| Max CVSS | 10.0 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2013-0263 | 5.1 |
Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack
|
13-02-2023 - 04:40 | 08-02-2013 - 20:55 | |
| CVE-2013-0183 | 5.0 |
multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.
|
13-02-2023 - 04:38 | 01-03-2013 - 05:40 | |
| CVE-2013-0184 | 4.3 |
Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitr
|
13-02-2023 - 04:38 | 01-03-2013 - 05:40 | |
| CVE-2013-0900 | 6.8 |
Race condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspe
|
18-11-2022 - 20:17 | 23-02-2013 - 21:55 | |
| CVE-2013-3839 | 4.0 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
|
26-08-2022 - 17:24 | 16-10-2013 - 15:55 | |
| CVE-2012-2750 | 10.0 |
Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown impact and attack vectors related to a "Security Fix", aka Bug #59533. NOTE: this might be a duplicate of CVE-2012-1689, but as of 20120816, Oracle has not commented on this possibili
|
23-06-2022 - 16:28 | 17-08-2012 - 00:55 | |
| CVE-2013-2927 | 6.8 |
Use-after-free vulnerability in the HTMLFormElement::prepareForSubmission function in core/html/HTMLFormElement.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspeci
|
30-10-2018 - 16:27 | 16-10-2013 - 20:55 | |
| CVE-2013-2919 | 7.5 |
Google V8, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
|
30-10-2018 - 16:27 | 02-10-2013 - 10:35 | |
| CVE-2013-5599 | 10.0 |
Use-after-free vulnerability in the nsIPresShell::GetPresContext function in the PresShell (aka presentation shell) implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderb
|
30-10-2018 - 16:26 | 30-10-2013 - 10:55 | |
| CVE-2013-5590 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allow remote atta
|
30-10-2018 - 16:26 | 30-10-2013 - 10:55 | |
| CVE-2013-5602 | 10.0 |
The Worker::SetEventListener function in the Web workers implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allo
|
30-10-2018 - 16:26 | 30-10-2013 - 10:55 | |
| CVE-2013-5601 | 10.0 |
Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey bef
|
30-10-2018 - 16:26 | 30-10-2013 - 10:55 | |
| CVE-2013-5597 | 10.0 |
Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22
|
30-10-2018 - 16:26 | 30-10-2013 - 10:55 | |
| CVE-2013-5604 | 9.3 |
The txXPathNodeUtils::getBaseURI function in the XSLT processor in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not pro
|
30-10-2018 - 16:26 | 30-10-2013 - 10:55 | |
| CVE-2013-5600 | 10.0 |
Use-after-free vulnerability in the nsIOService::NewChannelFromURIWithProxyFlags function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonke
|
30-10-2018 - 16:26 | 30-10-2013 - 10:55 | |
| CVE-2003-0161 | 10.0 |
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a s
|
30-10-2018 - 16:26 | 02-04-2003 - 05:00 | |
| CVE-2013-5595 | 4.3 |
The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly allocate memory for unspecified func
|
19-09-2017 - 01:36 | 30-10-2013 - 10:55 | |
| CVE-2013-2924 | 7.5 |
Use-after-free vulnerability in International Components for Unicode (ICU), as used in Google Chrome before 30.0.1599.66 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown ve
|
19-09-2017 - 01:36 | 02-10-2013 - 10:35 | |
| CVE-2013-2922 | 6.8 |
Use-after-free vulnerability in core/html/HTMLTemplateElement.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that
|
19-09-2017 - 01:36 | 02-10-2013 - 10:35 | |
| CVE-2013-2907 | 5.0 |
The Window.prototype object implementation in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
19-09-2017 - 01:36 | 02-10-2013 - 10:35 | |
| CVE-2013-2923 | 7.5 |
Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599.66 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
|
19-09-2017 - 01:36 | 02-10-2013 - 10:35 | |
| CVE-2013-2916 | 4.3 |
Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to spoof the address bar via vectors involving a response with a 204 (aka No Content) status code, in conjunction with a delay in notifying the user of an attempted spoof.
|
19-09-2017 - 01:36 | 02-10-2013 - 10:35 | |
| CVE-2013-2908 | 5.0 |
Google Chrome before 30.0.1599.66 uses incorrect function calls to determine the values of NavigationEntry objects, which allows remote attackers to spoof the address bar via vectors involving a response with a 204 (aka No Content) status code.
|
19-09-2017 - 01:36 | 02-10-2013 - 10:35 | |
| CVE-2013-2925 | 6.8 |
Use-after-free vulnerability in core/xml/XMLHttpRequest.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger multiple conf
|
19-09-2017 - 01:36 | 16-10-2013 - 20:55 | |
| CVE-2013-2909 | 7.5 |
Use-after-free vulnerability in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to inline-block rendering for bidirectional Unicod
|
19-09-2017 - 01:36 | 02-10-2013 - 10:35 | |
| CVE-2013-2910 | 7.5 |
Use-after-free vulnerability in modules/webaudio/AudioScheduledSourceNode.cpp in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified ot
|
19-09-2017 - 01:36 | 02-10-2013 - 10:35 | |
| CVE-2013-2918 | 7.5 |
Use-after-free vulnerability in the RenderBlock::collapseAnonymousBlockChild function in core/rendering/RenderBlock.cpp in the DOM implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of ser
|
19-09-2017 - 01:36 | 02-10-2013 - 10:35 | |
| CVE-2013-2911 | 6.8 |
Use-after-free vulnerability in the XSLStyleSheet::compileStyleSheet function in core/xml/XSLStyleSheetLibxslt.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecifi
|
19-09-2017 - 01:36 | 02-10-2013 - 10:35 | |
| CVE-2013-2921 | 6.8 |
Double free vulnerability in the ResourceFetcher::didLoadResource function in core/fetch/ResourceFetcher.cpp in the resource loader in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possib
|
19-09-2017 - 01:36 | 02-10-2013 - 10:35 | |
| CVE-2013-2926 | 6.8 |
Use-after-free vulnerability in the IndentOutdentCommand::tryIndentingAsListItem function in core/editing/IndentOutdentCommand.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows user-assisted remote attackers to cause a denial of ser
|
19-09-2017 - 01:36 | 16-10-2013 - 20:55 | |
| CVE-2013-2906 | 6.8 |
Multiple race conditions in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to threading in core/ht
|
19-09-2017 - 01:36 | 02-10-2013 - 10:35 | |
| CVE-2013-2920 | 5.0 |
The DoResolveRelativeHost function in url/url_canon_relative.cc in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service (out-of-bounds read) via a relative URL containing a hostname, as demonstrated by a protocol-rel
|
19-09-2017 - 01:36 | 02-10-2013 - 10:35 | |
| CVE-2013-2913 | 6.8 |
Use-after-free vulnerability in the XMLDocumentParser::append function in core/xml/parser/XMLDocumentParser.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified
|
19-09-2017 - 01:36 | 02-10-2013 - 10:35 | |
| CVE-2013-2915 | 4.3 |
Google Chrome before 30.0.1599.66 preserves pending NavigationEntry objects in certain invalid circumstances, which allows remote attackers to spoof the address bar via a URL with a malformed scheme, as demonstrated by a nonexistent:12121 URL.
|
19-09-2017 - 01:36 | 02-10-2013 - 10:35 | |
| CVE-2013-2928 | 7.5 |
Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599.101 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
|
19-09-2017 - 01:36 | 16-10-2013 - 20:55 | |
| CVE-2013-2912 | 7.5 |
Use-after-free vulnerability in the PepperInProcessRouter::SendToHost function in content/renderer/pepper/pepper_in_process_router.cc in the Pepper Plug-in API (PPAPI) in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of
|
19-09-2017 - 01:36 | 02-10-2013 - 10:35 | |
| CVE-2013-2917 | 5.0 |
The ReverbConvolverStage::ReverbConvolverStage function in core/platform/audio/ReverbConvolverStage.cpp in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service (out-
|
19-09-2017 - 01:36 | 02-10-2013 - 10:35 | |
| CVE-2013-4396 | 6.5 |
Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a cra
|
28-11-2016 - 19:09 | 10-10-2013 - 10:55 | |
| CVE-2013-6172 | 7.5 |
steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the _session parameter, which can be leveraged to read arbitrary files, conduct SQL injection attacks, and
|
26-03-2014 - 04:54 | 05-11-2013 - 18:55 | |
| CVE-2013-6075 | 5.0 |
The compare_dn function in utils/identification.c in strongSwan 4.3.3 through 5.1.1 allows (1) remote attackers to cause a denial of service (out-of-bounds read, NULL pointer dereference, and daemon crash) or (2) remote authenticated users to imperso
|
21-11-2013 - 18:41 | 02-11-2013 - 18:55 | |
| CVE-2013-5915 | 4.3 |
The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly perform Montgomery multiplication, which might allow remote attackers to conduct a timing side-channel attack and retrieve RSA private keys.
|
31-10-2013 - 03:35 | 04-10-2013 - 17:55 | |
| CVE-2013-4623 | 4.3 |
The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 and 1.2.x before 1.2.8 does not properly parse certificate messages during the SSL/TLS handshake, which allows remote attackers to cause a denial of service (infinite loop and CPU co
|
31-10-2013 - 03:35 | 30-09-2013 - 22:55 | |
| CVE-2011-5036 | 5.0 |
Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption
|
31-10-2013 - 03:21 | 30-12-2011 - 01:55 | |
| CVE-2013-5914 | 6.8 |
Buffer overflow in the ssl_read_record function in ssl_tls.c in PolarSSL before 1.1.8, when using TLS 1.1, might allow remote attackers to execute arbitrary code via a long packet.
|
28-10-2013 - 15:46 | 26-10-2013 - 17:55 | |
| CVE-2013-1445 | 4.3 |
The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive info
|
28-10-2013 - 15:14 | 26-10-2013 - 17:55 |