CVEs from 2013
Total
5,696
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
3.5%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-1475 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 an… | |||
| CVE-2013-1472 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a diff… | |||
| CVE-2013-0450 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote att… | |||
| CVE-2013-0447 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a diff… | |||
| CVE-2013-0446 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, a… | |||
| CVE-2013-0445 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote att… | |||
| CVE-2013-0442 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 an… | |||
| CVE-2013-0441 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 an… | |||
| CVE-2013-0439 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a diff… | |||
| CVE-2013-0437 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integri… | |||
| CVE-2013-0436 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a diff… | |||
| CVE-2013-0428 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 an… | |||
| CVE-2013-0426 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 an… | |||
| CVE-2013-0425 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 an… | |||
| CVE-2013-0230 | critical | — | 10.0 | 14y ago | Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quot… | |||
| CVE-2013-1489 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chro… | |||
| CVE-2013-0462 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1, 7.0 before 7.0.0.27, 8.0, and 8.5 has unknown impact and attack vectors. | |||
| CVE-2013-0842 | critical | — | 10.0 | 14y ago | Google Chrome before 24.0.1312.56 does not properly handle %00 characters in pathnames, which has unspecified impact and attack vectors. | |||
| CVE-2013-0840 | critical | — | 10.0 | 14y ago | Google Chrome before 24.0.1312.56 does not validate URLs during the opening of new windows, which has unspecified impact and remote attack vectors. | |||
| CVE-2013-0928 | critical | — | 10.0 | 14y ago | The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary commands via a DCP "run command" operation. | |||
| CVE-2013-0657 | critical | — | 10.0 | 14y ago | Stack-based buffer overflow in Schneider Electric Interactive Graphical SCADA System (IGSS) 10 and earlier allows remote attackers to execute arbitrary code by sending TCP port-12397 data that does n… | |||
| CVE-2013-0366 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality,… | |||
| CVE-2013-0361 | critical | — | 10.0 | 14y ago | Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality,… | |||
| CVE-2013-0767 | critical | — | 10.0 | 14y ago | The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.1… | |||
| CVE-2013-0758 | critical | — | 10.0 | 14y ago | Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 a… | |||
| CVE-2013-0757 | critical | — | 10.0 | 14y ago | The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15… | |||
| CVE-2013-0753 | critical | — | 10.0 | 14y ago | Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird… | |||
| CVE-2013-0630 | critical | — | 10.0 | 14y ago | Buffer overflow in Adobe Flash Player before 10.3.183.50 and 11.x before 11.5.502.146 on Windows and Mac OS X, before 10.3.183.50 and 11.x before 11.2.202.261 on Linux, before 11.1.111.31 on Android … | |||
| CVE-2013-0626 | critical | — | 10.0 | 14y ago | Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vu… | |||
| CVE-2013-0624 | critical | — | 10.0 | 14y ago | Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CV… | |||
| CVE-2013-0623 | critical | — | 10.0 | 14y ago | Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vector… | |||
| CVE-2013-0622 | critical | — | 10.0 | 14y ago | Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CV… | |||
| CVE-2013-0621 | critical | — | 10.0 | 14y ago | Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability … | |||
| CVE-2013-0620 | critical | — | 10.0 | 14y ago | Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vector… | |||
| CVE-2013-0619 | critical | — | 10.0 | 14y ago | Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vector… | |||
| CVE-2013-0618 | critical | — | 10.0 | 14y ago | Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulner… | |||
| CVE-2013-0617 | critical | — | 10.0 | 14y ago | Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability … | |||
| CVE-2013-0616 | critical | — | 10.0 | 14y ago | Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vector… | |||
| CVE-2013-0615 | critical | — | 10.0 | 14y ago | Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability … | |||
| CVE-2013-0614 | critical | — | 10.0 | 14y ago | Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulner… | |||
| CVE-2013-0613 | critical | — | 10.0 | 14y ago | Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability… | |||
| CVE-2013-0612 | critical | — | 10.0 | 14y ago | Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability … | |||
| CVE-2013-0611 | critical | — | 10.0 | 14y ago | Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulner… | |||
| CVE-2013-0610 | critical | — | 10.0 | 14y ago | Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vu… | |||
| CVE-2013-0609 | critical | — | 10.0 | 14y ago | Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability… | |||
| CVE-2013-0608 | critical | — | 10.0 | 14y ago | Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulner… | |||
| CVE-2013-0607 | critical | — | 10.0 | 14y ago | Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulner… | |||
| CVE-2013-0606 | critical | — | 10.0 | 14y ago | Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability … | |||
| CVE-2013-0605 | critical | — | 10.0 | 14y ago | Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vector… | |||
| CVE-2013-0604 | critical | — | 10.0 | 14y ago | Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vul… | |||
| CVE-2013-0603 | critical | — | 10.0 | 14y ago | Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vul… | |||
| CVE-2013-0602 | critical | — | 10.0 | 14y ago | Use-after-free vulnerability in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2013-0601 | critical | — | 10.0 | 14y ago | Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vector… | |||
| CVE-2013-0011 | critical | — | 10.0 | 14y ago | The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a cr… | |||
| CVE-2013-10050 | high | 8.8 | 9.8 | 10mo ago | An OS command injection vulnerability exists in multiple D-Link routers (confirmed on DIR-300 rev A v1.05 and DIR-615 rev D v4.13) via the authenticated tools_vct.xgi CGI endpoint. The web interface … | |||
| CVE-2013-4366 | critical | 9.8 | 9.8 | 9y ago | Hostname verification in Apache HttpClient 4.3 was disabled by default | |||
| CVE-2013-6924 | critical | 9.8 | 9.8 | 9y ago | Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow remote attackers to execute arbitrary commands via shell metacharacters in the ip parameter to backupmgt/getAlias.php. | |||
| CVE-2013-7429 | critical | 9.8 | 9.8 | 9y ago | The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to conduct XML injection attacks via the url parameter to plugin_googlemap2_proxy.php. | |||
| CVE-2013-7426 | critical | 9.8 | 9.8 | 9y ago | Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1. | |||
| CVE-2013-0870 | critical | 9.8 | 9.8 | 9y ago | The 'vp3_decode_frame' function in FFmpeg 1.1.4 moves threads check out of header packet type check. | |||
| CVE-2013-6647 | critical | 9.8 | 9.8 | 9y ago | A use-after-free in AnimationController::endAnimationUpdate in Google Chrome. | |||
| CVE-2013-4659 | critical | 9.8 | 9.8 | 9y ago | Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. This component is used on routers of multiple vendors including ASUS RT-AC66U an… | |||
| CVE-2013-7459 | critical | 9.8 | 9.8 | 9y ago | Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv p… | |||
| CVE-2013-1430 | critical | 9.8 | 9.8 | 10y ago | An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the u… | |||
| CVE-2013-7455 | critical | 9.8 | 9.8 | 10y ago | Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that t… | |||
| CVE-2013-3632 | high | 8.8 | 9.8 | 12y ago | The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter. | |||
| CVE-2013-5017 | critical | 9.8 | 9.8 | 12y ago | SNMPConfig.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote attackers to execute arbitrary commands via unspecified vectors. | |||
| CVE-2013-7137 | critical | 9.8 | 9.8 | 13y ago | The "remember me" functionality in login.php in Burden before 1.8.1 allows remote attackers to bypass authentication and gain privileges by setting the burden_user_rememberme cookie to 1. | |||
| CVE-2013-6271 | high | — | 9.8 | 13y ago | Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the com.androi… | |||
| CVE-2013-6671 | critical | 9.8 | 9.8 | 13y ago | The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary… | |||
| CVE-2013-5618 | critical | 9.8 | 9.8 | 13y ago | Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunder… | |||
| CVE-2013-5616 | critical | 9.8 | 9.8 | 13y ago | Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.2… | |||
| CVE-2013-5615 | critical | 9.8 | 9.8 | 13y ago | The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions o… | |||
| CVE-2013-5613 | critical | 9.8 | 9.8 | 13y ago | Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows … | |||
| CVE-2013-5609 | critical | 9.8 | 9.8 | 13y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to c… | |||
| CVE-2013-1465 | critical | 9.8 | 9.8 | 14y ago | The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrat… | |||
| CVE-2013-1591 | critical | 9.8 | 9.8 | 14y ago | Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resulta… | |||
| CVE-2013-0136 | high | — | 9.5 | 13y ago | Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbi… | |||
| CVE-2013-6207 | critical | — | 9.4 | 12y ago | Unspecified vulnerability in the loadFileContents function in the SOAP implementation in HP SiteScope 10.1x, 11.1x, and 11.21 allows remote attackers to read arbitrary files or cause a denial of serv… | |||
| CVE-2013-3658 | critical | — | 9.4 | 13y ago | Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to delete arbitrary host OS files via unspecified vectors. | |||
| CVE-2013-2352 | critical | — | 9.4 | 13y ago | LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for… | |||
| CVE-2013-0673 | critical | — | 9.4 | 13y ago | Directory traversal vulnerability in the web interface in the Health Monitor service in MatrikonOPC A&E Historian 1.0.0.0 allows remote attackers to read and delete arbitrary files via a crafted URL. | |||
| CVE-2013-2645 | critical | — | 9.3 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow remote attackers to hijack the authentication of administrators for … | |||
| CVE-2013-2100 | critical | — | 9.3 | 12y ago | Gentoo Portage does not verify X.509 certificates from SSL servers | |||
| CVE-2013-6771 | critical | — | 9.3 | 12y ago | Directory traversal vulnerability in the collect script in Splunk before 5.0.5 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the file parameter. NOTE: this issue was SP… | |||
| CVE-2013-7388 | critical | — | 9.3 | 12y ago | Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689), allows remote attackers to execute arbitrary code via a crafted RLE4-compressed… | |||
| CVE-2013-3664 | critical | — | 9.3 | 12y ago | Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of… | |||
| CVE-2013-3662 | critical | — | 9.3 | 12y ago | Timbre SketchUp (formerly Google SketchUp) before 8 Maintenance 2 allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers a stack-bas… | |||
| CVE-2013-3663 | critical | — | 9.3 | 12y ago | Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 8 Maintenance 3, allows remote attackers to execute arbitrary code via a crafted RLE8 compressed … | |||
| CVE-2013-2602 | critical | — | 9.3 | 12y ago | Multiple array index errors in the MyHeritage SEQueryObject ActiveX control (SearchEngineQuery.dll) 1.0.2.0 allow remote attackers to execute arbitrary code via the (1) seTokensArray, or (2) seTokens… | |||
| CVE-2013-0733 | critical | — | 9.3 | 12y ago | Untrusted search path vulnerability in Corel PaintShop Pro X5 and X6 16.0.0.113, 15.2.0.2, and earlier allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan hors… | |||
| CVE-2013-2298 | critical | — | 9.3 | 12y ago | Multiple stack-based buffer overflows in the XML parser in BOINC 7.x allow attackers to have unspecified impact via a crafted XML file, related to the scheduler. | |||
| CVE-2013-2019 | critical | — | 9.3 | 12y ago | Stack-based buffer overflow in BOINC 6.10.58 and 6.12.34 allows remote attackers to have unspecified impact via multiple file_signature elements. | |||
| CVE-2013-4772 | critical | — | 9.3 | 12y ago | D-Link DIR-505L SharePort Mobile Companion 1.01 and DIR-826L Wireless N600 Cloud Router 1.02 allows remote attackers to bypass authentication via a direct request when an authorized session is active. | |||
| CVE-2013-5660 | critical | — | 9.3 | 12y ago | Buffer overflow in Power Software WinArchiver 3.2 allows remote attackers to execute arbitrary code via a crafted .zip file. | |||
| CVE-2013-3930 | critical | — | 9.3 | 12y ago | Stack-based buffer overflow in Core FTP before 2.2 build 1785 allows remote FTP servers to execute arbitrary code via a crafted directory name in a CWD command reply. | |||
| CVE-2013-0729 | critical | — | 9.3 | 12y ago | Heap-based buffer overflow in Tracker Software PDF-XChange before 2.5.208 allows remote attackers to execute arbitrary code via a crafted Define Huffman Table header in a JPEG image file stream in a … | |||
| CVE-2013-5365 | critical | — | 9.3 | 12y ago | Heap-based buffer overflow in Autodesk SketchBook for Enterprise 2014, Pro, and Express before 6.25, and Copic Edition before 2.0.2 allows remote attackers to execute arbitrary code via RLE-compresse… | |||
| CVE-2013-0662 | critical | — | 9.3 | 12y ago | Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a … | |||
| CVE-2013-3481 | critical | — | 9.3 | 12y ago | Stack-based buffer overflow in Artweaver Plus and Free before 3.1.5 allows remote attackers to execute arbitrary code via a crafted JPG image file. |