CVEs from 2013
Total
5,740
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.0%
% with KEV
0.7%
% with exploit
0.8%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2013-7203 | unknown | — | — | — | gitolite before commit fa06a34 might allow local users to read arbitrary files in repositories via vectors related to the user umask when running gitolite setup. | |
| CVE-2013-4572 | unknown | — | — | — | The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows… | |
| CVE-2013-2012 | unknown | — | — | — | autojump before 21.5.8 allows local users to gain privileges via a Trojan horse custom_install directory in the current working directory. | |
| CVE-2013-7484 | unknown | — | — | — | Zabbix before 5.0 represents passwords in the users table with unsalted MD5. | |
| CVE-2013-7098 | unknown | — | — | — | OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection. | |
| CVE-2013-2075 | unknown | — | — | — | Multiple buffer overflows in the (1) R5RS char-ready, (2) tcp-accept-ready, and (3) file-select procedures in Chicken through 4.8.0.3 allows attackers to cause a denial of service (crash) by opening … | |
| CVE-2013-7087 | unknown | — | — | — | ClamAV before 0.97.7 has WWPack corrupt heap memory | |
| CVE-2013-4968 | unknown | — | — | — | Puppet Enterprise before 3.0.1 allows remote attackers to (1) conduct clickjacking attacks via unspecified vectors related to the console, and (2) conduct cross-site scripting (XSS) attacks via unspe… | |
| CVE-2013-7088 | unknown | — | — | — | ClamAV before 0.97.7 has buffer overflow in the libclamav component | |
| CVE-2013-2213 | unknown | — | — | — | The KRandom::random function in KDE Paste Applet after 4.10.5 in kdeplasma-addons uses the GNU C Library rand function's linear congruential generator, which makes it easier for context-dependent att… | |
| CVE-2013-2120 | unknown | — | — | — | The %{password(...)} macro in pastemacroexpander.cpp in the KDE Paste Applet before 4.10.5 in kdeplasma-addons does not properly generate passwords, which allows context-dependent attackers to bypass… | |
| CVE-2013-4235 | unknown | — | — | — | shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees | |
| CVE-2013-1752 | unknown | — | — | — | ||
| CVE-2013-1817 | unknown | — | — | — | MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information. | |
| CVE-2013-1951 | unknown | — | — | — | A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names. | |
| CVE-2013-10068 | unknown | — | — | 10mo ago | Foxit Reader versions through 5.4.5.0114, including the bundled Foxit Reader Plugin 2.2.1.530, contains a stack-based buffer overflow vulnerability in the npFoxitReaderPlugin.dll module. When a PDF f… | |
| CVE-2013-10005 | unknown | — | — | 4y ago | Infinite loop in github.com/btcsuite/go-socks | |
| CVE-2013-7489 | unknown | — | — | 4y ago | The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution. | |
| CVE-2013-4791 | unknown | — | — | 4y ago | PrestaShop Stored Cross-Site Scripting Vulnerability | |
| CVE-2013-0294 | unknown | — | — | 4y ago | packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute for… | |
| CVE-2013-6430 | unknown | — | — | 4y ago | The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers … | |
| CVE-2013-4752 | unknown | — | — | 4y ago | Symfony Host Header Injection vulnerability in the HttpFoundation component | |
| CVE-2013-7062 | unknown | — | — | 4y ago | Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4.0.x through 4.0.9, 4.1.x through 4.1.6, 4.2.x through 4.2.7, and 4.3 through 4.3.2, allow remote a… | |
| CVE-2013-7371 | unknown | — | — | 4y ago | node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE-2013-7370) | |
| CVE-2013-0342 | unknown | — | — | 4y ago | The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability tha… | |
| CVE-2013-2228 | unknown | — | — | 4y ago | SaltStack RSA Key Generation allows remote users to decrypt communications | |
| CVE-2013-4409 | unknown | — | — | 4y ago | An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests. | |
| CVE-2013-4251 | unknown | — | — | 4y ago | The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories. | |
| CVE-2013-4751 | unknown | — | — | 4y ago | Symfony collectionCascaded and collectionCascadedDeeply fields security bypass | |
| CVE-2013-2255 | unknown | — | — | 4y ago | OpenStack Keystone and other components vulnerable to Improper Certificate Validation | |
| CVE-2013-2095 | unknown | — | — | 4y ago | RubyGem openshift-origin-controller is vulnerable to command injection | |
| CVE-2013-2166 | unknown | — | — | 5y ago | python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass | |
| CVE-2013-1895 | unknown | — | — | 5y ago | The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the p… | |
| CVE-2013-7035 | unknown | — | — | 6y ago | Cross-Site Scripting in react | |
| CVE-2013-7381 | unknown | — | — | 6y ago | Potential Command Injection in libnotify | |
| CVE-2013-7378 | unknown | — | — | 6y ago | Potential Command Injection in hubot-scripts | |
| CVE-2013-3364 | unknown | — | — | 6y ago | Unauthenticated Remote Command Injection in ep_imageconvert | |
| CVE-2013-7370 | unknown | — | — | 6y ago | node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware | |
| CVE-2013-2167 | unknown | — | — | 6y ago | python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass | |
| CVE-2013-7285 | unknown | — | — | 7y ago | Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed inpu… | |
| CVE-2013-2233 | unknown | — | — | 8y ago | Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys. | |
| CVE-2013-6460 | unknown | — | — | 13y ago | Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents | |
| CVE-2013-6461 | unknown | — | — | 13y ago | Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits | |
| CVE-2013-4593 | unknown | — | — | 13y ago | RubyGem omniauth-facebook has an access token security vulnerability | |
| CVE-2013-4318 | unknown | — | — | 13y ago | Features file injection vulnerability | |
| CVE-2013-4170 | unknown | — | — | 13y ago | Ember.js Potential XSS Exploit When Binding `tagName` to User-Supplied Data | |
| CVE-2013-4869 | unknown | — | — | 13y ago | Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and the IM & Presence Service in Cisco Unified Presence Server through 9.1(2) use the same CTI and database-encryption key across dif… | |
| CVE-2013-2513 | unknown | — | — | 13y ago | flash_tool Gem for Ruby File Download Handling Arbitrary Command Execution | |
| CVE-2013-2512 | unknown | — | — | 13y ago | OS Command Injection in ftpd | |
| CVE-2013-2516 | unknown | — | — | 13y ago | Fileutils Command Injection vulnerability | |
| CVE-2013-1607 | unknown | — | — | 13y ago | PDFKit Improper Input Validation vulnerability |