| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2015-7810 |
367 |
|
|
2019-11-22 |
2019-11-25 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files |
|
2 |
CVE-2013-7089 |
200 |
|
+Info |
2019-11-15 |
2019-11-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ClamAV before 0.97.7: dbg_printhex possible information leak |
|
3 |
CVE-2013-7088 |
120 |
|
Overflow |
2019-11-15 |
2019-11-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ClamAV before 0.97.7 has buffer overflow in the libclamav component |
|
4 |
CVE-2013-7087 |
119 |
|
Overflow |
2019-11-15 |
2019-11-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ClamAV before 0.97.7 has WWPack corrupt heap memory |
|
5 |
CVE-2013-6673 |
310 |
|
|
2013-12-11 |
2020-08-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user. |
|
6 |
CVE-2013-6671 |
94 |
|
Exec Code |
2013-12-11 |
2020-08-12 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements. |
|
7 |
CVE-2013-5618 |
416 |
|
Exec Code |
2013-12-11 |
2020-08-12 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by triggering improper garbage collection. |
|
8 |
CVE-2013-5616 |
416 |
|
DoS Exec Code Mem. Corr. |
2013-12-11 |
2020-08-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to mListeners event listeners. |
|
9 |
CVE-2013-5615 |
|
|
|
2013-12-11 |
2020-08-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack vectors. |
|
10 |
CVE-2013-5613 |
416 |
|
DoS Exec Code Mem. Corr. |
2013-12-11 |
2020-08-12 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving synthetic mouse movement, related to the RestyleManager::GetHoverGeneration function. |
|
11 |
CVE-2013-5610 |
787 |
|
DoS Exec Code Mem. Corr. |
2013-12-11 |
2020-08-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
|
12 |
CVE-2013-5609 |
|
|
DoS Exec Code Mem. Corr. |
2013-12-11 |
2020-08-12 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
|
13 |
CVE-2013-4854 |
|
|
DoS |
2013-07-29 |
2019-04-22 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013. |
|
14 |
CVE-2013-4752 |
79 |
|
XSS |
2020-01-02 |
2020-01-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks. |
|
15 |
CVE-2013-4751 |
20 |
|
|
2019-11-01 |
2019-11-06 |
4.9 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
None |
|
php-symfony2-Validator has loss of information during serialization |
|
16 |
CVE-2013-4589 |
|
|
DoS |
2013-11-23 |
2016-08-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 might allow remote attackers to cause a denial of service (crash) via vectors related to exporting the alpha of an 8-bit RGBA image. |
|
17 |
CVE-2013-4572 |
384 |
|
|
2020-02-06 |
2020-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user. |
|
18 |
CVE-2013-4550 |
310 |
|
|
2013-12-24 |
2014-01-04 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Bip before 0.8.9, when running as a daemon, writes SSL handshake errors to an unexpected file descriptor that was previously associated with stderr before stderr has been closed, which allows remote attackers to write to other sockets and have an unspecified impact via a failed SSL handshake, a different vulnerability than CVE-2011-5268. NOTE: some sources originally mapped this CVE to two different types of issues; this CVE has since been SPLIT, producing CVE-2011-5268. |
|
19 |
CVE-2013-4411 |
863 |
|
|
2019-12-03 |
2019-12-11 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Review Board: URL processing gives unauthorized users access to review lists |
|
20 |
CVE-2013-4410 |
863 |
|
|
2019-12-02 |
2019-12-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ReviewBoard: has an access-control problem in REST API |
|
21 |
CVE-2013-4409 |
20 |
|
|
2019-11-04 |
2019-11-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests. |
|
22 |
CVE-2013-4357 |
120 |
|
DoS |
2019-12-31 |
2020-01-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. |
|
23 |
CVE-2013-4345 |
189 |
|
|
2013-10-10 |
2019-04-22 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. |
|
24 |
CVE-2013-4251 |
269 |
|
|
2019-11-04 |
2019-11-08 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories. |
|
25 |
CVE-2013-4168 |
79 |
|
XSS |
2019-11-01 |
2020-08-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in SmokePing 2.6.9 in the start and end time fields. |
|
26 |
CVE-2013-4161 |
269 |
|
|
2019-12-31 |
2021-06-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue. |
|
27 |
CVE-2013-4158 |
79 |
|
XSS |
2019-12-11 |
2019-12-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790) |
|
28 |
CVE-2013-4124 |
189 |
|
DoS Overflow |
2013-08-06 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet. |
|
29 |
CVE-2013-2207 |
264 |
|
|
2013-10-09 |
2017-07-01 |
2.6 |
None |
Local |
High |
Not required |
Partial |
Partial |
None |
|
pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. |
|
30 |
CVE-2013-2191 |
20 |
|
|
2014-02-08 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate. |
|
31 |
CVE-2013-2139 |
119 |
|
DoS Overflow |
2014-01-16 |
2018-10-30 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions. |
|
32 |
CVE-2013-2032 |
264 |
|
Bypass |
2013-11-18 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks. |
|
33 |
CVE-2013-1931 |
79 |
|
XSS |
2019-10-31 |
2019-11-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version. |
|
34 |
CVE-2013-1930 |
20 |
|
|
2019-10-31 |
2019-11-07 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues. |
|
35 |
CVE-2013-1915 |
611 |
|
DoS |
2013-04-25 |
2021-02-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability. |
|
36 |
CVE-2013-1895 |
307 |
|
Bypass |
2020-01-28 |
2020-02-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten. |
|
37 |
CVE-2013-1888 |
59 |
|
|
2013-08-17 |
2021-03-15 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory. |
|
38 |
CVE-2013-1830 |
264 |
|
+Info |
2013-03-25 |
2020-12-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
user/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not enforce the forceloginforprofiles setting, which allows remote attackers to obtain sensitive course-profile information by leveraging the guest role, as demonstrated by a Google search. |
|
39 |
CVE-2013-1817 |
200 |
|
+Info |
2019-11-20 |
2019-11-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information. |
|
40 |
CVE-2013-1816 |
20 |
|
DoS |
2019-11-20 |
2019-11-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request. |
|
41 |
CVE-2013-1812 |
399 |
|
DoS |
2013-12-12 |
2013-12-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack. |
|
42 |
CVE-2013-1437 |
74 |
|
Exec Code |
2020-01-28 |
2020-02-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value. |
|
43 |
CVE-2013-1416 |
476 |
|
DoS |
2013-04-19 |
2021-02-02 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request. |
|
44 |
CVE-2013-0348 |
264 |
|
+Info |
2013-12-13 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file. |
|
45 |
CVE-2013-0294 |
330 |
|
+Info |
2020-01-28 |
2020-01-31 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack. |
|
46 |
CVE-2013-0237 |
79 |
|
XSS |
2013-07-08 |
2013-07-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. |
|
47 |
CVE-2013-0211 |
189 |
|
DoS Overflow |
2013-09-30 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow. |
|
48 |
CVE-2013-0170 |
416 |
|
DoS Exec Code |
2013-02-08 |
2020-10-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue. |
|
49 |
CVE-2013-0159 |
59 |
|
DoS |
2018-05-01 |
2018-06-13 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlink attack on /tmp/fedora-business-cards-buffer.svg. |
|
50 |
CVE-2012-6075 |
120 |
|
DoS Exec Code Overflow |
2013-02-13 |
2020-08-11 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet. |
