Skip to main content
CVE-2013-3163 HIGH POC KEV PATCH THREAT Act Now

Internet Explorer 8 through 10 contain a memory corruption vulnerability allowing remote code execution via crafted websites, used in targeted attacks against defense and aerospace organizations in 2013.

Buffer Overflow Memory Corruption Denial Of Service RCE Microsoft
NVD Exploit-DB VulDB
CVSS 3.1
8.8
EPSS
82.9%
Threat
9.2
CVE-2013-1966 CRITICAL POC PATCH THREAT Act Now

Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 91.1%.

Code Injection Apache RCE Struts
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
91.1%
Threat
6.1
CVE-2013-2115 HIGH POC PATCH THREAT Act Now

Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 87.6%.

Code Injection Apache RCE Struts
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
87.6%
Threat
5.7
CVE-2013-1965 CRITICAL POC PATCH THREAT Act Now

Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 91.8%.

Code Injection Apache RCE Struts Struts2 Showcase
NVD
CVSS 2.0
9.3
EPSS
91.8%
Threat
6.1
CVE-2013-1868 CRITICAL POC THREAT Emergency

Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to the (1) freetype. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 50.7%.

Buffer Overflow Denial Of Service RCE Vlc Media Player
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
50.7%
Threat
4.9
CVE-2013-3178 CRITICAL Emergency

Microsoft Silverlight 5 before 5.1.20513.0 does not properly initialize arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 59.0% and no vendor patch available.

Code Injection Denial Of Service Microsoft RCE Silverlight
NVD
CVSS 2.0
9.3
EPSS
59.0%
CVE-2013-3134 CRITICAL Emergency

The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of structures, which allows remote attackers to. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 57.7% and no vendor patch available.

Code Injection Microsoft RCE Net Framework
NVD
CVSS 2.0
9.3
EPSS
57.7%
CVE-2013-3174 CRITICAL POC THREAT Emergency

DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 34.9%.

Code Injection Microsoft RCE Windows 7 Windows 8 +5
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
34.9%
Threat
4.4
CVE-2013-3131 CRITICAL Emergency

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 54.7% and no vendor patch available.

Code Injection Microsoft RCE Net Framework Silverlight
NVD
CVSS 2.0
9.3
EPSS
54.7%
CVE-2013-1300 HIGH POC THREAT Act Now

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 27.2%.

Privilege Escalation Microsoft Windows 7 Windows 8 Windows Rt +5
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
27.2%
CVE-2013-3143 CRITICAL POC THREAT Emergency

Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 31.0%.

Denial Of Service Buffer Overflow Code Injection Microsoft RCE +1
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
31.0%
Threat
4.3
CVE-2013-3115 CRITICAL POC THREAT Emergency

Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 26.1%.

Buffer Overflow Denial Of Service Microsoft RCE Internet Explorer
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
26.1%
Threat
4.1
CVE-2013-3129 HIGH Act Now

Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 51.7% and no vendor patch available.

Code Injection Microsoft RCE Net Framework Lync +12
NVD
CVSS 3.1
7.8
EPSS
51.7%
CVE-2013-3127 CRITICAL Emergency

The Microsoft WMV video codec in wmv9vcm.dll, wmvdmod.dll in Windows Media Format Runtime 9 and 9.5, and wmvdecod.dll in Windows Media Format Runtime 11 and Windows Media Player 11 and 12 allows. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 35.5% and no vendor patch available.

Code Injection Microsoft RCE Windows Media Format Runtime Windows Media Player
NVD
CVSS 2.0
9.3
EPSS
35.5%
CVE-2013-3164 CRITICAL POC THREAT Emergency

Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 15.4%.

Denial Of Service Buffer Overflow Code Injection Microsoft RCE +1
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
15.4%
CVE-2013-3152 CRITICAL POC THREAT Emergency

Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 15.4%.

Denial Of Service Buffer Overflow Code Injection Microsoft RCE +1
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
15.4%
CVE-2013-3146 CRITICAL POC THREAT Emergency

Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 15.4%.

Denial Of Service Buffer Overflow Code Injection Microsoft RCE +1
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
15.4%
CVE-2013-2784 HIGH POC THREAT Act Now

Triangle Research International (aka Tri) Nano-10 PLC devices with firmware before r81 use an incorrect algorithm for bounds checking of data in Modbus/TCP packets, which allows remote attackers to. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 22.7%.

Denial Of Service Nano 10 Plc Firmware Nano 10 Plc
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
22.7%
CVE-2013-1896 MEDIUM POC THREAT This Month

mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 38.6%.

Denial Of Service Apache Http Server Jboss Enterprise Application Platform Enterprise Linux Desktop +7
NVD
CVSS 2.0
4.3
EPSS
38.6%
CVE-2013-3162 CRITICAL POC THREAT Emergency

Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.0%.

Denial Of Service Buffer Overflow Code Injection Microsoft RCE +1
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
11.0%
CVE-2013-3153 CRITICAL POC THREAT Emergency

Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.0%.

Denial Of Service Buffer Overflow Code Injection Microsoft RCE +1
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
11.0%
CVE-2013-3150 CRITICAL POC THREAT Emergency

Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.0%.

Denial Of Service Buffer Overflow Code Injection Microsoft RCE +1
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
11.0%
CVE-2013-3149 CRITICAL POC THREAT Emergency

Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.0%.

Denial Of Service Buffer Overflow Code Injection Microsoft RCE +1
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
11.0%
CVE-2013-3148 CRITICAL POC THREAT Emergency

Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.0%.

Denial Of Service Buffer Overflow Code Injection Microsoft RCE +1
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
11.0%
CVE-2013-3147 CRITICAL POC THREAT Emergency

Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.0%.

Denial Of Service Buffer Overflow Code Injection Microsoft RCE +1
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
11.0%
CVE-2013-3145 CRITICAL POC THREAT Emergency

Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.0%.

Denial Of Service Buffer Overflow Code Injection Microsoft RCE +1
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
11.0%
CVE-2013-3161 CRITICAL POC Act Now

Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Code Injection Microsoft RCE +1
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
9.4%
CVE-2013-3151 CRITICAL POC Act Now

Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Code Injection Microsoft RCE +1
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
8.4%
CVE-2013-3144 CRITICAL POC Act Now

Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Code Injection Microsoft RCE +1
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
8.4%
CVE-2013-3166 MEDIUM POC THREAT This Month

Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML via vectors involving incorrect auto-selection of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 18.0%.

Microsoft XSS Internet Explorer
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
18.0%
CVE-2013-3348 CRITICAL PATCH Act Now

Adobe Shockwave Player before 12.0.3.133 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Adobe Denial Of Service RCE Shockwave Player
NVD
CVSS 2.0
10.0
EPSS
9.2%
CVE-2013-3347 CRITICAL PATCH Act Now

Integer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe Google Microsoft RCE Flash Player
NVD
CVSS 2.0
10.0
EPSS
8.0%
CVE-2013-3344 CRITICAL PATCH Act Now

Heap-based buffer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Google Buffer Overflow Adobe Microsoft RCE +1
NVD
CVSS 2.0
10.0
EPSS
7.9%
CVE-2013-3345 CRITICAL PATCH Act Now

Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Denial Of Service Buffer Overflow Adobe Microsoft +2
NVD
CVSS 2.0
10.0
EPSS
7.5%
CVE-2013-1954 MEDIUM POC This Month

The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service RCE Vlc Media Player
NVD
CVSS 2.0
6.8
EPSS
2.3%
CVE-2013-3171 CRITICAL Act Now

The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection Microsoft RCE Net Framework
NVD
CVSS 2.0
9.3
EPSS
8.6%
CVE-2013-3133 CRITICAL Act Now

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection Microsoft RCE Net Framework
NVD
CVSS 2.0
9.3
EPSS
8.6%
CVE-2013-3132 CRITICAL Act Now

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection Microsoft RCE Net Framework
NVD
CVSS 2.0
9.3
EPSS
7.1%
CVE-2013-3245 MEDIUM POC This Month

plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service RCE Vlc Media Player
NVD
CVSS 3.1
6.3
EPSS
1.9%
CVE-2013-3350 CRITICAL PATCH Act Now

Adobe ColdFusion 10 before Update 11 allows remote attackers to call ColdFusion Components (CFC) public methods via WebSockets. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe Information Disclosure Coldfusion
NVD
CVSS 2.0
10.0
EPSS
1.7%
CVE-2013-2352 CRITICAL Act Now

LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Authentication Bypass San Iq
NVD
CVSS 2.0
9.4
EPSS
2.3%
CVE-2013-2870 CRITICAL Act Now

Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote servers to execute arbitrary code via crafted response traffic after a URL request. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Google RCE Chrome Debian Linux
NVD
CVSS 2.0
9.3
EPSS
1.7%
CVE-2013-1340 HIGH This Week

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Windows 7 Windows 8 Windows Rt +5
NVD
CVSS 3.1
8.4
EPSS
1.0%
CVE-2012-5855 MEDIUM POC This Month

The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Vlc Media Player
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-1345 HIGH This Week

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Windows 7 Windows 8 Windows Rt +5
NVD
CVSS 2.0
7.2
EPSS
3.1%
CVE-2013-2871 HIGH This Week

Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome
NVD
CVSS 2.0
7.5
EPSS
1.5%
CVE-2013-3173 HIGH This Week

Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8,. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Windows 7 Windows 8 Windows Rt +5
NVD
CVSS 2.0
7.2
EPSS
2.6%
CVE-2013-2873 HIGH This Week

Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a 404 HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Debian Linux Chrome
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2013-3154 MEDIUM This Month

The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan. Rated medium severity (CVSS 6.9). No vendor patch available.

Privilege Escalation Microsoft Windows Defender Windows 7 Windows Server 2008
NVD
CVSS 2.0
6.9
EPSS
3.8%
CVE-2013-2867 HIGH This Week

Google Chrome before 28.0.1500.71 does not properly prevent pop-under windows, which allows remote attackers to have an unspecified impact via a crafted web site. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Google Microsoft Chrome Debian Linux
NVD
CVSS 2.0
7.5
EPSS
0.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy