CVEs from 2013
Total
5,688
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-1454 | medium | — | 5.0 | 14y ago | Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to "Coding errors." | |||
| CVE-2013-0637 | medium | — | 5.0 | 14y ago | Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, b… | |||
| CVE-2013-0242 | medium | — | 5.0 | 14y ago | Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service… | |||
| CVE-2013-0189 | medium | — | 5.0 | 14y ago | cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue… | |||
| CVE-2013-0166 | medium | — | 5.0 | 14y ago | OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service … | |||
| CVE-2013-1473 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect integrity via unknown vectors… | |||
| CVE-2013-0449 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect confidentiality via unknown vectors related to Deploy… | |||
| CVE-2013-0448 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect integrity via unknown vectors related to Libraries. | |||
| CVE-2013-0440 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, a… | |||
| CVE-2013-0435 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confide… | |||
| CVE-2013-0434 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 an… | |||
| CVE-2013-0433 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote att… | |||
| CVE-2013-0427 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote att… | |||
| CVE-2013-0424 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, a… | |||
| CVE-2013-0409 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confi… | |||
| CVE-2013-1112 | medium | — | 5.0 | 14y ago | Cisco Carrier Routing System (CRS) allows remote attackers to cause a denial of service (packet loss) via short malformed packets that trigger inefficient processing, aka Bug ID CSCud79136. | |||
| CVE-2013-1451 | medium | — | 5.0 | 14y ago | Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent… | |||
| CVE-2013-0652 | medium | — | 5.0 | 14y ago | GE Intelligent Platforms Proficy Real-Time Information Portal does not restrict access to methods of an unspecified Java class, which allows remote attackers to obtain a username listing via an RMI c… | |||
| CVE-2013-0651 | medium | — | 5.0 | 14y ago | The Portal installation process in GE Intelligent Platforms Proficy Real-Time Information Portal stores sensitive information under the web root with insufficient access control, which allows remote … | |||
| CVE-2013-0417 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Sun Storage Common Array Manager (CAM) component in Oracle Sun Products Suite 6.9.0 allows remote attackers to affect confidentiality, related to Fault Management Sys… | |||
| CVE-2013-0396 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Application Performance Management (APM) component in Oracle Enterprise Manager Grid Control 6.5, 11.1, and 12.1.0.2 allows remote attackers to affect integrity via u… | |||
| CVE-2013-0394 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the PeopleSoft HRMS component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote attackers to affect confidentiality via unknown vectors related to Candidate Gateway. | |||
| CVE-2013-0360 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Application Performance Management (APM) component in Oracle Enterprise Manager Grid Control 6.5, 11.1, and 12.1.0.2 allows remote attackers to affect integrity via u… | |||
| CVE-2013-0835 | medium | — | 5.0 | 14y ago | Unspecified vulnerability in the Geolocation implementation in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (application crash) via unknown vectors. | |||
| CVE-2013-0834 | medium | — | 5.0 | 14y ago | Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving glyphs. | |||
| CVE-2013-0833 | medium | — | 5.0 | 14y ago | Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to printing. | |||
| CVE-2013-0759 | medium | — | 5.0 | 14y ago | Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 a… | |||
| CVE-2013-0183 | medium | — | 5.0 | 14y ago | multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipar… | |||
| CVE-2013-0721 | medium | — | 5.0 | 14y ago | wp-php-widget.php in the WP PHP widget plugin 1.0.2 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. | |||
| CVE-2013-0284 | medium | — | 5.0 | 14y ago | newrelic_rpm Gem Discloses Sensitive Information | |||
| CVE-2013-7395 | medium | — | 4.9 | 12y ago | ZOLL Defibrillator / Monitor X Series has a default (1) supervisor password and (2) service password, which allows physically proximate attackers to modify device configuration and cause a denial of … | |||
| CVE-2013-6308 | medium | — | 4.9 | 12y ago | IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to conduct phishing attacks and capture login credentials via an unspecified injection. | |||
| CVE-2013-4500 | medium | — | 4.9 | 12y ago | The Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote authenticated users with the "view any quiz results" or "view results for own quiz" permission to delete arbitrary results via the dele… | |||
| CVE-2013-6889 | medium | — | 4.9 | 12y ago | GNU Rush 1.7 does not properly drop privileges, which allows local users to read arbitrary files via the --lint option. | |||
| CVE-2013-4544 | medium | — | 4.9 | 12y ago | hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers o… | |||
| CVE-2013-7068 | medium | — | 4.9 | 12y ago | The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field. | |||
| CVE-2013-3997 | medium | — | 4.9 | 12y ago | Open redirect vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before 2.1 FP2 allows remote authenticated users to redirect users to arbitrary web sit… | |||
| CVE-2013-7322 | medium | — | 4.9 | 12y ago | usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly handle lines containing an invalid one-time-password (OTP) type and a user name in /etc/users.oath, which causes the wrong line t… | |||
| CVE-2013-2962 | medium | — | 4.9 | 13y ago | Buffer overflow in the Launcher in IBM WebSphere Transformation Extender 8.4.x before 8.4.0.4 allows local users to cause a denial of service (process crash or Admin Console command-stream outage) vi… | |||
| CVE-2013-4739 | medium | — | 4.9 | 13y ago | The MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to obtain sensitive information… | |||
| CVE-2013-4661 | medium | — | 4.9 | 13y ago | CiviCRM 2.0.0 through 4.2.9 and 4.3.0 through 4.3.3 does not properly enforce role-based access control (RBAC) restrictions for default custom searches, which allows remote authenticated users with t… | |||
| CVE-2013-5876 | medium | — | 4.9 | 13y ago | Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2014-0447. | |||
| CVE-2013-5833 | medium | — | 4.9 | 13y ago | Unspecified vulnerability in Oracle Solaris 8 and 9 allows local users to affect availability via unknown vectors related to Filesystem. | |||
| CVE-2013-5909 | medium | — | 4.9 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality and integrity via unknown v… | |||
| CVE-2013-7281 | medium | — | 4.9 | 13y ago | The dgram_recvmsg function in net/ieee802154/dgram.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which al… | |||
| CVE-2013-7271 | medium | — | 4.9 | 13y ago | The x25_recvmsg function in net/x25/af_x25.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows loc… | |||
| CVE-2013-7270 | medium | — | 4.9 | 13y ago | The packet_recvmsg function in net/packet/af_packet.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which al… | |||
| CVE-2013-7269 | medium | — | 4.9 | 13y ago | The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allow… | |||
| CVE-2013-7268 | medium | — | 4.9 | 13y ago | The ipx_recvmsg function in net/ipx/af_ipx.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows loc… | |||
| CVE-2013-7267 | medium | — | 4.9 | 13y ago | The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allow… | |||
| CVE-2013-7266 | medium | — | 4.9 | 13y ago | The mISDN_sock_recvmsg function in drivers/isdn/mISDN/socket.c in the Linux kernel before 3.12.4 does not ensure that a certain length value is consistent with the size of an associated data structur… | |||
| CVE-2013-7265 | medium | — | 4.9 | 13y ago | The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows … | |||
| CVE-2013-7264 | medium | — | 4.9 | 13y ago | The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allow… | |||
| CVE-2013-7263 | medium | — | 4.9 | 13y ago | The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kerne… | |||
| CVE-2013-7081 | medium | — | 4.9 | 13y ago | TYPO3 Improper Access Control vulnerability | |||
| CVE-2013-4012 | medium | — | 4.9 | 13y ago | IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF09, when Content Template Catalog 4.0 is used, does not require administrative privileges for Portal Application Archive (PAA) file installation, which a… | |||
| CVE-2013-3705 | medium | — | 4.9 | 13y ago | The VBA32 AntiRootKit component for Novell Client 2 SP3 before IR5 on Windows allows local users to cause a denial of service (bugcheck and BSOD) via an IOCTL call for an invalid IOCTL. | |||
| CVE-2013-5407 | medium | — | 4.9 | 13y ago | IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not properly restrict use of FRAME elements, which allows remote authenticated users to bypass intended access restrictions or obtain … | |||
| CVE-2013-5426 | medium | — | 4.9 | 13y ago | Session fixation vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 IF5 and 11.0 before IF1 and InfoSphere Master Data Management Server for Product Infor… | |||
| CVE-2013-7005 | medium | — | 4.9 | 13y ago | D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware bef… | |||
| CVE-2013-4445 | medium | — | 4.9 | 13y ago | The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal uses Drupal's token scheme to restrict access to blocks, which makes it easier for … | |||
| CVE-2013-5455 | medium | — | 4.9 | 13y ago | IBM SmartCloud Provisioning 2.1 before FP3 IF0001 allows remote authenticated users to modify virtual-system deployment via deployer.virtualsystems CLI commands, as demonstrated by a deletion using a… | |||
| CVE-2013-6392 | medium | — | 4.9 | 13y ago | The genlock_dev_ioctl function in genlock.c in the Genlock driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does… | |||
| CVE-2013-6861 | medium | — | 4.9 | 13y ago | Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows local users to obtain s… | |||
| CVE-2013-6834 | medium | — | 4.9 | 13y ago | The ql_eioctl function in sys/dev/qlxgbe/ql_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from k… | |||
| CVE-2013-6833 | medium | — | 4.9 | 13y ago | The qls_eioctl function in sys/dev/qlxge/qls_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from … | |||
| CVE-2013-6832 | medium | — | 4.9 | 13y ago | The nand_ioctl function in sys/dev/nand/nand_geom.c in the nand driver in the kernel in FreeBSD 10 and earlier does not properly initialize a certain data structure, which allows local users to obtai… | |||
| CVE-2013-3887 | medium | — | 4.9 | 13y ago | The Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, W… | |||
| CVE-2013-4516 | medium | — | 4.9 | 13y ago | The mp_get_count function in drivers/staging/sb105x/sb_pci_mp.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information … | |||
| CVE-2013-4515 | medium | — | 4.9 | 13y ago | The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information fro… | |||
| CVE-2013-4513 | medium | — | 4.9 | 13y ago | Buffer overflow in the oz_cdev_write function in drivers/staging/ozwpan/ozcdev.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other imp… | |||
| CVE-2013-4439 | medium | — | 4.9 | 13y ago | Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key. | |||
| CVE-2013-4483 | medium | — | 4.9 | 13y ago | The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or syst… | |||
| CVE-2013-1067 | medium | — | 4.9 | 13y ago | Apport 2.12.5 and earlier uses weak permissions for core dump files created by setuid binaries, which allows local users to obtain sensitive information by reading the file. | |||
| CVE-2013-5192 | medium | — | 4.9 | 13y ago | The USB hub controller in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a request with a crafted (1) port or (2) port number. | |||
| CVE-2013-5177 | medium | — | 4.9 | 13y ago | The kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (panic) via an invalid iovec structure. | |||
| CVE-2013-5176 | medium | — | 4.9 | 13y ago | The kernel in Apple Mac OS X before 10.9 does not properly handle integer values during unspecified tty device operations, which allows local users to cause a denial of service (system hang) by trigg… | |||
| CVE-2013-5174 | medium | — | 4.9 | 13y ago | Integer signedness error in the kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a crafted tty read operation. | |||
| CVE-2013-5166 | medium | — | 4.9 | 13y ago | The Bluetooth USB host controller in Apple Mac OS X before 10.9 prematurely deletes interfaces, which allows local users to cause a denial of service (system crash) via a crafted application. | |||
| CVE-2013-5864 | medium | — | 4.9 | 13y ago | Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to USB hub driver. | |||
| CVE-2013-5862 | medium | — | 4.9 | 13y ago | Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to CPU performance counters (CPC) drivers, a different vulnerability than CVE-201… | |||
| CVE-2013-5807 | medium | — | 4.9 | 13y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to… | |||
| CVE-2013-5394 | medium | — | 4.9 | 13y ago | The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows remote authenticated users to conduct phishing attacks via unspecified vectors. | |||
| CVE-2013-0580 | medium | — | 4.9 | 13y ago | Cross-site request forgery (CSRF) vulnerability in the Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote authenticated users to hijack the… | |||
| CVE-2013-3278 | medium | — | 4.9 | 13y ago | EMC VPLEX before VPLEX GeoSynchrony 5.2 SP1 uses cleartext for storage of the LDAP/AD bind password, which allows local users to obtain sensitive information by reading the management-server configur… | |||
| CVE-2013-5142 | medium | — | 4.9 | 13y ago | The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2… | |||
| CVE-2013-1029 | medium | — | 4.9 | 13y ago | The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to cause a denial of service (panic) via crafted IGMP packets that leverage incorrect, extraneous code in the IGMP parser. | |||
| CVE-2013-3036 | medium | — | 4.9 | 13y ago | Open redirect vulnerability in IBM Rational Requirements Composer before 4.0.4 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted UR… | |||
| CVE-2013-2794 | medium | — | 4.9 | 13y ago | Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DNP3 .NET Protocol components 3.06.0.171 through 3.15.0.369, and DNP3 C libraries 3.06.0000 through 3.15.0000 allow physically prox… | |||
| CVE-2013-5035 | medium | — | 4.9 | 13y ago | Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other person… | |||
| CVE-2013-4220 | medium | — | 4.9 | 13y ago | The bad_mode function in arch/arm64/kernel/traps.c in the Linux kernel before 3.9.5 on the ARM64 platform allows local users to cause a denial of service (system crash) via vectors involving an attem… | |||
| CVE-2013-3996 | medium | — | 4.9 | 13y ago | IBM InfoSphere BigInsights 1.1 through 2.1 does not properly handle FRAME elements, which makes it easier for remote authenticated users to conduct phishing attacks via a crafted web site. | |||
| CVE-2013-3799 | medium | — | 4.9 | 13y ago | Unspecified vulnerability in Oracle Solaris 10 and 11, when running on AMD64, allows local users to affect availability via unknown vectors related to Kernel. | |||
| CVE-2013-3765 | medium | — | 4.9 | 13y ago | Unspecified vulnerability in Oracle Solaris 11 allows local users to affect availability via unknown vectors related to Kernel/VM. | |||
| CVE-2013-3172 | medium | — | 4.9 | 13y ago | Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows … | |||
| CVE-2013-2232 | medium | — | 4.9 | 13y ago | The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to a… | |||
| CVE-2013-3953 | medium | — | 4.9 | 13y ago | The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive inf… | |||
| CVE-2013-0990 | medium | — | 4.9 | 13y ago | SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors. | |||
| CVE-2013-2944 | medium | — | 4.9 | 13y ago | strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signature verification, allows remote attackers to authenticate as other users via an invalid signature. | |||
| CVE-2013-3237 | medium | — | 4.9 | 13y ago | The vsock_stream_sendmsg function in net/vmw_vsock/af_vsock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive informatio… |