CVE Daily
← All tags

Tag: Remote Code Execution

All CVEs associated with "Remote Code Execution". Page 264/346 • 41416 CVEs.

Subscribe CVEs: RSS for “Remote Code Execution”  ·  RSS (High+Critical only)

About “Remote Code Execution”

A curated feed of “Remote Code Execution”-related CVEs appears below. We currently track 41416 CVEs for this tag (all time). In the last 365 days, 4748 were published. Average CVSS is 8.3 (all time; 8.2 over 365d), and 86% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-94 - Improper Control of Generation of Code ('Code Injection'), CWE-434 - Unrestricted Upload of File with Dangerous Type, CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection').

In our taxonomy this topic maps to a VERY HIGH impact class. Common exploitation patterns for this weakness can lead to very high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2013-12-11
Medium

CVE-2013-3900

Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update the Security Updates table and to inform customers that the EnableCertPaddingCh…

CVSS: 5.5 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
2013-12-10
Critical

CVE-2013-3623

Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 gene…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2013-3622

Buffer overflow in logout.cgi in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allows remote authenticated users…

CVSS: 9.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2013-5447

Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary code via an XFDL form with a long fontname value.

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2013-4408

Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote…

CVSS: 8.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2013-12-09
Medium

CVE-2013-6427

upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary co…

CVSS: 6.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2013-4376

The setgid wrapper libx2go-server-db-sqlite3-wrapper.c in X2Go Server before 4.0.0.2 allows remote attackers to execute arbitrary code via unspecified vectors, related to the path to libx2go-server-d…

CVSS: 7.5 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2011-4351

Buffer overflow in FFmpeg before 0.5.6, 0.6.x before 0.6.4, 0.7.x before 0.7.8, and 0.8.x before 0.8.8 allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2013-12-07
Medium

CVE-2013-6385

The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote att…

CVSS: 5.1 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2013-12-04
Critical

CVE-2013-6935

Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the SourcePath value in a .wcf file.

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2013-6029

Stack-based buffer overflow in the AT&T Connect Participant Application before 9.5.51 on Windows allows remote attackers to execute arbitrary code via a malformed .SVT file.

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2013-6937

Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the name attribute of the cols element in a .wstyle file.

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2013-12-02
Critical

CVE-2012-6535

DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a…

CVSS: 9.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2013-11-29
High

CVE-2013-4844

Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, 9.31, and 9.32, and ServiceCenter 6.2.8, allows remote attackers to execute arbitrary code via unknown vectors.

CVSS: 7.5 CWE: N/A View on NVD
2013-11-28
Critical

CVE-2013-5912

VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 build 2995 allows remote attackers to execute arbitrary code via a URL in the fileName parameter during an importFile action.

CVSS: 10.0 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2013-11-26
Critical

CVE-2013-6874

Stack-based buffer overflow in Vortex Light Alloy before 4.7.4 allows remote attackers to execute arbitrary code via a long URL in a .m3u file.

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2013-11-24
Critical

CVE-2013-5458

Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6 allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS: 9.3 CWE: N/A View on NVD
Critical

CVE-2013-5457

Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS: 9.3 CWE: N/A View on NVD
Critical

CVE-2013-5456

The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0 before SR6 allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code via vectors related to des…

CVSS: 9.3 CWE: N/A View on NVD
2013-11-23
Medium

CVE-2013-4164

Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial o…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2013-6866

SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via un…

CVSS: 9.0 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Critical

CVE-2013-6865

SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code…

CVSS: 9.0 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2013-4473

Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary c…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2013-11-20
Critical

CVE-2013-6820

Unrestricted file upload vulnerability in the SAP NetWeaver Development Infrastructure (NWDI) allows remote attackers to execute arbitrary code by uploading a file with an executable extension via un…

CVSS: 9.3 CWE: N/A View on NVD
Medium

CVE-2013-6817

Heap-based buffer overflow in SAP Network Interface Router (SAProuter) 7.30 allows remote attackers to cause a denial of service and execute arbitrary code via crafted NI Route messages.

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2013-11-18
Critical

CVE-2013-6632

Integer overflow in Google Chrome before 31.0.1650.57 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as demonstrated durin…

CVSS: 9.3 CWE: CWE-189 View on NVD
Medium

CVE-2013-2114

Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19 through 1.19.6 and 1.20.x before 1.20.6 allows remote attackers to execute arbitrary code by uploading a file with an…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2013-1057

Untrusted search path vulnerability in maas-import-pxe-files in MAAS before 13.10 allows local users to execute arbitrary code via a Trojan horse import_pxe_files configuration file in the current wo…

CVSS: 4.4 CWE: CWE-20 - Improper Input Validation View on NVD
2013-11-13
Critical

CVE-2013-5990

Unspecified vulnerability in JustSystems Ichitaro 2006 through 2011; Ichitaro Government 6, 7, and 2006 through 2010; Ichitaro 2011 Sou; Ichitaro 2012 Shou; Ichitaro 2013 Gen and Gen Trial Edition; I…

CVSS: 9.3 CWE: N/A View on NVD
Critical

CVE-2013-2931

Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.48 allow attackers to execute arbitrary code or possibly have other impact via unknown vectors.

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2013-5330

Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows and Mac OS X and before 11.2.202.327 on Linux, Adobe AIR before 3.9.0.1210, Adobe AIR SDK before 3.9.0.1210…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2013-5329

Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows and Mac OS X and before 11.2.202.327 on Linux, Adobe AIR before 3.9.0.1210, Adobe AIR SDK before 3.9.0.1210…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2013-3940

Integer overflow in the Graphics Device Interface (GDI) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8,…

CVSS: 9.3 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Critical

CVE-2013-3917

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2013-3916

Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2013-3915

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2013-3914

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2013-3912

Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2013-3911

Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruptio…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2013-3910

Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrup…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2013-3898

Microsoft Windows 8 and Windows Server 2012, when Hyper-V is used, does not ensure memory-address validity, which allows guest OS users to execute arbitrary code in all guest OS instances, and allows…

CVSS: 7.9 CWE: CWE-264 View on NVD
Critical

CVE-2013-1325

Heap-based buffer overflow in Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "Word Heap Overwrite Vulnera…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2013-1324

Stack-based buffer overflow in Microsoft Office 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) fil…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2013-0082

Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "WPD File Format Memory Corruption Vulnerability."

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2013-11-12
High

CVE-2013-3918

The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2013-11-06
High

CVE-2013-3906

GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remo…

CVSS: 7.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2013-11-05
High

CVE-2013-6172

steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the _session parameter, which can be leveraged to read…

CVSS: 7.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2013-11-04
Medium

CVE-2013-6366

The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote authenticated administrators to execute arbitrary code via a Runtime.getRuntime().exec call.

CVSS: 6.5 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Medium

CVE-2013-5559

Buffer overflow in the Active Template Library (ATL) framework in the VPNAPI COM module in Cisco AnyConnect Secure Mobility Client 2.x allows user-assisted remote attackers to execute arbitrary code…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2013-4838

Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1850.

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2013-4837

Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832.

CVSS: 10.0 CWE: N/A View on NVD
High

CVE-2013-4836

Unspecified vulnerability in the GossipService SOAP Request implementation in the Synchronizer component before 1.4.2 in HP Application LifeCycle Management (ALM) allows remote attackers to execute a…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2013-4835

The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd me…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2013-4834

Unspecified vulnerability in the client component in HP Application LifeCycle Management (ALM) before 11 p11 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1327.

CVSS: 7.5 CWE: N/A View on NVD
2013-10-30
Critical

CVE-2013-5604

The txXPathNodeUtils::getBaseURI function in the XSLT processor in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x bef…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2013-5603

Use-after-free vulnerability in the nsContentUtils::ContentIsHostIncludingDescendantOf function in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey be…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2013-5602

The Worker::SetEventListener function in the Web workers implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2013-5601

Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thu…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2013-5600

Use-after-free vulnerability in the nsIOService::NewChannelFromURIWithProxyFlags function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2013-5599

Use-after-free vulnerability in the nsIPresShell::GetPresContext function in the PresShell (aka presentation shell) implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2013-5597

Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird…

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-2013-5596

The cycle collection (CC) implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for re…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2013-5592

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exe…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2013-5591

Unspecified vulnerability in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to cause a den…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2013-5590

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 1…

CVSS: 10.0 CWE: N/A View on NVD
2013-10-28
High

CVE-2013-4391

Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large…

CVSS: 7.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2012-6303

Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote attackers to cause a denial of service (crash…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2010-1159

Multiple heap-based buffer overflows in Aircrack-ng before 1.1 allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) large length value in an EAPOL packet o…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2013-10-26
Medium

CVE-2013-5914

Buffer overflow in the ssl_read_record function in ssl_tls.c in PolarSSL before 1.1.8, when using TLS 1.1, might allow remote attackers to execute arbitrary code via a long packet.

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2013-6284

Unspecified vulnerability in the Statutory Reporting for Insurance (FS_SR) component in the Financial Services module for SAP ERP Central Component (ECC) allows attackers to execute arbitrary code vi…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2011-4106

TimThumb (timthumb.php) before 2.0 does not validate the entire source with the domain white list, which allows remote attackers to upload and execute arbitrary code via a URL containing a white-list…

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
2013-10-25
High

CVE-2013-6283

VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a URL in a m3u file.

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2013-4465

Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file…

CVSS: 4.6 CWE: N/A View on NVD
2013-10-24
Medium

CVE-2013-5170

Buffer underflow in CoreGraphics in Apple Mac OS X before 10.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2013-5135

Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers…

CVSS: 7.5 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
Critical

CVE-2013-6245

Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3. 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to…

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-2013-3244

Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM_PPB function in the Project System (PS-IS) module for SAP ERP Central Component (ECC) allow remote attackers to execute arbitrary cod…

CVSS: 6.0 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2013-10-19
Critical

CVE-2013-6021

Buffer overflow in WGagent in WatchGuard WSM and Fireware before 11.8 allows remote attackers to execute arbitrary code via a long sessionid value in a cookie.

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2013-10-17
Medium

CVE-2013-6013

Buffer overflow in the flow daemon (flowd) in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7-S2, 12.1.X44 before 12.1X44-D15, 12.1X45 before 12.1X45-D10 on SRX devices, when using telnet pass-…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2013-4397

Multiple integer overflows in the th_read function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1…

CVSS: 6.8 CWE: CWE-189 View on NVD
Medium

CVE-2013-4371

Use-after-free vulnerability in the libxl_list_cpupool function in the libxl toolstack library in Xen 4.2.x and 4.3.x, when running "under memory pressure," returns the original pointer when the real…

CVSS: 4.4 CWE: CWE-399 View on NVD
Medium

CVE-2013-4370

The ocaml binding for the xc_vcpu_getaffinity function in Xen 4.2.x and 4.3.x frees certain memory that may still be intended for use, which allows local users to cause a denial of service (heap corr…

CVSS: 4.6 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2013-10-16
Low

CVE-2013-5791

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors relat…

CVSS: 1.5 CWE: N/A View on NVD
High

CVE-2013-4830

HP Service Manager 9.30 through 9.32 allows remote attackers to execute arbitrary code via an unspecified "injection" approach.

CVSS: 7.5 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2013-10-13
Critical

CVE-2013-4822

Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to execute arbitrary code via un…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2013-4804

Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch 1 and 9.22 patch 1 allows remote attackers to execute arbitrary code and obtain sensitive information via unknown vectors.

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2013-2366

Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch 1 and 9.22 patch 1 allows remote attackers to execute arbitrary code and obtain sensitive information via unknown vectors, aka ZD…

CVSS: 10.0 CWE: N/A View on NVD
2013-10-11
High

CVE-2013-6079

Buffer overflow in MostGear Soft Easy LAN Folder Share 3.2.0.100 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in the (1) r…

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2013-4388

Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute ar…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2013-10-10
Medium

CVE-2013-4396

Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon…

CVSS: 6.5 CWE: CWE-399 View on NVD
2013-10-09
Medium

CVE-2013-4237

sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execut…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2012-4424

Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execut…

CVSS: 5.1 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2012-4412

Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary…

CVSS: 7.5 CWE: CWE-189 View on NVD
Critical

CVE-2013-5327

MDBMS.dll in Adobe RoboHelp 10 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2013-4385

Buffer overflow in the "read-string!" procedure in the "extras" unit in CHICKEN stable before 4.8.0.5 and development snapshots before 4.8.3 allows remote attackers to cause a denial of service (memo…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2013-4258

Format string vulnerability in the osLogMsg function in server/os/aulog.c in Network Audio System (NAS) 1.9.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitra…

CVSS: 7.5 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
Medium

CVE-2013-4256

Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1.9.3 allow local users to cause a denial of service (crash) or possibly execute arbitrary code via the (1) display…

CVSS: 4.6 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2013-3897

Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (mem…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2013-3894

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows…

CVSS: 8.1 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Critical

CVE-2013-3892

Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Memory Corruption Vulnerability."

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2013-3891

Microsoft Word 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Memory Corruption Vulnerability."

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2013-3890

Microsoft Excel 2007 SP3, Excel Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Excel Memory Corruption Vulner…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2013-3889

Microsoft Excel 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; Office Compatibility Pack SP3; and Excel Servic…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2013-3886

Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruptio…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2013-3885

Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2013-3882

Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2013-3875

Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2013-3874

Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulne…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2013-3873

Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2013-3872

Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln…

CVSS: 9.3 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2013-3871

Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2013-3200

The USB drivers in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Serve…

CVSS: 7.2 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Critical

CVE-2013-3195

The DSA_InsertItem function in Comctl32.dll in the Windows common control library in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows…

CVSS: 10.0 CWE: CWE-399 View on NVD
Critical

CVE-2013-3128

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows…

CVSS: 9.3 CWE: N/A View on NVD
2013-10-05
Critical

CVE-2013-2808

Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2013-10-04
Medium

CVE-2013-4986

Stack-based buffer overflow in PDFAX0722_IconCool.dll 7.22.1125.2121 in IconCool PDFCool Studio 3.32 Build 130330 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file.

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2013-4758

Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows r…

CVSS: 6.8 CWE: CWE-399 View on NVD
Medium

CVE-2013-2222

Multiple stack-based buffer overflows in GNU ZRTPCPP before 3.2.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ZRTP Hello packet to th…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2013-2221

Heap-based buffer overflow in the ZRtp::storeMsgTemp function in GNU ZRTPCPP before 3.2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2013-10-03
Critical

CVE-2013-0742

Stack-based buffer overflow in Corel PDF Fusion 1.11 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long ZIP directory entry name in an XPS f…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD