CVEs from 2013
Total
5,731
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.0%
% with KEV
0.7%
% with exploit
0.9%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2013-1667 | high | — | 7.5 | 13y ago | The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key. | |
| CVE-2013-0084 | high | — | 7.5 | 13y ago | Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user … | |
| CVE-2013-0080 | high | — | 7.5 | 13y ago | Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Call… | |
| CVE-2013-2615 | high | — | 7.5 | 13y ago | fastreader Gem for Ruby URI Handling Arbitrary Command Injection | |
| CVE-2013-2616 | high | — | 7.5 | 13y ago | MiniMagick Gem for Ruby URI Handling Arbitrary Command Injection | |
| CVE-2013-2617 | high | — | 7.5 | 13y ago | Curl Gem insufficient URL escaping command injection | |
| CVE-2013-1081 | high | — | 7.5 | 13y ago | Directory traversal vulnerability in MDM.php in Novell ZENworks Mobile Management (ZMM) 2.6.1 and 2.7.0 allows remote attackers to include and execute arbitrary local files via the language parameter. | |
| CVE-2013-2557 | high | — | 7.5 | 13y ago | The sandbox protection mechanism in Microsoft Internet Explorer 9 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vector… | |
| CVE-2013-2556 | high | — | 7.5 | 13y ago | Unspecified vulnerability in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 through SP1 allows attackers to bypass the ASLR protection mechanism via unknown vectors, a… | |
| CVE-2013-2554 | high | — | 7.5 | 13y ago | Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own compe… | |
| CVE-2013-2552 | high | — | 7.5 | 13y ago | Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demo… | |
| CVE-2013-2550 | high | — | 7.5 | 13y ago | Unspecified vulnerability in Adobe Reader 11.0.02 allows attackers to bypass the sandbox protection mechanism via unknown vectors, as demonstrated by George Hotz during a Pwn2Own competition at CanSe… | |
| CVE-2013-2549 | high | — | 7.5 | 13y ago | Unspecified vulnerability in Adobe Reader 11.0.02 allows remote attackers to execute arbitrary code via vectors related to a "break into the sandbox," as demonstrated by George Hotz during a Pwn2Own … | |
| CVE-2013-0912 | high | — | 7.5 | 13y ago | WebKit in Google Chrome before 25.0.1364.160 allows remote attackers to execute arbitrary code via vectors that leverage "type confusion." | |
| CVE-2013-2496 | high | — | 7.5 | 13y ago | The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in FFmpeg through 1.1.3 does not properly determine certain end pointers, which allows remote attackers to cause a denial of service (… | |
| CVE-2013-2495 | high | — | 7.5 | 13y ago | The iff_read_header function in iff.c in libavformat in FFmpeg through 1.1.3 does not properly handle data sizes for Interchange File Format (IFF) data during operations involving a CMAP chunk or a v… | |
| CVE-2013-0249 | high | — | 7.5 | 13y ago | Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows r… | |
| CVE-2013-1635 | high | — | 7.5 | 13y ago | ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers… | |
| CVE-2013-0911 | high | — | 7.5 | 13y ago | Directory traversal vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to have an unspecified impact via vectors related to databases. | |
| CVE-2013-0910 | high | — | 7.5 | 13y ago | Google Chrome before 25.0.1364.152 does not properly manage the interaction between the browser process and renderer processes during authorization of the loading of a plug-in, which makes it easier … | |
| CVE-2013-0908 | high | — | 7.5 | 13y ago | Google Chrome before 25.0.1364.152 does not properly manage bindings of extension processes, which has unspecified impact and attack vectors. | |
| CVE-2013-0907 | high | — | 7.5 | 13y ago | Race condition in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media thread… | |
| CVE-2013-0906 | high | — | 7.5 | 13y ago | The IndexedDB implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vecto… | |
| CVE-2013-0905 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG animatio… | |
| CVE-2013-0904 | high | — | 7.5 | 13y ago | The Web Audio implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vecto… | |
| CVE-2013-0903 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling o… | |
| CVE-2013-0902 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact vi… | |
| CVE-2013-2277 | high | — | 7.5 | 13y ago | The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 1.1.3 does not validate the relationship between luma depth and chroma depth, which allows remote attackers t… | |
| CVE-2013-2276 | high | — | 7.5 | 13y ago | The avcodec_decode_audio4 function in utils.c in libavcodec in FFmpeg before 1.1.3 does not verify the decoding state before proceeding with certain skip operations, which allows remote attackers to … | |
| CVE-2013-2268 | high | — | 7.5 | 13y ago | Unspecified vulnerability in the MathML implementation in WebKit in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, has unknown impact and remote attack v… | |
| CVE-2013-0898 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unsp… | |
| CVE-2013-0896 | high | — | 7.5 | 13y ago | Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly manage memory during message handling for plug-ins, which allows remote attackers to cau… | |
| CVE-2013-0895 | high | — | 7.5 | 13y ago | Google Chrome before 25.0.1364.97 on Linux, and before 25.0.1364.99 on Mac OS X, does not properly handle pathnames during copy operations, which might make it easier for remote attackers to execute … | |
| CVE-2013-0894 | high | — | 7.5 | 13y ago | Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and L… | |
| CVE-2013-0892 | high | — | 7.5 | 13y ago | Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of servi… | |
| CVE-2013-0891 | high | — | 7.5 | 13y ago | Integer overflow in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified othe… | |
| CVE-2013-0890 | high | — | 7.5 | 13y ago | Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of servi… | |
| CVE-2013-0887 | high | — | 7.5 | 13y ago | The developer-tools process in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict privileges during interaction with a connected s… | |
| CVE-2013-0886 | high | — | 7.5 | 13y ago | Google Chrome before 25.0.1364.99 on Mac OS X does not properly implement signal handling for Native Client (aka NaCl) code, which has unspecified impact and attack vectors. | |
| CVE-2013-0885 | high | — | 7.5 | 13y ago | Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict API privileges during interaction with the Chrome Web Store, which has unspecif… | |
| CVE-2013-0882 | high | — | 7.5 | 13y ago | Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect memory access) or possibly have unspecifie… | |
| CVE-2013-0880 | high | — | 7.5 | 13y ago | Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unsp… | |
| CVE-2013-0879 | high | — | 7.5 | 13y ago | Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly implement web audio nodes, which allows remote attackers to cause a denial of service (m… | |
| CVE-2013-1756 | high | — | 7.5 | 14y ago | Dragonfly Code Injection vulnerability | |
| CVE-2013-0029 | high | 7.5 | 7.5 | 14y ago | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Interne… | |
| CVE-2013-1453 | high | — | 7.5 | 14y ago | plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary d… | |
| CVE-2013-0269 | high | — | 7.5 | 14y ago | The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mec… | |
| CVE-2013-0351 | high | — | 7.5 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, a… | |
| CVE-2013-0843 | high | — | 7.5 | 14y ago | content/renderer/media/webrtc_audio_renderer.cc in Google Chrome before 24.0.1312.56 on Mac OS X does not use an appropriate buffer size for the 96 kHz sampling rate, which allows remote attackers to… | |
| CVE-2013-0841 | high | — | 7.5 | 14y ago | Array index error in the content-blocking functionality in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown… | |
| CVE-2013-0839 | high | — | 7.5 | 14y ago | Use-after-free vulnerability in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of… | |
| CVE-2013-0209 | high | — | 7.5 | 14y ago | lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct e… | |
| CVE-2013-0359 | high | — | 7.5 | 14y ago | Unspecified vulnerability in the APM - Application Performance Management component in Oracle Enterprise Manager Grid Control 6.5, 11.1, and 12.1.0.2 allows remote attackers to affect confidentiality… | |
| CVE-2013-0838 | high | — | 7.5 | 14y ago | Google Chrome before 24.0.1312.52 on Linux uses weak permissions for shared memory segments, which has unspecified impact and attack vectors. | |
| CVE-2013-0837 | high | — | 7.5 | 14y ago | Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of extension tabs. | |
| CVE-2013-0832 | high | — | 7.5 | 14y ago | Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to printing. | |
| CVE-2013-0831 | high | — | 7.5 | 14y ago | Directory traversal vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to have an unspecified impact by leveraging access to an extension process. | |
| CVE-2013-0830 | high | — | 7.5 | 14y ago | The IPC layer in Google Chrome before 24.0.1312.52 on Windows omits a NUL character required for termination of an unspecified data structure, which has unknown impact and attack vectors. | |
| CVE-2013-1801 | high | — | 7.5 | 14y ago | HTTParty does not restrict casts of string values | |
| CVE-2013-0175 | high | — | 7.5 | 14y ago | multi_xml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote attackers to conduct object-injection a… | |
| CVE-2013-0285 | high | — | 7.5 | 14y ago | nori contains Improper Input Validation | |
| CVE-2013-1800 | high | — | 7.5 | 14y ago | The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause… | |
| CVE-2013-1802 | high | — | 7.5 | 14y ago | The extlib gem 0.9.15 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cau… | |
| CVE-2013-5009 | high | — | 7.4 | 13y ago | The Management Console in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly pe… | |
| CVE-2013-2211 | high | — | 7.4 | 13y ago | The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and emulated serial console devices, which allows local guest admi… | |
| CVE-2013-2072 | high | — | 7.4 | 13y ago | Buffer overflow in the Python bindings for the xc_vcpu_setaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of ser… | |
| CVE-2013-1432 | high | — | 7.4 | 13y ago | Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not properly maintain references on pages stored for deferred cleanup, which allows local PV guest kernels to cause a denial of service (p… | |
| CVE-2013-1617 | high | — | 7.4 | 13y ago | Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote authenticated administrators to execute arbitrary SQL commands v… | |
| CVE-2013-1292 | high | 7.4 | 7.4 | 13y ago | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT… | |
| CVE-2013-1278 | high | 7.4 | 7.4 | 14y ago | Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Serve… | |
| CVE-2013-7030 | high | 7.3 | 7.3 | 13y ago | The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discove… | |
| CVE-2013-2604 | high | — | 7.2 | 12y ago | RealNetworks GameHouse RealArcade Installer (aka ActiveMARK Game Installer) 2.6.0.481 and 3.0.7 uses weak permissions (Create Files/Write Data) for the GameHouse Games directory tree, which allows lo… | |
| CVE-2013-0347 | high | — | 7.2 | 12y ago | The Gentoo init script for webfs uses world-readable permissions for /var/log/webfsd.log, which allows local users to have unspecified impact by reading the file. | |
| CVE-2013-2595 | high | — | 7.2 | 12y ago | The device-initialization functionality in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other produ… | |
| CVE-2013-5467 | high | — | 7.2 | 12y ago | Monitoring Agent for UNIX Logs 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP04 and Monitoring Server (ms) and Shared Libraries (ax) 6.2.0 through FP03, 6.2.1 throug… | |
| CVE-2013-6825 | high | — | 7.2 | 12y ago | (1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) dcmnet/libsrc/scp.cc, (4) dcmwlm/libsrc/wlmactmg.cc, (5) dcmprscp.cc and (6) dcmpsrcv.cc in dcmpstat/apps/, (7) dcmpstat/tests/msgserv.cc, and … | |
| CVE-2013-6208 | high | — | 7.2 | 12y ago | Unspecified vulnerability in HP Smart Update Manager 5.3.5 before build 70 on Linux allows local users to gain privileges via unknown vectors. | |
| CVE-2013-6441 | high | — | 7.2 | 13y ago | The lxc-sshd template (templates/lxc-sshd.in) in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file. | |
| CVE-2013-4738 | high | — | 7.2 | 13y ago | Multiple stack-based buffer overflows in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow a… | |
| CVE-2013-7135 | high | — | 7.2 | 13y ago | The Proc::Daemon module 0.14 for Perl uses world-writable permissions for a file that stores a process ID, which allows local users to have an unspecified impact by modifying this file. | |
| CVE-2013-5987 | high | — | 7.2 | 13y ago | Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 allows local users to bypass intended access restrictions for the GPU and gain privileges via unknown vectors. | |
| CVE-2013-2152 | high | — | 7.2 | 13y ago | Unquoted Windows search path vulnerability in the SPICE service, as used in Red Hat Enterprise Virtualization (RHEV) 3.2, allows local users to gain privileges via a crafted application in an unspeci… | |
| CVE-2013-2151 | high | — | 7.2 | 13y ago | Unquoted Windows search path vulnerability in Red Hat Enterprise Virtualization (RHEV) 3 and 3.2 allows local users to gain privileges via a crafted application in an unspecified folder. | |
| CVE-2013-5011 | high | — | 7.2 | 13y ago | Unquoted Windows search path vulnerability in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x befo… | |
| CVE-2013-6886 | high | — | 7.2 | 13y ago | RealVNC VNC 5.0.6 on Mac OS X, Linux, and UNIX allows local users to gain privileges via a crafted argument to the (1) vncserver, (2) vncserver-x11, or (3) Xvnc helper. | |
| CVE-2013-6182 | high | — | 7.2 | 13y ago | Unquoted Windows search path vulnerability in EMC Replication Manager before 5.5 allows local users to gain privileges via a crafted application in a parent directory of an intended directory. | |
| CVE-2013-3709 | high | — | 7.2 | 13y ago | WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file. | |
| CVE-2013-6767 | high | — | 7.2 | 13y ago | Stack-based buffer overflow in pepoly.dll in Quick Heal AntiVirus Pro 7.0.0.1 allows local users to execute arbitrary code or cause a denial of service (process crash) via a long *.text value in a PE… | |
| CVE-2013-5416 | high | — | 7.2 | 13y ago | Unspecified vulnerability in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unknown vectors. | |
| CVE-2013-5415 | high | — | 7.2 | 13y ago | Buffer overflow in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unspecified vectors. | |
| CVE-2013-4587 | high | — | 7.2 | 13y ago | Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. | |
| CVE-2013-3907 | high | — | 7.2 | 13y ago | portcls.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain pri… | |
| CVE-2013-3902 | high | — | 7.2 | 13y ago | Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1 and Windows 7 SP1 on 64-bit platforms allows local users to gain privileges via a crafted… | |
| CVE-2013-3899 | high | — | 7.2 | 13y ago | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate addresses, which allows local users to gain privileges via a crafted applicati… | |
| CVE-2013-4400 | high | — | 7.2 | 13y ago | virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments. | |
| CVE-2013-1090 | high | — | 7.2 | 13y ago | The SUSE horde5 package before 5.0.2-2.4.1 sets incorrect ownership for certain configuration files and directories including /etc/apache2/vhosts.d, which allows local wwwrun users to gain privileges… | |
| CVE-2013-1813 | high | — | 7.2 | 13y ago | util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vector… | |
| CVE-2013-6831 | high | — | 7.2 | 13y ago | PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms has a sudoers file that does not properly restrict user specifications, which allows local users to gain privileges via a sudo com… | |
| CVE-2013-5972 | high | — | 7.2 | 13y ago | VMware Workstation 9.x before 9.0.3 and VMware Player 5.x before 5.0.3 on Linux do not properly handle shared libraries, which allows host OS users to gain host OS privileges via unspecified vectors. | |
| CVE-2013-5148 | high | — | 7.2 | 13y ago | Apple Keynote before 6.0 does not properly handle the interaction between Keynote presentation mode and the Screen Lock implementation, which allows physically proximate attackers to obtain access by… |