CVEs from 2013
Total
5,732
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.0%
% with KEV
0.7%
% with exploit
0.9%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2013-6420 | high | — | 8.5 | 13y ago | The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 … | |
| CVE-2013-2028 | high | — | 8.5 | 13y ago | The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfe… | |
| CVE-2013-0333 | high | — | 8.5 | 14y ago | lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows re… | |
| CVE-2013-0156 | high | — | 8.5 | 14y ago | active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which … | |
| CVE-2013-6167 | medium | — | 7.8 | 13y ago | Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a pers… | |
| CVE-2013-4011 | high | — | 7.2 | 13y ago | Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibs… | |
| CVE-2013-1773 | medium | — | 7.2 | 13y ago | Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a … | |
| CVE-2013-2503 | medium | — | 6.8 | 13y ago | Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended… | |
| CVE-2013-2131 | medium | — | 6.0 | 12y ago | Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdt… | |
| CVE-2013-6282 | unknown | — | 2.5 | 4y ago | The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the conten… | |
| CVE-2013-2094 | unknown | — | 1.5 | 4y ago | The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open … | |
| CVE-2013-2596 | unknown | — | 1.5 | 4y ago | Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to crea… | |
| CVE-2013-2251 | unknown | — | 1.5 | 4y ago | Code injection in Apache Struts |