CVEs from 2013
Total
5,733
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.0%
% with KEV
0.7%
% with exploit
0.9%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2013-6439 | critical | — | 9.3 | 13y ago | Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vector… | |
| CVE-2013-7186 | critical | — | 9.3 | 13y ago | Buffer overflow in Steinberg MyMp3PRO 5.0 (Build 5.1.0.21) allows remote attackers to execute arbitrary code via a long string in a .m3u file. | |
| CVE-2013-7136 | critical | — | 9.3 | 13y ago | The UPC Ireland Cisco EPC 2425 router (aka Horizon Box) does not have a sufficiently large number of possible WPA-PSK passphrases, which makes it easier for remote attackers to obtain access via a br… | |
| CVE-2013-6877 | critical | — | 9.3 | 13y ago | Heap-based buffer overflow in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allows remote attackers to execute arbitrary code via a long string in the TR… | |
| CVE-2013-3140 | critical | — | 9.3 | 13y ago | Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted CMarkup object, aka "Internet … | |
| CVE-2013-4988 | critical | — | 9.3 | 13y ago | Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary code via a long idCount value in an ICONDIR structure in an ICO file. NOTE: some of these details ar… | |
| CVE-2013-5332 | critical | — | 9.3 | 13y ago | Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380… | |
| CVE-2013-5331 | critical | — | 9.3 | 13y ago | Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380… | |
| CVE-2013-5056 | critical | — | 9.3 | 13y ago | Use-after-free vulnerability in the Scripting Runtime Object Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1… | |
| CVE-2013-5052 | critical | — | 9.3 | 13y ago | Microsoft Internet Explorer 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulne… | |
| CVE-2013-5051 | critical | — | 9.3 | 13y ago | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrupti… | |
| CVE-2013-5049 | critical | — | 9.3 | 13y ago | Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrup… | |
| CVE-2013-5048 | critical | — | 9.3 | 13y ago | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |
| CVE-2013-5047 | critical | — | 9.3 | 13y ago | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |
| CVE-2013-0859 | critical | — | 9.3 | 13y ago | The add_doubles_metadata function in libavcodec/tiff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a negative or zero count value in a TIFF image, which triggers an… | |
| CVE-2013-0858 | critical | — | 9.3 | 13y ago | The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer tha… | |
| CVE-2013-0857 | critical | — | 9.3 | 13y ago | The decode_frame_ilbm function in libavcodec/iff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted height value in IFF PBM/ILBM bitmap data. | |
| CVE-2013-0856 | critical | — | 9.3 | 13y ago | The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Apple Lossless Audio Codec (ALAC) data, related to a large nb_s… | |
| CVE-2013-0855 | critical | — | 9.3 | 13y ago | Integer overflow in the alac_decode_close function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a large number of samples per frame in Apple Los… | |
| CVE-2013-0854 | critical | — | 9.3 | 13y ago | The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted MJPEG data. | |
| CVE-2013-0853 | critical | — | 9.3 | 13y ago | The wavpack_decode_frame function in libavcodec/wavpack.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted WavPack data, which triggers an out-of-bounds array ac… | |
| CVE-2013-0852 | critical | — | 9.3 | 13y ago | The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array acc… | |
| CVE-2013-0851 | critical | — | 9.3 | 13y ago | The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Electronic Arts Madcow video data, which triggers an out-of-boun… | |
| CVE-2013-0850 | critical | — | 9.3 | 13y ago | The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted H.264 data, which triggers an out-of-bounds array access. | |
| CVE-2013-0849 | critical | — | 9.3 | 13y ago | The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted (1) width or (2) height dimension that is not a multi… | |
| CVE-2013-0848 | critical | — | 9.3 | 13y ago | The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted width in huffyuv data with the predictor set to median and th… | |
| CVE-2013-0847 | critical | — | 9.3 | 13y ago | The ff_id3v2_parse function in libavformat/id3v2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via ID3v2 header data, which triggers an out-of-bounds array access. | |
| CVE-2013-0846 | critical | — | 9.3 | 13y ago | Array index error in the qdm2_decode_super_block function in libavcodec/qdm2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted QDM2 data, which triggers an out-… | |
| CVE-2013-0845 | critical | — | 9.3 | 13y ago | libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via a crafted block length, which triggers an out-of-bounds write. | |
| CVE-2013-0844 | critical | — | 9.3 | 13y ago | Off-by-one error in the adpcm_decode_frame function in libavcodec/adpcm.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via crafted DK4 data, which triggers an out-of-b… | |
| CVE-2013-6935 | critical | — | 9.3 | 13y ago | Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the SourcePath value in a .wcf file. | |
| CVE-2013-6874 | critical | — | 9.3 | 13y ago | Stack-based buffer overflow in Vortex Light Alloy before 4.7.4 allows remote attackers to execute arbitrary code via a long URL in a .m3u file. | |
| CVE-2013-5458 | critical | — | 9.3 | 13y ago | Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6 allows remote attackers to execute arbitrary code via unspecified vectors. | |
| CVE-2013-5457 | critical | — | 9.3 | 13y ago | Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to execute arbitrary code via unspecified vectors. | |
| CVE-2013-5456 | critical | — | 9.3 | 13y ago | The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0 before SR6 allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code via vectors related to des… | |
| CVE-2013-0869 | critical | — | 9.3 | 13y ago | The field_end function in libavcodec/h264.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted H.264 data, related to an SPS and slice mismatch and an out-of-bou… | |
| CVE-2013-0868 | critical | — | 9.3 | 13y ago | libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted Huffyuv data, related to an out-of-bounds write and (1) unchecked return codes from th… | |
| CVE-2013-0867 | critical | — | 9.3 | 13y ago | The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1.2 does not properly check when the pixel format changes, which allows remote attackers to have unspecified impact via crafte… | |
| CVE-2013-0866 | critical | — | 9.3 | 13y ago | The aac_decode_init function in libavcodec/aacdec.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large number of channels in an AAC file, … | |
| CVE-2013-0865 | critical | — | 9.3 | 13y ago | The vqa_decode_chunk function in libavcodec/vqavideo.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large (1) cbp0 or (2) cbpz chunk in We… | |
| CVE-2013-0863 | critical | — | 9.3 | 13y ago | Buffer overflow in the rle_decode function in libavcodec/sanm.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via crafted LucasArts Smush video d… | |
| CVE-2013-0862 | critical | — | 9.3 | 13y ago | Multiple integer overflows in the process_frame_obj function in libavcodec/sanm.c in FFmpeg before 1.1.2 allow remote attackers to have an unspecified impact via crafted image dimensions in LucasArts… | |
| CVE-2013-0878 | critical | — | 9.3 | 13y ago | The advance_line function in libavcodec/targa.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via crafted Targa image data, related to an out-of-bounds array access. | |
| CVE-2013-0877 | critical | — | 9.3 | 13y ago | The old_codec37 function in libavcodec/sanm.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via crafted LucasArts Smush data that has a large size when decoded, related… | |
| CVE-2013-0876 | critical | — | 9.3 | 13y ago | Multiple integer overflows in the (1) old_codec37 and (2) old_codec47 functions in libavcodec/sanm.c in FFmpeg before 1.1.3 allow remote attackers to have an unspecified impact via crafted LucasArts … | |
| CVE-2013-0875 | critical | — | 9.3 | 13y ago | The ff_add_png_paeth_prediction function in libavcodec/pngdec.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via a crafted PNG image, related to an out-of-bounds array… | |
| CVE-2013-0874 | critical | — | 9.3 | 13y ago | The (1) doubles2str and (2) shorts2str functions in libavcodec/tiff.c in FFmpeg before 1.1.3 allow remote attackers to have an unspecified impact via a crafted TIFF image, related to an out-of-bounds… | |
| CVE-2013-6820 | critical | — | 9.3 | 13y ago | Unrestricted file upload vulnerability in the SAP NetWeaver Development Infrastructure (NWDI) allows remote attackers to execute arbitrary code by uploading a file with an executable extension via un… | |
| CVE-2013-6632 | critical | — | 9.3 | 13y ago | Integer overflow in Google Chrome before 31.0.1650.57 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as demonstrated durin… | |
| CVE-2013-5990 | critical | — | 9.3 | 13y ago | Unspecified vulnerability in JustSystems Ichitaro 2006 through 2011; Ichitaro Government 6, 7, and 2006 through 2010; Ichitaro 2011 Sou; Ichitaro 2012 Shou; Ichitaro 2013 Gen and Gen Trial Edition; I… | |
| CVE-2013-3940 | critical | — | 9.3 | 13y ago | Integer overflow in the Graphics Device Interface (GDI) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, … | |
| CVE-2013-3917 | critical | — | 9.3 | 13y ago | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |
| CVE-2013-3916 | critical | — | 9.3 | 13y ago | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |
| CVE-2013-3915 | critical | — | 9.3 | 13y ago | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |
| CVE-2013-3914 | critical | — | 9.3 | 13y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |
| CVE-2013-3912 | critical | — | 9.3 | 13y ago | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |
| CVE-2013-3911 | critical | — | 9.3 | 13y ago | Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruptio… | |
| CVE-2013-3910 | critical | — | 9.3 | 13y ago | Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrup… | |
| CVE-2013-1325 | critical | — | 9.3 | 13y ago | Heap-based buffer overflow in Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "Word Heap Overwrite Vulnera… | |
| CVE-2013-1324 | critical | — | 9.3 | 13y ago | Stack-based buffer overflow in Microsoft Office 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) fil… | |
| CVE-2013-0082 | critical | — | 9.3 | 13y ago | Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "WPD File Format Memory Corruption Vulnerability." | |
| CVE-2013-3626 | critical | — | 9.3 | 13y ago | Directory traversal vulnerability in the Session Server in Attachmate Verastream Host Integrator (VHI) 6.0 through 7.5 SP 1 HF 1 allows remote attackers to upload and execute arbitrary files via a cr… | |
| CVE-2013-4436 | critical | — | 9.3 | 13y ago | The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle … | |
| CVE-2013-5604 | critical | — | 9.3 | 13y ago | The txXPathNodeUtils::getBaseURI function in the XSLT processor in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x bef… | |
| CVE-2013-6014 | critical | 9.3 | 9.3 | 13y ago | Juniper Junos 10.4 before 10.4S15, 11.4 before 11.4R9, 11.4X27 before 11.4X27.44, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.2 before 12.2R6, 12.3 before 12.3R3, 1… | |
| CVE-2013-6021 | critical | — | 9.3 | 13y ago | Buffer overflow in WGagent in WatchGuard WSM and Fireware before 11.8 allows remote attackers to execute arbitrary code via a long sessionid value in a cookie. | |
| CVE-2013-5850 | critical | — | 9.3 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentia… | |
| CVE-2013-5846 | critical | — | 9.3 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, and JavaFX 2.2.40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related… | |
| CVE-2013-5844 | critical | — | 9.3 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related t… | |
| CVE-2013-5838 | critical | — | 9.3 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u25 and earlier, and Java SE Embedded 7u25 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors… | |
| CVE-2013-5832 | critical | — | 9.3 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availab… | |
| CVE-2013-5810 | critical | — | 9.3 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |
| CVE-2013-5806 | critical | — | 9.3 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors r… | |
| CVE-2013-5805 | critical | — | 9.3 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors r… | |
| CVE-2013-5777 | critical | — | 9.3 | 13y ago | Unspecified vulnerability in the Java SE and JavaFX components in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality, integrity, and avail… | |
| CVE-2013-5325 | critical | — | 9.3 | 13y ago | Adobe Reader and Acrobat 11.x before 11.0.05 on Windows allow remote attackers to execute arbitrary JavaScript code in a javascript: URL via a crafted PDF document. | |
| CVE-2013-3892 | critical | — | 9.3 | 13y ago | Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Memory Corruption Vulnerability." | |
| CVE-2013-3891 | critical | — | 9.3 | 13y ago | Microsoft Word 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Memory Corruption Vulnerability." | |
| CVE-2013-3890 | critical | — | 9.3 | 13y ago | Microsoft Excel 2007 SP3, Excel Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Excel Memory Corruption Vulner… | |
| CVE-2013-3889 | critical | — | 9.3 | 13y ago | Microsoft Excel 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; Office Compatibility Pack SP3; and Excel Servic… | |
| CVE-2013-3886 | critical | — | 9.3 | 13y ago | Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruptio… | |
| CVE-2013-3885 | critical | — | 9.3 | 13y ago | Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln… | |
| CVE-2013-3882 | critical | — | 9.3 | 13y ago | Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln… | |
| CVE-2013-3875 | critical | — | 9.3 | 13y ago | Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption… | |
| CVE-2013-3874 | critical | — | 9.3 | 13y ago | Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulne… | |
| CVE-2013-3873 | critical | — | 9.3 | 13y ago | Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln… | |
| CVE-2013-3872 | critical | — | 9.3 | 13y ago | Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln… | |
| CVE-2013-3871 | critical | — | 9.3 | 13y ago | Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |
| CVE-2013-3128 | critical | — | 9.3 | 13y ago | The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows… | |
| CVE-2013-2808 | critical | — | 9.3 | 13y ago | Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management … | |
| CVE-2013-3248 | critical | — | 9.3 | 13y ago | Untrusted search path vulnerability in Corel PDF Fusion 1.11 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a director… | |
| CVE-2013-0742 | critical | — | 9.3 | 13y ago | Stack-based buffer overflow in Corel PDF Fusion 1.11 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long ZIP directory entry name in an XPS f… | |
| CVE-2013-5139 | critical | — | 9.3 | 13y ago | The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application. | |
| CVE-2013-1035 | critical | — | 9.3 | 13y ago | The iTunes ActiveX control in Apple iTunes before 11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | |
| CVE-2013-1738 | critical | — | 9.3 | 13y ago | Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary … | |
| CVE-2013-1735 | critical | — | 9.3 | 13y ago | Use-after-free vulnerability in the mozilla::layout::ScrollbarActivity function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17… | |
| CVE-2013-1732 | critical | — | 9.3 | 13y ago | Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey … | |
| CVE-2013-1724 | critical | — | 9.3 | 13y ago | Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote att… | |
| CVE-2013-1722 | critical | — | 9.3 | 13y ago | Use-after-free vulnerability in the nsAnimationManager::BuildAnimations function in the Animation Manager in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thun… | |
| CVE-2013-1721 | critical | — | 9.3 | 13y ago | Integer overflow in the drawLineLoop function in the libGLESv2 library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 24.0 and SeaMonkey before 2.21, allows remote … |