CVEs from 2013

5,732 normalized CVEs published or assigned in this year.

Total

5,732

critical

critical 917

high

high 949

medium

medium 3,166

low

low 557

% Critical

16.0%

% with KEV

0.7%

% with exploit

0.9%

Top vendors

google 11,935
adobe 5,775
mozilla 5,495
ibm 5,231
ffmpeg 3,379
oracle 3,057
apple 2,597
cisco 2,092

Top products

chrome 11,665
ffmpeg 3,379
seamonkey 2,231
acrobat_reader 1,911
acrobat 1,909
itunes 1,678
firefox 1,634
moodle 1,560

Top packages

Packagist/moodle/moodle 55
PyPI/plone 47
RubyGems/actionpack 27
Packagist/typo3/cms-core 23
Packagist/typo3/cms 19
Maven/org.jenkins-ci.main:jenkins-core 18
RubyGems/activerecord 17
RubyGems/rack 17

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2013-6167	medium	—	7.8	13y ago	Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a pers…
CVE-2013-1773	medium	—	7.2	13y ago	Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a …
CVE-2013-2503	medium	—	6.8	13y ago	Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended…
CVE-2013-2131	medium	—	6.0	12y ago	Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdt…
CVE-2013-6282	unknown	—	2.5	4y ago	The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the conten…
CVE-2013-2596	unknown	—	1.5	4y ago	Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to crea…
CVE-2013-2094	unknown	—	1.5	4y ago	The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open …
CVE-2013-2251	unknown	—	1.5	4y ago	Code injection in Apache Struts