CVEs from 2013
Total
5,740
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.0%
% with KEV
0.7%
% with exploit
0.8%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2013-7442 | critical | — | 10.0 | 11y ago | GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of (1) CANal1 for the Administrator user and (2) iis for the IIS user, which has unspecified impact and attack vectors related t… | |
| CVE-2013-7405 | critical | — | 10.0 | 11y ago | The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a password of Never!Mind for the Administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear wheth… | |
| CVE-2013-7404 | critical | — | 10.0 | 11y ago | GE Healthcare Discovery NM 750b has a password of 2getin for the insite account for (1) Telnet and (2) FTP, which has unspecified impact and attack vectors. NOTE: it is not clear whether this passwo… | |
| CVE-2013-2603 | critical | — | 10.0 | 12y ago | The RACInstaller.StateCtrl.1 ActiveX control in InstallerDlg.dll in RealNetworks GameHouse RealArcade Installer 2.6.0.481 performs unexpected type conversions for invalid parameter types, which allow… | |
| CVE-2013-2810 | critical | — | 10.0 | 12y ago | Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbi… | |
| CVE-2013-5755 | critical | — | 10.0 | 12y ago | config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM) f… | |
| CVE-2013-6221 | critical | — | 10.0 | 12y ago | Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary file… | |
| CVE-2013-4099 | critical | — | 10.0 | 12y ago | Multiple unspecified vulnerabilities in OpenAL32.dll in JOAL 2.0-rc11, as used in JOGAMP, allow context-dependent attackers to execute arbitrary code via a crafted parameter to the (1) alAuxiliaryEff… | |
| CVE-2013-4730 | critical | — | 10.0 | 12y ago | Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command. | |
| CVE-2013-6218 | critical | — | 10.0 | 12y ago | Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors. | |
| CVE-2013-6213 | critical | — | 10.0 | 12y ago | Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833. | |
| CVE-2013-4290 | critical | — | 10.0 | 12y ago | Stack-based buffer overflow in OpenJPEG before 1.5.2 allows remote attackers to have unspecified impact via unknown vectors to (1) lib/openjp3d/opj_jp3d_compress.c, (2) bin/jp3d/convert.c, or (3) lib… | |
| CVE-2013-4289 | critical | — | 10.0 | 12y ago | Multiple integer overflows in lib/openjp3d/jp3d.c in OpenJPEG before 1.5.2 allow remote attackers to have unspecified impact and vectors, which trigger a heap-based buffer overflow. | |
| CVE-2013-7350 | critical | — | 10.0 | 12y ago | Multiple unspecified vulnerabilities in Check Point Security Gateway 80 R71.x before R71.45 (730159141) and R75.20.x before R75.20.4 and 600 and 1100 appliances R75.20.x before R75.20.42 have unknown… | |
| CVE-2013-2278 | critical | — | 10.0 | 12y ago | Unspecified vulnerability in War FTP Daemon (warftpd) 1.82, when running as a Windows service, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unk… | |
| CVE-2013-6775 | critical | — | 10.0 | 12y ago | The Chainfire SuperSU package before 1.69 for Android allows attackers to gain privileges via the (1) backtick or (2) $() type of shell metacharacters in the -c option to /system/xbin/su. | |
| CVE-2013-6769 | critical | — | 10.0 | 12y ago | The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android allows attackers to gain privileges via shell metacharacters in the -c option to /system/xbin/su. | |
| CVE-2013-6774 | critical | — | 10.0 | 12y ago | Untrusted search path vulnerability in the ChainsDD Superuser package 3.1.3 for Android 4.2.x and earlier, CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier, and … | |
| CVE-2013-6941 | critical | — | 10.0 | 12y ago | Unspecified vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows users to "breakout" of the shell vi… | |
| CVE-2013-4977 | critical | — | 10.0 | 12y ago | Buffer overflow in the RTSP Packet Handler in Hikvision DS-2CD7153-E IP camera with firmware 4.1.0 b130111 (Jan 2013), and possibly other devices, allows remote attackers to cause a denial of service… | |
| CVE-2013-3712 | critical | — | 10.0 | 12y ago | SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for System z 1.3 uses "static" secret tokens, which has unspecified impact and vectors. | |
| CVE-2013-4841 | critical | — | 10.0 | 12y ago | Unspecified vulnerability in dbd_manager in LeftHand OS before 11.0 in HP StoreVirtual 4000 and StoreVirtual VSA Software (formerly LeftHand Virtual SAN Appliance) allows remote attackers to execute … | |
| CVE-2013-6952 | critical | — | 10.0 | 12y ago | The Belkin WeMo Home Automation firmware before 3949 has a hardcoded GPG key, which makes it easier for remote attackers to spoof firmware updates and execute arbitrary code via crafted signed data. | |
| CVE-2013-5400 | critical | — | 10.0 | 13y ago | An unspecified servlet in IBM Platform Symphony Developer Edition (DE) 5.2 and 6.1.x through 6.1.1 has hardcoded credentials, which allows remote attackers to bypass authentication and obtain "local … | |
| CVE-2013-6490 | critical | — | 10.0 | 13y ago | The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow. | |
| CVE-2013-6035 | critical | — | 10.0 | 13y ago | The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800B-DU204; Hughes Network Systems 9201, 9450, and 9502; Inmarsat; Japan Radio JUE-250 and JUE-500; and Thuraya IP satellite termina… | |
| CVE-2013-6034 | critical | — | 10.0 | 13y ago | The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800B-DU204; Hughes Network Systems 9201, 9450, and 9502; Inmarsat; Japan Radio JUE-250 and JUE-500; and Thuraya IP satellite termina… | |
| CVE-2013-6032 | critical | — | 10.0 | 13y ago | cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x before LC.BR.P142, X85x through LC4.BE.P487, X644 and X646 before LC2.MC.P374, X642 through LC2.MB.P318, W840 through LS.HA.P252, T64… | |
| CVE-2013-1376 | critical | — | 10.0 | 13y ago | Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability … | |
| CVE-2013-6838 | critical | — | 10.0 | 13y ago | An unspecified Enghouse Interactive Professional Services "addon product" in Enghouse Interactive IVR Pro (VIP2000) 9.0.3 (rel903), when using OpenVZ and fallback customization, uses the same SSH pri… | |
| CVE-2013-7248 | critical | — | 10.0 | 13y ago | Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, … | |
| CVE-2013-5667 | critical | — | 10.0 | 13y ago | The Thecus NAS server N8800 with firmware 5.03.01 allows remote attackers to execute arbitrary commands via a get_userid action with shell metacharacters in the username parameter. | |
| CVE-2013-6343 | critical | — | 10.0 | 13y ago | Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_f… | |
| CVE-2013-5986 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 has unknown impact and attack vectors, a different vulnerability than CVE-2013-5987. | |
| CVE-2013-0485 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in IBM Java SDK 7 before SR4-FP1, 6 before SR13-FP1, 5.0 before SR16-FP1, and 1.4.2 before SR13-FP16 has unknown impact and attack vectors related to Class Libraries. | |
| CVE-2013-3594 | critical | — | 10.0 | 13y ago | The SSH service on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device reset) or possibly execute arbitrary code by … | |
| CVE-2013-2820 | critical | — | 10.0 | 13y ago | The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to reprogram the firmware via a replay attack using UDP ports 17336 and 17388. | |
| CVE-2013-5907 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and… | |
| CVE-2013-5034 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5032, and CVE-2013-5033. | |
| CVE-2013-5033 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5032, and CVE-2013-5034. | |
| CVE-2013-5032 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5033, and CVE-2013-5034. | |
| CVE-2013-5031 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5032, CVE-2013-5033, and CVE-2013-5034. | |
| CVE-2013-7282 | critical | — | 10.0 | 13y ago | The management web interface on the Nisuta NS-WIR150NE router with firmware 5.07.41 and Nisuta NS-WIR300N router with firmware 5.07.36_NIS01 allows remote attackers to bypass authentication via a "Co… | |
| CVE-2013-6955 | critical | — | 10.0 | 13y ago | webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, an… | |
| CVE-2013-6884 | critical | — | 10.0 | 13y ago | The write-blocker in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a has a default "ditto" username and password, which allows remote attackers to gain privileges. | |
| CVE-2013-6881 | critical | — | 10.0 | 13y ago | CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) sector size or (2) skip count fields for the … | |
| CVE-2013-6195 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-2008. | |
| CVE-2013-6194 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1905. | |
| CVE-2013-2350 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1897. | |
| CVE-2013-2349 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1896. | |
| CVE-2013-2348 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1892. | |
| CVE-2013-2347 | critical | — | 10.0 | 13y ago | The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary commands or cause a denial of service via a crafted EXEC_BAR packet to TCP port… | |
| CVE-2013-2346 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1870. | |
| CVE-2013-2345 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1869. | |
| CVE-2013-2344 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1866. | |
| CVE-2013-6189 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in the Archive Query Server in HP Application Information Optimizer (formerly HP Database Archiving) 6.2, 6.3, 6.4, and 7.0 allows remote attackers to execute arbitrary code… | |
| CVE-2013-7217 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in Zimbra Collaboration Server 7.2.5 and earlier, and 8.0.x through 8.0.5, has "critical" impact and unspecified vectors, a different vulnerability than CVE-2013-7091. | |
| CVE-2013-5946 | critical | — | 10.0 | 13y ago | The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-… | |
| CVE-2013-7105 | critical | — | 10.0 | 13y ago | Buffer overflow in the Interstage HTTP Server log functionality, as used in Fujitsu Interstage Application Server 9.0.0, 9.1.0, 9.2.0, 9.3.1, and 10.0.0; and Interstage Studio 9.0.0, 9.1.0, 9.2.0, an… | |
| CVE-2013-7095 | critical | — | 10.0 | 13y ago | The XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity (XXE) issue. | |
| CVE-2013-2751 | critical | — | 10.0 | 13y ago | Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbit… | |
| CVE-2013-6810 | critical | — | 10.0 | 13y ago | The server in Brocade Network Advisor before 12.1.0, as used in EMC Connectrix Manager Converged Network Edition (CMCNE), HP B-series SAN Network Advisor, and possibly other products, allows remote a… | |
| CVE-2013-5610 | critical | — | 10.0 | 13y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and applicat… | |
| CVE-2013-5334 | critical | — | 10.0 | 13y ago | Adobe Shockwave Player before 12.0.7.148 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-5… | |
| CVE-2013-5333 | critical | — | 10.0 | 13y ago | Adobe Shockwave Player before 12.0.7.148 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-5… | |
| CVE-2013-3623 | critical | — | 10.0 | 13y ago | Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 gene… | |
| CVE-2013-6920 | critical | — | 10.0 | 13y ago | Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP tr… | |
| CVE-2013-5912 | critical | — | 10.0 | 13y ago | VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 build 2995 allows remote attackers to execute arbitrary code via a URL in the fileName parameter during an importFile action. | |
| CVE-2013-0864 | critical | — | 10.0 | 13y ago | The gif_copy_img_rect function in libavcodec/gifdec.c in FFmpeg before 1.1.2 performs an incorrect calculation for an "end pointer," which allows remote attackers to have an unspecified impact via cr… | |
| CVE-2013-4265 | critical | — | 10.0 | 13y ago | The av_reallocp_array function in libavutil/mem.c in FFmpeg before 2.0.1 has an unspecified impact and remote vectors related to a "wrong return code" and a resultant NULL pointer dereference. | |
| CVE-2013-0873 | critical | — | 10.0 | 13y ago | The read_header function in libavcodec/shorten.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid channel count, related to "freeing invalid addresses." | |
| CVE-2013-0872 | critical | — | 10.0 | 13y ago | The swr_init function in libswresample/swresample.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid or unsupported (1) input or (2) output channel layout, … | |
| CVE-2013-6822 | critical | — | 10.0 | 13y ago | GRMGApp in SAP NetWeaver allows remote attackers to have unspecified impact and attack vectors, related to an XML External Entity (XXE) issue. | |
| CVE-2013-4495 | critical | — | 10.0 | 13y ago | The send_the_mail function in server/svr_mail.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) before 4.2.6 allows remote attackers to execute arbitrary commands vi… | |
| CVE-2013-2931 | critical | — | 10.0 | 13y ago | Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.48 allow attackers to execute arbitrary code or possibly have other impact via unknown vectors. | |
| CVE-2013-5330 | critical | — | 10.0 | 13y ago | Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows and Mac OS X and before 11.2.202.327 on Linux, Adobe AIR before 3.9.0.1210, Adobe AIR SDK before 3.9.0.1210… | |
| CVE-2013-5329 | critical | — | 10.0 | 13y ago | Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows and Mac OS X and before 11.2.202.327 on Linux, Adobe AIR before 3.9.0.1210, Adobe AIR SDK before 3.9.0.1210… | |
| CVE-2013-5558 | critical | — | 10.0 | 13y ago | The WIL-A module in Cisco TelePresence VX Clinical Assistant 1.2 before 1.21 changes the admin password to an empty password upon a reboot, which makes it easier for remote attackers to obtain access… | |
| CVE-2013-6617 | critical | — | 10.0 | 13y ago | The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges. | |
| CVE-2013-4437 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp." | |
| CVE-2013-4838 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1850. | |
| CVE-2013-4837 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832. | |
| CVE-2013-6345 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 has unknown impact and attack vectors related to an "Application Exception." | |
| CVE-2013-5603 | critical | — | 10.0 | 13y ago | Use-after-free vulnerability in the nsContentUtils::ContentIsHostIncludingDescendantOf function in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey be… | |
| CVE-2013-5602 | critical | — | 10.0 | 13y ago | The Worker::SetEventListener function in the Web workers implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR … | |
| CVE-2013-5601 | critical | — | 10.0 | 13y ago | Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thu… | |
| CVE-2013-5600 | critical | — | 10.0 | 13y ago | Use-after-free vulnerability in the nsIOService::NewChannelFromURIWithProxyFlags function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1… | |
| CVE-2013-5599 | critical | — | 10.0 | 13y ago | Use-after-free vulnerability in the nsIPresShell::GetPresContext function in the PresShell (aka presentation shell) implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and … | |
| CVE-2013-5597 | critical | — | 10.0 | 13y ago | Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird… | |
| CVE-2013-5592 | critical | — | 10.0 | 13y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exe… | |
| CVE-2013-5591 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to cause a den… | |
| CVE-2013-5590 | critical | — | 10.0 | 13y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 1… | |
| CVE-2013-6288 | critical | — | 10.0 | 13y ago | Apache Solr for TYPO3 (solr) extension is vulnerable to Insecure Unserialize | |
| CVE-2013-6245 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3. 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to … | |
| CVE-2013-5446 | critical | — | 10.0 | 13y ago | The console on IBM WebSphere DataPower XC10 appliances 2.1.0 and 2.5.0 does not properly process logoff actions, which has unspecified impact and remote attack vectors. | |
| CVE-2013-6026 | critical | — | 10.0 | 13y ago | The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows re… | |
| CVE-2013-5843 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JavaFX 2.2.40 and earlier, and Java SE Embedded 7u40 and earlier allows remote atta… | |
| CVE-2013-5842 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentia… | |
| CVE-2013-5830 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40… | |
| CVE-2013-5829 | critical | — | 10.0 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentia… |