CVEs from 2013
Total
5,695
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
3.5%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-6221 | critical | — | 10.0 | 12y ago | Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary file… | |||
| CVE-2013-4730 | critical | — | 10.0 | 12y ago | Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command. | |||
| CVE-2013-3928 | critical | — | 10.0 | 12y ago | Stack-based buffer overflow in the ReadFile function in flt_BMP.dll in Chasys Draw IES before 4.11.02 allows remote attackers to execute arbitrary code via crafted biPlanes and biBitCount fields in a… | |||
| CVE-2013-4710 | critical | — | 10.0 | 12y ago | Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary me… | |||
| CVE-2013-3482 | critical | — | 10.0 | 13y ago | Stack-based buffer overflow in the rf_report_error function in ermapper_u.dll in Intergraph ERDAS ER Viewer before 13.0.1.1301 allows remote attackers to execute arbitrary code or cause a denial of s… | |||
| CVE-2013-6955 | critical | — | 10.0 | 13y ago | webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, an… | |||
| CVE-2013-6194 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1905. | |||
| CVE-2013-2347 | critical | — | 10.0 | 13y ago | The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary commands or cause a denial of service via a crafted EXEC_BAR packet to TCP port… | |||
| CVE-2013-4988 | critical | — | 10.0 | 13y ago | Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary code via a long idCount value in an ICONDIR structure in an ICO file. NOTE: some of these details ar… | |||
| CVE-2013-2751 | critical | — | 10.0 | 13y ago | Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbit… | |||
| CVE-2013-5331 | critical | — | 10.0 | 13y ago | Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380… | |||
| CVE-2013-3623 | critical | — | 10.0 | 13y ago | Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 gene… | |||
| CVE-2013-6935 | critical | — | 10.0 | 13y ago | Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the SourcePath value in a .wcf file. | |||
| CVE-2013-4837 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832. | |||
| CVE-2013-4822 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to execute arbitrary code via un… | |||
| CVE-2013-2578 | critical | — | 10.0 | 13y ago | cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to execute arbitr… | |||
| CVE-2013-3248 | critical | — | 10.0 | 13y ago | Untrusted search path vulnerability in Corel PDF Fusion 1.11 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a director… | |||
| CVE-2013-2068 | critical | — | 10.0 | 13y ago | Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. (dot dot) in th… | |||
| CVE-2013-5486 | critical | — | 10.0 | 13y ago | Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the c… | |||
| CVE-2013-4811 | critical | — | 10.0 | 13y ago | UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert… | |||
| CVE-2013-4812 | critical | — | 10.0 | 13y ago | UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName a… | |||
| CVE-2013-3205 | critical | — | 10.0 | 13y ago | Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrup… | |||
| CVE-2013-4983 | critical | — | 10.0 | 13y ago | The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the… | |||
| CVE-2013-3184 | critical | — | 10.0 | 13y ago | Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2013-1710 | critical | — | 10.0 | 13y ago | The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows… | |||
| CVE-2013-5019 | critical | — | 10.0 | 13y ago | Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote attackers to execute arbitrary code via a long resource name in an HTTP request. | |||
| CVE-2013-2367 | critical | — | 10.0 | 13y ago | Multiple unspecified vulnerabilities in HP SiteScope 11.20 and 11.21, when SOAP is used, allow remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1678. | |||
| CVE-2013-4800 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1735. | |||
| CVE-2013-4798 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1705. | |||
| CVE-2013-1966 | critical | — | 10.0 | 13y ago | Arbitrary code execution in Apache Struts | |||
| CVE-2013-4782 | critical | — | 10.0 | 13y ago | The Supermicro BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. | |||
| CVE-2013-2343 | critical | — | 10.0 | 13y ago | Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1510. | |||
| CVE-2013-2460 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and a… | |||
| CVE-2013-3576 | critical | — | 10.0 | 13y ago | ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATH_INFO to smhutil/snmpchp.php.en. | |||
| CVE-2013-2333 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1680. | |||
| CVE-2013-1017 | critical | — | 10.0 | 13y ago | Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted dref atoms in a movie file. | |||
| CVE-2013-2730 | critical | — | 10.0 | 13y ago | Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability… | |||
| CVE-2013-0726 | critical | — | 10.0 | 13y ago | Stack-based buffer overflow in the ERM_convert_to_correct_webpath function in ermapper_u.dll in ERDAS ER Viewer before 13.00.0001 allows remote attackers to execute arbitrary code via a crafted pathn… | |||
| CVE-2013-1080 | critical | — | 10.0 | 13y ago | The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to cond… | |||
| CVE-2013-1488 | critical | — | 10.0 | 13y ago | The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflec… | |||
| CVE-2013-1493 | critical | — | 10.0 | 13y ago | The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbit… | |||
| CVE-2013-0025 | critical | — | 10.0 | 14y ago | Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer… | |||
| CVE-2013-0634 | critical | — | 10.0 | 14y ago | Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and be… | |||
| CVE-2013-0230 | critical | — | 10.0 | 14y ago | Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quot… | |||
| CVE-2013-0928 | critical | — | 10.0 | 14y ago | The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary commands via a DCP "run command" operation. | |||
| CVE-2013-0758 | critical | — | 10.0 | 14y ago | Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 a… | |||
| CVE-2013-0757 | critical | — | 10.0 | 14y ago | The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15… | |||
| CVE-2013-0753 | critical | — | 10.0 | 14y ago | Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird… | |||
| CVE-2013-10050 | high | 8.8 | 9.8 | 10mo ago | An OS command injection vulnerability exists in multiple D-Link routers (confirmed on DIR-300 rev A v1.05 and DIR-615 rev D v4.13) via the authenticated tools_vct.xgi CGI endpoint. The web interface … | |||
| CVE-2013-3632 | high | 8.8 | 9.8 | 12y ago | The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter. | |||
| CVE-2013-6271 | high | — | 9.8 | 13y ago | Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the com.androi… | |||
| CVE-2013-0136 | high | — | 9.5 | 13y ago | Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbi… | |||
| CVE-2013-4787 | critical | — | 9.3 | 13y ago | Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrary code via an application package file (APK) that… | |||
| CVE-2013-0810 | high | 8.1 | 9.1 | 13y ago | Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2 allow remote attackers to execute arbitrary code via a crafted screensaver in a theme file, a… | |||
| CVE-2013-2115 | high | 8.1 | 9.1 | 13y ago | Code injection in Apache Struts | |||
| CVE-2013-0229 | high | — | 8.8 | 14y ago | The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that trig… | |||
| CVE-2013-7409 | high | — | 8.5 | 12y ago | Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .m3u (playlist) file. | |||
| CVE-2013-6117 | high | — | 8.5 | 12y ago | Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perfo… | |||
| CVE-2013-1412 | high | — | 8.5 | 12y ago | DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier. | |||
| CVE-2013-5036 | high | — | 8.5 | 12y ago | The Square Squash allows remote attackers to execute arbitrary code via a YAML document in the (1) namespace parameter to the deobfuscation function or (2) sourcemap parameter to the sourcemap functi… | |||
| CVE-2013-5014 | high | — | 8.5 | 13y ago | The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1… | |||
| CVE-2013-2827 | high | — | 8.5 | 13y ago | An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client mach… | |||
| CVE-2013-2050 | high | — | 8.5 | 13y ago | SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authentica… | |||
| CVE-2013-7260 | high | — | 8.5 | 13y ago | Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long (1) ve… | |||
| CVE-2013-6420 | high | — | 8.5 | 13y ago | The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 … | |||
| CVE-2013-1349 | high | — | 8.5 | 13y ago | Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter. | |||
| CVE-2013-6829 | high | — | 8.5 | 13y ago | admin/confnetworking.html in PineApp Mail-SeCure allows remote attackers to execute arbitrary commands via shell metacharacters in the pinghost parameter during a ping operation. | |||
| CVE-2013-4557 | high | — | 8.5 | 13y ago | The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter. | |||
| CVE-2013-4835 | high | — | 8.5 | 13y ago | The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd me… | |||
| CVE-2013-6129 | high | — | 8.5 | 13y ago | The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid, htmldata[password], htmldata[confirmpassword], and htmldata[email] … | |||
| CVE-2013-4824 | high | — | 8.5 | 13y ago | Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass authentication via unknown vectors, aka Z… | |||
| CVE-2013-5967 | high | — | 8.5 | 13y ago | Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the date_from par… | |||
| CVE-2013-2370 | high | — | 8.5 | 13y ago | Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1671. | |||
| CVE-2013-2028 | high | — | 8.5 | 13y ago | The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfe… | |||
| CVE-2013-1362 | high | — | 8.5 | 13y ago | Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, whic… | |||
| CVE-2013-4786 | high | 7.5 | 8.5 | 13y ago | The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing atta… | |||
| CVE-2013-3563 | high | — | 8.5 | 13y ago | Stack-based buffer overflow in db_netserver in Lianja SQL Server before 1.0.0RC5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted… | |||
| CVE-2013-3520 | high | — | 8.5 | 13y ago | VMware vCenter Chargeback Manager (aka CBM) before 2.5.1 does not proper handle uploads, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2013-0680 | high | — | 8.5 | 13y ago | Stack-based buffer overflow in the web server in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend befo… | |||
| CVE-2013-0232 | high | — | 8.5 | 13y ago | includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) runState parameter in the packa… | |||
| CVE-2013-1081 | high | — | 8.5 | 13y ago | Directory traversal vulnerability in MDM.php in Novell ZENworks Mobile Management (ZMM) 2.6.1 and 2.7.0 allows remote attackers to include and execute arbitrary local files via the language parameter. | |||
| CVE-2013-0333 | high | — | 8.5 | 14y ago | lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows re… | |||
| CVE-2013-0209 | high | — | 8.5 | 14y ago | lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct e… | |||
| CVE-2013-0156 | high | — | 8.5 | 14y ago | active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which … | |||
| CVE-2013-3881 | high | — | 8.2 | 13y ago | win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a crafted application, aka "Win32k NULL Page Vulnerability." | |||
| CVE-2013-4984 | high | — | 8.2 | 13y ago | The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second… | |||
| CVE-2013-3956 | high | — | 8.2 | 13y ago | The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows S… | |||
| CVE-2013-4011 | high | — | 8.2 | 13y ago | Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibs… | |||
| CVE-2013-1300 | high | — | 8.2 | 13y ago | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 201… | |||
| CVE-2013-0109 | high | — | 8.2 | 13y ago | The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not properly handle exceptions, which allows local users to gain privileges or cau… | |||
| CVE-2013-0008 | high | — | 8.2 | 14y ago | win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly… | |||
| CVE-2013-1662 | medium | — | 7.9 | 13y ago | vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in… | |||
| CVE-2013-2171 | medium | — | 7.9 | 13y ago | The vm_map_lookup function in sys/vm/vm_map.c in the mmap implementation in the kernel in FreeBSD 9.0 through 9.1-RELEASE-p4 does not properly determine whether a task should have write access to a m… | |||
| CVE-2013-1775 | medium | — | 7.9 | 13y ago | sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by… | |||
| CVE-2013-3843 | medium | — | 7.8 | 12y ago | Stack-based buffer overflow in the mk_request_header_process function in mk_request.c in Monkey HTTP Daemon (monkeyd) before 1.2.1 allows remote attackers to cause a denial of service (crash) and pos… | |||
| CVE-2013-6167 | medium | — | 7.8 | 13y ago | Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a pers… | |||
| CVE-2013-7102 | medium | — | 7.8 | 13y ago | Multiple unrestricted file upload vulnerabilities in (1) media-upload.php, (2) media-upload-lncthumb.php, and (3) media-upload-sq_button.php in lib/admin/ in the OptimizePress theme before 1.61 for W… | |||
| CVE-2013-5447 | medium | — | 7.8 | 13y ago | Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary code via an XFDL form with a long fontname value. | |||
| CVE-2013-4212 | medium | — | 7.8 | 13y ago | Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated b… | |||
| CVE-2013-4164 | medium | — | 7.8 | 13y ago | Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial o… |