execute arbitrary code via crafted SWF content. | |||
| CVE-2013-2597 | unknown | — | 1.5 | 4y ago | The Code Aurora audio calibration database (acdb) audio driver contains a stack-based buffer overflow vulnerability that allows for privilege escalation. Code Aurora is used in third-party products s… | |||
| CVE-2013-2596 | unknown | — | 1.5 | 4y ago | Linux kernel fb_mmap function in drivers/video/fbmem.c contains an integer overflow vulnerability that allows for privilege escalation. | |||
| CVE-2013-1331 | unknown | — | 1.5 | 4y ago | Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via crafted PNG data in an Office document. | |||
| CVE-2013-3993 | unknown | — | 1.5 | 4y ago | Certain APIs within BigInsights can take invalid input that might allow attackers unauthorized access to read, write, modify, or delete data. | |||
| CVE-2013-0631 | unknown | — | 1.5 | 4y ago | Adobe Coldfusion contains an unspecified vulnerability, which could result in information disclosure from a compromised server. | |||
| CVE-2013-0641 | unknown | — | 1.5 | 4y ago | A buffer overflow vulnerability exists in Adobe Reader which allows an attacker to perform remote code execution. | |||
| CVE-2013-1675 | unknown | — | 1.5 | 4y ago | Mozilla Firefox does not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive in… | |||
| CVE-2013-3900 | unknown | — | 1.5 | 5y ago | A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files. | |||
| CVE-2013-5123 | unknown | — | 1.0 | 4y ago | The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. | |||
| CVE-2013-7285 | unknown | — | 1.0 | 7y ago | Command Injection in Xstream | |||
| CVE-2013-7470 | unknown | — | — | — | cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstr… | |||
| CVE-2013-1424 | unknown | — | — | — | Buffer overflow vulnerability in matplotlib.This issue affects matplotlib: before upstream commit ba4016014cb4fb4927e36ce8ea429fed47dcb787. | |||
| CVE-2013-4532 | unknown | — | — | — | Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. | |||
| CVE-2013-2016 | unknown | — | — | — | A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, suc… | |||
| CVE-2013-3718 | unknown | — | — | — | evince is missing a check on number of pages which can lead to a segmentation fault | |||
| CVE-2013-1429 | unknown | — | — | — | Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks. | |||
| CVE-2013-0326 | unknown | — | — | — | OpenStack nova base images permissions are world readable | |||
| CVE-2013-7490 | unknown | — | — | — | An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption. | |||
| CVE-2013-4536 | unknown | — | — | — | An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially r… | |||
| CVE-2013-7491 | unknown | — | — | — | An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated. | |||
| CVE-2013-2018 | unknown | — | — | — | Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-4535 | unknown | — | — | — | The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read. | |||
| CVE-2013-4090 | unknown | — | — | — | Varnish HTTP cache before 3.0.4: ACL bug | |||
| CVE-2013-6430 | unknown | — | — | 4y ago | Improper Neutralization of Input During Web Page Generation in Spring Framework | |||
| CVE-2013-2255 | unknown | — | — | 4y ago | HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. |