CVEs from 2013

5,739 normalized CVEs published or assigned in this year.

Total

5,739

critical

critical 917

high

high 949

medium

medium 3,166

low

low 557

% Critical

16.0%

% with KEV

0.7%

% with exploit

0.9%

Top vendors

google 11,935
adobe 5,775
mozilla 5,495
ibm 5,231
ffmpeg 3,379
oracle 3,057
apple 2,597
cisco 2,092

Top products

chrome 11,665
ffmpeg 3,379
seamonkey 2,231
acrobat_reader 1,911
acrobat 1,909
itunes 1,678
firefox 1,634
moodle 1,560

Top packages

Packagist/moodle/moodle 55
PyPI/plone 47
RubyGems/actionpack 27
Packagist/typo3/cms-core 23
Packagist/typo3/cms 19
Maven/org.jenkins-ci.main:jenkins-core 18
RubyGems/activerecord 17
RubyGems/rack 17

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2013-4710	critical	—	9.3	12y ago	Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary me…
CVE-2013-4787	critical	—	9.3	13y ago	Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrary code via an application package file (APK) that…
CVE-2013-6420	high	—	8.5	13y ago	The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 …
CVE-2013-2028	high	—	8.5	13y ago	The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfe…
CVE-2013-0333	high	—	8.5	14y ago	lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows re…
CVE-2013-0156	high	—	8.5	14y ago	active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which …
CVE-2013-4011	high	—	7.2	13y ago	Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibs…