Total
3087 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-0986 | 2 Apple, Microsoft | 5 Mac Os X, Quicktime, Windows 7 and 2 more | 2024-02-28 | 9.3 HIGH | N/A |
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted enof atoms in a movie file. | |||||
CVE-2013-1334 | 1 Microsoft | 8 Windows 7, Windows 8, Windows Rt and 5 more | 2024-02-28 | 7.2 HIGH | N/A |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability." | |||||
CVE-2012-0180 | 1 Microsoft | 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more | 2024-02-28 | 7.2 HIGH | N/A |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability." | |||||
CVE-2013-1019 | 2 Apple, Microsoft | 5 Iphone Os, Quicktime, Windows 7 and 2 more | 2024-02-28 | 9.3 HIGH | N/A |
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. | |||||
CVE-2013-0988 | 2 Apple, Microsoft | 4 Quicktime, Windows 7, Windows Vista and 1 more | 2024-02-28 | 9.3 HIGH | N/A |
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FPX file. | |||||
CVE-2012-1880 | 1 Microsoft | 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more | 2024-02-28 | 9.3 HIGH | N/A |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "insertRow Remote Code Execution Vulnerability." | |||||
CVE-2013-1271 | 1 Microsoft | 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more | 2024-02-28 | 4.9 MEDIUM | N/A |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. | |||||
CVE-2013-0089 | 1 Microsoft | 9 Internet Explorer, Windows 7, Windows 8 and 6 more | 2024-02-28 | 9.3 HIGH | N/A |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CMarkupBehaviorContext Use After Free Vulnerability." | |||||
CVE-2012-1895 | 1 Microsoft | 6 .net Framework, Windows 7, Windows Server 2003 and 3 more | 2024-02-28 | 9.3 HIGH | N/A |
The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability." | |||||
CVE-2013-0992 | 2 Apple, Microsoft | 4 Itunes, Windows 7, Windows Vista and 1 more | 2024-02-28 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | |||||
CVE-2013-1005 | 2 Apple, Microsoft | 5 Iphone Os, Itunes, Windows 7 and 2 more | 2024-02-28 | 9.3 HIGH | N/A |
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | |||||
CVE-2013-2554 | 1 Microsoft | 1 Windows 7 | 2024-02-28 | 7.5 HIGH | N/A |
Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0787. | |||||
CVE-2012-0178 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2024-02-28 | 7.2 HIGH | N/A |
Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability." | |||||
CVE-2013-1265 | 1 Microsoft | 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more | 2024-02-28 | 4.9 MEDIUM | N/A |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. | |||||
CVE-2012-1528 | 1 Microsoft | 7 Windows 7, Windows 8, Windows Server 2003 and 4 more | 2024-02-28 | 9.3 HIGH | N/A |
Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability." | |||||
CVE-2012-1539 | 1 Microsoft | 4 Internet Explorer, Windows 7, Windows Server 2008 and 1 more | 2024-02-28 | 9.3 HIGH | N/A |
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreePos Use After Free Vulnerability." | |||||
CVE-2013-3174 | 1 Microsoft | 7 Windows 7, Windows 8, Windows Server 2003 and 4 more | 2024-02-28 | 9.3 HIGH | N/A |
DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability." | |||||
CVE-2013-1287 | 1 Microsoft | 7 Windows 7, Windows 8, Windows Server 2003 and 4 more | 2024-02-28 | 7.2 HIGH | N/A |
The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286. | |||||
CVE-2013-0073 | 1 Microsoft | 8 .net Framework, Windows 7, Windows 8 and 5 more | 2024-02-28 | 10.0 HIGH | N/A |
The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability." | |||||
CVE-2013-0024 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2024-02-28 | 9.3 HIGH | N/A |
Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer pasteHTML Use After Free Vulnerability." |