Export limit exceeded: 363169 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363169 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-3649 | 2 Kent-web, Microsoft | 2 Clip-mail, Internet Explorer | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in KENT-WEB CLIP-MAIL before 3.4, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an unspecified form field. | ||||
| CVE-2013-3650 | 1 Lockon | 1 Ec-cube | 2025-04-11 | N/A |
| Directory traversal vulnerability in the lfCheckFileName function in data/class/pages/LC_Page_ResizeImage.php in LOCKON EC-CUBE before 2.12.5 allows remote attackers to read arbitrary image files via vectors involving the image parameter to resize_image.php, a different vulnerability than CVE-2013-3654. | ||||
| CVE-2013-3651 | 1 Lockon | 1 Ec-cube | 2025-04-11 | N/A |
| LOCKON EC-CUBE 2.11.2 through 2.12.4 allows remote attackers to conduct unspecified PHP code-injection attacks via a crafted string, related to data/class/SC_CheckError.php and data/class/SC_FormParam.php. | ||||
| CVE-2013-3652 | 1 Lockon | 1 Ec-cube | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in data/class/pages/products/LC_Page_Products_List.php in LOCKON EC-CUBE 2.11.0 through 2.12.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving the classcategory_id2 field, a different vulnerability than CVE-2013-3653. | ||||
| CVE-2013-3653 | 1 Lockon | 1 Ec-cube | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the RecommendSearch feature in the management screen in LOCKON EC-CUBE before 2.12.5 allow remote attackers to inject arbitrary web script or HTML via vectors involving the rank parameter, a different vulnerability than CVE-2013-3652. | ||||
| CVE-2013-3654 | 1 Lockon | 1 Ec-cube | 2025-04-11 | N/A |
| Directory traversal vulnerability in LOCKON EC-CUBE 2.12.0 through 2.12.4 allows remote attackers to read arbitrary image files via vectors related to data/class/SC_CheckError.php and data/class/SC_FormParam.php, a different vulnerability than CVE-2013-3650. | ||||
| CVE-2013-3655 | 1 Sharp | 2 Aquos Hn-pp150, Aquos Hn-pp150 Firmware | 2025-04-11 | N/A |
| The Sharp AQUOS PhotoPlayer HN-PP150 with firmware before 1.04.00.04 allows remote attackers to cause a denial of service (networking outage) via crafted packet data. | ||||
| CVE-2013-3656 | 1 Cybozu | 1 Cybozu Office | 2025-04-11 | N/A |
| Cybozu Office 9.1.0 and earlier does not properly manage sessions, which allows remote attackers to bypass authentication by leveraging knowledge of a login URL. | ||||
| CVE-2013-3657 | 1 Vmware | 2 Esx, Esxi | 2025-04-11 | N/A |
| Buffer overflow in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors. | ||||
| CVE-2013-3658 | 1 Vmware | 2 Esx, Esxi | 2025-04-11 | N/A |
| Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to delete arbitrary host OS files via unspecified vectors. | ||||
| CVE-2013-3659 | 1 Nttdocomo | 1 Overseas Usage | 2025-04-11 | N/A |
| The NTT DOCOMO overseas usage application 2.0.0 through 2.0.4 for Android does not properly connect to Wi-Fi access points, which allows remote attackers to obtain sensitive information by leveraging presence in an 802.11 network's coverage area. | ||||
| CVE-2013-3670 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | N/A |
| The rle_unpack function in vmdav.c in libavcodec in FFmpeg git 20130328 through 20130501 does not properly use the bytestream2 API, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted RLE data. NOTE: the vendor has listed this as an issue fixed in 1.2.1, but the issue is actually in new code that was not shipped with the 1.2.1 release or any earlier release. | ||||
| CVE-2013-3661 | 1 Microsoft | 8 Windows 7, Windows 8, Windows Rt and 5 more | 2025-04-11 | N/A |
| The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain. | ||||
| CVE-2013-3665 | 1 Autodesk | 14 Autocad, Autocad Architecture, Autocad Civil 3d and 11 more | 2025-04-11 | N/A |
| Unspecified vulnerability in Autodesk AutoCAD through 2014, AutoCAD LT through 2014, and DWG TrueView through 2014 allows remote attackers to execute arbitrary code via a crafted DWG file. | ||||
| CVE-2013-3666 | 2 Google, Lg | 2 Android, Optimus G E973 | 2025-04-11 | N/A |
| The LG Hidden Menu component for Android on the LG Optimus G E973 allows physically proximate attackers to execute arbitrary commands by entering USB Debugging mode, using Android Debug Bridge (adb) to establish a USB connection, dialing 3845#*973#, modifying the WLAN Test Wi-Fi Ping Test/User Command tcpdump command string, and pressing the CANCEL button. | ||||
| CVE-2013-3667 | 1 Barebones | 3 Bbedit, Textwrangler, Yojimbo | 2025-04-11 | N/A |
| The software update mechanism as used in Bare Bones Software Yojimbo before 4.0, TextWrangler before 4.5.3, and BBEdit before 10.5.5 does not properly download and verify updates before installation, which allows attackers to perform "tampering or corruption" of the updates. | ||||
| CVE-2013-3671 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | N/A |
| The format_line function in log.c in libavutil in FFmpeg before 1.2.1 uses inapplicable offset data during a certain category calculation, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via crafted data that triggers a log message. | ||||
| CVE-2013-3672 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | N/A |
| The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg before 1.2.1 does not validate the relationship between a horizontal coordinate and a width value, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted American Laser Games (ALG) MM Video data. | ||||
| CVE-2013-3673 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | N/A |
| The gif_decode_frame function in gifdec.c in libavcodec in FFmpeg before 1.2.1 does not properly manage the disposal methods of frames, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted GIF data. | ||||
| CVE-2013-3674 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | N/A |
| The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg before 1.2.1 does not validate the presence of non-header data in a buffer, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted CD Graphics Video data. | ||||