All CVEs — 2013 (Page 2/25)

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0

2013-12-18

Medium

CVE-2013-5225

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft…

CVSS: 6.8 CWE: CWE-119

Medium

CVE-2013-5199

CVSS: 6.8 CWE: CWE-119

Medium

CVE-2013-5198

CVSS: 6.8 CWE: CWE-119

Medium

CVE-2013-5197

CVSS: 6.8 CWE: CWE-119

Medium

CVE-2013-5196

CVSS: 6.8 CWE: CWE-119

Medium

CVE-2013-5195

CVSS: 6.8 CWE: CWE-119

2013-12-17

Medium

CVE-2013-7129

Cross-site scripting (XSS) vulnerability in ThemeBeans Blooog theme 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the jQuery parameter to assets/js/jplayer.swf.

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2013-6883

Cross-site request forgery (CSRF) vulnerability in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to hijack the authentication of administrators for requests…

CVSS: 6.8 CWE: CWE-352

Medium

CVE-2013-6882

Multiple cross-site scripting (XSS) vulnerabilities in CRU Ditto Forensic FieldStation with firmware 2013Oct15a and earlier allow (1) remote attackers to inject arbitrary web script or HTML via the u…

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2013-6733

Cross-site scripting (XSS) vulnerability in the Web Application in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML vi…

CVSS: 4.3 CWE: CWE-79

Low

CVE-2013-6721

Cross-site scripting (XSS) vulnerability in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.x through 8.0.0.2 allows remote authenticated users to inject arbitrary web…

CVSS: 3.5 CWE: CWE-79

Medium

CVE-2013-6327

Cross-site scripting (XSS) vulnerability in the HTTP Option in IBM Sterling Connect:Enterprise 1.3 before 1.3.0.2 iFix 1 and 1.4 before 1.4.0.0 iFix 1 allows remote attackers to inject arbitrary web…

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2013-6038

Stack-based buffer overflow in Trimble SketchUp Viewer 13.0.4124 allows remote attackers to execute arbitrary code via a crafted .SKP file.

CVSS: 6.8 CWE: CWE-119

Medium

CVE-2013-2816

The DNP3 component in Cooper Power Systems SMP 4, 4/DP, and 16 gateways allows physically proximate attackers to cause a denial of service (reboot or link outage) via crafted input over a serial line.

CVSS: 4.7 CWE: CWE-20

High

CVE-2013-2814

Cooper Power Systems Cybectec DNP3 Master OPC Server allows remote attackers to cause a denial of service (unhandled exception and process crash) via unspecified vectors.

CVSS: 7.1 CWE: CWE-20

High

CVE-2013-2813

The DNP3 component in Cooper Power Systems SMP 4, 4/DP, and 16 gateways allows remote attackers to cause a denial of service (reboot or link outage) via a crafted DNP3 TCP packet.

CVSS: 7.1 CWE: CWE-20

Medium

CVE-2013-6966

Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36031.

CVSS: 5.8 CWE: CWE-20

High

CVE-2013-6926

The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote authenticated users to bypass intended restrictions on administrative actions by leveraging access to a (1) guest or (…

CVSS: 8.0 CWE: CWE-863

High

CVE-2013-6925

The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote attackers to hijack web sessions by predicting a session id value.

CVSS: 8.3 CWE: CWE-330

High

CVE-2013-6420

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509…

CVSS: 7.5 CWE: CWE-119

Medium

CVE-2013-6192

Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration before 9 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVSS: 6.8 CWE: CWE-352

Medium

CVE-2013-6191

Cross-site scripting (XSS) vulnerability in HP Operations Orchestration before 9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79

2013-12-14

Medium

CVE-2013-6973

Cisco WebEx Training Center allows remote attackers to discover registration IDs via a crafted URL, aka Bug ID CSCul57121.

CVSS: 4.3 CWE: CWE-200

Medium

CVE-2013-6972

Cisco WebEx Training Center allows remote attackers to discover session numbers, and bypass host approval for audio-conference attendance, by reading HTML source code, aka Bug ID CSCul57126.

CVSS: 5.0 CWE: CWE-200

Medium

CVE-2013-6971

CVSS: 5.8 CWE: CWE-20

Medium

CVE-2013-6970

Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information by reading verbose error messages within server responses, aka Bug ID CSCul35928.

CVSS: 5.0 CWE: CWE-200

Medium

CVE-2013-6969

The training-registration page in Cisco WebEx Training Center allows remote attackers to modify unspecified fields via unknown vectors, aka Bug ID CSCul35990.

CVSS: 4.3 CWE: CWE-20

Medium

CVE-2013-6968

Cisco WebEx Training Center provides different error messages for registration attempts depending on whether the e-mail address exists, which allows remote attackers to enumerate attendees via a seri…

CVSS: 5.0 CWE: CWE-200

Medium

CVE-2013-6967

Open redirect vulnerability in the mobile-browser subsystem in Cisco WebEx Sales Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified v…

CVSS: 5.8 CWE: CWE-20

Medium

CVE-2013-6963

Cross-site scripting (XSS) vulnerability in the registration component in Cisco WebEx Training Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCu…

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2013-6962

Cross-site scripting (XSS) vulnerability in the mobile-browser subsystem in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSC…

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2013-6961

Cross-site scripting (XSS) vulnerability in the Collaboration Partner Access Console (CPAC) in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted…

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2013-6960

Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meeting Center allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36248.

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2013-6959

Open redirect vulnerability in Cisco WebEx Sales Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul25557.

CVSS: 5.8 CWE: CWE-20

Medium

CVE-2013-6711

Cross-site scripting (XSS) vulnerability in the product-creation administrative page in Cisco WebEx Sales Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka…

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2013-6710

Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Training Center allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCul25567.

CVSS: 6.8 CWE: CWE-352

Medium

CVE-2013-6709

The registration component in Cisco WebEx Training Center provides the training-session URL before payment is completed, which allows remote attackers to bypass intended access restrictions and join…

CVSS: 5.0 CWE: CWE-200

Medium

CVE-2013-5438

Cross-site scripting (XSS) vulnerability in the web server in IBM Flex System Manager (FSM) 1.1.0 through 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2013-4845

Cross-site scripting (XSS) vulnerability on HP Officejet Pro 8500 (aka A909) All-in-One printers allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2013-4001

Session fixation vulnerability in IBM Cognos Command Center before 10.2 allows remote attackers to hijack web sessions via an authorization cookie.

CVSS: 4.3 CWE: CWE-287

Medium

CVE-2013-4000

Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Cognos Command Center before 10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) start o…

CVSS: 6.8 CWE: CWE-352

Low

CVE-2013-3043

Directory traversal vulnerability in the client in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via v…

CVSS: 2.1 CWE: CWE-22

Low

CVE-2013-3042

Directory traversal vulnerability in the server in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via v…

CVSS: 2.1 CWE: CWE-22

Critical

CVE-2013-7105

Buffer overflow in the Interstage HTTP Server log functionality, as used in Fujitsu Interstage Application Server 9.0.0, 9.1.0, 9.2.0, 9.3.1, and 10.0.0; and Interstage Studio 9.0.0, 9.1.0, 9.2.0, an…

CVSS: 10.0 CWE: CWE-119

Medium

CVE-2013-6368

The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end addre…

CVSS: 6.2 CWE: CWE-20

High

CVE-2013-4587

Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value.

CVSS: 7.2 CWE: CWE-20

Critical

CVE-2013-7104

McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands by specifying them in the value attribute in a (1) Command or (2) Script XML element. NOTE: this iss…

CVSS: 9.0 CWE: CWE-78

Critical

CVE-2013-7103

McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the value attribute in a (1) TestFile XML element or the (2) hostname. N…

CVSS: 9.0 CWE: CWE-78

Medium

CVE-2013-7085

Uscan in devscripts 2.13.5, when USCAN_EXCLUSION is enabled, allows remote attackers to delete arbitrary files via a whitespace character in a filename.

CVSS: 5.8 CWE: CWE-20

Medium

CVE-2013-7069

ack 2.00 through 2.11_02 allows remote attackers to execute arbitrary code via a (1) --pager, (2) --regex, or (3) --output option in a .ackrc file in a directory to be searched.

CVSS: 6.8 CWE: CWE-94

Medium

CVE-2013-6411

The HandleCrashedAircraft function in aircraft_cmd.cpp in OpenTTD 0.3.6 through 1.3.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) by crashing an aircraft outsi…

CVSS: 5.0 CWE: CWE-119

Medium

CVE-2013-6391

The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to…

CVSS: 5.8 CWE: CWE-269

Medium

CVE-2013-5107

Directory traversal vulnerability in RockMongo 1.1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the ROCK_LANG cookie, as demonstrated in a login.index action to…

CVSS: 5.0 CWE: CWE-22

Medium

CVE-2013-1364

The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to override LDAP configuration via the cnf parameter.

CVSS: 5.0 CWE: CWE-287

2013-12-13

High

CVE-2013-7096

Multiple SQL injection vulnerabilities in SAP EMR Unwired allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS: 7.5 CWE: CWE-89

High

CVE-2013-7094

SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS: 7.5 CWE: CWE-89

Medium

CVE-2013-7093

SAP Network Interface Router (SAProuter) 39.3 SP4 allows remote attackers to bypass authentication and modify the configuration via unspecified vectors.

CVSS: 5.0 CWE: CWE-287

Medium

CVE-2013-7039

Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a d…

CVSS: 5.1 CWE: CWE-119

Medium

CVE-2013-7038

The MHD_http_unescape function in libmicrohttpd before 0.9.32 might allow remote attackers to obtain sensitive information or cause a denial of service (crash) via unspecified vectors that trigger an…

CVSS: 6.4 CWE: CWE-119

Medium

CVE-2013-6809

Format string vulnerability in the client in Tftpd32 before 4.50 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the Remo…

CVSS: 5.0 CWE: CWE-134

Medium

CVE-2013-6359

Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service (abort data collection for node) via a plugin that uses "multigraph" as a multigraph service name.

CVSS: 4.3 CWE: CWE-20

Medium

CVE-2013-6048

The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process)…

CVSS: 5.0 CWE: CWE-20

Medium

CVE-2013-7092

Multiple SQL injection vulnerabilities in /admin/cgi-bin/rpc/doReport/18 in McAfee Email Gateway 7.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) events_col, (2) eve…

CVSS: 6.5 CWE: CWE-89

Medium

CVE-2013-7091

Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (…

CVSS: 5.0 CWE: CWE-22

Medium

CVE-2013-7050

The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a direc…

CVSS: 6.8 CWE: CWE-94

Medium

CVE-2013-6957

Cross-site scripting (XSS) vulnerability in the web administrative component in Juniper IDP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the ACM web serve…

CVSS: 4.3 CWE: CWE-79

Low

CVE-2013-6956

Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4…

CVSS: 2.1 CWE: CWE-79

Medium

CVE-2013-4569

The CleanChanges extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3, when "Group changes by page in recent changes and watchlist" is enabled, allows remote attacker…

CVSS: 4.3 CWE: CWE-200

Medium

CVE-2012-5394

Cross-site request forgery (CSRF) vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the authenti…

CVSS: 6.8 CWE: CWE-352

High

CVE-2013-6839

SQL injection vulnerability in InstantSoft InstantCMS 1.10.3 and earlier allows remote attackers to execute arbitrary SQL commands via the orderby parameter to catalog/[id].

CVSS: 7.5 CWE: CWE-89

Medium

CVE-2013-6005

Cross-site scripting (XSS) vulnerability in Cybozu Dezie before 8.1.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Cancel button.

CVSS: 4.3 CWE: CWE-79

Critical

CVE-2013-4988

Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary code via a long idCount value in an ICONDIR structure in an ICO file. NOTE: some of these details ar…

CVSS: 9.3 CWE: CWE-119

2013-12-12

High

CVE-2013-6421

The unpack_zip function in archive_unpacker.rb in the sprout gem 0.7.246 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a (1) filename or (2) pa…

CVSS: 7.5 CWE: CWE-94

High

CVE-2013-6054

Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and remote vectors, a different vulnerability than CVE-2013-6045.

CVSS: 7.5 CWE: CWE-119

Medium

CVE-2013-6052

OpenJPEG 1.3 and earlier allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read.

CVSS: 5.0 CWE: CWE-200

High

CVE-2013-6045

Multiple heap-based buffer overflows in OpenJPEG 1.3 and earlier might allow remote attackers to execute arbitrary code via unspecified vectors.

CVSS: 7.5 CWE: CWE-119

Medium

CVE-2013-4458

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (cra…

CVSS: 5.0 CWE: CWE-119

Medium

CVE-2013-2752

Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication…

CVSS: 6.8 CWE: CWE-352

Critical

CVE-2013-2751

Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbit…

CVSS: 10.0 CWE: CWE-94

Medium

CVE-2013-1978

Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and po…

CVSS: 6.8 CWE: CWE-787

Medium

CVE-2013-1913

Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of s…

CVSS: 6.8 CWE: CWE-190

Critical

CVE-2013-6810

The server in Brocade Network Advisor before 12.1.0, as used in EMC Connectrix Manager Converged Network Edition (CMCNE), HP B-series SAN Network Advisor, and possibly other products, allows remote a…

CVSS: 10.0 CWE: CWE-94

2013-12-11

Medium

CVE-2013-6672

Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations.

CVSS: 4.3 CWE: CWE-200

Critical

CVE-2013-6671

The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary…

CVSS: 9.8 CWE: CWE-94

High

CVE-2013-5619

Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-…

CVSS: 7.5 CWE: CWE-190

Critical

CVE-2013-5618

Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunder…

CVSS: 9.8 CWE: CWE-416

Critical

CVE-2013-5616

Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.2…

CVSS: 9.8 CWE: CWE-416

Medium

CVE-2013-5614

Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attacker…

CVSS: 4.3 CWE: CWE-1021

Critical

CVE-2013-5613

Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows…

CVSS: 9.8 CWE: CWE-416

Medium

CVE-2013-5612

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Orig…

CVSS: 4.3 CWE: CWE-79

Critical

CVE-2013-5610

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and applicat…

CVSS: 10.0 CWE: CWE-787

Critical

CVE-2013-5334

Adobe Shockwave Player before 12.0.7.148 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-5…

CVSS: 10.0 CWE: CWE-119

Critical

CVE-2013-5333

CVSS: 10.0 CWE: CWE-119

Critical

CVE-2013-5332

Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380…

CVSS: 9.3 CWE: CWE-94

Critical

CVE-2013-5331

CVSS: 9.3 CWE: CWE-94

Medium

CVE-2013-5072

Cross-site scripting (XSS) vulnerability in Outlook Web Access in Microsoft Exchange Server 2010 SP2 and SP3 and 2013 Cumulative Update 2 and 3 allows remote attackers to inject arbitrary web script…

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2013-5059

Microsoft SharePoint Server 2010 SP1 and SP2 and 2013, and Office Web Apps 2013, allows remote attackers to execute arbitrary code via crafted page content, aka "SharePoint Page Content Vulnerabiliti…

CVSS: 6.8 CWE: CWE-94

Medium

CVE-2013-5058

Integer overflow in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1,…

CVSS: 6.9 CWE: CWE-190

Critical

CVE-2013-5056

Use-after-free vulnerability in the Scripting Runtime Object Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1…

CVSS: 9.3 CWE: CWE-416

Medium

CVE-2013-5054

Microsoft Office 2013 and 2013 RT allows remote attackers to discover authentication tokens via a crafted response to a file-open request for an Office file on a web site, as exploited in the wild in…

CVSS: 4.3 CWE: CWE-200

Critical

CVE-2013-5052

Microsoft Internet Explorer 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulne…

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2013-5051

Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrupti…

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2013-5049

Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrup…

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2013-5048

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru…

CVSS: 9.3 CWE: CWE-119

Critical

CVE-2013-5047

CVSS: 9.3 CWE: CWE-119

Medium

CVE-2013-5046

Microsoft Internet Explorer 7 through 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, a…

CVSS: 6.2 CWE: CWE-20

Medium

CVE-2013-5045

Microsoft Internet Explorer 10 and 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka…

CVSS: 6.2 CWE: CWE-20

Medium

CVE-2013-5042

Cross-site scripting (XSS) vulnerability in Microsoft ASP.NET SignalR 1.1.x before 1.1.4 and 2.0.x before 2.0.1, and Visual Studio Team Foundation Server 2013, allows remote attackers to inject arbit…

CVSS: 4.3 CWE: CWE-79

High

CVE-2013-3907

portcls.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain pri…

CVSS: 7.2 CWE: CWE-119

Medium

CVE-2013-3903

Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to cause a denial of service (reboot…

CVSS: 4.7 CWE: CWE-20

Medium

CVE-2013-3900

Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update the Security Updates table and to inform customers that the EnableCertPaddingCh…

CVSS: 5.5 CWE: CWE-347

High

CVE-2013-3899

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate addresses, which allows local users to gain privileges via a crafted applicati…

CVSS: 7.2 CWE: CWE-20

Medium

CVE-2013-3878

Stack-based buffer overflow in the LRPC client in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges by operating an LRPC server that sends a crafted LPC port…

CVSS: 6.9 CWE: CWE-119

2013-12-10

High

CVE-2013-7043

Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Scientific Atlanta DPR2320R2 routers with software 2.0.2r1262-090417 allow remote attackers to hijack the authentication of adminis…

CVSS: 8.3 CWE: CWE-352

Low

CVE-2013-5404

Cross-site scripting (XSS) vulnerability in the search implementation in IBM Rational Quality Manager (RQM) 2.0 through 2.0.1.1, 3.x before 3.0.1.6 iFix 1, and 4.x before 4.0.5, as used in Rational T…

CVSS: 3.5 CWE: CWE-79

Medium

CVE-2012-3047

Cross-site scripting (XSS) vulnerability in the web-wizard setup page on Cisco Scientific Atlanta D20 and D30 cable modems allows remote attackers to inject arbitrary web script or HTML via unspecifi…

CVSS: 4.3 CWE: CWE-79

Low

CVE-2013-6237

The ISL Desktop plugin for Windows before 1.4.7 for ISL Light 3.5.4 and earlier allows remote authenticated users to obtain sensitive information by pasting the clipboard contents that have been copi…

CVSS: 3.5 CWE: CWE-200

Medium

CVE-2013-6224

Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a name in the call administrator feature, (2) uns…

CVSS: 4.3 CWE: CWE-79

Critical

CVE-2013-3623

Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 gene…

CVSS: 10.0 CWE: CWE-119

Critical

CVE-2013-3622

Buffer overflow in logout.cgi in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allows remote authenticated users…

CVSS: 9.0 CWE: CWE-119