CVEs from 2013
Total
5,740
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.0%
% with KEV
0.7%
% with exploit
0.8%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2013-3918 | unknown | — | 1.5 | 8mo ago | Microsoft Windows contains an out-of-bounds write vulnerability in the InformationCardSigninHelper Class ActiveX control, icardie.dll. An attacker could exploit the vulnerability by constructing a sp… | |
| CVE-2013-3893 | unknown | — | 1.5 | 10mo ago | Microsoft Internet Explorer contains a memory corruption vulnerability that allows for remote code execution. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users shoul… | |
| CVE-2013-0643 | unknown | — | 1.5 | 2y ago | Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote attacker to execute arbitrary code via crafted SWF content. | |
| CVE-2013-0648 | unknown | — | 1.5 | 2y ago | Adobe Flash Player contains an unspecified vulnerability in the ExternalInterface ActionScript functionality that allows a remote attacker to execute arbitrary code via crafted SWF content. | |
| CVE-2013-3163 | unknown | — | 1.5 | 3y ago | Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial of service via a crafted website. | |
| CVE-2013-6282 | unknown | — | 1.5 | 4y ago | The get_user and put_user API functions of the Linux kernel fail to validate the target address when being used on ARM v6k/v7 platforms. This allows an application to read and write kernel memory whi… | |
| CVE-2013-2596 | unknown | — | 1.5 | 4y ago | Linux kernel fb_mmap function in drivers/video/fbmem.c contains an integer overflow vulnerability that allows for privilege escalation. | |
| CVE-2013-2597 | unknown | — | 1.5 | 4y ago | The Code Aurora audio calibration database (acdb) audio driver contains a stack-based buffer overflow vulnerability that allows for privilege escalation. Code Aurora is used in third-party products s… | |
| CVE-2013-2094 | unknown | — | 1.5 | 4y ago | Linux kernel fails to check all 64 bits of attr.config passed by user space, resulting to out-of-bounds access of the perf_swevent_enabled array in sw_perf_event_destroy(). Explotation allows for pri… | |
| CVE-2013-1331 | unknown | — | 1.5 | 4y ago | Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via crafted PNG data in an Office document. | |
| CVE-2013-2423 | unknown | — | 1.5 | 4y ago | Unspecified vulnerability in hotspot for Java Runtime Environment (JRE) allows remote attackers to affect integrity. | |
| CVE-2013-0074 | unknown | — | 1.5 | 4y ago | Microsoft Silverlight does not properly validate pointers during HTML object rendering, which allows remote attackers to execute code via a crafted Silverlight application. | |
| CVE-2013-0422 | unknown | — | 1.5 | 4y ago | A vulnerability in the way Java restricts the permissions of Java applets could allow an attacker to execute commands on a vulnerable system. | |
| CVE-2013-3993 | unknown | — | 1.5 | 4y ago | Certain APIs within BigInsights can take invalid input that might allow attackers unauthorized access to read, write, modify, or delete data. | |
| CVE-2013-7331 | unknown | — | 1.5 | 4y ago | An information disclosure vulnerability exists in Internet Explorer which allows resources loaded into memory to be queried. This vulnerability could allow an attacker to detect anti-malware applicat… | |
| CVE-2013-0431 | unknown | — | 1.5 | 4y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle allows remote attackers to bypass the Java security sandbox. | |
| CVE-2013-3896 | unknown | — | 1.5 | 4y ago | Microsoft Silverlight does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application. | |
| CVE-2013-2251 | unknown | — | 1.5 | 4y ago | Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language (OGNL) expressions. | |
| CVE-2013-1690 | unknown | — | 1.5 | 4y ago | Mozilla Firefox and Thunderbird do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial-of-service (DoS) or possibly execu… | |
| CVE-2013-3660 | unknown | — | 1.5 | 4y ago | The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft does not properly initialize a pointer for the next object in a certain list, which allows local users to ga… | |
| CVE-2013-2465 | unknown | — | 1.5 | 4y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related … | |
| CVE-2013-2551 | unknown | — | 1.5 | 4y ago | Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute remote code via a crafted web site that triggers access to a deleted object. | |
| CVE-2013-2729 | unknown | — | 1.5 | 4y ago | Integer overflow vulnerability in Adobe Reader and Acrobat allows attackers to execute remote code. | |
| CVE-2013-5223 | unknown | — | 1.5 | 4y ago | A cross-site scripting (XSS) vulnerability exists in the D-Link DSL-2760U gateway, allowing remote authenticated users to inject arbitrary web script or HTML. | |
| CVE-2013-4810 | unknown | — | 1.5 | 4y ago | HP ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet … | |
| CVE-2013-0629 | unknown | — | 1.5 | 4y ago | Adobe Coldfusion contains a directory traversal vulnerability, which could permit an unauthorized user access to restricted directories. | |
| CVE-2013-0625 | unknown | — | 1.5 | 4y ago | Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access. | |
| CVE-2013-0631 | unknown | — | 1.5 | 4y ago | Adobe Coldfusion contains an unspecified vulnerability, which could result in information disclosure from a compromised server. | |
| CVE-2013-0632 | unknown | — | 1.5 | 4y ago | An authentication bypass vulnerability exists in Adobe ColdFusion which could result in an unauthorized user gaining administrative access. | |
| CVE-2013-3346 | unknown | — | 1.5 | 4y ago | Adobe Reader and Acrobat contain a memory corruption vulnerability which can allow attackers to execute arbitrary code or cause a denial of service. | |
| CVE-2013-0641 | unknown | — | 1.5 | 4y ago | A buffer overflow vulnerability exists in Adobe Reader which allows an attacker to perform remote code execution. | |
| CVE-2013-1675 | unknown | — | 1.5 | 4y ago | Mozilla Firefox does not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive in… | |
| CVE-2013-0640 | unknown | — | 1.5 | 4y ago | An memory corruption vulnerability exists in the acroform.dll in Adobe Reader that allows an attacker to perform remote code execution. | |
| CVE-2013-1347 | unknown | — | 1.5 | 4y ago | This vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. | |
| CVE-2013-5065 | unknown | — | 1.5 | 4y ago | Microsoft Windows NDProxy.sys in the kernel contains an improper input validation vulnerability which can allow a local attacker to escalate privileges. | |
| CVE-2013-3897 | unknown | — | 1.5 | 4y ago | A use-after-free vulnerability exists within CDisplayPointer in Microsoft Internet Explorer that allows an attacker to remotely execute arbitrary code. | |
| CVE-2013-3906 | unknown | — | 1.5 | 4y ago | Microsoft Graphics Component contains a memory corruption vulnerability which can allow for remote code execution. | |
| CVE-2013-3900 | unknown | — | 1.5 | 4y ago | A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files. | |
| CVE-2013-5123 | unknown | — | 1.0 | 4y ago | The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. | |
| CVE-2013-2012 | unknown | — | — | — | autojump before 21.5.8 allows local users to gain privileges via a Trojan horse custom_install directory in the current working directory. | |
| CVE-2013-4090 | unknown | — | — | — | Varnish HTTP cache before 3.0.4: ACL bug | |
| CVE-2013-10031 | unknown | — | — | — | Plack-Middleware-Session versions before 0.17 may be vulnerable to HMAC comparison timing attacks | |
| CVE-2013-7098 | unknown | — | — | — | OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection. | |
| CVE-2013-1820 | unknown | — | — | — | tuned before 2.x allows local users to kill running processes due to insecure permissions with tuned's ktune service. | |
| CVE-2013-20001 | unknown | — | — | — | An issue was discovered in OpenZFS through 2.0.3. When an NFS share is exported to IPv6 addresses via the sharenfs feature, there is a silent failure to parse the IPv6 address data, and access is all… | |
| CVE-2013-5594 | unknown | — | — | — | Mozilla Firefox before 25 allows modification of anonymous content of pluginProblem.xml binding | |
| CVE-2013-0194 | unknown | — | — | — | Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 an… | |
| CVE-2013-1424 | unknown | — | — | — | Buffer overflow vulnerability in matplotlib.This issue affects matplotlib: before upstream commit ba4016014cb4fb4927e36ce8ea429fed47dcb787. | |
| CVE-2013-4441 | unknown | — | — | — | The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack. | |
| CVE-2013-3718 | unknown | — | — | — | evince is missing a check on number of pages which can lead to a segmentation fault | |
| CVE-2013-4166 | unknown | — | — | — | The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email … | |
| CVE-2013-0180 | unknown | — | — | — | Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds. | |
| CVE-2013-2625 | unknown | — | — | — | An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking… | |
| CVE-2013-4088 | unknown | — | — | — | Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 does not properly restrict tickets, which allows remote atta… | |
| CVE-2013-3551 | unknown | — | — | — | Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2… | |
| CVE-2013-5743 | unknown | — | — | — | Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7. | |
| CVE-2013-3738 | unknown | — | — | — | A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code. | |
| CVE-2013-4168 | unknown | — | — | — | Cross-site scripting (XSS) vulnerability in SmokePing 2.6.9 in the start and end time fields. | |
| CVE-2013-4184 | unknown | — | — | — | Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks | |
| CVE-2013-7470 | unknown | — | — | — | cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstr… | |
| CVE-2013-7490 | unknown | — | — | — | An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption. | |
| CVE-2013-6275 | unknown | — | — | — | Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php. | |
| CVE-2013-7469 | unknown | — | — | — | Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionar… | |
| CVE-2013-2738 | unknown | — | — | — | minidlna has SQL Injection that may allow retrieval of arbitrary files | |
| CVE-2013-2745 | unknown | — | — | — | An SQL Injection vulnerability exists in MiniDLNA prior to 1.1.0 | |
| CVE-2013-2600 | unknown | — | — | — | MiniUPnPd has information disclosure use of snprintf() | |
| CVE-2013-7087 | unknown | — | — | — | ClamAV before 0.97.7 has WWPack corrupt heap memory | |
| CVE-2013-4968 | unknown | — | — | — | Puppet Enterprise before 3.0.1 allows remote attackers to (1) conduct clickjacking attacks via unspecified vectors related to the console, and (2) conduct cross-site scripting (XSS) attacks via unspe… | |
| CVE-2013-7088 | unknown | — | — | — | ClamAV before 0.97.7 has buffer overflow in the libclamav component | |
| CVE-2013-2213 | unknown | — | — | — | The KRandom::random function in KDE Paste Applet after 4.10.5 in kdeplasma-addons uses the GNU C Library rand function's linear congruential generator, which makes it easier for context-dependent att… | |
| CVE-2013-2120 | unknown | — | — | — | The %{password(...)} macro in pastemacroexpander.cpp in the KDE Paste Applet before 4.10.5 in kdeplasma-addons does not properly generate passwords, which allows context-dependent attackers to bypass… | |
| CVE-2013-1425 | unknown | — | — | — | ldap-git-backup before 1.0.4 exposes password hashes due to incorrect directory permissions. | |
| CVE-2013-0178 | unknown | — | — | — | Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm. | |
| CVE-2013-1753 | unknown | — | — | — | The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request. | |
| CVE-2013-4235 | unknown | — | — | — | shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees | |
| CVE-2013-1817 | unknown | — | — | — | MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information. | |
| CVE-2013-1951 | unknown | — | — | — | A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names. | |
| CVE-2013-6451 | unknown | — | — | — | Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecifie… | |
| CVE-2013-2739 | unknown | — | — | — | MiniDLNA has heap-based buffer overflow | |
| CVE-2013-7351 | unknown | — | — | — | Multiple cross-site scripting (XSS) vulnerabilities in index.php in Shaarli allow remote attackers to inject arbitrary web script or HTML via the URL to the (1) showRSS, (2) showATOM, or (3) showDail… | |
| CVE-2013-0326 | unknown | — | — | — | OpenStack nova base images permissions are world readable | |
| CVE-2013-0195 | unknown | — | — | — | Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 an… | |
| CVE-2013-7203 | unknown | — | — | — | gitolite before commit fa06a34 might allow local users to read arbitrary files in repositories via vectors related to the user umask when running gitolite setup. | |
| CVE-2013-7484 | unknown | — | — | — | Zabbix before 5.0 represents passwords in the users table with unsalted MD5. | |
| CVE-2013-0193 | unknown | — | — | — | Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0194 an… | |
| CVE-2013-1752 | unknown | — | — | — | ||
| CVE-2013-7325 | unknown | — | — | — | An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball. | |
| CVE-2013-3564 | unknown | — | — | — | The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authen… | |
| CVE-2013-3565 | unknown | — | — | — | Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command p… | |
| CVE-2013-2106 | unknown | — | — | — | webauth before 4.6.1 has authentication credential disclosure | |
| CVE-2013-2018 | unknown | — | — | — | Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |
| CVE-2013-4451 | unknown | — | — | — | gitolite commit fa06a34 through 3.5.3 might allow attackers to have unspecified impact via vectors involving world-writable permissions when creating (1) ~/.gitolite.rc, (2) ~/.gitolite, or (3) ~/rep… | |
| CVE-2013-7464 | unknown | — | — | — | In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatica… | |
| CVE-2013-2075 | unknown | — | — | — | Multiple buffer overflows in the (1) R5RS char-ready, (2) tcp-accept-ready, and (3) file-select procedures in Chicken through 4.8.0.3 allows attackers to cause a denial of service (crash) by opening … | |
| CVE-2013-4535 | unknown | — | — | — | The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read. | |
| CVE-2013-4412 | unknown | — | — | — | slim has NULL pointer dereference when using crypt() method from glibc 2.17 | |
| CVE-2013-6876 | unknown | — | — | — | The (1) pty_init_terminal and (2) pipe_init_terminal functions in main.c in s3dvt 0.2.2 and earlier allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and ea… | |
| CVE-2013-4158 | unknown | — | — | — | smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790) | |
| CVE-2013-4584 | unknown | — | — | — | Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssl_outgoing_ciphers not being applied to STARTTLS connections | |
| CVE-2013-2024 | unknown | — | — | — | OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0. |