# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
46751 |
CVE-2013-1789 |
|
|
DoS |
2013-04-09 |
2013-04-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions. |
46752 |
CVE-2013-1788 |
119 |
|
DoS Exec Code Overflow |
2013-04-09 |
2014-01-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc. |
46753 |
CVE-2013-1787 |
79 |
|
XSS |
2013-03-27 |
2013-03-28 |
2.1 |
None |
Remote |
High |
Single system |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Simple Corporate theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. |
46754 |
CVE-2013-1786 |
79 |
|
XSS |
2013-03-27 |
2013-03-28 |
2.1 |
None |
Remote |
High |
Single system |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Company theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. |
46755 |
CVE-2013-1785 |
79 |
|
XSS |
2013-03-27 |
2013-03-28 |
2.1 |
None |
Remote |
High |
Single system |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Premium Responsive theme before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. |
46756 |
CVE-2013-1784 |
79 |
|
XSS |
2013-03-27 |
2013-03-28 |
2.1 |
None |
Remote |
High |
Single system |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Clean Theme before 7.x-1.3 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. |
46757 |
CVE-2013-1783 |
79 |
|
XSS |
2013-03-27 |
2017-08-28 |
2.1 |
None |
Remote |
High |
Single system |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in page--front.tpl.php in the Business theme before 7.x-1.8 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. |
46758 |
CVE-2013-1782 |
79 |
|
XSS |
2013-03-27 |
2015-11-24 |
2.1 |
None |
Remote |
High |
Single system |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the Responsive Blog Theme 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons. |
46759 |
CVE-2013-1781 |
79 |
|
XSS |
2013-03-27 |
2013-03-28 |
2.1 |
None |
Remote |
High |
Single system |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Professional theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. |
46760 |
CVE-2013-1780 |
79 |
|
XSS |
2013-03-27 |
2017-08-28 |
2.1 |
None |
Remote |
High |
Single system |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the Best Responsive Theme 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons. |
46761 |
CVE-2013-1779 |
79 |
|
XSS |
2013-03-27 |
2013-03-28 |
2.1 |
None |
Remote |
High |
Single system |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Fresh theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. |
46762 |
CVE-2013-1778 |
79 |
|
XSS |
2013-03-27 |
2013-03-28 |
2.1 |
None |
Remote |
High |
Single system |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the Creative Theme 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons. |
46763 |
CVE-2013-1776 |
264 |
|
|
2013-04-08 |
2017-08-28 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions. |
46764 |
CVE-2013-1775 |
264 |
|
Bypass |
2013-03-05 |
2016-11-28 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch. |
46765 |
CVE-2013-1774 |
264 |
|
DoS |
2013-02-28 |
2019-04-22 |
4.0 |
None |
Local |
High |
Not required |
None |
None |
Complete |
The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter. |
46766 |
CVE-2013-1773 |
119 |
1
|
DoS Overflow +Priv |
2013-02-28 |
2019-04-22 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion. |
46767 |
CVE-2013-1772 |
119 |
|
DoS Overflow |
2013-02-28 |
2013-08-22 |
4.0 |
None |
Local |
High |
Not required |
None |
None |
Complete |
The log_prefix function in kernel/printk.c in the Linux kernel 3.x before 3.4.33 does not properly remove a prefix string from a syslog header, which allows local users to cause a denial of service (buffer overflow and system crash) by leveraging /dev/kmsg write access and triggering a call_console_drivers function call. |
46768 |
CVE-2013-1770 |
79 |
|
XSS |
2014-04-02 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in views_view.php in Ganglia Web 3.5.7 allows remote attackers to inject arbitrary web script or HTML via the view_name parameter. |
46769 |
CVE-2013-1769 |
310 |
|
DoS |
2014-01-21 |
2014-01-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
A certain hashing algorithm in Telepathy Gabble 0.16.x before 0.16.5 and 0.17.x before 0.17.3 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted message. |
46770 |
CVE-2013-1767 |
399 |
|
DoS +Priv |
2013-02-28 |
2013-08-22 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel before 3.7.10 allows local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option. |
46771 |
CVE-2013-1766 |
264 |
|
|
2013-03-20 |
2013-03-21 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspecified vectors. |
46772 |
CVE-2013-1765 |
79 |
|
XSS |
2014-05-14 |
2016-12-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in jwplayer.swf in the smart-flv plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) link or (2) playerready parameter. |
46773 |
CVE-2013-1764 |
264 |
|
|
2014-04-16 |
2014-04-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to downgrade packages via the "install updates" method. |
46774 |
CVE-2013-1762 |
94 |
|
Exec Code Overflow |
2013-03-08 |
2014-01-17 |
6.6 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Complete |
stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow. |
46775 |
CVE-2013-1759 |
79 |
|
XSS |
2014-03-14 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the Responsive Logo Slideshow plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the "URL and Image" field. |
46776 |
CVE-2013-1758 |
79 |
|
XSS |
2014-03-14 |
2014-03-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the Marekkis Watermark plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pfad parameter to wp-admin/options-general.php. NOTE: some of these details are obtained from third party information. |
46777 |
CVE-2013-1749 |
79 |
|
XSS |
2013-04-18 |
2013-04-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via the Address field. |
46778 |
CVE-2013-1747 |
|
|
DoS |
2013-03-28 |
2013-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
channel.c in ngIRCd 20 and 20.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a KICK command for a user who is not on the associated channel. |
46779 |
CVE-2013-1743 |
79 |
|
XSS |
2013-10-24 |
2013-10-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the (1) summary or (2) real name field. NOTE: this issue exists because of an incomplete fix for CVE-2012-4189. |
46780 |
CVE-2013-1742 |
79 |
|
XSS |
2013-10-24 |
2013-10-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in editflagtypes.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) sortkey parameter. |
46781 |
CVE-2013-1740 |
310 |
|
|
2014-01-18 |
2018-10-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic. |
46782 |
CVE-2013-1739 |
|
|
DoS |
2013-10-22 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. |
46783 |
CVE-2013-1737 |
264 |
|
Bypass |
2013-09-18 |
2017-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object. |
46784 |
CVE-2013-1734 |
352 |
|
CSRF |
2013-10-24 |
2013-10-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that commit an attachment change via an update action. |
46785 |
CVE-2013-1733 |
352 |
|
CSRF |
2013-10-24 |
2013-10-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site request forgery (CSRF) vulnerability in process_bug.cgi in Bugzilla 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that modify bugs via vectors involving a midair-collision token. |
46786 |
CVE-2013-1731 |
20 |
|
Exec Code |
2013-09-18 |
2013-10-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Untrusted search path vulnerability in the GL tracing functionality in Mozilla Firefox before 24.0 on Android allows attackers to execute arbitrary code via a Trojan horse .so file in a world-writable directory. |
46787 |
CVE-2013-1730 |
119 |
|
DoS Exec Code Overflow |
2013-09-18 |
2017-09-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers to execute arbitrary code or cause a denial of service (JavaScript compartment mismatch, or assertion failure and application exit) via a crafted web site. |
46788 |
CVE-2013-1729 |
200 |
|
+Info |
2013-09-18 |
2013-10-02 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
The WebGL implementation in Mozilla Firefox before 24.0, when NVIDIA graphics drivers are used on Mac OS X, allows remote attackers to obtain desktop-screenshot data by reading from a CANVAS element. |
46789 |
CVE-2013-1728 |
119 |
|
Overflow +Info |
2013-09-18 |
2017-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21, when Valgrind mode is used, does not properly initialize memory, which makes it easier for remote attackers to obtain sensitive information via unspecified vectors. |
46790 |
CVE-2013-1727 |
79 |
|
XSS Bypass +Info |
2013-09-18 |
2013-10-02 |
4.0 |
None |
Remote |
High |
Not required |
Partial |
Partial |
None |
Mozilla Firefox before 24.0 on Android allows attackers to bypass the Same Origin Policy, and consequently conduct cross-site scripting (XSS) attacks or obtain password or cookie information, by using a symlink in conjunction with a file: URL for a local file. |
46791 |
CVE-2013-1726 |
264 |
|
+Priv |
2013-09-18 |
2017-09-18 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain privileges by creating a Trojan horse file after MAR signature verification but before MAR use. |
46792 |
CVE-2013-1725 |
119 |
|
Exec Code Overflow |
2013-09-18 |
2017-09-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote attackers to execute arbitrary code by leveraging incorrect scope handling. |
46793 |
CVE-2013-1723 |
119 |
|
DoS Overflow |
2013-09-18 |
2017-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The NativeKey widget in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 processes key messages after destruction by a dispatched event listener, which allows remote attackers to cause a denial of service (application crash) by leveraging incorrect event usage after widget-memory reallocation. |
46794 |
CVE-2013-1720 |
119 |
|
DoS Exec Code Overflow |
2013-09-18 |
2017-09-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tree Builder in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 does not properly maintain the state of the insertion-mode stack for template elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer over-read) by triggering use of this stack in its empty state. |
46795 |
CVE-2013-1717 |
264 |
|
|
2013-08-06 |
2017-09-18 |
5.4 |
None |
Remote |
High |
Not required |
Complete |
None |
None |
Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a download to a fixed pathname or other predictable pathname. |
46796 |
CVE-2013-1715 |
|
|
+Priv |
2013-08-06 |
2017-09-18 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Multiple untrusted search path vulnerabilities in the (1) full installer and (2) stub installer in Mozilla Firefox before 23.0 on Windows allow local users to gain privileges via a Trojan horse DLL in the default downloads directory. NOTE: this issue exists because of an incomplete fix for CVE-2012-4206. |
46797 |
CVE-2013-1714 |
264 |
|
XSS Bypass |
2013-08-06 |
2017-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 does not properly restrict XMLHttpRequest calls, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via unspecified vectors. |
46798 |
CVE-2013-1713 |
264 |
|
XSS |
2013-08-06 |
2017-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 use an incorrect URI within unspecified comparisons during enforcement of the Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks or install arbitrary add-ons via a crafted web site. |
46799 |
CVE-2013-1712 |
|
|
+Priv |
2013-08-06 |
2017-09-18 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 on Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 allow local users to gain privileges via a Trojan horse DLL in (1) the update directory or (2) the current working directory. |
46800 |
CVE-2013-1711 |
79 |
|
XSS Bypass |
2013-08-06 |
2017-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 does not properly address the possibility of an XBL scope bypass resulting from non-native arguments in XBL function calls, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks by leveraging access to an unprivileged object. |