CVEs from 2013
Total
5,688
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-6357 | medium | — | 7.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that… | |||
| CVE-2013-5328 | high | — | 7.8 | 13y ago | Adobe ColdFusion 10 before Update 12 allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2013-5553 | high | — | 7.8 | 13y ago | Multiple memory leaks in Cisco IOS 15.1 before 15.1(4)M7 allow remote attackers to cause a denial of service (memory consumption or device reload) by sending a crafted SIP message over (1) IPv4 or (2… | |||
| CVE-2013-5977 | medium | — | 7.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in Cart66Product.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allows remote attackers to hijack the authentication of administrators for… | |||
| CVE-2013-5547 | high | — | 7.8 | 13y ago | Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending malformed EoGRE packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuf0… | |||
| CVE-2013-5546 | high | — | 7.8 | 13y ago | The TCP reassembly feature in Cisco IOS XE 3.7 before 3.7.3S and 3.8 before 3.8.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via large TCP packets that … | |||
| CVE-2013-5545 | high | — | 7.8 | 13y ago | The PPTP ALG implementation in Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending many PPTP packets over NAT, aka Bug I… | |||
| CVE-2013-5543 | high | — | 7.8 | 13y ago | Cisco IOS XE 3.4 before 3.4.2S and 3.5 before 3.5.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via malformed ICMP error packets associated with a (1) TC… | |||
| CVE-2013-5741 | high | — | 7.8 | 13y ago | Triangle Research International (aka Tri) Nano-10 PLC devices with firmware r81 and earlier do not properly handle large length values in MODBUS data, which allows remote attackers to cause a denial … | |||
| CVE-2013-6016 | high | — | 7.8 | 13y ago | The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, APM, ASM, Edge Gateway, GTM, Link Controller, and WOM 10.0.0 through 10.2.2 and 11.0.0; Analytics 11.0.0; PSM 9.4.0 through 9.4.8, 10.0.0 th… | |||
| CVE-2013-4885 | medium | — | 7.8 | 13y ago | The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in … | |||
| CVE-2013-5537 | high | — | 7.8 | 13y ago | The web framework on Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) devices does not properly manage the state of HTTP and HTTPS s… | |||
| CVE-2013-5515 | high | — | 7.8 | 13y ago | The Clientless SSL VPN feature in Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.44), 8.3.x before 8.3(2.39), 8.4.x before 8.4(5.7), 8.6.x before 8.6(1.12), 9.0.x before 9.0(2.6), … | |||
| CVE-2013-3415 | high | — | 7.8 | 13y ago | Cisco Adaptive Security Appliance (ASA) Software 8.4.x before 8.4(3) and 8.6.x before 8.6(1.3) does not properly manage memory upon an AnyConnect SSL VPN client disconnection, which allows remote att… | |||
| CVE-2013-2787 | high | — | 7.8 | 13y ago | Alstom e-terracontrol 3.5, 3.6, and 3.7 allows remote attackers to cause a denial of service (infinite loop) via crafted DNP3 packets. | |||
| CVE-2013-5576 | medium | — | 7.8 | 13y ago | administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended … | |||
| CVE-2013-3861 | high | — | 7.8 | 13y ago | Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 allows remote attackers to cause a denial of service (application crash or hang) via crafted character sequences in JSON data, aka "J… | |||
| CVE-2013-3860 | high | — | 7.8 | 13y ago | Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly parse a DTD during XML digital-signature validation, which allows remote attackers to cause a denial of service (ap… | |||
| CVE-2013-3689 | high | — | 7.8 | 13y ago | Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.0.6.16C1 and earlier, do not properly restrict access to configfile.dump, which… | |||
| CVE-2013-3540 | medium | — | 7.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/usrgrp.cgi in AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models allows… | |||
| CVE-2013-6011 | high | — | 7.8 | 13y ago | Citrix NetScaler Application Delivery Controller (ADC) 10.0 before 10.0-76.7 allows remote attackers to cause a denial of service (nsconfigd crash and appliance reboot) via a crafted request. | |||
| CVE-2013-3625 | high | — | 7.8 | 13y ago | An unspecified DLL file in Baramundi Management Suite 7.5 through 8.9 uses a hardcoded encryption key, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging … | |||
| CVE-2013-3624 | high | — | 7.8 | 13y ago | The OS deployment feature in Baramundi Management Suite 7.5 through 8.9 stores credentials in cleartext on deployed machines, which allows remote attackers to obtain sensitive information by reading … | |||
| CVE-2013-3593 | high | — | 7.8 | 13y ago | Baramundi Management Suite 7.5 through 8.9 uses cleartext for (1) client-server communication and (2) data storage, which allows remote attackers to obtain sensitive information by sniffing the netwo… | |||
| CVE-2013-5503 | high | — | 7.8 | 13y ago | The UDP process in Cisco IOS XR 4.3.1 does not free packet memory upon detecting full packet queues, which allows remote attackers to cause a denial of service (memory consumption) via UDP packets to… | |||
| CVE-2013-3963 | medium | — | 7.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, an… | |||
| CVE-2013-3690 | medium | — | 7.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in cgi-bin/users.cgi in Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.1.0.8 a… | |||
| CVE-2013-3539 | medium | — | 7.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and pos… | |||
| CVE-2013-1839 | high | — | 7.8 | 13y ago | The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a ",… | |||
| CVE-2013-5961 | medium | — | 7.8 | 13y ago | Unrestricted file upload vulnerability in lazyseo.php in the Lazy SEO plugin 1.1.9 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a… | |||
| CVE-2013-5480 | high | — | 7.8 | 13y ago | The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka … | |||
| CVE-2013-5479 | high | — | 7.8 | 13y ago | The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka … | |||
| CVE-2013-5478 | high | — | 7.8 | 13y ago | Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via crafted UDP RSVP packets, aka Bug… | |||
| CVE-2013-5477 | high | — | 7.8 | 13y ago | The T1/E1 driver-queue functionality in Cisco IOS 12.2 and 15.0 through 15.3, when an HDLC32 driver is used, allows remote attackers to cause a denial of service (interface queue wedge) via bursty ne… | |||
| CVE-2013-5476 | high | — | 7.8 | 13y ago | The Zone-Based Firewall (ZFW) feature in Cisco IOS 15.1 through 15.2, when content filtering or HTTP ALG inspection is enabled, allows remote attackers to cause a denial of service (device reload or … | |||
| CVE-2013-5475 | high | — | 7.8 | 13y ago | Cisco IOS 12.2 through 12.4 and 15.0 through 15.3, and IOS XE 2.1 through 3.9, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets that are processed locally… | |||
| CVE-2013-5474 | high | — | 7.8 | 13y ago | Race condition in the IPv6 virtual fragmentation reassembly (VFR) implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.3 allows remote attackers to cause a denial of service (device relo… | |||
| CVE-2013-5473 | high | — | 7.8 | 13y ago | Memory leak in Cisco IOS 12.2, 15.1, and 15.2; IOS XE 3.4.2S through 3.4.5S; and IOS XE 3.6.xS before 3.6.1S allows remote attackers to cause a denial of service (memory consumption or device reload)… | |||
| CVE-2013-5093 | medium | — | 7.8 | 13y ago | The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a … | |||
| CVE-2013-5490 | high | — | 7.8 | 13y ago | Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, relat… | |||
| CVE-2013-5487 | high | — | 7.8 | 13y ago | DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary files via unspecified vectors, aka Bug ID CSCue77029. | |||
| CVE-2013-5696 | medium | — | 7.8 | 13y ago | inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request fo… | |||
| CVE-2013-3473 | high | — | 7.8 | 13y ago | The web framework in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance before 9.1.1 does not properly determine the existence of an authenticated session, which allows remote atta… | |||
| CVE-2013-5140 | high | — | 7.8 | 13y ago | The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment. | |||
| CVE-2013-1342 | high | 7.8 | 7.8 | 13y ago | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 201… | |||
| CVE-2013-5672 | medium | — | 7.8 | 13y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the IndiaNIC Testimonial plugin 2.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that… | |||
| CVE-2013-2793 | high | — | 7.8 | 13y ago | Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow remote attacker… | |||
| CVE-2013-5209 | high | — | 7.8 | 13y ago | The sctp_send_initiate_ack function in sys/netinet/sctp_output.c in the SCTP implementation in the kernel in FreeBSD 8.3 through 9.2-PRERELEASE does not properly initialize the state-cookie data stru… | |||
| CVE-2013-3468 | high | — | 7.8 | 13y ago | The Cisco Unified IP Phone 8945 with software 9.3(2) allows remote attackers to cause a denial of service (device hang) via a malformed PNG file, aka Bug ID CSCud04270. | |||
| CVE-2013-2353 | high | — | 7.8 | 13y ago | Unspecified vulnerability in HP StoreOnce D2D Backup System 1.x before 1.2.19 and 2.x before 2.3.0 allows remote attackers to cause a denial of service via unknown vectors. | |||
| CVE-2013-4247 | high | — | 7.8 | 13y ago | Off-by-one error in the build_unc_path_to_root function in fs/cifs/connect.c in the Linux kernel before 3.9.6 allows remote attackers to cause a denial of service (memory corruption and system crash)… | |||
| CVE-2013-3460 | high | — | 7.8 | 13y ago | Memory leak in Cisco Unified Communications Manager (Unified CM) 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(1) allows remote attackers to cause a denial of service (service… | |||
| CVE-2013-3459 | high | — | 7.8 | 13y ago | Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6a does not properly handle errors, which allows remote attackers to cause a denial of service (service disruption) via malfor… | |||
| CVE-2013-3390 | high | — | 7.8 | 13y ago | Memory leak in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (memory consumption) via a flood of… | |||
| CVE-2013-3389 | high | — | 7.8 | 13y ago | Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets to… | |||
| CVE-2013-3388 | high | — | 7.8 | 13y ago | Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets to… | |||
| CVE-2013-3387 | high | — | 7.8 | 13y ago | Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (disk consumption) via a flood of TCP packets to p… | |||
| CVE-2013-3453 | high | — | 7.8 | 13y ago | Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (m… | |||
| CVE-2013-2789 | high | — | 7.8 | 13y ago | The Kepware DNP Master Driver for the KEPServerEX Communications Platform before 5.12.140.0 allows remote attackers to cause a denial of service (master-station infinite loop) via crafted DNP3 packet… | |||
| CVE-2013-5316 | medium | — | 7.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in RiteCMS 1.0.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via an edit… | |||
| CVE-2013-4881 | medium | — | 7.8 | 13y ago | Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/create.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for re… | |||
| CVE-2013-5301 | high | — | 7.8 | 13y ago | Directory traversal vulnerability in help.php in Trustport Webfilter 5.5.0.2232 allows remote attackers to read arbitrary files via a .. (dot dot) in the hf parameter. | |||
| CVE-2013-3183 | high | — | 7.8 | 13y ago | The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly perform memory allocation… | |||
| CVE-2013-3182 | high | — | 7.8 | 13y ago | The Windows NAT Driver (aka winnat) service in Microsoft Windows Server 2012 does not properly validate memory addresses during the processing of ICMP packets, which allows remote attackers to cause … | |||
| CVE-2013-2790 | high | — | 7.8 | 13y ago | The master-station DNP3 driver before driver19.exe, and Beta2041.exe, in IOServer allows remote attackers to cause a denial of service (infinite loop) via crafted DNP3 packets to TCP port 20000. | |||
| CVE-2013-2576 | medium | — | 7.8 | 13y ago | Buffer overflow in Artweaver before 3.1.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AWD file. | |||
| CVE-2013-4807 | high | — | 7.8 | 13y ago | Unspecified vulnerability on the HP LaserJet Pro P1102w, P1606dn, M1212nf MFP, M1213nf MFP, M1214nfh MFP, M1216nfh MFP, M1217nfw MFP, M1218nfs MFP, and CP1025nw with firmware before 2013-07-26 201307… | |||
| CVE-2013-2112 | high | — | 7.8 | 13y ago | The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection. | |||
| CVE-2013-4929 | high | — | 7.8 | 13y ago | The parseFields function in epan/dissectors/packet-dis-pdus.c in the DIS dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not terminate packet-data processing after finding zer… | |||
| CVE-2013-4928 | high | — | 7.8 | 13y ago | Integer signedness error in the dissect_headers function in epan/dissectors/packet-btobex.c in the Bluetooth OBEX dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial… | |||
| CVE-2013-4927 | high | — | 7.8 | 13y ago | Integer signedness error in the get_type_length function in epan/dissectors/packet-btsdp.c in the Bluetooth SDP dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attack… | |||
| CVE-2013-4949 | medium | — | 7.8 | 13y ago | Unrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in t… | |||
| CVE-2013-4854 | high | — | 7.8 | 13y ago | The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remo… | |||
| CVE-2013-4780 | high | — | 7.8 | 13y ago | core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to read arbitrary f… | |||
| CVE-2013-4778 | high | — | 7.8 | 13y ago | core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to obtain sensitive… | |||
| CVE-2013-3411 | high | — | 7.8 | 13y ago | The IDSM-2 drivers in Cisco Intrusion Prevention System (IPS) Software on Cisco Catalyst 6500 devices with an IDSM-2 module allow remote attackers to cause a denial of service (device hang) via malfo… | |||
| CVE-2013-3410 | high | — | 7.8 | 13y ago | Cisco Intrusion Prevention System (IPS) Software on IPS NME devices before 7.0(9)E4 allows remote attackers to cause a denial of service (device reload) via malformed IPv4 packets that trigger incorr… | |||
| CVE-2013-1243 | high | — | 7.8 | 13y ago | The IP stack in Cisco Intrusion Prevention System (IPS) Software in ASA 5500-X IPS-SSP software and hardware modules before 7.1(5)E4, IPS 4500 sensors before 7.1(6)E4, and IPS 4300 sensors before 7.1… | |||
| CVE-2013-1218 | high | — | 7.8 | 13y ago | Cisco Intrusion Prevention System (IPS) Software in ASA 5500-X IPS-SSP software modules before 7.1(7)sp1E4 allows remote attackers to cause a denial of service (Analysis Engine process hang or device… | |||
| CVE-2013-3753 | high | — | 7.8 | 13y ago | Unspecified vulnerability in Oracle Solaris 11 allows remote attackers to affect availability via vectors related to Kernel/STREAMS framework. | |||
| CVE-2013-3748 | high | — | 7.8 | 13y ago | Unspecified vulnerability in Oracle Solaris 11 allows remote attackers to affect availability via vectors related to Driver/IDM (iSCSI Data Mover). | |||
| CVE-2013-1943 | high | 7.8 | 7.8 | 13y ago | The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows loca… | |||
| CVE-2013-2687 | high | — | 7.8 | 13y ago | Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2) QNX Momentics Tool Suite through 6.5.0 SP1 in the QNX Software Development Pla… | |||
| CVE-2013-4688 | high | — | 7.8 | 13y ago | flowd in Juniper Junos 10.4 before 10.4R11 on SRX devices, when the MSRPC Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted M… | |||
| CVE-2013-4687 | high | — | 7.8 | 13y ago | flowd in Juniper Junos 10.4 before 10.4S14, 11.2 and 11.4 before 11.4R6-S2, and 12.1 before 12.1R6 on SRX devices, when certain Application Layer Gateways (ALGs) are enabled, allows remote attackers … | |||
| CVE-2013-4684 | high | — | 7.8 | 13y ago | flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R8, 12.1 before 12.1R7, and 12.1X44 before 12.1X44-D15 on SRX devices, when PIM and NAT are enabled, allows remote attackers to cause a den… | |||
| CVE-2013-3129 | high | 7.8 | 7.8 | 13y ago | Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3, Windo… | |||
| CVE-2013-1059 | high | — | 7.8 | 13y ago | net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an… | |||
| CVE-2013-4733 | high | — | 7.8 | 13y ago | The web server on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 allows remote attackers to obtain sensitive configuration an… | |||
| CVE-2013-4660 | medium | — | 7.8 | 13y ago | Deserialization Code Execution in js-yaml | |||
| CVE-2013-3386 | high | — | 7.8 | 13y ago | The IronPort Spam Quarantine (ISQ) component in the web framework in IronPort AsyncOS on Cisco Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019 and Content Sec… | |||
| CVE-2013-3385 | high | — | 7.8 | 13y ago | The management GUI in the web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-602; Email Security Appliance devices … | |||
| CVE-2013-3382 | high | — | 7.8 | 13y ago | The Next-Generation Firewall (aka NGFW, formerly CX Context-Aware Security) module 9.x before 9.1.1.9 and 9.1.2.x before 9.1.2.12 for Cisco Adaptive Security Appliances (ASA) devices allows remote at… | |||
| CVE-2013-3378 | high | — | 7.8 | 13y ago | Cisco TelePresence TC Software before 6.1 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (temporary device hang) via crafted SIP packets, aka Bug ID CSCuf89557. | |||
| CVE-2013-3377 | high | — | 7.8 | 13y ago | Cisco TelePresence TC Software before 5.1.7 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCue01743. | |||
| CVE-2013-4632 | high | — | 7.8 | 13y ago | The Huawei Access Router (AR) before V200R002SPC003 allows remote attackers to cause a denial of service (device reset) via a crafted field in a DHCP request, as demonstrated by a request from an IP … | |||
| CVE-2013-2445 | high | — | 7.8 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remo… | |||
| CVE-2013-3919 | high | — | 7.8 | 13y ago | resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, and 9.6-ESV-R9 before 9.6-ESV-R9-P1, when a recursive resolver is configured, allows remote attackers to cause a denial of service… | |||
| CVE-2013-3561 | high | — | 7.8 | 13y ago | Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket … | |||
| CVE-2013-1236 | high | — | 7.8 | 13y ago | Cisco TelePresence Supervisor MSE 8050 before 2.3(1.31) allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing TCP connections at a high rate, aka Bug… |