CVEs from 2013
Total
5,738
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.0%
% with KEV
0.7%
% with exploit
0.9%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2013-0840 | critical | — | 10.0 | 14y ago | Google Chrome before 24.0.1312.56 does not validate URLs during the opening of new windows, which has unspecified impact and remote attack vectors. | |
| CVE-2013-0657 | critical | — | 10.0 | 14y ago | Stack-based buffer overflow in Schneider Electric Interactive Graphical SCADA System (IGSS) 10 and earlier allows remote attackers to execute arbitrary code by sending TCP port-12397 data that does n… | |
| CVE-2013-0366 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality,… | |
| CVE-2013-0361 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality,… | |
| CVE-2013-0767 | critical | — | 10.0 | 14y ago | The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.1… | |
| CVE-2013-0630 | critical | — | 10.0 | 14y ago | Buffer overflow in Adobe Flash Player before 10.3.183.50 and 11.x before 11.5.502.146 on Windows and Mac OS X, before 10.3.183.50 and 11.x before 11.2.202.261 on Linux, before 11.1.111.31 on Android … | |
| CVE-2013-0626 | critical | — | 10.0 | 14y ago | Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vu… | |
| CVE-2013-0624 | critical | — | 10.0 | 14y ago | Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CV… | |
| CVE-2013-0623 | critical | — | 10.0 | 14y ago | Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vector… | |
| CVE-2013-0622 | critical | — | 10.0 | 14y ago | Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CV… | |
| CVE-2013-0621 | critical | — | 10.0 | 14y ago | Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability … | |
| CVE-2013-0620 | critical | — | 10.0 | 14y ago | Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vector… | |
| CVE-2013-0619 | critical | — | 10.0 | 14y ago | Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vector… | |
| CVE-2013-0618 | critical | — | 10.0 | 14y ago | Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulner… | |
| CVE-2013-0617 | critical | — | 10.0 | 14y ago | Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability … | |
| CVE-2013-0616 | critical | — | 10.0 | 14y ago | Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vector… | |
| CVE-2013-0615 | critical | — | 10.0 | 14y ago | Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability … | |
| CVE-2013-0614 | critical | — | 10.0 | 14y ago | Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulner… | |
| CVE-2013-0613 | critical | — | 10.0 | 14y ago | Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability… | |
| CVE-2013-0612 | critical | — | 10.0 | 14y ago | Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability … | |
| CVE-2013-0611 | critical | — | 10.0 | 14y ago | Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulner… | |
| CVE-2013-0610 | critical | — | 10.0 | 14y ago | Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vu… | |
| CVE-2013-0609 | critical | — | 10.0 | 14y ago | Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability… | |
| CVE-2013-0608 | critical | — | 10.0 | 14y ago | Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulner… | |
| CVE-2013-0607 | critical | — | 10.0 | 14y ago | Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulner… | |
| CVE-2013-0606 | critical | — | 10.0 | 14y ago | Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability … | |
| CVE-2013-0605 | critical | — | 10.0 | 14y ago | Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vector… | |
| CVE-2013-0604 | critical | — | 10.0 | 14y ago | Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vul… | |
| CVE-2013-0603 | critical | — | 10.0 | 14y ago | Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vul… | |
| CVE-2013-0602 | critical | — | 10.0 | 14y ago | Use-after-free vulnerability in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors. | |
| CVE-2013-0601 | critical | — | 10.0 | 14y ago | Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vector… | |
| CVE-2013-0011 | critical | — | 10.0 | 14y ago | The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a cr… | |
| CVE-2013-4366 | critical | 9.8 | 9.8 | 9y ago | Hostname verification in Apache HttpClient 4.3 was disabled by default | |
| CVE-2013-6924 | critical | 9.8 | 9.8 | 9y ago | Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow remote attackers to execute arbitrary commands via shell metacharacters in the ip parameter to backupmgt/getAlias.php. | |
| CVE-2013-7429 | critical | 9.8 | 9.8 | 9y ago | The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to conduct XML injection attacks via the url parameter to plugin_googlemap2_proxy.php. | |
| CVE-2013-7426 | critical | 9.8 | 9.8 | 9y ago | Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1. | |
| CVE-2013-0870 | critical | 9.8 | 9.8 | 9y ago | The 'vp3_decode_frame' function in FFmpeg 1.1.4 moves threads check out of header packet type check. | |
| CVE-2013-6647 | critical | 9.8 | 9.8 | 9y ago | A use-after-free in AnimationController::endAnimationUpdate in Google Chrome. | |
| CVE-2013-4659 | critical | 9.8 | 9.8 | 9y ago | Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. This component is used on routers of multiple vendors including ASUS RT-AC66U an… | |
| CVE-2013-7459 | critical | 9.8 | 9.8 | 9y ago | Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv p… | |
| CVE-2013-1430 | critical | 9.8 | 9.8 | 10y ago | An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the u… | |
| CVE-2013-7455 | critical | 9.8 | 9.8 | 10y ago | Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that t… | |
| CVE-2013-5017 | critical | 9.8 | 9.8 | 12y ago | SNMPConfig.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote attackers to execute arbitrary commands via unspecified vectors. | |
| CVE-2013-7137 | critical | 9.8 | 9.8 | 13y ago | The "remember me" functionality in login.php in Burden before 1.8.1 allows remote attackers to bypass authentication and gain privileges by setting the burden_user_rememberme cookie to 1. | |
| CVE-2013-6671 | critical | 9.8 | 9.8 | 13y ago | The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary… | |
| CVE-2013-5618 | critical | 9.8 | 9.8 | 13y ago | Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunder… | |
| CVE-2013-5616 | critical | 9.8 | 9.8 | 13y ago | Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.2… | |
| CVE-2013-5615 | critical | 9.8 | 9.8 | 13y ago | The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions o… | |
| CVE-2013-5613 | critical | 9.8 | 9.8 | 13y ago | Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows … | |
| CVE-2013-5609 | critical | 9.8 | 9.8 | 13y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to c… | |
| CVE-2013-1465 | critical | 9.8 | 9.8 | 14y ago | The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrat… | |
| CVE-2013-1591 | critical | 9.8 | 9.8 | 14y ago | Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resulta… | |
| CVE-2013-6207 | critical | — | 9.4 | 12y ago | Unspecified vulnerability in the loadFileContents function in the SOAP implementation in HP SiteScope 10.1x, 11.1x, and 11.21 allows remote attackers to read arbitrary files or cause a denial of serv… | |
| CVE-2013-2068 | critical | — | 9.4 | 13y ago | Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. (dot dot) in th… | |
| CVE-2013-3658 | critical | — | 9.4 | 13y ago | Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to delete arbitrary host OS files via unspecified vectors. | |
| CVE-2013-2352 | critical | — | 9.4 | 13y ago | LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for… | |
| CVE-2013-0673 | critical | — | 9.4 | 13y ago | Directory traversal vulnerability in the web interface in the Health Monitor service in MatrikonOPC A&E Historian 1.0.0.0 allows remote attackers to read and delete arbitrary files via a crafted URL. | |
| CVE-2013-2645 | critical | — | 9.3 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow remote attackers to hijack the authentication of administrators for … | |
| CVE-2013-2100 | critical | — | 9.3 | 12y ago | Gentoo Portage does not verify X.509 certificates from SSL servers | |
| CVE-2013-6771 | critical | — | 9.3 | 12y ago | Directory traversal vulnerability in the collect script in Splunk before 5.0.5 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the file parameter. NOTE: this issue was SP… | |
| CVE-2013-7388 | critical | — | 9.3 | 12y ago | Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689), allows remote attackers to execute arbitrary code via a crafted RLE4-compressed… | |
| CVE-2013-3664 | critical | — | 9.3 | 12y ago | Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of… | |
| CVE-2013-3662 | critical | — | 9.3 | 12y ago | Timbre SketchUp (formerly Google SketchUp) before 8 Maintenance 2 allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers a stack-bas… | |
| CVE-2013-3663 | critical | — | 9.3 | 12y ago | Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 8 Maintenance 3, allows remote attackers to execute arbitrary code via a crafted RLE8 compressed … | |
| CVE-2013-2602 | critical | — | 9.3 | 12y ago | Multiple array index errors in the MyHeritage SEQueryObject ActiveX control (SearchEngineQuery.dll) 1.0.2.0 allow remote attackers to execute arbitrary code via the (1) seTokensArray, or (2) seTokens… | |
| CVE-2013-0733 | critical | — | 9.3 | 12y ago | Untrusted search path vulnerability in Corel PaintShop Pro X5 and X6 16.0.0.113, 15.2.0.2, and earlier allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan hors… | |
| CVE-2013-2298 | critical | — | 9.3 | 12y ago | Multiple stack-based buffer overflows in the XML parser in BOINC 7.x allow attackers to have unspecified impact via a crafted XML file, related to the scheduler. | |
| CVE-2013-2019 | critical | — | 9.3 | 12y ago | Stack-based buffer overflow in BOINC 6.10.58 and 6.12.34 allows remote attackers to have unspecified impact via multiple file_signature elements. | |
| CVE-2013-4772 | critical | — | 9.3 | 12y ago | D-Link DIR-505L SharePort Mobile Companion 1.01 and DIR-826L Wireless N600 Cloud Router 1.02 allows remote attackers to bypass authentication via a direct request when an authorized session is active. | |
| CVE-2013-5660 | critical | — | 9.3 | 12y ago | Buffer overflow in Power Software WinArchiver 3.2 allows remote attackers to execute arbitrary code via a crafted .zip file. | |
| CVE-2013-3930 | critical | — | 9.3 | 12y ago | Stack-based buffer overflow in Core FTP before 2.2 build 1785 allows remote FTP servers to execute arbitrary code via a crafted directory name in a CWD command reply. | |
| CVE-2013-0729 | critical | — | 9.3 | 12y ago | Heap-based buffer overflow in Tracker Software PDF-XChange before 2.5.208 allows remote attackers to execute arbitrary code via a crafted Define Huffman Table header in a JPEG image file stream in a … | |
| CVE-2013-5365 | critical | — | 9.3 | 12y ago | Heap-based buffer overflow in Autodesk SketchBook for Enterprise 2014, Pro, and Express before 6.25, and Copic Edition before 2.0.2 allows remote attackers to execute arbitrary code via RLE-compresse… | |
| CVE-2013-0662 | critical | — | 9.3 | 12y ago | Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a … | |
| CVE-2013-3481 | critical | — | 9.3 | 12y ago | Stack-based buffer overflow in Artweaver Plus and Free before 3.1.5 allows remote attackers to execute arbitrary code via a crafted JPG image file. | |
| CVE-2013-0732 | critical | — | 9.3 | 12y ago | Heap-based buffer overflow in PDFCore8.dll in Nuance PDF Reader before 8.1 allows remote attackers to execute arbitrary code via crafted font table directory values in a TTF file, related to naming t… | |
| CVE-2013-3249 | critical | — | 9.3 | 12y ago | Stack-based buffer overflow in the "Add from text file" feature in the DameWare Exporter tool (DWExporter.exe) in DameWare Remote Support 10.0.0.372, 9.0.1.247, and earlier allows user-assisted attac… | |
| CVE-2013-3938 | critical | — | 9.3 | 12y ago | Integer overflow in xnview.exe in XnView 2.13 allows remote attackers to execute arbitrary code via a large NUM_ELEMENTS field in an IFD_ENTRY structure in a JXR file, which triggers a heap-based buf… | |
| CVE-2013-2642 | critical | — | 9.3 | 12y ago | Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation va… | |
| CVE-2013-3928 | critical | — | 9.3 | 12y ago | Stack-based buffer overflow in the ReadFile function in flt_BMP.dll in Chasys Draw IES before 4.11.02 allows remote attackers to execute arbitrary code via crafted biPlanes and biBitCount fields in a… | |
| CVE-2013-4710 | critical | — | 9.3 | 12y ago | Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary me… | |
| CVE-2013-2817 | critical | — | 9.3 | 12y ago | An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs via a crafted HTML document in conjunction… | |
| CVE-2013-6949 | critical | — | 9.3 | 12y ago | The Belkin WeMo Home Automation firmware before 3949 does not properly use the STUN and TURN protocols, which allows remote attackers to hijack connections and possibly have unspecified other impact … | |
| CVE-2013-4737 | critical | — | 9.3 | 13y ago | The CONFIG_STRICT_MEMORY_RWX implementation for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly consider… | |
| CVE-2013-6486 | critical | — | 9.3 | 13y ago | gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction o… | |
| CVE-2013-4978 | critical | — | 9.3 | 13y ago | Stack-based buffer overflow in AloahaPDFViewer 5.0.0.7 and earlier in Aloaha PDF Suite FREE allows remote attackers to execute arbitrary code via a crafted PDF file. | |
| CVE-2013-2691 | critical | — | 9.3 | 13y ago | Stack-based buffer overflow in the JetMPG.ax module in jetAudio 8.0.17 allows remote attackers to execute arbitrary code via a crafted MPEG2-TS video file, related to the MPEG2 transport stream. | |
| CVE-2013-6724 | critical | — | 9.3 | 13y ago | Unspecified vulnerability in the vsflex8l ActiveX control in IBM SPSS SamplePower 3.0.1 before FP1 IF1 allows remote attackers to execute arbitrary code via a crafted ComboList property value. | |
| CVE-2013-4979 | critical | — | 9.3 | 13y ago | Buffer overflow in the gldll32.dll module in EPS Viewer 3.2 and earlier allows remote attackers to execute arbitrary code via a crafted EPS file. | |
| CVE-2013-7246 | critical | — | 9.3 | 13y ago | Buffer overflow in the IconCreate method in an ActiveX control in the DaumGame ActiveX plugin 1.1.0.4 and 1.1.0.5 allows remote attackers to execute arbitrary code via a long string, as exploited in … | |
| CVE-2013-1361 | critical | — | 9.3 | 13y ago | Untrusted search path vulnerability in Lenovo Thinkpad Bluetooth with Enhanced Data Rate Software 6.4.0.2900 and earlier allows local users, and possibly remote attackers, to execute arbitrary code a… | |
| CVE-2013-3483 | critical | — | 9.3 | 13y ago | Stack-based buffer overflow in ermapper_u.dll in Intergraph ERDAS ER Viewer before 13.0.1.1301 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a… | |
| CVE-2013-3482 | critical | — | 9.3 | 13y ago | Stack-based buffer overflow in the rf_report_error function in ermapper_u.dll in Intergraph ERDAS ER Viewer before 13.0.1.1301 allows remote attackers to execute arbitrary code or cause a denial of s… | |
| CVE-2013-5889 | critical | — | 9.3 | 13y ago | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnera… | |
| CVE-2013-2819 | critical | — | 9.3 | 13y ago | The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to install Trojan horse firmware by leveraging cleartext credentials in a crafted (1) upd… | |
| CVE-2013-5893 | critical | — | 9.3 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u45 and Java SE Embedded 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related t… | |
| CVE-2013-6462 | critical | — | 9.3 | 13y ago | Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute … | |
| CVE-2013-7283 | critical | — | 9.3 | 13y ago | Race condition in the libreswan.spec files for Red Hat Enterprise Linux (RHEL) and Fedora packages in libreswan 3.6 has unspecified impact and attack vectors, involving the /var/tmp/libreswan-nss-pwd… | |
| CVE-2013-3846 | critical | — | 9.3 | 13y ago | Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted CSpliceTreeEngine… | |
| CVE-2013-6795 | critical | — | 9.3 | 13y ago | The Updater in Rackspace Openstack Windows Guest Agent for XenServer before 1.2.6.0 allows remote attackers to execute arbitrary code via a crafted serialized .NET object to TCP port 1984, which trig… |