Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4858 | 1 Microsoft | 2 Windows Movie Maker, Windows Xp | 2013-12-30 | 4.3 MEDIUM | N/A |
| Microsoft Windows Movie Maker 2.1.4026.0 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) via a crafted .wav file, as demonstrated by movieMaker.wav. | |||||
| CVE-2013-0856 | 1 Ffmpeg | 1 Ffmpeg | 2013-12-27 | 9.3 HIGH | N/A |
| The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Apple Lossless Audio Codec (ALAC) data, related to a large nb_samples value. | |||||
| CVE-2013-2821 | 1 Novatech | 6 Orion5 Dnp Master, Orion5 Dnp Slave, Orion5r Dnp Master and 3 more | 2013-12-26 | 7.1 HIGH | N/A |
| NovaTech Orion Substation Automation Platform OrionLX DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier and Orion5/Orion5r DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier allow remote attackers to cause a denial of service (driver crash and process restart) via a crafted DNP3 TCP packet. | |||||
| CVE-2013-2822 | 1 Novatech | 6 Orion5 Dnp Master, Orion5 Dnp Slave, Orion5r Dnp Master and 3 more | 2013-12-26 | 4.7 MEDIUM | N/A |
| NovaTech Orion Substation Automation Platform OrionLX DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier and Orion5/Orion5r DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier allow physically proximate attackers to cause a denial of service (driver crash and process restart) via crafted input over a serial line. | |||||
| CVE-2013-7102 | 1 Optimizepress | 1 Optimizepress | 2013-12-24 | 6.8 MEDIUM | N/A |
| Multiple unrestricted file upload vulnerabilities in (1) media-upload.php, (2) media-upload-lncthumb.php, and (3) media-upload-sq_button.php in lib/admin/ in the OptimizePress theme before 1.61 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images_comingsoon, images_lncthumbs, or images_optbuttons in wp-content/uploads/optpress/, as exploited in the wild in November 2013. | |||||
| CVE-2013-3705 | 1 Novell | 1 Client | 2013-12-23 | 4.9 MEDIUM | N/A |
| The VBA32 AntiRootKit component for Novell Client 2 SP3 before IR5 on Windows allows local users to cause a denial of service (bugcheck and BSOD) via an IOCTL call for an invalid IOCTL. | |||||
| CVE-2013-4558 | 1 Apache | 2 Mod Dav Svn, Subversion | 2013-12-19 | 3.5 LOW | N/A |
| The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service (assertion failure and Apache process abort) via a non-canonical URL in a request, as demonstrated using a trailing /. | |||||
| CVE-2013-2814 | 1 Cooperindustries | 1 Dnp3 Master Opc Server | 2013-12-17 | 7.1 HIGH | N/A |
| Cooper Power Systems Cybectec DNP3 Master OPC Server allows remote attackers to cause a denial of service (unhandled exception and process crash) via unspecified vectors. | |||||
| CVE-2013-2816 | 1 Cooperindustries | 3 Smp 16 Gateway \(data Concentrator\), Smp 4\/dp Gateway \(data Concentrator\), Smp 4 Gateway \(data Concentrator\) | 2013-12-17 | 4.7 MEDIUM | N/A |
| The DNP3 component in Cooper Power Systems SMP 4, 4/DP, and 16 gateways allows physically proximate attackers to cause a denial of service (reboot or link outage) via crafted input over a serial line. | |||||
| CVE-2013-2813 | 1 Cooperindustries | 3 Smp 16 Gateway \(data Concentrator\), Smp 4\/dp Gateway \(data Concentrator\), Smp 4 Gateway \(data Concentrator\) | 2013-12-17 | 7.1 HIGH | N/A |
| The DNP3 component in Cooper Power Systems SMP 4, 4/DP, and 16 gateways allows remote attackers to cause a denial of service (reboot or link outage) via a crafted DNP3 TCP packet. | |||||
| CVE-2013-7000 | 1 Nowsms | 1 Now Sms \& Mms Gateway | 2013-12-12 | 4.3 MEDIUM | N/A |
| The Multimedia Messaging Centre (MMSC) in NowSMS Now SMS & MMS Gateway 2013.09.26 allows remote attackers to cause a denial of service via a malformed message to a MM4 connection. | |||||
| CVE-2013-7001 | 1 Nowsms | 1 Now Sms \& Mms Gateway | 2013-12-12 | 4.3 MEDIUM | N/A |
| The Multimedia Messaging Centre (MMSC) in NowSMS Now SMS & MMS Gateway before 2013.11.15 allows remote attackers to cause a denial of service via a malformed MM1 message that is routed to a (1) MM4 or (2) MM7 connection. | |||||
| CVE-2012-3485 | 1 Google | 1 Tunnelblick | 2013-12-12 | 7.2 HIGH | N/A |
| Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine the name of an appropriate (1) kernel module pathname or (2) executable file pathname, which allows local users to gain privileges via an execl system call. | |||||
| CVE-2012-1589 | 1 Drupal | 1 Drupal | 2013-12-12 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL. | |||||
| CVE-2013-4314 | 2 Canonical, Jean-paul Calderone | 2 Ubuntu Linux, Pyopenssl | 2013-12-07 | 4.3 MEDIUM | N/A |
| The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | |||||
| CVE-2013-0252 | 1 Boost | 1 Boost | 2013-12-04 | 5.0 MEDIUM | N/A |
| boost::locale::utf::utf_traits in the Boost.Locale library in Boost 1.48 through 1.52 does not properly detect certain invalid UTF-8 sequences, which might allow remote attackers to bypass input validation protection mechanisms via crafted trailing bytes. | |||||
| CVE-2013-5576 | 1 Joomla | 1 Joomla\! | 2013-11-30 | 6.8 MEDIUM | N/A |
| administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . (dot), as exploited in the wild in August 2013. | |||||
| CVE-2013-5745 | 2 Canonical, David King | 2 Ubuntu Linux, Vino | 2013-11-30 | 7.1 HIGH | N/A |
| The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote attackers to cause a denial of service (infinite loop, CPU and disk consumption) via multiple crafted requests during authentication. | |||||
| CVE-2013-1985 | 1 X | 1 Libxinerama | 2013-11-30 | 6.8 MEDIUM | N/A |
| Integer overflow in X.org libXinerama 1.1.2 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XineramaQueryScreens function. | |||||
| CVE-2013-6700 | 1 Cisco | 1 Ios Xr | 2013-11-29 | 5.0 MEDIUM | N/A |
| The SNMP module in Cisco IOS XR allows remote attackers to cause a denial of service (process reload) via a request for an unspecified MIB, aka Bug ID CSCuh43144. | |||||