Vulnerabilities > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-09-11 | CVE-2013-3157 | Buffer Errors vulnerability in Microsoft Access 2007/2010/2013 Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Access file, aka "Access Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3155. | 9.3 |
2013-09-11 | CVE-2013-3156 | Buffer Errors vulnerability in Microsoft Access 2007/2010/2013 Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Access file, aka "Access File Format Memory Corruption Vulnerability." | 9.3 |
2013-09-11 | CVE-2013-3155 | Buffer Errors vulnerability in Microsoft Access 2007/2010/2013 Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Access file, aka "Access Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3157. | 9.3 |
2013-09-11 | CVE-2013-1330 | Improper Input Validation vulnerability in Microsoft products The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 does not set the EnableViewStateMac attribute, which allows remote attackers to execute arbitrary code by leveraging an unassigned workflow, aka "MAC Disabled Vulnerability." | 10.0 |
2013-09-10 | CVE-2013-3934 | Buffer Errors vulnerability in Kingsoft Office 2012 and Writer 2012 Stack-based buffer overflow in Kingsoft Writer 2012 8.1.0.3030, as used in Kingsoft Office 2013 before 9.1.0.4256, allows remote attackers to execute arbitrary code via a long font name in a WPS file. | 9.3 |
2013-09-10 | CVE-2013-4983 | OS Command Injection vulnerability in Sophos web Appliance Firmware The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php. | 10.0 |
2013-09-10 | CVE-2013-3658 | Path Traversal vulnerability in VMWare ESX and Esxi Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to delete arbitrary host OS files via unspecified vectors. | 9.4 |
2013-09-09 | CVE-2013-5715 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Gomlab GOM Player Buffer overflow in Gretech GOM Media Player before 2.2.53.5169 has unspecified impact and attack vectors. | 10.0 |
2013-09-09 | CVE-2013-2803 | Cryptographic Issues vulnerability in Prosoft-Technology Radiolinx Controlscape 6.00 ProSoft RadioLinx ControlScape before 6.00.040 uses a deficient PRNG algorithm and seeding strategy for passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack. | 9.3 |
2013-09-08 | CVE-2013-3609 | Improper Input Validation vulnerability in Supermicro products The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices relies on JavaScript code on the client for authorization checks, which allows remote authenticated users to bypass intended access restrictions via a crafted request, related to the PrivilegeCallBack function. | 10.0 |