All CVEs — 2013 (Page 22/25)

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0

2013-02-24

Critical

CVE-2013-0113

Nuance PDF Reader 7.0 and PDF Viewer Plus 7.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document.

CVSS: 9.3 CWE: CWE-119

Medium

CVE-2013-0108

An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, and R410.2; SymmetrE R310, R410.1, and R410.2; ComfortPoint Open Manager (aka CPO-M)…

CVSS: 6.8 CWE: CWE-94

Critical

CVE-2012-6275

Multiple stack-based buffer overflows in AntDS.exe in BigAntSoft BigAnt IM Message Server allow remote attackers to have an unspecified impact via (1) the filename header in an SCH request or (2) the…

CVSS: 10.0 CWE: CWE-119

Medium

CVE-2012-6274

BigAntSoft BigAnt IM Message Server does not require authentication for file uploading, which allows remote attackers to create arbitrary files under AntServer\DocData\Public via unspecified vectors.

CVSS: 5.0 CWE: CWE-287

High

CVE-2012-6273

SQL injection vulnerability in BigAntSoft BigAnt IM Message Server allows remote attackers to execute arbitrary SQL commands via an SHU (aka search user) request.

CVSS: 7.5 CWE: CWE-89

Critical

CVE-2012-4708

Stack-based buffer overflow in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via a crafted packet.

CVSS: 10.0 CWE: CWE-119

Critical

CVE-2012-4707

3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors that trigger an out-of-bounds memory access.

CVSS: 10.0 CWE: CWE-94

Critical

CVE-2012-4705

Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors involving a crafted pathname.

CVSS: 10.0 CWE: CWE-22

Critical

CVE-2012-4704

Array index error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via a crafted packet.

CVSS: 10.0 CWE: CWE-20

Critical

CVE-2013-0804

The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via unspecif…

CVSS: 10.0 CWE: CWE-78

Critical

CVE-2012-0439

An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code via (1) a pointer argument to the Set…

CVSS: 9.3 CWE: CWE-94

2013-02-23

Medium

CVE-2013-0900

Race condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers…

CVSS: 6.8 CWE: CWE-362

Medium

CVE-2013-0899

Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and…

CVSS: 5.0 CWE: CWE-190

High

CVE-2013-0898

Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unsp…

CVSS: 7.5 CWE: CWE-416

Medium

CVE-2013-0897

Off-by-one error in the PDF functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service via a cr…

CVSS: 4.3 CWE: CWE-193

High

CVE-2013-0896

Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly manage memory during message handling for plug-ins, which allows remote attackers to cau…

CVSS: 7.5 CWE: CWE-119

High

CVE-2013-0895

Google Chrome before 25.0.1364.97 on Linux, and before 25.0.1364.99 on Mac OS X, does not properly handle pathnames during copy operations, which might make it easier for remote attackers to execute…

CVSS: 7.5 CWE: CWE-22

High

CVE-2013-0894

Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and L…

CVSS: 7.5 CWE: CWE-120

Medium

CVE-2013-0893

Race condition in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other…

CVSS: 6.8 CWE: CWE-362

High

CVE-2013-0891

Integer overflow in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified othe…

CVSS: 7.5 CWE: CWE-190

High

CVE-2013-0890

Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of servi…

CVSS: 7.5 CWE: CWE-787

Medium

CVE-2013-0889

Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly enforce a user gesture requirement before proceeding with a file download, which might m…

CVSS: 6.8 CWE: CWE-863

Medium

CVE-2013-0888

Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors rel…

CVSS: 5.0 CWE: CWE-125

High

CVE-2013-0887

The developer-tools process in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict privileges during interaction with a connected s…

CVSS: 7.5 CWE: CWE-732

High

CVE-2013-0885

Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict API privileges during interaction with the Chrome Web Store, which has unspecif…

CVSS: 7.5 CWE: CWE-732

Medium

CVE-2013-0883

Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via unspe…

CVSS: 5.0 CWE: CWE-787

High

CVE-2013-0882

Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect memory access) or possibly have unspecifie…

CVSS: 7.5 CWE: CWE-416

Medium

CVE-2013-0881

Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via crafted data in the Ma…

CVSS: 5.0 CWE: CWE-787

High

CVE-2013-0880

CVSS: 7.5 CWE: CWE-416

High

CVE-2013-0879

Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly implement web audio nodes, which allows remote attackers to cause a denial of service (m…

CVSS: 7.5 CWE: CWE-787

2013-02-22

High

CVE-2012-6326

VMware vCenter Server 4.1 before Update 3 and 5.0 before Update 2, and vCSA 5.0 before Update 2, allows remote attackers to cause a denial of service (disk consumption) via vectors that trigger large…

CVSS: 7.8 CWE: CWE-119

Medium

CVE-2013-0730

Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 4.x through 4.1.0 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) language parameter to app…

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2013-0310

The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux kernel before 3.4.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have u…

CVSS: 6.6 CWE: CWE-119

Medium

CVE-2013-0309

arch/x86/include/asm/pgtable.h in the Linux kernel before 3.6.2, when transparent huge pages are used, does not properly support PROT_NONE memory regions, which allows local users to cause a denial o…

CVSS: 4.7 CWE: CWE-119

Medium

CVE-2012-5536

A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat Enterprise Linux (RHEL) 6 and Fedora Rawhide calls the glibc error function instead of the error function in the OpenSSH codebase,…

CVSS: 6.2 CWE: CWE-20

2013-02-21

Low

CVE-2013-0478

Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 and 10.1 before FP1 and InfoSphere Master Data Management Server for Product Information…

CVSS: 3.5 CWE: CWE-79

Medium

CVE-2013-0477

Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 and 10.1 before FP1 and InfoSphere Master Data Management Server for Product…

CVSS: 6.0 CWE: CWE-79

2013-02-20

Low

CVE-2013-0466

Cross-site scripting (XSS) vulnerability in IBM WebSphere Message Broker 7.0 before 7.0.0.6 and 8.0 before 8.0.0.2, when wsdl support is enabled on a SOAPInput node, allows remote attackers to inject…

CVSS: 2.6 CWE: CWE-79

Low

CVE-2013-0457

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitr…

CVSS: 3.5 CWE: CWE-79

Medium

CVE-2012-5953

IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2, when the Parse Query Strings option is enabled on an HTTPInput node, allows remote attackers to cause a d…

CVSS: 4.3 CWE: CWE-119

Medium

CVE-2012-5952

IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2 does not validate Basic Authentication credentials before proceeding to WS-Addressing and WS-Security oper…

CVSS: 5.0 CWE: CWE-287

Low

CVE-2012-5941

Cross-site scripting (XSS) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote authenticated users to inject content, and conduct phishing attacks,…

CVSS: 3.5 CWE: CWE-79

Medium

CVE-2012-5940

The WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza, when SSL is not enabled, allows remote attackers to discover credentials by sniffing the network during the authentication pro…

CVSS: 4.3 CWE: CWE-287

Medium

CVE-2012-5763

Cross-site request forgery (CSRF) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote attackers to hijack the authentication of unspecified victims…

CVSS: 6.8 CWE: CWE-352

Low

CVE-2012-5762

Cross-site scripting (XSS) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote authenticated users to inject arbitrary web script or HTML via vector…

CVSS: 3.5 CWE: CWE-79

Low

CVE-2012-5761

CVSS: 3.5 CWE: CWE-79

Medium

CVE-2012-5760

SQL injection vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CVSS: 6.5 CWE: CWE-89

Medium

CVE-2012-3328

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1, Maximo Asset Management Essentials 7.1, Tivoli Asset Management for IT 7.1 and 7.2, Tivoli Service Request Manager 7.1 and…

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2012-3327

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Ser…

CVSS: 4.3 CWE: CWE-79

Low

CVE-2012-3322

CVSS: 3.5 CWE: CWE-79

Low

CVE-2012-3316

Cross-site scripting (XSS) vulnerability in the Tivoli Process Automation Engine (TPAE) in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asse…

CVSS: 3.5 CWE: CWE-79

2013-02-19

Medium

CVE-2013-1125

The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Con…

CVSS: 6.8 CWE: CWE-20

Critical

CVE-2013-0782

Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before…

CVSS: 9.3 CWE: CWE-787

Critical

CVE-2013-0781

Use-after-free vulnerability in the nsPrintEngine::CommonPrint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitra…

CVSS: 9.3 CWE: CWE-416

Critical

CVE-2013-0780

Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x befo…

CVSS: 9.3 CWE: CWE-416

Critical

CVE-2013-0779

The nsCodingStateMachine::NextState function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial o…

CVSS: 9.3 CWE: CWE-125

Critical

CVE-2013-0778

The ClusterIterator::NextCluster function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of s…

CVSS: 9.3 CWE: CWE-125

Critical

CVE-2013-0777

Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arb…

CVSS: 9.3 CWE: CWE-416

Medium

CVE-2013-0776

Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the ad…

CVSS: 4.0 CWE: CWE-295

Critical

CVE-2013-0775

Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x bef…

CVSS: 9.3 CWE: CWE-416

Medium

CVE-2013-0772

The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory…

CVSS: 5.8 CWE: CWE-119

Medium

CVE-2013-0290

The __skb_recv_datagram function in net/core/datagram.c in the Linux kernel before 3.8 does not properly handle the MSG_PEEK flag with zero-length data, which allows local users to cause a denial of…

CVSS: 4.9 CWE: CWE-20

High

CVE-2012-6354

The management GUI on the IBM SAN Volume Controller and Storwize V7000 6.x before 6.4.1.3 allows remote attackers to bypass authentication and obtain superuser access via IP packets.

CVSS: 7.5 CWE: CWE-287

2013-02-18

Medium

CVE-2012-6533

Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 on Windows XP and Server 2003 allows local users to gain privileges via a crafted application.

CVSS: 4.4 CWE: CWE-119

Medium

CVE-2012-4352

Multiple cross-site scripting (XSS) vulnerabilities in Stoneware webNetwork 6.1 before SP1 allow remote attackers to inject arbitrary web script or HTML via the blogName parameter to (1) community/bl…

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2013-0871

Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by…

CVSS: 6.9 CWE: CWE-362

Medium

CVE-2013-0216

The Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (loop) by triggering ring pointer corruption.

CVSS: 5.2 CWE: CWE-20

Low

CVE-2013-0160

The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device.

CVSS: 2.1 CWE: CWE-200

Low

CVE-2012-4530

The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory v…

CVSS: 2.1 CWE: CWE-200

Medium

CVE-2012-4398

The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 does not set a certain killable attribute, which allows local users to cause a denial of service (memory consumption) via…

CVSS: 4.9 CWE: CWE-20

2013-02-16

Medium

CVE-2013-0272

Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header.

CVSS: 6.8 CWE: CWE-119

2013-02-15

Critical

CVE-2013-1405

VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3…

CVSS: 10.0 CWE: CWE-287

Medium

CVE-2013-1128

Multiple cross-site request forgery (CSRF) vulnerabilities in the server in Cisco Unified MeetingPlace before 7.1(2.2000) allow remote attackers to hijack the authentication of unspecified victims vi…

CVSS: 6.8 CWE: CWE-352

Medium

CVE-2013-1123

Multiple cross-site scripting (XSS) vulnerabilities in the server in Cisco Unified MeetingPlace 7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug I…

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2013-0705

Directory traversal vulnerability in LSI 3ware Disk Manager (3DM) before 2 allows remote attackers to read arbitrary files via unspecified vectors.

CVSS: 5.0 CWE: CWE-22

Medium

CVE-2013-0704

Directory traversal vulnerability in the GREE application before 1.3.3 for Android allows remote attackers to obtain sensitive information via a crafted URL, which is not properly handled during inte…

CVSS: 4.3 CWE: CWE-200

Medium

CVE-2013-0703

Cross-site scripting (XSS) vulnerability in imgboard.com imgboard before 1.22R6.1 u and 20xx before 2010u allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79

Critical

CVE-2013-0658

Heap-based buffer overflow in RFManagerService.exe in Schneider Electric Accutech Manager 2.00.1 and earlier allows remote attackers to execute arbitrary code via a crafted HTTP request.

CVSS: 10.0 CWE: CWE-119

Medium

CVE-2012-4712

Moxa EDR-G903 series routers with firmware before 2.11 have a hardcoded account, which allows remote attackers to obtain unspecified device access via unknown vectors.

CVSS: 5.0 CWE: CWE-798

Critical

CVE-2012-4711

Buffer overflow in kingMess.exe 65.20.2003.10300 in WellinTech KingView 6.52, kingMess.exe 65.20.2003.10400 in KingView 6.53, and kingMess.exe 65.50.2011.18049 in KingView 6.55 allows remote attacker…

CVSS: 10.0 CWE: CWE-119

Critical

CVE-2012-4701

Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to read sensitive files, and consequently execute arbitrary code, by leveraging (1) valid credentials…

CVSS: 9.3 CWE: CWE-22

2013-02-14

Medium

CVE-2013-1402

DigiLIBE 3.4 and possibly other versions sends a redirect but does not exit, which allows remote attackers to obtain sensitive configuration information via a direct request to configuration/general_…

CVSS: 5.0 CWE: CWE-200

Low

CVE-2012-5564

android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users to overwrite arbitrary files via a symlink attack on /tmp/adb.log.

CVSS: 3.3 CWE: CWE-59

Medium

CVE-2013-0702

Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 3.5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2013-0701

SQL injection vulnerability in Cybozu Garoon 2.5.0 through 3.5.3 allows remote authenticated users to execute arbitrary SQL commands by leveraging a logging privilege.

CVSS: 6.0 CWE: CWE-89

High

CVE-2013-0641

Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in…

CVSS: 7.8 CWE: CWE-120

High

CVE-2013-0640

Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted…

CVSS: 7.8 CWE: CWE-787

2013-02-13

Medium

CVE-2013-1122

Cisco NX-OS on the Nexus 7000, when a certain Overlay Transport Virtualization (OTV) configuration is used, allows remote attackers to cause a denial of service (M1-Series module reload) via crafted…

CVSS: 5.0 CWE: CWE-20

Medium

CVE-2013-1114

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527.

CVSS: 4.3 CWE: CWE-79

Critical

CVE-2013-0636

Stack-based buffer overflow in Adobe Shockwave Player before 12.0.0.112 allows attackers to execute arbitrary code via unspecified vectors.

CVSS: 10.0 CWE: CWE-119

Critical

CVE-2013-0635

Adobe Shockwave Player before 12.0.0.112 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

CVSS: 10.0 CWE: CWE-119

Medium

CVE-2012-6531

(1) Zend_Dom, (2) Zend_Feed, and (3) Zend_Soap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbi…

CVSS: 6.4 CWE: CWE-20

Critical

CVE-2012-3363

Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connec…

CVSS: 9.1 CWE: CWE-611

High

CVE-2013-1279

Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Serve…

CVSS: 7.2 CWE: CWE-362

High

CVE-2013-1278

CVSS: 7.4 CWE: CWE-362

Medium

CVE-2013-1277

Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold an…

CVSS: 4.9 CWE: CWE-362

Medium

CVE-2013-1276

CVSS: 4.9 CWE: CWE-362

High

CVE-2013-1275

CVSS: 7.0 CWE: CWE-362

Medium

CVE-2013-1274

CVSS: 4.9 CWE: CWE-362

Medium

CVE-2013-1273

CVSS: 4.9 CWE: CWE-362

Medium

CVE-2013-1272

CVSS: 4.9 CWE: CWE-362

Medium

CVE-2013-1271

CVSS: 4.9 CWE: CWE-362

Medium

CVE-2013-1270

CVSS: 4.9 CWE: CWE-362

Medium

CVE-2013-1269

CVSS: 4.9 CWE: CWE-362

Medium

CVE-2013-1268

CVSS: 4.9 CWE: CWE-362

Medium

CVE-2013-1267

CVSS: 4.9 CWE: CWE-362

Medium

CVE-2013-1266

CVSS: 4.9 CWE: CWE-362

High

CVE-2013-1265

CVSS: 7.0 CWE: CWE-362

Medium

CVE-2013-1264

CVSS: 4.9 CWE: CWE-362

Medium

CVE-2013-1263

CVSS: 4.9 CWE: CWE-362

Medium

CVE-2013-1262

CVSS: 4.9 CWE: CWE-362

Medium

CVE-2013-1261

CVSS: 4.9 CWE: CWE-362

Medium

CVE-2013-1260

CVSS: 4.9 CWE: CWE-362

Medium

CVE-2013-1259

CVSS: 4.9 CWE: CWE-362

Medium

CVE-2013-1258

CVSS: 4.9 CWE: CWE-362

Medium

CVE-2013-1257

CVSS: 4.9 CWE: CWE-362

Medium

CVE-2013-1256

CVSS: 4.9 CWE: CWE-362

Medium

CVE-2013-1255

CVSS: 4.9 CWE: CWE-362

Medium

CVE-2013-1254

CVSS: 4.9 CWE: CWE-362

High

CVE-2013-1253

CVSS: 7.0 CWE: CWE-362