CVEs from 2013
Total
5,688
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-7416 | high | — | 7.5 | 12y ago | canto_curses/guibase.py in Canto Curses before 0.9.0 allows remote feed servers to execute arbitrary commands via shell metacharacters in a URL in a feed. | |||
| CVE-2013-6399 | high | — | 7.5 | 12y ago | Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image. | |||
| CVE-2013-4542 | high | — | 7.5 | 12y ago | The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds arr… | |||
| CVE-2013-4541 | high | — | 7.5 | 12y ago | The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_inde… | |||
| CVE-2013-4540 | high | — | 7.5 | 12y ago | Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm … | |||
| CVE-2013-4539 | high | — | 7.5 | 12y ago | Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision… | |||
| CVE-2013-4538 | high | — | 7.5 | 12y ago | Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitra… | |||
| CVE-2013-4537 | high | — | 7.5 | 12y ago | The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted arglen value in a savevm image. | |||
| CVE-2013-4534 | high | — | 7.5 | 12y ago | Buffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements. | |||
| CVE-2013-4533 | high | — | 7.5 | 12y ago | Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_lev… | |||
| CVE-2013-4531 | high | — | 7.5 | 12y ago | Buffer overflow in target-arm/machine.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative value in cpreg_vmstate_array_len i… | |||
| CVE-2013-4530 | high | — | 7.5 | 12y ago | Buffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a sa… | |||
| CVE-2013-4529 | high | — | 7.5 | 12y ago | Buffer overflow in hw/pci/pcie_aer.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image. | |||
| CVE-2013-4527 | high | — | 7.5 | 12y ago | Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers. | |||
| CVE-2013-4526 | high | — | 7.5 | 12y ago | Buffer overflow in hw/ide/ahci.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via vectors related to migrating ports. | |||
| CVE-2013-4151 | high | — | 7.5 | 12y ago | The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write. | |||
| CVE-2013-4150 | high | — | 7.5 | 12y ago | The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors in whi… | |||
| CVE-2013-4149 | high | — | 7.5 | 12y ago | Buffer overflow in virtio_net_load function in net/virtio-net.c in QEMU 1.3.0 through 1.7.x before 1.7.2 might allow remote attackers to execute arbitrary code via a large MAC table. | |||
| CVE-2013-4148 | high | — | 7.5 | 12y ago | Integer signedness error in the virtio_net_load function in hw/net/virtio-net.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers a… | |||
| CVE-2013-7408 | high | — | 7.5 | 12y ago | F5 BIG-IP Analytics 11.x before 11.4.0 uses a predictable session cookie, which makes it easier for remote attackers to have unspecified impact by guessing the value. | |||
| CVE-2013-7406 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the MRBS module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-4159 | high | — | 7.5 | 12y ago | ctdb before 2.3 in OpenSUSE 12.3 and 13.1 does not create temporary files securely, which has unspecified impact related to "several temp file vulnerabilities" in (1) tcp/tcp_connect.c, (2) server/ev… | |||
| CVE-2013-5356 | high | — | 7.5 | 12y ago | Sharetronix 3.1.1.3, 3.1.1, and earlier does not properly restrict access to unspecified AJAX functionality, which allows remote attackers to bypass authentication via unknown vectors. | |||
| CVE-2013-7323 | high | — | 7.5 | 12y ago | python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. | |||
| CVE-2013-1397 | high | — | 7.5 | 12y ago | Symfony Arbitrary PHP code Execution | |||
| CVE-2013-1348 | high | — | 7.5 | 12y ago | Symphony Vulnerable to PHP Code Injection via YAML Parsing | |||
| CVE-2013-6788 | high | — | 7.5 | 12y ago | The Bitrix e-Store module before 14.0.1 for Bitrix Site Manager uses sequential values for the BITRIX_SM_SALE_UID cookie, which makes it easier for remote attackers to guess the cookie value and bypa… | |||
| CVE-2013-0724 | high | — | 7.5 | 12y ago | PHP remote file inclusion vulnerability in includes/generate-pdf.php in the WP ecommerce Shop Styling plugin for WordPress before 1.8 allows remote attackers to execute arbitrary PHP code via a URL i… | |||
| CVE-2013-2757 | high | — | 7.5 | 12y ago | Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C does not properly restrict access to VNC ports on the management network, which allows remote attackers to have unspecifie… | |||
| CVE-2013-6766 | high | — | 7.5 | 12y ago | OpenVAS Administrator 1.2 before 1.2.2 and 1.3 before 1.3.2 allows remote attackers to bypass the OAP authentication restrictions and execute OAP commands via a crafted OAP request for version inform… | |||
| CVE-2013-4468 | medium | — | 7.5 | 12y ago | VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in the extension parameter in an … | |||
| CVE-2013-4552 | high | — | 7.5 | 12y ago | lib/Auth/Source/External.php in the drupalauth module before 1.2.2 for simpleSAMLphp allows remote attackers to authenticate as an arbitrary user via the user name (uid) in a cookie. | |||
| CVE-2013-4490 | medium | — | 7.5 | 12y ago | The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands … | |||
| CVE-2013-6453 | high | — | 7.5 | 12y ago | MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 does not properly sanitize SVG files, which allows remote attackers to have unspecified impact via invalid XML. | |||
| CVE-2013-4571 | high | — | 7.5 | 12y ago | Buffer overflow in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 has unspecified impact and remote vectors. | |||
| CVE-2013-0210 | high | — | 7.5 | 12y ago | The smart proxy Puppet run API in Foreman before 1.2.0 allows remote attackers to execute arbitrary commands via vectors related to escaping and Puppet commands. | |||
| CVE-2013-0171 | high | — | 7.5 | 12y ago | Foreman before 1.1 allows remote attackers to execute arbitrary code via a crafted YAML object to the (1) fact or (2) report import API. | |||
| CVE-2013-7034 | high | — | 7.5 | 12y ago | The setCookieValue function in _lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitrary PHP code via a serialized PHP object in a cookie. | |||
| CVE-2013-1806 | medium | — | 7.5 | 12y ago | Multiple directory traversal vulnerabilities in PHP-Fusion before 7.02.06 allow remote authenticated users to include and execute arbitrary files via a .. (dot dot) in the (1) user_theme parameter to… | |||
| CVE-2013-7373 | high | — | 7.5 | 12y ago | Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within mu… | |||
| CVE-2013-7236 | high | — | 7.5 | 12y ago | Simple Machines Forum (SMF) 2.0.6, 1.1.19, and earlier allows remote attackers to impersonate arbitrary users via a Unicode homoglyph character in a username. | |||
| CVE-2013-7235 | high | — | 7.5 | 12y ago | Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to impersonate arbitrary users via multiple space characters characters. | |||
| CVE-2013-7134 | high | — | 7.5 | 12y ago | Juvia uses the same secret key for all installations, which allows remote attackers to have unspecified impact by leveraging the secret key in app/config/initializers/secret_token.rb, related to cook… | |||
| CVE-2013-7369 | high | — | 7.5 | 12y ago | SQL injection vulnerability in an unspecified DLL in the FSDBCom ActiveX control in F-Secure Anti-Virus for Microsoft Exchange Server before HF02, Anti-Virus for Windows Servers 9.00 before HF09, Ant… | |||
| CVE-2013-2143 | medium | — | 7.5 | 12y ago | The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by se… | |||
| CVE-2013-7367 | high | — | 7.5 | 12y ago | SAP Enterprise Portal does not properly restrict access to the Federation configuration pages, which allows remote attackers to gain privileges via unspecified vectors. | |||
| CVE-2013-7364 | high | — | 7.5 | 12y ago | An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors. | |||
| CVE-2013-7363 | high | — | 7.5 | 12y ago | Unspecified vulnerability in the Diagnostics (SMD) agent in SAP Solution Manager allows remote attackers to obtain sensitive information, modify the configuration of applications, and install or remo… | |||
| CVE-2013-7362 | high | — | 7.5 | 12y ago | An unspecified RFC function in SAP CCMS Agent allows remote attackers to execute arbitrary commands via unknown vectors. | |||
| CVE-2013-7360 | high | — | 7.5 | 12y ago | Unspecified vulnerability in SAP adminadapter allows remote attackers to read or write to arbitrary files via unknown vectors. | |||
| CVE-2013-7355 | high | — | 7.5 | 12y ago | SQL injection vulnerability in SAP BI Universal Data Integration allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to the J2EE schema. | |||
| CVE-2013-0735 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in wpf.class.php in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to execute arbitrary SQL commands via the id parameter in a viewt… | |||
| CVE-2013-2945 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this … | |||
| CVE-2013-2559 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in Symphony CMS before 2.3.2 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter to system/authors/. NOTE: this can be leveraged us… | |||
| CVE-2013-1408 | medium | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in the Wysija Newsletters plugin before 2.2.1 for WordPress allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search or (2… | |||
| CVE-2013-6210 | high | — | 7.5 | 12y ago | Unspecified vulnerability in HP Unified Functional Testing before 12.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1932. | |||
| CVE-2013-4467 | medium | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in the agent interface (agc/) in VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allow (1) remote attackers to execute arbitrary SQ… | |||
| CVE-2013-3961 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in edit_event.php in Simple PHP Agenda before 2.2.9 allows remote authenticated users to execute arbitrary SQL commands via the eventid parameter. | |||
| CVE-2013-6201 | high | — | 7.5 | 12y ago | Unspecified vulnerability in HP Security Management System 3.3.0, 3.5.0 before patch 1, and 3.6.0 before patch 2 allows remote attackers to execute arbitrary code via unknown vectors. | |||
| CVE-2013-3478 | high | — | 7.5 | 12y ago | SQL injection vulnerability in Apptha WordPress Video Gallery 2.0, 1.6, and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the playid parameter to index.php. | |||
| CVE-2013-6668 | high | — | 7.5 | 12y ago | Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Google Chrome before 33.0.1750.146, allow attackers to cause a denial of service or possibly have other impact via unkn… | |||
| CVE-2013-6667 | high | — | 7.5 | 12y ago | Multiple unspecified vulnerabilities in Google Chrome before 33.0.1750.146 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2013-6665 | high | — | 7.5 | 12y ago | Heap-based buffer overflow in the ResourceProvider::InitializeSoftware function in cc/resources/resource_provider.cc in Google Chrome before 33.0.1750.146 allows remote attackers to cause a denial of… | |||
| CVE-2013-6664 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 33.0.1750.146, allows remote a… | |||
| CVE-2013-6663 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the SVGImage::setContainerSize function in core/svg/graphics/SVGImage.cpp in the SVG implementation in Blink, as used in Google Chrome before 33.0.1750.146, allows rem… | |||
| CVE-2013-6204 | high | — | 7.5 | 12y ago | The Web Console in HP Application Information Optimizer (formerly HP Database Archiving) 6.2, 6.3, 6.4, 7.0, and 7.1 allows remote attackers to execute arbitrary code or obtain sensitive information … | |||
| CVE-2013-6203 | high | — | 7.5 | 12y ago | The Web Console in HP Application Information Optimizer (formerly HP Database Archiving) 6.2, 6.3, 6.4, 7.0, and 7.1 allows remote attackers to execute arbitrary code or obtain sensitive information … | |||
| CVE-2013-6661 | high | — | 7.5 | 12y ago | Multiple unspecified vulnerabilities in Google Chrome before 33.0.1750.117 allow attackers to bypass the sandbox protection mechanism after obtaining renderer access, or have other impact, via unknow… | |||
| CVE-2013-6658 | high | — | 7.5 | 12y ago | Multiple use-after-free vulnerabilities in the layout implementation in Blink, as used in Google Chrome before 33.0.1750.117, allow remote attackers to cause a denial of service or possibly have unsp… | |||
| CVE-2013-6655 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in Blink, as used in Google Chrome before 33.0.1750.117, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors relate… | |||
| CVE-2013-6654 | high | — | 7.5 | 12y ago | The SVGAnimateElement::calculateAnimatedValue function in core/svg/SVGAnimateElement.cpp in Blink, as used in Google Chrome before 33.0.1750.117, does not properly handle unexpected data types, which… | |||
| CVE-2013-6653 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the web contents implementation in Google Chrome before 33.0.1750.117 allows remote attackers to cause a denial of service or possibly have unspecified other impact vi… | |||
| CVE-2013-6652 | high | — | 7.5 | 12y ago | Directory traversal vulnerability in sandbox/win/src/named_pipe_dispatcher.cc in Google Chrome before 33.0.1750.117 on Windows allows attackers to bypass intended named-pipe policy restrictions in th… | |||
| CVE-2013-5351 | high | — | 7.5 | 13y ago | Heap-based buffer overflow in IrfanView before 4.37 allows remote attackers to execute arbitrary code via the LZW code stream in a GIF file. | |||
| CVE-2013-6742 | high | — | 7.5 | 13y ago | The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain a… | |||
| CVE-2013-3983 | high | — | 7.5 | 13y ago | The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not validate URLs in Cookie headers before using them in redirects, which has unspecified impact and remote attac… | |||
| CVE-2013-5015 | medium | — | 7.5 | 13y ago | SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Bu… | |||
| CVE-2013-6487 | high | — | 7.5 | 13y ago | Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, whic… | |||
| CVE-2013-4898 | medium | — | 7.5 | 13y ago | Unrestricted file upload vulnerability in the user profile page feature in the Timeline Plugin 4.2.5p9 for SocialEngine allows remote authenticated users to execute arbitrary code by uploading a file… | |||
| CVE-2013-4887 | high | — | 7.5 | 13y ago | SQL injection vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to execute arbitrary SQL commands via the displayid parameter. | |||
| CVE-2013-6749 | high | — | 7.5 | 13y ago | Buffer overflow in the ActiveX control in qp2.cab in IBM Lotus Quickr for Domino 8.5.1 before 8.5.1.42-001b allows remote attackers to execute arbitrary code via a crafted HTML document, a different … | |||
| CVE-2013-6748 | high | — | 7.5 | 13y ago | Buffer overflow in the ActiveX control in qp2.cab in IBM Lotus Quickr for Domino 8.5.1 before 8.5.1.42-001b allows remote attackers to execute arbitrary code via a crafted HTML document, a different … | |||
| CVE-2013-2974 | high | — | 7.5 | 13y ago | The BIRT viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.x before 7.2.1.5 allows remote authenticated users to bypass authorization checks and obtain report-administration… | |||
| CVE-2013-6650 | high | — | 7.5 | 13y ago | The StoreBuffer::ExemptPopularPages function in store-buffer.cc in Google V8 before 3.22.24.16, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service (me… | |||
| CVE-2013-6649 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in the RenderSVGImage::paint function in core/rendering/svg/RenderSVGImage.cpp in Blink, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a… | |||
| CVE-2013-4304 | high | — | 7.5 | 13y ago | The CentralAuth extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 caches a valid CentralAuthUser object in the centralauth_User cookie even when a user has … | |||
| CVE-2013-1886 | high | — | 7.5 | 13y ago | Format string vulnerability in the token processing system (pki-tps) in Red Hat Certificate System (RHCS) 8.1 and possibly Dogtag Certificate System 9 and 10 allows remote authenticated users to caus… | |||
| CVE-2013-5350 | high | — | 7.5 | 13y ago | The "Remember me" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly vali… | |||
| CVE-2013-6934 | high | — | 7.5 | 13y ago | The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibl… | |||
| CVE-2013-6933 | high | — | 7.5 | 13y ago | The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service … | |||
| CVE-2013-6872 | medium | — | 7.5 | 13y ago | SQL injection vulnerability in managetimetracker.php in Collabtive before 1.2 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a projectpdf action. | |||
| CVE-2013-2185 | high | — | 7.5 | 13y ago | Deserialization of Untrusted Data in Apache Tomcat | |||
| CVE-2013-6646 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows remote attackers to cause a denial … | |||
| CVE-2013-6644 | high | — | 7.5 | 13y ago | Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allow attackers to cause a denial of service or possibly have other … | |||
| CVE-2013-6643 | high | — | 7.5 | 13y ago | The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and L… | |||
| CVE-2013-6641 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 32.0.1700.76 on Windows and be… | |||
| CVE-2013-5878 | high | — | 7.5 | 13y ago | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors rela… | |||
| CVE-2013-5785 | high | — | 7.5 | 13y ago | Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.6, 11.1.1.7, and 11.1.2.1 allows remote attackers to affect confidentiality, integrity, and avai… | |||
| CVE-2013-6321 | high | — | 7.5 | 13y ago | SQL injection vulnerability in IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, Disposal and Governance Management for IT 6.0.1.5 and earlier and 6.0.2, and Global Retention Pol… | |||
| CVE-2013-5359 | high | — | 7.5 | 13y ago | Stack-based buffer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 might allow remote attackers to execute arbitrary code via a crafted RAW file, as demonstrated using a KDC file w… |