CVEs from 2013
Total
5,695
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
3.5%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-4115 | high | — | 7.5 | 13y ago | Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server ter… | |||
| CVE-2013-4789 | high | — | 7.5 | 13y ago | SQL injection vulnerability in modules/rss/rss.php in Cotonti before 0.9.14 allows remote attackers to execute arbitrary SQL commands via the "c" parameter to index.php. | |||
| CVE-2013-4742 | high | — | 7.5 | 13y ago | Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string within the authentication request. | |||
| CVE-2013-4147 | high | — | 7.5 | 13y ago | Multiple format string vulnerabilities in Yet Another Radius Daemon (YARD RADIUS) 1.1.2 allow context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via f… | |||
| CVE-2013-4203 | high | — | 7.5 | 13y ago | rgpg Code Injection vulnerability | |||
| CVE-2013-2220 | high | — | 7.5 | 13y ago | Buffer overflow in the radius_get_vendor_attr function in the Radius extension before 1.2.7 for PHP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code vi… | |||
| CVE-2013-2886 | high | — | 7.5 | 13y ago | Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.95 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2013-2885 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to not properly co… | |||
| CVE-2013-2884 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in the DOM implementation in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors … | |||
| CVE-2013-2883 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to deleting the re… | |||
| CVE-2013-2882 | high | — | 7.5 | 13y ago | Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." | |||
| CVE-2013-4953 | high | — | 7.5 | 13y ago | SQL injection vulnerability in play.php in Top Games Script 1.2 allows remote attackers to execute arbitrary SQL commands via the gid parameter. | |||
| CVE-2013-4952 | high | — | 7.5 | 13y ago | SQL injection vulnerability in functions/global.php in Elemata CMS RC 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2013-4948 | high | — | 7.5 | 13y ago | SQL injection vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary SQL commands via the element_2 parameter. | |||
| CVE-2013-4947 | high | — | 7.5 | 13y ago | Unspecified vulnerability in the update and build database page in Sawmill before 8.6.3 allows remote attackers to have unknown impact and attack vectors. | |||
| CVE-2013-4945 | high | — | 7.5 | 13y ago | Multiple SQL injection vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to execute arbitrary SQL commands via the (1) ASPSESSIONIDASSRATTQ, (2) TABLE_WIDGET_1, (3) T… | |||
| CVE-2013-4801 | high | — | 7.5 | 13y ago | Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1736. | |||
| CVE-2013-4797 | high | — | 7.5 | 13y ago | Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1690. | |||
| CVE-2013-2369 | high | — | 7.5 | 13y ago | Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1670. | |||
| CVE-2013-2249 | high | — | 7.5 | 13y ago | mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new ses… | |||
| CVE-2013-2165 | high | — | 7.5 | 13y ago | Remote code execution due to insecure deserialization | |||
| CVE-2013-4870 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the News Search (news_search) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-4878 | high | — | 7.5 | 13y ago | The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote … | |||
| CVE-2013-1606 | high | — | 7.5 | 13y ago | Buffer overflow in the ubnt-streamer RTSP service on the Ubiquiti UBNT AirCam with airVision firmware before 1.1.6 allows remote attackers to execute arbitrary code via a long rtsp: URI in a DESCRIBE… | |||
| CVE-2013-3404 | high | — | 7.5 | 13y ago | SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discove… | |||
| CVE-2013-3779 | high | — | 7.5 | 13y ago | Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization All 4.6 releases including 4.63 and 4.7 prior to 4.71 allows remote attackers to affect confidentiality, inte… | |||
| CVE-2013-3577 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the Help Desk application in Wave EMBASSY Remote Administration Server (ERAS) allows remote attackers to execute arbitrary SQL commands via the ct100$4MainController$Te… | |||
| CVE-2013-2351 | high | — | 7.5 | 13y ago | Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.00, 9.1x, and 9.2x allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vecto… | |||
| CVE-2013-1768 | high | — | 7.5 | 13y ago | Deserialization of Untrusted Data in Apache OpenJPA | |||
| CVE-2013-2880 | high | — | 7.5 | 13y ago | Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2013-2873 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a 404 HTTP statu… | |||
| CVE-2013-2871 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of… | |||
| CVE-2013-2867 | high | — | 7.5 | 13y ago | Google Chrome before 28.0.1500.71 does not properly prevent pop-under windows, which allows remote attackers to have an unspecified impact via a crafted web site. | |||
| CVE-2013-2118 | high | — | 7.5 | 13y ago | SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 allows remote attackers to gain privileges and "take editorial control" via vectors related to ecrire/inc/filtres.php. | |||
| CVE-2013-4748 | high | — | 7.5 | 13y ago | News system (news) extension for TYPO3 vulnerable to SQL Injection | |||
| CVE-2013-4745 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-3926 | high | — | 7.5 | 13y ago | Atlassian Crowd 2.6.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to a "symmetric backdoor." NOTE: as of 20130704, the vendor could not reproduce the issue,… | |||
| CVE-2013-4734 | high | — | 7.5 | 13y ago | dasdec_mkuser on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 generates predictable passwords, which might make it easier f… | |||
| CVE-2013-3651 | high | — | 7.5 | 13y ago | LOCKON EC-CUBE 2.11.2 through 2.12.4 allows remote attackers to conduct unspecified PHP code-injection attacks via a crafted string, related to data/class/SC_CheckError.php and data/class/SC_FormPara… | |||
| CVE-2013-4091 | high | — | 7.5 | 13y ago | The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocomplete attribute for the password (aka j_password) field on the secsphLogin.jsp … | |||
| CVE-2013-4721 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the RSS feed from records extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-4720 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the WEC Discussion Forum extension before 2.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-4719 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the SEO Pack for tt_news extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-1694 | high | — | 7.5 | 13y ago | The PreserveWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly handle the lack … | |||
| CVE-2013-4683 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the meta_feedit extension 0.1.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-4682 | high | — | 7.5 | 13y ago | Multishop extension for TYPO3 has SQL Injection vulnerability | |||
| CVE-2013-4681 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the sofortueberweisung2commerce extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-4613 | high | — | 7.5 | 13y ago | The default configuration of the administrative interface on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers does not require authentication, which allows remo… | |||
| CVE-2013-4634 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the jQuery autocomplete for indexed_search (rzautocomplete) extension before 0.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified v… | |||
| CVE-2013-4622 | high | — | 7.5 | 13y ago | The 3G Mobile Hotspot feature on the HTC Droid Incredible has a default WPA2 PSK passphrase of 1234567890, which makes it easier for remote attackers to obtain access by leveraging a position within … | |||
| CVE-2013-2461 | high | — | 7.5 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middlewa… | |||
| CVE-2013-2442 | high | — | 7.5 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, inte… | |||
| CVE-2013-3958 | high | — | 7.5 | 13y ago | The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for … | |||
| CVE-2013-3957 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to e… | |||
| CVE-2013-2865 | high | — | 7.5 | 13y ago | Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453.110 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2013-2864 | high | — | 7.5 | 13y ago | The PDF functionality in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via unknown vectors. | |||
| CVE-2013-2862 | high | — | 7.5 | 13y ago | Skia, as used in Google Chrome before 27.0.1453.110, does not properly handle GPU acceleration, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspeci… | |||
| CVE-2013-2861 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in the SVG implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown… | |||
| CVE-2013-2860 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving access to a dat… | |||
| CVE-2013-2859 | high | — | 7.5 | 13y ago | Google Chrome before 27.0.1453.110 allows remote attackers to bypass the Same Origin Policy and trigger namespace pollution via unspecified vectors. | |||
| CVE-2013-2858 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in the HTML5 Audio implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via… | |||
| CVE-2013-2857 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling o… | |||
| CVE-2013-2856 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling o… | |||
| CVE-2013-2854 | high | — | 7.5 | 13y ago | Google Chrome before 27.0.1453.110 on Windows provides an incorrect handle to a renderer process in unspecified circumstances, which allows remote attackers to cause a denial of service or possibly h… | |||
| CVE-2013-3735 | high | 7.5 | 7.5 | 13y ago | The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which allows context-dependent attackers to cause a denial of service (mem… | |||
| CVE-2013-3721 | high | — | 7.5 | 13y ago | SQL injection vulnerability in awards.php in PsychoStats 3.2.2b allows remote attackers to execute arbitrary SQL commands via the d parameter. | |||
| CVE-2013-2956 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote attackers to execute arbitrary SQL commands v… | |||
| CVE-2013-3634 | high | — | 7.5 | 13y ago | A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch… | |||
| CVE-2013-2846 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vector… | |||
| CVE-2013-2845 | high | — | 7.5 | 13y ago | The Web Audio implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vector… | |||
| CVE-2013-2844 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified … | |||
| CVE-2013-2843 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of… | |||
| CVE-2013-2842 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of… | |||
| CVE-2013-2841 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of… | |||
| CVE-2013-2840 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vector… | |||
| CVE-2013-2839 | high | — | 7.5 | 13y ago | Google Chrome before 27.0.1453.93 does not properly perform a cast of an unspecified variable during handling of clipboard data, which allows remote attackers to cause a denial of service or possibly… | |||
| CVE-2013-2837 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in the SVG implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown … | |||
| CVE-2013-2836 | high | — | 7.5 | 13y ago | Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453.93 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2013-1337 | high | — | 7.5 | 13y ago | Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over HTTP… | |||
| CVE-2013-3537 | high | — | 7.5 | 13y ago | Multiple SQL injection vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id_post or (2) pg parameter. | |||
| CVE-2013-3536 | high | — | 7.5 | 13y ago | SQL injection vulnerability in the gp_LoadUserFromHash function in functions_hash.php in the Group Pay module 1.5 and earlier for WHMCS allows remote attackers to execute arbitrary SQL commands via t… | |||
| CVE-2013-3533 | high | — | 7.5 | 13y ago | Multiple SQL injection vulnerabilities in Virtual Access Monitor 3.10.17 and earlier allow attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-3532 | high | — | 7.5 | 13y ago | SQL injection vulnerability in settings.php in the Web Dorado Spider Video Player plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the theme parameter. | |||
| CVE-2013-3531 | high | — | 7.5 | 13y ago | SQL injection vulnerability in meneger.php in RadioCMS 2.2 allows remote attackers to execute arbitrary SQL commands via the playlist_id parameter. | |||
| CVE-2013-3530 | high | — | 7.5 | 13y ago | SQL injection vulnerability in playlist.php in the Spiffy XSPF Player plugin 0.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the playlist_id parameter. | |||
| CVE-2013-3528 | high | — | 7.5 | 13y ago | Unspecified vulnerability in the update check in Vanilla Forums before 2.0.18.8 has unspecified impact and remote attack vectors, related to "object injection." | |||
| CVE-2013-3527 | high | — | 7.5 | 13y ago | Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to (1) entry/signin or… | |||
| CVE-2013-3525 | high | — | 7.5 | 13y ago | SQL injection vulnerability in Approvals/ in Request Tracker (RT) 4.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ShowPending parameter. NOTE: the vendor dispute… | |||
| CVE-2013-3524 | high | — | 7.5 | 13y ago | SQL injection vulnerability in popupnewsitem/ in the Pop Up News module 2.0 and possibly earlier for phpVMS allows remote attackers to execute arbitrary SQL commands via the itemid parameter. NOTE: … | |||
| CVE-2013-3523 | high | — | 7.5 | 13y ago | SQL injection vulnerability in This HTML Is Simple (THIS) before 1.2.4 allows remote to execute arbitrary SQL commands via vectors related to op=page&id= in the URL. | |||
| CVE-2013-3522 | medium | — | 7.5 | 13y ago | SQL injection vulnerability in index.php/ajax/api/reputation/vote in vBulletin 5.0.0 Beta 11, 5.0.0 Beta 28, and earlier allows remote authenticated users to execute arbitrary SQL commands via the no… | |||
| CVE-2013-0684 | high | — | 7.5 | 13y ago | SQL injection vulnerability in Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-3506 | high | — | 7.5 | 13y ago | cgi-bin/performance/perfchart.cgi in the Performance component in GroundWork Monitor Enterprise 6.7.0 does not properly restrict XML content, which allows remote attackers to execute arbitrary comman… | |||
| CVE-2013-3502 | medium | — | 7.5 | 13y ago | monarch_scan.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands, and consequently obtain sensitive information, by lev… | |||
| CVE-2013-3500 | high | — | 7.5 | 13y ago | The Foundation webapp admin interface in GroundWork Monitor Enterprise 6.7.0 uses the nagios account as the owner of writable files under /usr/local/groundwork, which allows context-dependent attacke… | |||
| CVE-2013-3499 | high | — | 7.5 | 13y ago | GroundWork Monitor Enterprise 6.7.0 performs authentication on the basis of the HTTP Referer header, which allows remote attackers to obtain administrative privileges or access files via a crafted he… | |||
| CVE-2013-3266 | high | — | 7.5 | 13y ago | The nfsrvd_readdir function in sys/fs/nfsserver/nfs_nfsdport.c in the new NFS server in FreeBSD 8.0 through 9.1-RELEASE-p3 does not verify that a READDIR request is for a directory node, which allows… | |||
| CVE-2013-1428 | medium | — | 7.5 | 13y ago | Stack-based buffer overflow in the receive_tcppacket function in net_packet.c in tinc before 1.0.21 and 1.1 before 1.1pre7 allows remote authenticated peers to cause a denial of service (crash) or po… | |||
| CVE-2013-1969 | high | — | 7.5 | 13y ago | Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code v… | |||
| CVE-2013-1915 | high | — | 7.5 | 13y ago | ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity … |