Skip to main content
CVE-2013-3940 CRITICAL PATCH Act Now

Integer overflow in the Graphics Device Interface (GDI) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 71.8%.

Denial Of Service Buffer Overflow Microsoft Integer Overflow RCE +10
NVD
CVSS 2.0
9.3
EPSS
71.8%
Threat
4.0
CVE-2013-1325 CRITICAL Emergency

Heap-based buffer overflow in Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "Word Heap Overwrite. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 57.2% and no vendor patch available.

Buffer Overflow Microsoft RCE Office
NVD
CVSS 2.0
9.3
EPSS
57.2%
CVE-2013-1324 CRITICAL Emergency

Stack-based buffer overflow in Microsoft Office 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 57.2% and no vendor patch available.

Buffer Overflow Microsoft RCE Office Office 2013 Rt
NVD
CVSS 2.0
9.3
EPSS
57.2%
CVE-2013-0082 CRITICAL Emergency

Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "WPD File Format Memory Corruption Vulnerability.". Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 53.2% and no vendor patch available.

Buffer Overflow Microsoft RCE Office
NVD
CVSS 2.0
9.3
EPSS
53.2%
CVE-2013-3917 CRITICAL Emergency

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 31.1% and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft RCE Internet Explorer
NVD
CVSS 2.0
9.3
EPSS
31.1%
CVE-2013-3916 CRITICAL Emergency

Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 31.1% and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft RCE Internet Explorer
NVD
CVSS 2.0
9.3
EPSS
31.1%
CVE-2013-3915 CRITICAL Act Now

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 27.9% and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft RCE Internet Explorer
NVD
CVSS 2.0
9.3
EPSS
27.9%
CVE-2013-3914 CRITICAL Act Now

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 27.9% and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft RCE Internet Explorer
NVD
CVSS 2.0
9.3
EPSS
27.9%
CVE-2013-3910 CRITICAL Act Now

Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 27.2% and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft RCE Internet Explorer
NVD
CVSS 2.0
9.3
EPSS
27.2%
CVE-2013-3912 CRITICAL Act Now

Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 20.3% and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft RCE Internet Explorer
NVD
CVSS 2.0
9.3
EPSS
20.3%
CVE-2013-3911 CRITICAL Act Now

Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 20.3% and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft RCE Internet Explorer
NVD
CVSS 2.0
9.3
EPSS
20.3%
CVE-2013-5329 CRITICAL PATCH Act Now

Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows and Mac OS X and before 11.2.202.327 on Linux, Adobe AIR before 3.9.0.1210, Adobe AIR SDK before. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.5%.

Denial Of Service Buffer Overflow Adobe Microsoft RCE +3
NVD
CVSS 2.0
10.0
EPSS
11.5%
CVE-2013-6621 HIGH POC This Week

Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google Denial Of Service Apple Opensuse Chrome +1
NVD
CVSS 2.0
7.5
EPSS
1.5%
CVE-2013-6357 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Apache Tomcat
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
1.3%
CVE-2013-2653 MEDIUM POC PATCH This Month

security/MemberLoginForm.php in SilverStripe 3.0.3 supports login using a GET request, which makes it easier for remote attackers to conduct phishing attacks without detection by the victim. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

PHP Information Disclosure Silverstripe
NVD GitHub Exploit-DB
CVSS 2.0
5.8
EPSS
5.7%
CVE-2013-3908 MEDIUM This Month

Microsoft Internet Explorer 6 through 10 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information from any visited document via a crafted web page that. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 32.4% and no vendor patch available.

Information Disclosure Microsoft Internet Explorer
NVD
CVSS 2.0
4.3
EPSS
32.4%
CVE-2013-5330 CRITICAL PATCH Act Now

Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows and Mac OS X and before 11.2.202.327 on Linux, Adobe AIR before 3.9.0.1210, Adobe AIR SDK before. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Adobe Microsoft RCE +3
NVD
CVSS 2.0
10.0
EPSS
2.9%
CVE-2013-6627 MEDIUM POC This Month

net/http/http_stream_parser.cc in Google Chrome before 31.0.1650.48 does not properly process HTTP Informational (aka 1xx) status codes, which allows remote web servers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Google Chrome
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
6.9%
CVE-2013-2931 CRITICAL Act Now

Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.48 allow attackers to execute arbitrary code or possibly have other impact via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google RCE Chrome
NVD
CVSS 2.0
10.0
EPSS
1.8%
CVE-2013-5990 CRITICAL PATCH Act Now

Unspecified vulnerability in JustSystems Ichitaro 2006 through 2011; Ichitaro Government 6, 7, and 2006 through 2010; Ichitaro 2011 Sou; Ichitaro 2012 Shou; Ichitaro 2013 Gen and Gen Trial Edition;. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

RCE Ichitaro Pro Ichitaro Portable With Oreplug Ichitaro Ichitaro Viewer
NVD
CVSS 2.0
9.3
EPSS
5.1%
CVE-2013-6789 MEDIUM POC PATCH This Month

security/MemberLoginForm.php in SilverStripe 3.0.3 supports credentials in a GET request, which allows remote or local attackers to obtain sensitive information by reading web-server access logs,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Information Disclosure Silverstripe
NVD GitHub
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-3909 MEDIUM This Month

Microsoft Internet Explorer 6 through 8 allows remote attackers to read content from a different (1) domain or (2) zone via crafted characters in Cascading Style Sheets (CSS) token sequences, aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 22.5% and no vendor patch available.

Information Disclosure Microsoft Internet Explorer
NVD
CVSS 2.0
4.3
EPSS
22.5%
CVE-2013-6780 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Yui
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2013-5328 HIGH This Week

Adobe ColdFusion 10 before Update 12 allows remote attackers to read arbitrary files via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Adobe Coldfusion
NVD
CVSS 2.0
7.8
EPSS
1.0%
CVE-2013-3898 HIGH This Week

Microsoft Windows 8 and Windows Server 2012, when Hyper-V is used, does not ensure memory-address validity, which allows guest OS users to execute arbitrary code in all guest OS instances, and allows. Rated high severity (CVSS 7.9). No vendor patch available.

Privilege Escalation Denial Of Service Microsoft RCE Windows Server 2012 +1
NVD
CVSS 2.0
7.9
EPSS
0.3%
CVE-2013-3905 MEDIUM This Month

Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does not properly expand metadata contained in S/MIME certificates, which allows remote attackers to obtain sensitive network. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 14.7% and no vendor patch available.

Information Disclosure Microsoft Outlook
NVD
CVSS 2.0
5.0
EPSS
14.7%
CVE-2013-6624 HIGH This Week

Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome
NVD
CVSS 2.0
7.5
EPSS
1.5%
CVE-2013-5568 HIGH This Week

The auto-update implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0.3.6 and earlier allows remote attackers to cause a denial of service (device reload) via crafted update data,. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software
NVD
CVSS 2.0
7.1
EPSS
0.3%
CVE-2013-6622 MEDIUM This Month

Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument function in core/html/HTMLMediaElement.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Chrome
NVD
CVSS 2.0
6.8
EPSS
1.6%
CVE-2013-6625 MEDIUM This Month

Use-after-free vulnerability in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service or possibly have unspecified. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Chrome
NVD
CVSS 2.0
6.8
EPSS
1.5%
CVE-2013-3869 MEDIUM PATCH This Month

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Microsoft Windows 7 Windows 8 Windows 8 1 +7
NVD
CVSS 2.0
5.0
EPSS
9.5%
CVE-2013-6684 MEDIUM This Month

The web framework on Cisco Wireless LAN Controller (WLC) devices does not properly validate configuration parameters, which allows remote authenticated users to cause a denial of service via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Wireless Lan Controller
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-6685 MEDIUM This Month

The firmware on Cisco Unified IP phones 8961, 9951, and 9971 uses weak permissions for memory block devices, which allows local users to gain privileges by mounting a device with a setuid file in its. Rated medium severity (CVSS 6.6). No vendor patch available.

Privilege Escalation Cisco Unified Ip Phone Firmware Unified Ip Phone 8961 Unified Ip Phone 9951 +1
NVD
CVSS 2.0
6.6
EPSS
0.1%
CVE-2013-6682 MEDIUM This Month

The phone-proxy implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0.3.6 and earlier does not properly validate X.509 certificates, which allows remote attackers to cause a denial. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2013-5552 MEDIUM This Month

Cisco IOS 12.4(24)MDB9 and earlier on Content Services Gateway (CSG) devices does not properly implement the "parse error drop" feature, which allows remote attackers to bypass intended access. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apple Cisco iOS Content Services Gateway
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2013-6683 MEDIUM This Month

The IPv6 implementation in Cisco NX-OS does not properly handle neighbor-table adjacencies, which allows remote attackers to cause a denial of service (NS processing outage) via a series of malformed. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Cisco Nx Os
NVD
CVSS 2.0
6.1
EPSS
0.8%
CVE-2013-5560 MEDIUM This Month

The IPv6 implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1.3 and earlier, when NAT64 or NAT66 is enabled, does not properly process NAT rules, which allows remote attackers to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software
NVD
CVSS 2.0
5.4
EPSS
0.6%
CVE-2013-4475 MEDIUM This Month

Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Samba Debian Linux Ubuntu Linux
NVD
CVSS 2.0
4.0
EPSS
6.9%
CVE-2013-3887 MEDIUM This Month

The Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1,. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 7 Windows 8 Windows Server 2003 +4
NVD
CVSS 2.0
4.9
EPSS
0.5%
CVE-2013-6623 MEDIUM This Month

The SVG implementation in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging the use of tree order, rather. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Google Chrome
NVD
CVSS 2.0
4.3
EPSS
1.6%
CVE-2013-6626 MEDIUM This Month

The WebContentsImpl::AttachInterstitialPage function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 31.0.1650.48 does not cancel JavaScript dialogs upon generating an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Google Chrome
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-6628 MEDIUM This Month

net/socket/ssl_client_socket_nss.cc in the TLS implementation in Google Chrome before 31.0.1650.48 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Google Chrome
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-5442 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Local Management Interface (LMI) in IBM Security Network Protection on XGS 5100 devices with firmware 5.1 before 5.1.0.6 and 5.1.1 before 5.1.1.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Security Network Protection Firmware Security Network Protection Xgs 5100
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-5450 MEDIUM This Month

IBM Security AppScan Enterprise 8.5 through 8.7.0.1, when Jazz authentication is enabled, allows man-in-the-middle attackers to obtain sensitive information or modify data by leveraging an improperly. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

IBM Authentication Bypass Security Appscan
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-5326 LOW Monitor

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 12, 9.0.1 before Update 11, 9.0.2 before Update 6, and 10 before Update 12, when the CFIDE directory is available,. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Adobe XSS Coldfusion
NVD
CVSS 2.0
3.5
EPSS
0.5%
CVE-2013-5378 LOW Monitor

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging incorrect IBM. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Websphere Portal
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-5379 LOW Monitor

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.x before 7.0.0.2 CF25 and 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Websphere Portal
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-5453 LOW Monitor

IBM Security AppScan Enterprise 5.6 through 8.7.0.1 allows remote authenticated users to read arbitrary report files by leveraging knowledge of filenames that cannot be easily predicted. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Security Appscan
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-4476 LOW Monitor

Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information. Rated low severity (CVSS 1.2). No vendor patch available.

Information Disclosure Samba
NVD
CVSS 2.0
1.2
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy