cpe:/a:phpvms:phpvms:2.1.934

CVE-2012-6552

2013-05-10T17:55:00.920-04:00

2013-05-13T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-13T08:23:00.000-04:00

CONFIRM https://github.com/nshahzad/phpVMS/commit/7303aa072061388eba06f0c5a701c688096ebccc CONFIRM http://forum.phpvms.net/topic/7842-security-fix-released-for-21x/ Unspecified vulnerability in admin/action.php in phpVMS 2.1.x before 2.1.935 has unknown impact and attack vectors.

cpe:/a:microsoft:windows_essentials:2011 cpe:/a:microsoft:windows_essentials:2012

CVE-2013-0096

2013-05-14T23:36:33.357-04:00

2013-05-15T00:00:00.000-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2013-05-15T09:26:00.000-04:00

MS MS13-045 Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability."

cpe:/a:ibm:sterling_secure_proxy:3.4.1.0 cpe:/a:ibm:sterling_secure_proxy:3.2.0.0 cpe:/a:ibm:sterling_secure_proxy:3.4.1.5 cpe:/a:ibm:sterling_secure_proxy:3.4.1.6 cpe:/a:ibm:sterling_secure_proxy:3.3.0.1 cpe:/a:ibm:sterling_secure_proxy:3.4.0.0 cpe:/a:ibm:sterling_secure_proxy:3.4.1.2

CVE-2013-0518

2013-05-10T07:42:29.790-04:00

2013-05-10T00:00:00.000-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2013-05-10T09:06:00.000-04:00

XF ssp-cve20130518-content-spoofing(83128) CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21636369 IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 does not refuse to be rendered in different-origin frames, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

CVE-2013-0519

2013-05-10T07:42:29.873-04:00

2013-05-10T00:00:00.000-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2013-05-10T09:28:00.000-04:00

XF ssp-cve20130519-info-disclosure(82654) CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21636369 IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 provides web-server version data in (1) an unspecified page title and (2) an unspecified HTTP header field, which allows remote attackers to obtain potentially sensitive information by reading a version string.

CVE-2013-0520

2013-05-10T07:42:29.940-04:00

2013-05-10T00:00:00.000-04:00

4.0

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

NONE

http://nvd.nist.gov

2013-05-10T09:43:00.000-04:00

XF ssp-cve20130520-info-disclosure(83433) CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21636369 IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 allows remote authenticated users to obtain sensitive Java stack-trace information by providing invalid input data.

cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.11 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.26 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.9 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.16 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.10 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.6 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.12 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.5 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.5 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.3 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.11 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.31 cpe:/a:ibm:sterling_multi-channel_fulfillment_solution:8.0 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.10 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:8.5 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.9 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.4 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.35 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.6 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.7 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.32 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.28 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.30 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.1 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.40 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.24 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.39 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.8 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.13 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.23 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.18 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.19 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.16 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.41 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.7 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.25 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.22 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.4 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.17 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.15 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.36 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.29 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.20 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.2 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.3 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.14 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.34 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.1 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.15 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.27 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.33 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.0 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.8 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.42 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.12 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0.13 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.44 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.2 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.37 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.21 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.38 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.43 cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0.14

CVE-2013-0578

2013-05-10T07:42:29.960-04:00

2013-05-10T00:00:00.000-04:00

3.5

NETWORK

MEDIUM

SINGLE_INSTANCE

PARTIAL

NONE

http://nvd.nist.gov

2013-05-10T09:53:00.000-04:00

XF ibm-sterling-cve20130578-info-disclosure(83330) CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21636034 AIXAPAR IC91829 The Sterling Order Management APIs in IBM Sterling Multi-Channel Fulfillment Solution 8.0 before HF128 and IBM Sterling Selling and Fulfillment Foundation 8.5 before HF93, 9.0 before HF73, 9.1.0 before FP45, and 9.2.0 before FP17, when the API tester is enabled, do not require administrative credentials, which allows remote authenticated users to obtain sensitive database information via a request to the API tester URI.

cpe:/a:mozilla:thunderbird:17.0.5 cpe:/a:mozilla:firefox:20.0 cpe:/a:mozilla:firefox_esr:17.0 cpe:/a:mozilla:thunderbird_esr:17.0.3 cpe:/a:mozilla:thunderbird:17.0.3 cpe:/a:mozilla:firefox:20.0.1 cpe:/a:mozilla:thunderbird_esr:17.0.4 cpe:/a:mozilla:thunderbird_esr:17.0.1 cpe:/a:mozilla:firefox_esr:17.0.4 cpe:/a:mozilla:thunderbird:17.0.4 cpe:/a:mozilla:firefox_esr:17.0.3 cpe:/a:mozilla:thunderbird_esr:17.0.5 cpe:/a:mozilla:thunderbird:17.0.1 cpe:/a:mozilla:thunderbird:17.0 cpe:/a:mozilla:firefox_esr:17.0.1 cpe:/a:mozilla:thunderbird:17.0.2 cpe:/a:mozilla:thunderbird_esr:17.0 cpe:/a:mozilla:firefox:19.0 cpe:/a:mozilla:firefox_esr:17.0.5 cpe:/a:mozilla:firefox:19.0.2 cpe:/a:mozilla:thunderbird_esr:17.0.2 cpe:/a:mozilla:firefox:19.0.1 cpe:/a:mozilla:firefox_esr:17.0.2

CVE-2013-0801

2013-05-16T07:45:30.633-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T09:14:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=866544 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=864558 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=852315 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=849597 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=808402 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=787283 CONFIRM http://www.mozilla.org/security/announce/2013/mfsa2013-41.html Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

cpe:/a:microsoft:internet_explorer:8 cpe:/a:microsoft:internet_explorer:9

CVE-2013-0811

2013-05-14T23:36:33.377-04:00

2013-05-15T00:00:00.000-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2013-05-15T09:25:00.000-04:00

MS MS13-037 Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1307.

cpe:/a:emc:documentum_wdk:6.7:sp1 cpe:/a:emc:documentum_records_manager:6.7:sp1 cpe:/a:emc:documentum_records_manager:6.7 cpe:/a:emc:documentum_wdk:6.7 cpe:/a:emc:documentum_taskspace:6.7:sp1 cpe:/a:emc:documentum_taskspace:6.7 cpe:/a:emc:documentum_webtop:6.7:sp1 cpe:/a:emc:documentum_webtop:6.7

CVE-2013-0937

2013-05-10T07:42:29.987-04:00

2013-05-10T00:00:00.000-04:00

5.8

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2013-05-10T10:05:00.000-04:00

BUGTRAQ 20130509 ESA-2013-021: EMC Documentum Multiple Vulnerabilities Session fixation vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to hijack web sessions via unspecified vectors.

CVE-2013-0938

2013-05-10T07:42:30.003-04:00

2013-05-10T00:00:00.000-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2013-05-10T10:22:00.000-04:00

BUGTRAQ 20130509 ESA-2013-021: EMC Documentum Multiple Vulnerabilities Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2013-0939

2013-05-10T07:42:30.030-04:00

2013-05-10T00:00:00.000-04:00

5.8

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2013-05-10T10:38:00.000-04:00

BUGTRAQ 20130509 ESA-2013-021: EMC Documentum Multiple Vulnerabilities EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allow remote attackers to obtain sensitive information via vectors involving cross-origin frame navigation, related to a "Cross Frame Scripting" issue.

cpe:/a:emc:alphastor:4.0

CVE-2013-0946

2013-05-10T07:42:30.050-04:00

2013-05-10T00:00:00.000-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2013-05-10T11:02:00.000-04:00

BUGTRAQ 20130509 ESA-2013-037: EMC AlphaStor Buffer Overflow Vulnerability Buffer overflow in the Library Control Program (LCP) in EMC AlphaStor 4.0 before build 910 allows remote attackers to execute arbitrary code via crafted commands.

cpe:/o:cisco:ios:-

CVE-2013-1136

2013-05-13T07:50:48.467-04:00

2013-05-13T00:00:00.000-04:00

4.6

LOCAL

LOW

SINGLE_INSTANCE

NONE

COMPLETE

http://nvd.nist.gov

2013-05-13T13:38:00.000-04:00

CISCO 20130510 Cisco ISR Route Processor 2 Dynamic Multipoint Virtual Private Network Vulnerability The crypto engine process in Cisco IOS on Aggregation Services Router (ASR) Route Processor 2 does not properly manage memory, which allows local users to cause a denial of service (route processor crash) by creating multiple tunnels and then examining encryption statistics, aka Bug ID CSCuc52193.

cpe:/h:cisco:ace_application_controle_engine_module:-

CVE-2013-1175

2013-05-15T23:36:22.627-04:00

2013-05-16T00:00:00.000-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2013-05-16T08:35:00.000-04:00

CISCO 20130514 Cisco ACE Log Retention Denial of Service Vulnerability The SSL logging daemon in the Application Control Engine module in Cisco ACE allows remote attackers to cause a denial of service (disk consumption) via a large number of SSL connections that trigger log entries, aka Bug ID CSCug78957.

cpe:/a:cisco:unified_communications_manager

CVE-2013-1188

2013-05-15T23:36:22.690-04:00

2013-05-16T00:00:00.000-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2013-05-16T08:57:00.000-04:00

CISCO 20130514 Cisco Unified Communications Manager Authentication Denial of Service Cisco Unified Communications Manager (CUCM) does not properly limit the rate of authentication attempts, which allows remote attackers to cause a denial of service (application slowdown) via a series of requests, aka Bug ID CSCud39515.

cpe:/a:cisco:secure_access_control_system:-

CVE-2013-1200

2013-05-15T23:36:22.710-04:00

2013-05-16T09:02:46.077-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2013-05-16T09:01:00.000-04:00

CISCO 20130515 Cisco Secure Access Control System Session Fixation Web Vulnerability Session fixation vulnerability in Cisco Secure Access Control System (ACS) allows remote attackers to hijack web sessions via unspecified vectors, aka Bug ID CSCud95787.

cpe:/a:cisco:telepresence_supervisor_mse_8050_software:2.2%281.17%29 cpe:/h:cisco:telepresence_supervisor_mse_8050:-

CVE-2013-1236

2013-05-15T23:36:22.727-04:00

2013-05-16T09:13:47.487-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T09:07:00.000-04:00

CISCO 20130515 Cisco TelePresence Supervisor MSE 8050 Denial of Service Vulnerability Cisco TelePresence Supervisor MSE 8050 before 2.3(1.31) allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing TCP connections at a high rate, aka Bug IDs CSCuf76076 and CSCuf79763.

cpe:/a:cisco:unified_presence_server

CVE-2013-1242

2013-05-10T07:42:30.143-04:00

2013-05-10T00:00:00.000-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2013-05-10T11:07:00.000-04:00

CISCO 20130507 Cisco Unified Presence Memory Exhaustion Vulnerability Memory leak in the web framework in the server in Cisco Unified Presence (CUP) allows remote attackers to cause a denial of service (memory consumption) via malformed TCP packets, aka Bug ID CSCug38080.

cpe:/a:cisco:webex_social:-

CVE-2013-1244

2013-05-15T23:36:22.747-04:00

2013-05-16T00:00:00.000-04:00

3.5

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov

2013-05-16T09:45:00.000-04:00

CISCO 20130514 WebEx Social Allows JavaScript URLs in Links Attached to Posts Cross-site scripting (XSS) vulnerability in the portal module in Cisco WebEx Social allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL in the link field in a post, aka Bug ID CSCue67199.

cpe:/a:cisco:webex_social:-

CVE-2013-1245

2013-05-15T23:36:22.767-04:00

2013-05-16T00:00:00.000-04:00

4.0

NETWORK

LOW

SINGLE_INSTANCE

NONE

PARTIAL

NONE

http://nvd.nist.gov

2013-05-16T09:55:00.000-04:00

CISCO 20130514 WebEx Social Client-Side Restriction Bypass Attribute Change Vulnerability The user-management page in Cisco WebEx Social relies on client-side validation of values in the Screen Name, First Name, Middle Name, Last Name, Email Address, and Job Title fields, which allows remote authenticated users to bypass intended access restrictions via crafted requests, aka Bug ID CSCue67190.

cpe:/a:microsoft:internet_explorer:7 cpe:/a:microsoft:internet_explorer:6 cpe:/a:microsoft:internet_explorer:8

CVE-2013-1297

2013-05-14T23:36:33.393-04:00

2013-05-15T00:00:00.000-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2013-05-15T09:27:00.000-04:00

MS MS13-037 Microsoft Internet Explorer 6 through 8 does not properly restrict data access by VBScript, which allows remote attackers to perform cross-domain reading of JSON files via a crafted web site, aka "JSON Array Information Disclosure Vulnerability."

cpe:/a:microsoft:visio:2007:sp3 cpe:/a:microsoft:visio:2010:sp1 cpe:/a:microsoft:visio:2003:sp3

CVE-2013-1301

2013-05-14T23:36:33.410-04:00

2013-05-15T09:51:32.820-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2013-05-15T09:43:00.000-04:00

MS MS13-044 Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability."

cpe:/a:microsoft:lync_server:2013 cpe:/a:microsoft:lync:2010::attendee cpe:/a:microsoft:lync:2010::x64 cpe:/a:microsoft:lync:2010::x86 cpe:/a:microsoft:office_communicator:2007:r2

CVE-2013-1302

2013-05-14T23:36:33.427-04:00

2013-05-15T00:00:00.000-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2013-05-15T09:46:00.000-04:00

MS MS13-041 Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE Vulnerability."

cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_8:-:-:x86 cpe:/o:microsoft:windows_8:-:-:x64 cpe:/o:microsoft:windows_rt:-

CVE-2013-1305

2013-05-14T23:36:33.447-04:00

2013-05-15T10:07:21.027-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2013-05-15T10:05:00.000-04:00

MS MS13-039 HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability."

cpe:/a:microsoft:internet_explorer:9

CVE-2013-1306

2013-05-14T23:36:33.463-04:00

2013-05-15T00:00:00.000-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2013-05-15T10:07:00.000-04:00

MS MS13-037 Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1313.

cpe:/a:microsoft:internet_explorer:8 cpe:/a:microsoft:internet_explorer:9

CVE-2013-1307

2013-05-14T23:36:33.997-04:00

2013-05-15T00:00:00.000-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2013-05-15T10:08:00.000-04:00

cpe:/a:microsoft:internet_explorer:10 cpe:/a:microsoft:internet_explorer:7 cpe:/a:microsoft:internet_explorer:6 cpe:/a:microsoft:internet_explorer:8 cpe:/a:microsoft:internet_explorer:9

CVE-2013-1308

2013-05-14T23:36:34.023-04:00

2013-05-15T00:00:00.000-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2013-05-15T10:11:00.000-04:00

MS MS13-037 Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1309 and CVE-2013-2551.

cpe:/a:microsoft:internet_explorer:10 cpe:/a:microsoft:internet_explorer:7 cpe:/a:microsoft:internet_explorer:6 cpe:/a:microsoft:internet_explorer:8 cpe:/a:microsoft:internet_explorer:9

CVE-2013-1309

2013-05-14T23:36:34.043-04:00

2013-05-15T00:00:00.000-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2013-05-15T10:23:00.000-04:00

cpe:/a:microsoft:internet_explorer:7 cpe:/a:microsoft:internet_explorer:6

CVE-2013-1310

2013-05-14T23:36:34.060-04:00

2013-05-15T00:00:00.000-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2013-05-15T10:23:00.000-04:00

MS MS13-037 Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability."

cpe:/a:microsoft:internet_explorer:8

CVE-2013-1311

2013-05-14T23:36:34.077-04:00

2013-05-15T10:46:32.827-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2013-05-15T10:32:00.000-04:00

MS MS13-037 Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability."

cpe:/a:microsoft:internet_explorer:10 cpe:/a:microsoft:internet_explorer:9

CVE-2013-1312

2013-05-14T23:36:34.097-04:00

2013-05-15T00:00:00.000-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2013-05-15T10:45:00.000-04:00

MS MS13-037 Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability."

cpe:/a:microsoft:publisher:2003:sp3

CVE-2013-1316

2013-05-14T23:36:34.113-04:00

2013-05-15T00:00:00.000-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2013-05-15T10:59:00.000-04:00

MS MS13-042 Microsoft Publisher 2003 SP3 does not properly validate the size of an unspecified array, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Negative Value Allocation Vulnerability."

cpe:/a:microsoft:publisher:2003:sp3

CVE-2013-1317

2013-05-14T23:36:34.133-04:00

2013-05-15T00:00:00.000-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2013-05-15T10:48:00.000-04:00

MS MS13-042 Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka "Publisher Integer Overflow Vulnerability."

cpe:/a:microsoft:publisher:2003:sp3

CVE-2013-1318

2013-05-14T23:36:34.153-04:00

2013-05-15T10:52:58.573-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-15T10:52:00.000-04:00

MS MS13-042 Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability."

cpe:/a:microsoft:publisher:2003:sp3

CVE-2013-1319

2013-05-14T23:36:34.177-04:00

2013-05-15T10:56:31.287-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-15T10:55:00.000-04:00

MS MS13-042 Microsoft Publisher 2003 SP3 does not properly check the return value of an unspecified method, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Handling Vulnerability."

cpe:/a:microsoft:publisher:2003:sp3

CVE-2013-1320

2013-05-14T23:36:34.193-04:00

2013-05-15T10:57:39.183-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-15T10:57:00.000-04:00

MS MS13-042 Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Buffer Overflow Vulnerability."

cpe:/a:microsoft:publisher:2003:sp3

CVE-2013-1321

2013-05-14T23:36:34.213-04:00

2013-05-15T00:00:00.000-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2013-05-15T11:02:00.000-04:00

MS MS13-042 Microsoft Publisher 2003 SP3 does not properly check the data type of an unspecified return value, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Validation Vulnerability."

cpe:/a:microsoft:publisher:2003:sp3

CVE-2013-1322

2013-05-14T23:36:34.230-04:00

2013-05-15T11:04:09.847-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-15T11:01:00.000-04:00

MS MS13-042 Microsoft Publisher 2003 SP3 does not properly check table range data, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Invalid Range Check Vulnerability."

cpe:/a:microsoft:publisher:2003:sp3

CVE-2013-1323

2013-05-14T23:36:34.250-04:00

2013-05-15T00:00:00.000-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2013-05-15T11:10:00.000-04:00

MS MS13-042 Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Incorrect NULL Value Handling Vulnerability."

cpe:/a:microsoft:publisher:2003:sp3

CVE-2013-1327

2013-05-14T23:36:34.267-04:00

2013-05-15T00:00:00.000-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2013-05-15T11:11:00.000-04:00

MS MS13-042 Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper memory allocation, aka "Publisher Signed Integer Vulnerability."

cpe:/a:microsoft:publisher:2007:sp3 cpe:/a:microsoft:publisher:2003:sp3 cpe:/a:microsoft:publisher:2010:sp1

CVE-2013-1328

2013-05-14T23:36:34.287-04:00

2013-05-15T11:25:48.127-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2013-05-15T11:24:00.000-04:00

MS MS13-042 Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka "Publisher Pointer Handling Vulnerability."

cpe:/a:microsoft:publisher:2003:sp3

CVE-2013-1329

2013-05-14T23:36:34.303-04:00

2013-05-16T00:00:00.000-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2013-05-15T11:13:00.000-04:00

MS MS13-042 Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers a buffer underflow, aka "Publisher Buffer Underflow Vulnerability."

cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/o:microsoft:windows_server_2008:r2:sp1:x64 cpe:/o:microsoft:windows_server_2008::sp2:x64 cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_8:-:-:x64 cpe:/o:microsoft:windows_vista:-:sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium cpe:/o:microsoft:windows_rt:- cpe:/o:microsoft:windows_7:-:sp1:x86 cpe:/o:microsoft:windows_server_2008::sp2:itanium cpe:/o:microsoft:windows_8:-:-:x86 cpe:/o:microsoft:windows_server_2008::sp2:x86 cpe:/o:microsoft:windows_7:-:sp1:x64

CVE-2013-1332

2013-05-14T23:36:34.323-04:00

2013-05-16T00:00:00.000-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-15T12:19:00.000-04:00

MS MS13-046 dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability."

cpe:/o:microsoft:windows_7:-:sp1:x64 cpe:/o:microsoft:windows_7:-:sp1:x86

CVE-2013-1333

2013-05-14T23:36:34.343-04:00

2013-05-15T00:00:00.000-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-15T12:20:00.000-04:00

MS MS13-046 Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability."

cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/o:microsoft:windows_server_2008:r2:sp1:x64 cpe:/o:microsoft:windows_server_2012:- cpe:/o:microsoft:windows_server_2008::sp2:x64 cpe:/o:microsoft:windows_8:-:-:x64 cpe:/o:microsoft:windows_xp:-:sp2:x64 cpe:/o:microsoft:windows_server_2008:-:sp2 cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium cpe:/o:microsoft:windows_rt:- cpe:/o:microsoft:windows_server_2003::sp2:itanium cpe:/o:microsoft:windows_server_2008::sp2:itanium cpe:/o:microsoft:windows_8:-:-:x86 cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/o:microsoft:windows_vista::sp2 cpe:/o:microsoft:windows_7::sp1:x86 cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_7::sp1:x64

CVE-2013-1334

2013-05-14T23:36:34.363-04:00

2013-05-15T00:00:00.000-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-15T12:22:00.000-04:00

MS MS13-046 win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability."

cpe:/a:microsoft:word:2003:sp3 cpe:/a:microsoft:word_viewer:-

CVE-2013-1335

2013-05-14T23:36:34.383-04:00

2013-05-15T12:33:07.437-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2013-05-15T12:31:00.000-04:00

MS MS13-043 Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code via crafted shape data in a Word document, aka "Word Shape Corruption Vulnerability."

cpe:/a:microsoft:.net_framework:3.5.1 cpe:/a:microsoft:.net_framework:4.5 cpe:/a:microsoft:.net_framework:2.0:sp2 cpe:/a:microsoft:.net_framework:3.5 cpe:/a:microsoft:.net_framework:4.0

CVE-2013-1336

2013-05-14T23:36:34.403-04:00

2013-05-15T12:59:21.723-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2013-05-15T12:44:00.000-04:00

MS MS13-040 The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spoofing Vulnerability."

cpe:/a:microsoft:.net_framework:4.5

CVE-2013-1337

2013-05-14T23:36:34.420-04:00

2013-05-15T00:00:00.000-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2013-05-15T12:37:00.000-04:00

MS MS13-040 Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authentication by sending queries to an endpoint, aka "Authentication Bypass Vulnerability."

cpe:/a:microsoft:malware_protection_engine:1.1.9402.0:-:%7E%7E%7E%7Ex64%7E

CVE-2013-1346

2013-05-15T06:55:01.857-04:00

2013-05-15T00:00:00.000-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2013-05-15T13:22:00.000-04:00

CONFIRM http://technet.microsoft.com/security/advisory/2846338 mpengine.dll in Microsoft Malware Protection Engine before 1.1.9506.0 on x64 platforms allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file.

cpe:/a:adobe:coldfusion:9.0 cpe:/a:adobe:coldfusion:9.0.2:update_4 cpe:/a:adobe:coldfusion:9.0:update_10 cpe:/a:adobe:coldfusion:10.0 cpe:/a:adobe:coldfusion:9.0.1:update_9 cpe:/a:adobe:coldfusion:10.0:update_4 cpe:/a:adobe:coldfusion:10.0:update_1 cpe:/a:adobe:coldfusion:9.0.1 cpe:/a:adobe:coldfusion:9.0.2 cpe:/a:adobe:coldfusion:10.0:update_3

CVE-2013-1389

2013-05-16T07:45:30.693-04:00

2013-05-16T09:56:27.933-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T09:54:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-13.html Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 11, 9.0.1 before Update 10, 9.0.2 before Update 5, and 10 before Update 10 allows remote attackers to execute arbitrary code via unknown vectors.

cpe:/a:mozilla:firefox:20.0 cpe:/a:mozilla:firefox:20.0.1 cpe:/a:mozilla:firefox:19.0 cpe:/a:mozilla:firefox:19.0.2 cpe:/a:mozilla:firefox:19.0.1

CVE-2013-1669

2013-05-16T07:45:30.720-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T10:14:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=865948 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=855236 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=854001 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=843434 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=837324 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=837007 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=834526 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=826588 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=826392 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=826104 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=822910 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=821850 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=821479 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=819775 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=814552 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=803228 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=791432 CONFIRM http://www.mozilla.org/security/announce/2013/mfsa2013-41.html Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2013-1670

2013-05-16T07:45:30.777-04:00

2013-05-16T10:03:47.010-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2013-05-16T10:00:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=853709 CONFIRM http://www.mozilla.org/security/announce/2013/mfsa2013-42.html The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site.

cpe:/a:mozilla:firefox:20.0 cpe:/a:mozilla:firefox:20.0.1 cpe:/a:mozilla:firefox:19.0 cpe:/a:mozilla:firefox:19.0.2 cpe:/a:mozilla:firefox:19.0.1

CVE-2013-1671

2013-05-16T07:45:30.797-04:00

2013-05-16T00:00:00.000-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2013-05-16T09:21:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=842255 CONFIRM http://www.mozilla.org/security/announce/2013/mfsa2013-43.html Mozilla Firefox before 21.0 does not properly implement the INPUT element, which allows remote attackers to obtain the full pathname via a crafted web site.

cpe:/a:mozilla:firefox:20.0 cpe:/a:mozilla:firefox_esr:17.0 cpe:/a:mozilla:thunderbird:17.0.5 cpe:/a:mozilla:thunderbird_esr:17.0.3 cpe:/a:mozilla:thunderbird:17.0.3 cpe:/a:mozilla:firefox:20.0.1 cpe:/a:mozilla:thunderbird_esr:17.0.4 cpe:/a:mozilla:thunderbird_esr:17.0.1 cpe:/a:mozilla:firefox_esr:17.0.4 cpe:/a:mozilla:thunderbird:17.0.4 cpe:/a:mozilla:firefox_esr:17.0.3 cpe:/a:mozilla:thunderbird_esr:17.0.5 cpe:/a:mozilla:thunderbird:17.0.1 cpe:/a:mozilla:thunderbird:17.0 cpe:/a:mozilla:firefox_esr:17.0.1 cpe:/a:mozilla:thunderbird:17.0.2 cpe:/a:mozilla:thunderbird_esr:17.0 cpe:/a:mozilla:firefox:19.0 cpe:/a:mozilla:firefox_esr:17.0.5 cpe:/a:mozilla:firefox:19.0.2 cpe:/a:mozilla:thunderbird_esr:17.0.2 cpe:/a:mozilla:firefox:19.0.1 cpe:/a:mozilla:firefox_esr:17.0.2

CVE-2013-1672

2013-05-16T07:45:30.817-04:00

2013-05-16T10:16:44.470-04:00

6.9

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T10:09:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=850492 CONFIRM http://www.mozilla.org/security/announce/2013/mfsa2013-44.html The Mozilla Maintenance Service in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 on Windows allows local users to bypass integrity verification and gain privileges via vectors involving junctions.

cpe:/a:mozilla:firefox:20.0 cpe:/a:mozilla:firefox:20.0.1 cpe:/a:mozilla:firefox:19.0 cpe:/a:mozilla:firefox:19.0.2 cpe:/a:mozilla:firefox:19.0.1

CVE-2013-1673

2013-05-16T07:45:30.840-04:00

2013-05-16T00:00:00.000-04:00

6.9

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T10:11:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=854088 CONFIRM http://www.mozilla.org/security/announce/2013/mfsa2013-45.html The Mozilla Updater in Mozilla Firefox before 21.0 on Windows does not properly maintain Mozilla Maintenance Service registry entries in certain situations involving upgrades from older Firefox versions, which allows local users to gain privileges by leveraging write access to a "trusted path."

CVE-2013-1674

2013-05-16T07:45:30.857-04:00

2013-05-16T00:00:00.000-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T10:16:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=860971 CONFIRM http://www.mozilla.org/security/announce/2013/mfsa2013-46.html Use-after-free vulnerability in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code via vectors involving an onresize event during the playing of a video.

CVE-2013-1675

2013-05-16T07:45:30.877-04:00

2013-05-16T00:00:00.000-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2013-05-16T10:23:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=866825 CONFIRM http://www.mozilla.org/security/announce/2013/mfsa2013-47.html Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.

CVE-2013-1676

2013-05-16T07:45:30.900-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T10:19:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=818454 CONFIRM http://www.mozilla.org/security/announce/2013/mfsa2013-48.html The SelectionIterator::GetNextSegment function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.

CVE-2013-1677

2013-05-16T07:45:30.923-04:00

2013-05-16T10:41:21.463-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T10:39:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=826163 CONFIRM http://www.mozilla.org/security/announce/2013/mfsa2013-48.html The gfxSkipCharsIterator::SetOffsets function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.

CVE-2013-1678

2013-05-16T07:45:30.947-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T10:22:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=839745 CONFIRM http://www.mozilla.org/security/announce/2013/mfsa2013-48.html The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via unspecified vectors.

CVE-2013-1679

2013-05-16T07:45:30.970-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T10:29:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=848237 CONFIRM http://www.mozilla.org/security/announce/2013/mfsa2013-48.html Use-after-free vulnerability in the mozilla::plugins::child::_geturlnotify function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

CVE-2013-1680

2013-05-16T07:45:30.990-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T10:30:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=850931 CONFIRM http://www.mozilla.org/security/announce/2013/mfsa2013-48.html Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

CVE-2013-1681

2013-05-16T07:45:31.017-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T10:33:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=851781 CONFIRM http://www.mozilla.org/security/announce/2013/mfsa2013-48.html Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

cpe:/a:fedoraproject:389_directory_server:1.2.10:rc1 cpe:/a:fedoraproject:389_directory_server:1.2.11.5 cpe:/a:fedoraproject:389_directory_server:1.2.6:a4 cpe:/a:fedoraproject:389_directory_server:1.2.11.8 cpe:/a:fedoraproject:389_directory_server:1.2.6:rc3 cpe:/a:fedoraproject:389_directory_server:1.2.6.1 cpe:/a:fedoraproject:389_directory_server:1.2.11.11 cpe:/a:fedoraproject:389_directory_server:1.2.5:rc4 cpe:/a:fedoraproject:389_directory_server:1.2.9.9 cpe:/a:fedoraproject:389_directory_server:1.2.11.1 cpe:/a:fedoraproject:389_directory_server:1.2.8:rc2 cpe:/a:fedoraproject:389_directory_server:1.3.0.3 cpe:/a:fedoraproject:389_directory_server:1.2.10.4 cpe:/a:fedoraproject:389_directory_server:1.2.11.15 cpe:/a:fedoraproject:389_directory_server:1.2.8.3 cpe:/a:fedoraproject:389_directory_server:1.3.0.4 cpe:/a:fedoraproject:389_directory_server:1.2.5:rc3 cpe:/a:fedoraproject:389_directory_server:1.2.2 cpe:/a:fedoraproject:389_directory_server:1.2.10.2 cpe:/a:fedoraproject:389_directory_server:1.2.11.6 cpe:/a:fedoraproject:389_directory_server:1.2.8:alpha2 cpe:/a:fedoraproject:389_directory_server:1.2.11.19 cpe:/a:fedoraproject:389_directory_server:1.2.6:rc7 cpe:/a:fedoraproject:389_directory_server:1.2.8:alpha3 cpe:/a:fedoraproject:389_directory_server:1.2.11.9 cpe:/a:fedoraproject:389_directory_server:1.2.8.1 cpe:/a:fedoraproject:389_directory_server:1.2.5:rc2 cpe:/a:fedoraproject:389_directory_server:1.2.5:rc1 cpe:/a:fedoraproject:389_directory_server:1.2.10.3 cpe:/a:fedoraproject:389_directory_server:1.2.7:alpha3 cpe:/a:fedoraproject:389_directory_server:1.2.1 cpe:/a:fedoraproject:389_directory_server:1.2.3 cpe:/a:fedoraproject:389_directory_server:1.2.11.14 cpe:/a:fedoraproject:389_directory_server:1.2.11.17 cpe:/a:fedoraproject:389_directory_server:1.2.6:a2 cpe:/a:fedoraproject:389_directory_server:1.2.10:alpha8 cpe:/a:fedoraproject:389_directory_server:1.3.0.2 cpe:/a:fedoraproject:389_directory_server:1.2.10 cpe:/a:fedoraproject:389_directory_server:1.2.7.5 cpe:/a:fedoraproject:389_directory_server:1.2.11.12 cpe:/a:fedoraproject:389_directory_server:1.2.6:a3 cpe:/a:fedoraproject:389_directory_server:1.2.6:rc6 cpe:/a:fedoraproject:389_directory_server:1.2.8.2 cpe:/a:fedoraproject:389_directory_server:1.2.8:alpha1 cpe:/a:fedoraproject:389_directory_server:1.2.6:rc2 cpe:/a:fedoraproject:389_directory_server:1.2.11.10 cpe:/a:fedoraproject:389_directory_server:1.2.10.11 cpe:/a:fedoraproject:389_directory_server:1.2.5 cpe:/a:fedoraproject:389_directory_server:1.2.6:rc1 cpe:/a:fedoraproject:389_directory_server:1.2.11.13 cpe:/a:fedoraproject:389_directory_server:1.2.8:rc1 cpe:/a:fedoraproject:389_directory_server:1.2.6

CVE-2013-1897

2013-05-13T19:55:01.717-04:00

2013-05-14T00:00:00.000-04:00

2.6

NETWORK

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov

2013-05-14T08:02:00.000-04:00

CONFIRM https://git.fedorahosted.org/cgit/389/ds.git/commit/?h=389-ds-base-1.2.11&id=5a18c828533a670e7143327893f8171a19062286 CONFIRM https://fedorahosted.org/freeipa/ticket/3540 CONFIRM https://fedorahosted.org/389/ticket/47308 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=928105 REDHAT RHSA-2013:0742 FEDORA FEDORA-2013-4578 The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the BASE search scope is used, which allows remote attackers to obtain sensitive information outside of the rootDSE via a crafted LDAP search.

cpe:/o:xen:xen:4.0.0 cpe:/o:xen:xen:4.1.3 cpe:/o:xen:xen:4.2.2 cpe:/o:xen:xen:3.3.0 cpe:/o:xen:xen:4.0.2 cpe:/o:xen:xen:3.2.2 cpe:/o:xen:xen:3.2.3 cpe:/o:xen:xen:3.3.1 cpe:/o:xen:xen:4.2.1 cpe:/o:xen:xen:4.1.2 cpe:/o:xen:xen:3.4.4 cpe:/o:xen:xen:3.4.3 cpe:/o:xen:xen:3.1.3 cpe:/o:xen:xen:4.0.3 cpe:/o:xen:xen:4.2.0 cpe:/o:xen:xen:3.4.1 cpe:/o:xen:xen:4.1.4 cpe:/o:xen:xen:4.1.1 cpe:/o:xen:xen:4.1.0 cpe:/o:xen:xen:3.4.0 cpe:/o:xen:xen:3.2.0 cpe:/o:xen:xen:3.3.2 cpe:/o:xen:xen:3.4.2 cpe:/o:xen:xen:3.2.1 cpe:/o:xen:xen:4.0.4 cpe:/o:xen:xen:3.1.4 cpe:/o:xen:xen:4.0.1

CVE-2013-1917

2013-05-13T19:55:01.757-04:00

2013-05-14T00:00:00.000-04:00

1.9

LOCAL

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2013-05-14T08:30:00.000-04:00

SECTRACK 1028455 MLIST [oss-security] 20130418 Xen Security Advisory 44 (CVE-2013-1917) - Xen PV DoS vulnerability with SYSENTER DEBIAN DSA-2662 Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction.

cpe:/o:xen:xen:4.2.0 cpe:/o:xen:xen:4.1.5 cpe:/o:xen:xen:4.2.1 cpe:/o:xen:xen:4.1.4 cpe:/o:xen:xen:4.1.3 cpe:/o:xen:xen:4.1.2 cpe:/o:xen:xen:4.2.2 cpe:/o:xen:xen:4.1.1 cpe:/o:xen:xen:4.1.0

CVE-2013-1918

2013-05-13T19:55:01.790-04:00

2013-05-14T00:00:00.000-04:00

4.7

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2013-05-14T08:29:00.000-04:00

BID 59615 MLIST [oss-security] 20130502 Xen Security Advisory 45 (CVE-2013-1918) - Several long latency operations are not preemptible SECUNIA 53187 Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to "deep page table traversal."

cpe:/o:xen:xen:4.2.0 cpe:/o:xen:xen:4.1.5 cpe:/o:xen:xen:4.2.1 cpe:/o:xen:xen:4.1.4 cpe:/o:xen:xen:4.1.3 cpe:/o:xen:xen:4.1.2 cpe:/o:xen:xen:4.2.2 cpe:/o:xen:xen:4.1.1 cpe:/o:xen:xen:4.1.0

CVE-2013-1919

2013-05-13T19:55:01.813-04:00

2013-05-14T08:51:01.537-04:00

4.7

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2013-05-14T08:50:00.000-04:00

BID 59292 MLIST [oss-security] 20130418 Xen Security Advisory 46 (CVE-2013-1919) - Several access permission issues with IRQs for unprivileged guests DEBIAN DSA-2662 FEDORA FEDORA-2013-6641 Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which allows local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to "passed-through IRQs or PCI devices."

cpe:/o:xen:xen:4.2.0 cpe:/o:xen:xen:4.2.1 cpe:/o:xen:xen:4.2.2

CVE-2013-1922

2013-05-13T19:55:01.850-04:00

2013-05-14T08:55:44.250-04:00

3.3

LOCAL

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2013-05-14T08:53:00.000-04:00

SECTRACK 1028426 MLIST [oss-security] 20130416 CVE-2013-1922 -- qemu: qemu-nbd block format auto-detection vulnerability MLIST [oss-security] 20130415 Xen Security Advisory 48 (CVE-2013-1922) - qemu-nbd format-guessing due to missing format specification FEDORA FEDORA-2013-6211 qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted, a different vulnerability than CVE-2008-2004.

cpe:/o:canonical:ubuntu_linux:11.10 cpe:/o:canonical:ubuntu_linux:12.04:-:lts cpe:/o:canonical:ubuntu_linux:11.04 cpe:/a:x:x.org-xserver:1.4.0 cpe:/a:x:x.org-xserver:1.13.3 cpe:/o:canonical:ubuntu_linux:12.10

CVE-2013-1940

2013-05-13T19:55:01.963-04:00

2013-05-14T00:00:00.000-04:00

2.1

LOCAL

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2013-05-14T09:47:00.000-04:00

CONFIRM https://bugs.freedesktop.org/show_bug.cgi?id=63353 UBUNTU USN-1803-1 MLIST [oss-security] 20130418 Xorg-x11-server: Information disclosure due enabling events from hot-plug devices despite input from the device being momentarily disabled DEBIAN DSA-2661 FEDORA FEDORA-2013-5883 FEDORA FEDORA-2013-5928 X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty.

cpe:/o:xen:xen:4.0.0 cpe:/o:xen:xen:4.0.2 cpe:/o:xen:xen:4.0.3 cpe:/o:xen:xen:4.2.0 cpe:/o:xen:xen:4.2.1 cpe:/o:xen:xen:4.1.4 cpe:/o:xen:xen:4.1.3 cpe:/o:xen:xen:4.1.2 cpe:/o:xen:xen:4.2.2 cpe:/o:xen:xen:4.0.4 cpe:/o:xen:xen:4.1.1 cpe:/o:xen:xen:4.0.1 cpe:/o:xen:xen:4.1.0

CVE-2013-1952

2013-05-13T19:55:02.000-04:00

2013-05-14T00:00:00.000-04:00

1.9

LOCAL

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2013-05-14T09:59:00.000-04:00

XF xen-cve20131952-dos(83968) BID 59617 MLIST [oss-security] 20130502 Xen Security Advisory 49 (CVE-2013-1952) - VT-d interrupt remapping source validation flaw for bridges SECUNIA 53312 OSVDB 92984 Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, does not properly check the source when accessing a bridge device's interrupt remapping table entries for MSI interrupts, which allows local guest domains to cause a denial of service (interrupt injection) via unspecified vectors.

cpe:/a:clamav:clamav:0.90.1 cpe:/a:clamav:clamav:0.96.4 cpe:/o:canonical:ubuntu_linux:13.04 cpe:/a:clamav:clamav:0.93.2 cpe:/a:clamav:clamav:0.91.1 cpe:/a:clamav:clamav:0.93.3 cpe:/a:clamav:clamav:0.95.3 cpe:/a:clamav:clamav:0.93.1 cpe:/a:clamav:clamav:0.96:rc2 cpe:/a:clamav:clamav:0.96.3 cpe:/a:clamav:clamav:0.90.2 cpe:/a:clamav:clamav:0.95:src1 cpe:/a:clamav:clamav:0.95 cpe:/a:clamav:clamav:0.96.1 cpe:/o:canonical:ubuntu_linux:11.10 cpe:/a:clamav:clamav:0.97.3 cpe:/a:clamav:clamav:0.92_p0 cpe:/a:clamav:clamav:0.96.2 cpe:/o:canonical:ubuntu_linux:12.04:-:lts cpe:/a:clamav:clamav:0.94.1 cpe:/a:clamav:clamav:0.90:rc3 cpe:/a:clamav:clamav:0.90.3 cpe:/a:clamav:clamav:0.91.2_p0 cpe:/o:canonical:ubuntu_linux:10.04:-:lts cpe:/a:clamav:clamav:0.97:rc cpe:/a:clamav:clamav:0.96.5 cpe:/a:clamav:clamav:0.95:rc1 cpe:/a:clamav:clamav:0.91.2 cpe:/a:clamav:clamav:0.97.5 cpe:/a:clamav:clamav:0.93 cpe:/a:clamav:clamav:0.90.3_p0 cpe:/a:clamav:clamav:0.97.1 cpe:/a:clamav:clamav:0.97 cpe:/a:clamav:clamav:0.94.2 cpe:/a:clamav:clamav:0.90:rc1.1 cpe:/a:clamav:clamav:0.95:rc2 cpe:/a:clamav:clamav:0.90.2_p0 cpe:/a:clamav:clamav:0.92 cpe:/a:clamav:clamav:0.91:rc1 cpe:/a:clamav:clamav:0.90 cpe:/a:clamav:clamav:0.96 cpe:/o:canonical:ubuntu_linux:12.10 cpe:/a:clamav:clamav:0.91 cpe:/a:clamav:clamav:0.90.3_p1 cpe:/a:clamav:clamav:0.97.4 cpe:/a:clamav:clamav:0.9:rc1 cpe:/a:clamav:clamav:0.95.1 cpe:/a:clamav:clamav:0.95.2 cpe:/a:clamav:clamav:0.90.1_p0 cpe:/a:clamav:clamav:0.92.1 cpe:/a:clamav:clamav:0.97.2 cpe:/a:clamav:clamav:0.91:rc2 cpe:/a:clamav:clamav:0.94 cpe:/a:clamav:clamav:0.90:rc1 cpe:/a:clamav:clamav:0.97.7 cpe:/a:clamav:clamav:0.96:rc1 cpe:/a:clamav:clamav:0.90:rc2 cpe:/a:clamav:clamav:0.95:src2

CVE-2013-2020

2013-05-13T19:55:02.243-04:00

2013-05-14T14:14:49.180-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2013-05-14T10:21:00.000-04:00

CONFIRM http://blog.clamav.net/2013/04/clamav-0978-has-been-released.html CONFIRM https://github.com/vrtadmin/clamav-devel/commit/270e368b99e93aa5447d46c797c92c3f9f39f375 CONFIRM https://bugzilla.clamav.net/show_bug.cgi?id=7055 UBUNTU USN-1816-1 BID 59434 MLIST [oss-security] 20130429 Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? MLIST [oss-security] 20130424 Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? MANDRIVA MDVSA-2013:159 SECUNIA 53182 SECUNIA 53150 Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read.

cpe:/o:canonical:ubuntu_linux:11.10 cpe:/o:canonical:ubuntu_linux:13.04 cpe:/a:clamav:clamav:0.97.7 cpe:/a:clamav:clamav:0.97.3 cpe:/a:clamav:clamav:0.97.2 cpe:/a:clamav:clamav:0.97.5 cpe:/o:canonical:ubuntu_linux:12.04:-:lts cpe:/a:clamav:clamav:0.97.1 cpe:/a:clamav:clamav:0.97.4 cpe:/a:clamav:clamav:0.97.6 cpe:/o:canonical:ubuntu_linux:10.04:-:lts cpe:/o:canonical:ubuntu_linux:12.10

CVE-2013-2021

2013-05-13T19:55:02.277-04:00

2013-05-14T00:00:00.000-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2013-05-14T10:14:00.000-04:00

CONFIRM https://github.com/vrtadmin/clamav-devel/commit/24ff855c82d3f5c62bc5788a5776cefbffce2971 CONFIRM https://bugzilla.clamav.net/show_bug.cgi?id=7053 UBUNTU USN-1816-1 BID 59434 MLIST [oss-security] 20130429 Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? MLIST [oss-security] 20130424 Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? MANDRIVA MDVSA-2013:159 SECUNIA 53182 SECUNIA 53150 CONFIRM http://blog.clamav.net/2013/04/clamav-0978-has-been-released.html pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file.

cpe:/o:linux:linux_kernel:3.8.8 cpe:/o:linux:linux_kernel:3.8.4 cpe:/o:linux:linux_kernel:3.8.0 cpe:/o:linux:linux_kernel:3.8.6 cpe:/o:linux:linux_kernel:3.8.1 cpe:/o:linux:linux_kernel:3.8.3 cpe:/o:linux:linux_kernel:3.8.7 cpe:/o:linux:linux_kernel:3.8.5 cpe:/o:linux:linux_kernel:3.8.2

CVE-2013-2094

2013-05-14T16:55:01.527-04:00

2013-05-14T00:00:00.000-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-14T19:31:00.000-04:00

MISC http://twitter.com/djrbliss/statuses/334301992648331267 CONFIRM http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8176cced706b5e5d15887584150764894e94e02f CONFIRM https://github.com/torvalds/linux/commit/8176cced706b5e5d15887584150764894e94e02f CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=962792 MISC http://www.reddit.com/r/netsec/comments/1eb9iw MLIST [oss-security] 20130514 Re: CVE Request: linux kernel perf out-of-bounds access CONFIRM http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9 MISC http://packetstormsecurity.com/files/121616/semtex.c MISC http://news.ycombinator.com/item?id=5703758 MLIST [linux-kernel] 20130413 Re: sw_perf_event_destroy() oops while fuzzing MLIST [linux-kernel] 20130412 Re: sw_perf_event_destroy() oops while fuzzing MLIST [linux-kernel] 20130412 sw_perf_event_destroy() oops while fuzzing The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.

cpe:/a:netweblogic:login_with_ajax:3.1 cpe:/a:netweblogic:login_with_ajax:3.0.1 cpe:/a:netweblogic:login_with_ajax:3.0.4 cpe:/a:netweblogic:login_with_ajax:2.1.5 cpe:/a:netweblogic:login_with_ajax:3.0.2 cpe:/a:netweblogic:login_with_ajax:2.21 cpe:/a:netweblogic:login_with_ajax:2.1.2 cpe:/a:netweblogic:login_with_ajax:2.1.1 cpe:/a:netweblogic:login_with_ajax:3.0 cpe:/a:netweblogic:login_with_ajax:2.1.4 cpe:/a:netweblogic:login_with_ajax:3.0.4.1 cpe:/a:netweblogic:login_with_ajax:3.0.3 cpe:/a:netweblogic:login_with_ajax:2.1 cpe:/a:netweblogic:login_with_ajax:2.2 cpe:/a:netweblogic:login_with_ajax:3.0b3 cpe:/a:netweblogic:login_with_ajax:3.0b cpe:/a:netweblogic:login_with_ajax:2.1.3

CVE-2013-2707

2013-05-10T07:42:30.303-04:00

2013-05-10T00:00:00.000-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2013-05-10T11:16:00.000-04:00

MISC http://wordpress.org/extend/plugins/login-with-ajax/changelog/ SECUNIA 52950 Cross-site request forgery (CSRF) vulnerability in the Login With Ajax plugin before 3.1 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that modify this plugin's settings.

cpe:/a:adobe:acrobat:9.5.4 cpe:/a:adobe:acrobat:9.3.4:- cpe:/a:adobe:acrobat:10.1.3 cpe:/a:adobe:acrobat_reader:9.0 cpe:/a:adobe:acrobat_reader:10.1.3 cpe:/a:adobe:acrobat_reader:9.1.3 cpe:/a:adobe:acrobat:10.1 cpe:/a:adobe:acrobat:9.3.1:- cpe:/a:adobe:acrobat:9.4.2:- cpe:/a:adobe:acrobat:9.0:-:pro cpe:/a:adobe:acrobat:9.4.5:- cpe:/a:adobe:acrobat_reader:10.1.6 cpe:/a:adobe:acrobat_reader:11.0.1 cpe:/a:adobe:acrobat:10.0.1:-:pro cpe:/a:adobe:acrobat_reader:11.0 cpe:/a:adobe:acrobat:10.1.2 cpe:/a:adobe:acrobat_reader:10.1.4 cpe:/a:adobe:acrobat_reader:9.4.1 cpe:/a:adobe:acrobat:9.1.1:- cpe:/a:adobe:acrobat:9.1.3:- cpe:/a:adobe:acrobat:9.1.3 cpe:/a:adobe:acrobat:9.1:-:pro cpe:/a:adobe:acrobat_reader:9.1.2 cpe:/a:adobe:acrobat_reader:9.4.6 cpe:/a:adobe:acrobat_reader:10.0.2 cpe:/a:adobe:acrobat:10.1.5 cpe:/a:adobe:acrobat_reader:10.1.2 cpe:/a:adobe:acrobat:10.1.4 cpe:/a:adobe:acrobat_reader:9.4 cpe:/a:adobe:acrobat:9.4.1:- cpe:/a:adobe:acrobat:9.0 cpe:/a:adobe:acrobat_reader:9.5 cpe:/a:adobe:acrobat_reader:10.0 cpe:/a:adobe:acrobat_reader:9.1 cpe:/a:adobe:acrobat_reader:10.0.1 cpe:/a:adobe:acrobat:9.5.1 cpe:/a:adobe:acrobat_reader:10.1.1 cpe:/a:adobe:acrobat:10.0.1 cpe:/a:adobe:acrobat:9.3.3 cpe:/a:adobe:acrobat_reader:9.4.5 cpe:/a:adobe:acrobat:10.0 cpe:/a:adobe:acrobat_reader:9.5.4 cpe:/a:adobe:acrobat:9.3.1 cpe:/a:adobe:acrobat_reader:9.5.3 cpe:/a:adobe:acrobat:9.4.7 cpe:/a:adobe:acrobat:10.0:-:pro cpe:/a:adobe:acrobat:11.0 cpe:/a:adobe:acrobat_reader:10.1 cpe:/a:adobe:acrobat_reader:9.3.2 cpe:/a:adobe:acrobat:9.4.6 cpe:/a:adobe:acrobat:9.4.2 cpe:/a:adobe:acrobat:11.0.1 cpe:/a:adobe:acrobat:9.5.3 cpe:/a:adobe:acrobat_reader:10.0.3 cpe:/a:adobe:acrobat:9.1.2 cpe:/a:adobe:acrobat_reader:9.4.3 cpe:/a:adobe:acrobat:9.5.2 cpe:/a:adobe:acrobat:9.4.1 cpe:/a:adobe:acrobat:9.4.4:- cpe:/a:adobe:acrobat:9.4.6:- cpe:/a:adobe:acrobat:9.2:- cpe:/a:adobe:acrobat:9.3 cpe:/a:adobe:acrobat:9.3.2:- cpe:/a:adobe:acrobat_reader:9.3.1 cpe:/a:adobe:acrobat_reader:9.1.1 cpe:/a:adobe:acrobat_reader:9.4.2 cpe:/a:adobe:acrobat:9.1 cpe:/a:adobe:acrobat:9.2 cpe:/a:adobe:acrobat:9.4.4 cpe:/a:adobe:acrobat:9.1.1 cpe:/a:adobe:acrobat:9.4.3 cpe:/a:adobe:acrobat_reader:10.1.5 cpe:/a:adobe:acrobat:10.0.3 cpe:/a:adobe:acrobat:9.5 cpe:/a:adobe:acrobat_reader:9.5.1 cpe:/a:adobe:acrobat_reader:9.3.4 cpe:/a:adobe:acrobat:10.0.2 cpe:/a:adobe:acrobat:9.3.4 cpe:/a:adobe:acrobat_reader:9.3.3 cpe:/a:adobe:acrobat:11.0.2 cpe:/a:adobe:acrobat:10.1.1 cpe:/a:adobe:acrobat:9.4.5 cpe:/a:adobe:acrobat:9.3:-:pro cpe:/a:adobe:acrobat:10.1.6 cpe:/a:adobe:acrobat:9.3.2 cpe:/a:adobe:acrobat_reader:9.3 cpe:/a:adobe:acrobat_reader:11.0.2 cpe:/a:adobe:acrobat_reader:9.2 cpe:/a:adobe:acrobat:9.4 cpe:/a:adobe:acrobat_reader:9.4.4 cpe:/a:adobe:acrobat_reader:9.4.7 cpe:/a:adobe:acrobat_reader:9.5.2 cpe:/a:adobe:acrobat:9.4.3:-

CVE-2013-2718

2013-05-16T07:45:31.037-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T10:36:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-15.html Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2719

2013-05-16T07:45:31.060-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T10:43:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-15.html Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2720

2013-05-16T07:45:31.080-04:00

2013-05-16T10:57:29.960-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T10:56:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-15.html Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2721

2013-05-16T07:45:31.100-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T10:50:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-15.html Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2722

2013-05-16T07:45:31.120-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T10:51:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-15.html Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2723

2013-05-16T07:45:31.140-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T11:12:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-15.html Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2724

2013-05-16T07:45:31.160-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T11:16:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-15.html Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors.

CVE-2013-2725

2013-05-16T07:45:31.180-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T11:17:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-15.html Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2726

2013-05-16T07:45:31.200-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T09:28:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-15.html Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2727

2013-05-16T07:45:31.220-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T11:20:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-15.html Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2729.

cpe:/a:adobe:flash_player:11.6.602.168 cpe:/a:adobe:adobe_air:3.5.0.600 cpe:/a:adobe:flash_player:10.3.183.48 cpe:/a:adobe:flash_player:7.0.53.0 cpe:/a:adobe:flash_player:11.1.102.62 cpe:/a:adobe:flash_player:10.3.183.61 cpe:/a:adobe:flash_player:11.3.300.273 cpe:/a:adobe:flash_player:10.3.183.5 cpe:/a:adobe:flash_player:10.3.183.15 cpe:/a:adobe:flash_player:6.0.21.0 cpe:/a:adobe:flash_player:7.0.1 cpe:/a:adobe:adobe_air:3.1.0.4880 cpe:/a:adobe:flash_player:11.2.202.270 cpe:/a:adobe:adobe_air:3.5.0.880 cpe:/a:adobe:flash_player:11.5.502.110 cpe:/a:adobe:flash_player:11.4.402.265 cpe:/a:adobe:flash_player:11.2.202.275 cpe:/a:adobe:flash_player:10.3.183.67 cpe:/a:adobe:flash_player:9.0.28.0 cpe:/a:adobe:flash_player:9.0.31.0 cpe:/a:adobe:flash_player:7.0.25 cpe:/a:adobe:flash_player:11.1.115.54 cpe:/a:adobe:flash_player:9.0.262.0 cpe:/a:adobe:flash_player:7.1 cpe:/a:adobe:flash_player:7.0.61.0 cpe:/a:adobe:flash_player:11.2.202.223 cpe:/a:adobe:flash_player:9.0.20.0 cpe:/a:adobe:flash_player:10.3.183.19 cpe:/a:adobe:flash_player:11.5.502.149 cpe:/a:adobe:adobe_air_sdk:3.4.0.2710 cpe:/a:adobe:flash_player:9.0.125.0 cpe:/a:adobe:flash_player:10.3.181.23 cpe:/a:adobe:flash_player:10.3.183.16 cpe:/a:adobe:flash_player:11.2.202.258 cpe:/a:adobe:flash_player:11.6.602.171 cpe:/a:adobe:flash_player:7.0.73.0 cpe:/a:adobe:flash_player:9.0.124.0 cpe:/a:adobe:flash_player:7.0.63 cpe:/a:adobe:flash_player:11.1.115.34 cpe:/a:adobe:flash_player:10.0.15.3 cpe:/a:adobe:flash_player:11.1.111.44 cpe:/a:adobe:flash_player:9.0.260.0 cpe:/a:adobe:flash_player:10.3.183.29 cpe:/a:adobe:flash_player:10.1 cpe:/a:adobe:flash_player:10.2.154.25 cpe:/a:adobe:flash_player:11.6.602.180 cpe:/a:adobe:flash_player:8.0.35.0 cpe:/a:adobe:flash_player:6.0.79 cpe:/a:adobe:adobe_air_sdk:3.5.0.1060 cpe:/a:adobe:adobe_air:3.5.0.890 cpe:/a:adobe:flash_player:7.0.66.0 cpe:/a:adobe:flash_player:9.0.48.0 cpe:/a:adobe:flash_player:9.0.20 cpe:/a:adobe:flash_player:10.1.106.17 cpe:/a:adobe:flash_player:11.3.300.270 cpe:/a:adobe:flash_player:11.3.300.265 cpe:/a:adobe:flash_player:9.125.0 cpe:/a:adobe:flash_player:10.1.92.8 cpe:/a:adobe:flash_player:7.0.68.0 cpe:/a:adobe:flash_player:11.1.102.55 cpe:/a:adobe:flash_player:9.0.9.0 cpe:/a:adobe:adobe_air:3.2.0.207 cpe:/a:adobe:flash_player:8.0.34.0 cpe:/a:adobe:flash_player:8.0.42.0 cpe:/a:adobe:adobe_air_sdk:3.3.0.3690 cpe:/a:adobe:flash_player:9.0.28 cpe:/a:adobe:flash_player:7.1.1 cpe:/a:adobe:flash_player:10.3.183.63 cpe:/a:adobe:flash_player:7.2 cpe:/a:adobe:adobe_air_sdk:3.1.0.488 cpe:/a:adobe:flash_player:9.0.151.0 cpe:/a:adobe:adobe_air_sdk:3.0.0.4080 cpe:/a:adobe:flash_player:10.2.156.12 cpe:/a:adobe:flash_player:10.1.52.14.1 cpe:/a:adobe:flash_player:10.3.183.18 cpe:/a:adobe:flash_player:10.3.183.68 cpe:/a:adobe:flash_player:10.0.22.87 cpe:/a:adobe:flash_player:9.0.155.0 cpe:/a:adobe:flash_player:9.0.18d60 cpe:/a:adobe:flash_player:9.0.112.0 cpe:/a:adobe:flash_player:10.1.102.64 cpe:/a:adobe:flash_player:10.2.152.32 cpe:/a:adobe:flash_player:11.5.502.135 cpe:/a:adobe:flash_player:7.0.70.0 cpe:/a:adobe:flash_player:9.0.152.0 cpe:/a:adobe:flash_player:11.1.111.8 cpe:/a:adobe:flash_player:11.2.202.261 cpe:/a:adobe:flash_player:11.7.700.169 cpe:/a:adobe:flash_player:7.0.69.0 cpe:/a:adobe:flash_player:11.5.502.146 cpe:/a:adobe:flash_player:8.0 cpe:/a:adobe:flash_player:10.3.181.34 cpe:/a:adobe:flash_player:7.0.19.0 cpe:/a:adobe:flash_player:10.2.154.13 cpe:/a:adobe:flash_player:7.0.67.0 cpe:/a:adobe:flash_player:10.0.12.10 cpe:/a:adobe:flash_player:11.2.202.235 cpe:/a:adobe:adobe_air:3.4.0.2710 cpe:/a:adobe:flash_player:9.0.283.0 cpe:/a:adobe:flash_player:11.2.202.280 cpe:/a:adobe:adobe_air_sdk:3.5.0.890 cpe:/a:adobe:flash_player:10.0.12.36 cpe:/a:adobe:flash_player:7.0.60.0 cpe:/a:adobe:flash_player:10.3.181.16 cpe:/a:adobe:adobe_air:3.1.0.488 cpe:/a:adobe:adobe_air:3.0.0.408 cpe:/a:adobe:adobe_air:3.5.0.1060 cpe:/a:adobe:flash_player:11.2.202.236 cpe:/a:adobe:flash_player:10.2.157.51 cpe:/a:adobe:adobe_air:3.6.0.597 cpe:/a:adobe:flash_player:10.2.153.1 cpe:/a:adobe:flash_player:11.1.115.7 cpe:/a:adobe:flash_player:11.1 cpe:/a:adobe:adobe_air:3.6.0.6090 cpe:/a:adobe:flash_player:9.0.246.0 cpe:/a:adobe:adobe_air_sdk:3.7.0.1530 cpe:/a:adobe:flash_player:10.0.32.18 cpe:/a:adobe:flash_player:10.2.152.33 cpe:/a:adobe:flash_player:11.1.111.50 cpe:/a:adobe:adobe_air:3.3.0.3670 cpe:/a:adobe:flash_player:11.5.502.136 cpe:/a:adobe:flash_player:10.1.95.2 cpe:/a:adobe:flash_player:10.0.0.584 cpe:/a:adobe:flash_player:10.1.85.3 cpe:/a:adobe:flash_player:11.2.202.273 cpe:/a:adobe:flash_player:9.0.280 cpe:/a:adobe:flash_player:9.0 cpe:/a:adobe:flash_player:11.2.202.238 cpe:/a:adobe:adobe_air:3.0.0.4080 cpe:/a:adobe:flash_player:11.0.1.153 cpe:/a:adobe:flash_player:11.2.202.228 cpe:/a:adobe:adobe_air:3.2.0.2070 cpe:/a:adobe:flash_player:7.0.24.0 cpe:/a:adobe:flash_player:11.3.300.262 cpe:/a:adobe:flash_player:10.3.183.11 cpe:/a:adobe:flash_player:10.1.53.64 cpe:/a:adobe:flash_player:10.1.82.76 cpe:/a:adobe:flash_player:10.3.181.14 cpe:/a:adobe:flash_player:8.0.39.0 cpe:/a:adobe:flash_player:10.3.181.26 cpe:/a:adobe:flash_player:10.3.181.22 cpe:/a:adobe:flash_player:11.4.402.287 cpe:/a:adobe:flash_player:11.0.1.152 cpe:/a:adobe:flash_player:10.2.152.26 cpe:/a:adobe:flash_player:9.0.31 cpe:/a:adobe:flash_player:11.3.300.257 cpe:/a:adobe:flash_player:11.4.402.278 cpe:/a:adobe:flash_player:9.0.159.0 cpe:/a:adobe:flash_player:10.3.183.23 cpe:/a:adobe:adobe_air_sdk:3.6.0.599 cpe:/a:adobe:flash_player:10.3.183.43 cpe:/a:adobe:flash_player:10.1.52.15 cpe:/a:adobe:adobe_air:3.4.0.2540 cpe:/a:adobe:adobe_air_sdk:3.4.0.2540 cpe:/a:adobe:flash_player:10.2.159.1 cpe:/a:adobe:flash_player:10.3.183.20 cpe:/a:adobe:flash_player:9.0.277.0 cpe:/a:adobe:flash_player:9.0.45.0 cpe:/a:adobe:flash_player:10.2.152 cpe:/a:adobe:flash_player:11.2.202.233 cpe:/a:adobe:flash_player:8.0.24.0 cpe:/a:adobe:flash_player:10.1.52.14 cpe:/a:adobe:flash_player:11.1.115.48 cpe:/a:adobe:flash_player:10.0.42.34 cpe:/a:adobe:flash_player:8.0.22.0 cpe:/a:adobe:flash_player:8.0.33.0 cpe:/a:adobe:flash_player:10.3.183.7 cpe:/a:adobe:flash_player:11.0 cpe:/a:adobe:flash_player:10.3.183.25 cpe:/a:adobe:flash_player:9.0.114.0 cpe:/a:adobe:adobe_air_sdk:3.5.0.600 cpe:/a:adobe:flash_player:10.1.105.6 cpe:/a:adobe:flash_player:7.0 cpe:/a:adobe:flash_player:11.1.102.59 cpe:/a:adobe:flash_player:11.3.300.271 cpe:/a:adobe:flash_player:11.2.202.262 cpe:/a:adobe:flash_player:10.1.92.10 cpe:/a:adobe:flash_player:7.0.14.0 cpe:/a:adobe:flash_player:9.0.115.0 cpe:/a:adobe:flash_player:9.0.16 cpe:/a:adobe:adobe_air_sdk:3.3.0.3650 cpe:/a:adobe:flash_player:11.1.102.63 cpe:/a:adobe:flash_player:11.6.602.167 cpe:/a:adobe:adobe_air:3.7.0.1530 cpe:/a:adobe:flash_player:9.0.47.0 cpe:/a:adobe:flash_player:10.3.183.10 cpe:/a:adobe:flash_player:11.2.202.251 cpe:/a:adobe:flash_player:10.3.183.50 cpe:/a:adobe:flash_player:11.3.300.268 cpe:/a:adobe:flash_player:10.0.2.54 cpe:/a:adobe:flash_player:10.1.106.16 cpe:/a:adobe:flash_player:9.0.8.0 cpe:/a:adobe:flash_player:10.3.183.75 cpe:/a:adobe:adobe_air:3.1.0.485 cpe:/a:adobe:adobe_air_sdk:3.2.0.2070 cpe:/a:adobe:adobe_air_sdk:3.6.0.6090 cpe:/a:adobe:flash_player:11.2.202.243 cpe:/a:adobe:flash_player:10.0.45.2 cpe:/a:adobe:adobe_air_sdk:3.5.0.880 cpe:/a:adobe:flash_player:10.3.183.51 cpe:/a:adobe:flash_player:10.1.95.1

CVE-2013-2728

2013-05-16T07:45:31.240-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T12:27:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-14.html Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.

CVE-2013-2729

2013-05-16T07:45:31.263-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T11:23:00.000-04:00

CVE-2013-2730

2013-05-16T07:45:31.287-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T11:29:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-15.html Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2733.

CVE-2013-2731

2013-05-16T07:45:31.313-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T12:26:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-15.html Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2732

2013-05-16T07:45:31.373-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T12:29:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-15.html Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2733

2013-05-16T07:45:31.393-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T12:31:00.000-04:00

CVE-2013-2734

2013-05-16T07:45:31.413-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T12:34:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-15.html Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2735

2013-05-16T07:45:31.437-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T12:35:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-15.html Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2736

2013-05-16T07:45:31.453-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T12:38:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-15.html Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2737

2013-05-16T07:45:31.477-04:00

2013-05-16T00:00:00.000-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2013-05-16T12:38:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-15.html A JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to obtain sensitive information via unspecified vectors.

cpe:/a:ibm:lotus_notes:8.5.3.4 cpe:/a:ibm:lotus_notes:8.5.2.3 cpe:/a:ibm:lotus_notes:8.5.1.3 cpe:/a:ibm:lotus_notes:8.5.1.5 cpe:/a:ibm:lotus_notes:8.5.3.2 cpe:/a:ibm:lotus_notes:8.5.1 cpe:/a:ibm:lotus_notes:8.5.1.0 cpe:/a:ibm:lotus_notes:8.5.3.1 cpe:/a:ibm:lotus_notes:8.5.0.0 cpe:/a:ibm:lotus_notes:8.5.1.2 cpe:/a:ibm:lotus_notes:8.5.0.1 cpe:/a:ibm:lotus_notes:8.5.3 cpe:/a:ibm:lotus_notes:8.5.3.3 cpe:/a:ibm:lotus_notes:8.5.1.1 cpe:/a:ibm:lotus_notes:9.0.0.0 cpe:/a:ibm:lotus_notes:8.5.2.2 cpe:/a:ibm:lotus_notes:8.5.2.0 cpe:/a:ibm:lotus_notes:8.5 cpe:/a:ibm:lotus_notes:8.5.2.1 cpe:/a:ibm:lotus_notes:8.5.1.4

CVE-2013-2977

2013-05-10T07:42:30.323-04:00

2013-05-10T00:00:00.000-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2013-05-10T11:13:00.000-04:00

XF ibm-notes-cve20132977-bo(83967) CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21635878 Integer overflow in IBM Notes 8.5.x before 8.5.3 FP4 Interim Fix 1 and 9.x before 9.0 Interim Fix 1 on Windows, and 8.5.x before 8.5.3 FP5 and 9.x before 9.0.1 on Linux, allows remote attackers to execute arbitrary code via a malformed PNG image in a previewed e-mail message, aka SPR NPEI96K82Q.

cpe:/a:wppa.opajaap:wp-photo-album-plus:5.0.2 cpe:/a:wppa.opajaap:wp-photo-album-plus:5.0.1 cpe:/a:wppa.opajaap:wp-photo-album-plus:5.0.0

CVE-2013-3254

2013-05-10T07:42:30.347-04:00

2013-05-10T00:00:00.000-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2013-05-10T11:53:00.000-04:00

CONFIRM http://wordpress.org/extend/plugins/wp-photo-album-plus/changelog/ SECUNIA 53105 Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the WP Photo Album Plus plugin before 5.0.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the commentid parameter in a wppa_manage_comments edit action.

CVE-2013-3324

2013-05-16T07:45:31.497-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T12:45:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-14.html Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.

CVE-2013-3325

2013-05-16T07:45:31.517-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T12:44:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-14.html Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.

CVE-2013-3326

2013-05-16T07:45:31.537-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T12:49:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-14.html Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.

CVE-2013-3327

2013-05-16T07:45:31.560-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T12:49:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-14.html Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.

CVE-2013-3328

2013-05-16T07:45:31.580-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T13:08:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-14.html Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.

CVE-2013-3329

2013-05-16T07:45:31.600-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T12:57:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-14.html Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.

CVE-2013-3330

2013-05-16T07:45:31.623-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T13:01:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-14.html Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.

CVE-2013-3331

2013-05-16T07:45:31.643-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T13:03:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-14.html Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.

CVE-2013-3332

2013-05-16T07:45:31.673-04:00

2013-05-16T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2013-05-16T13:05:00.000-04:00

CONFIRM http://www.adobe.com/support/security/bulletins/apsb13-14.html Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.