Vulnerabilities > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-08-14 | CVE-2013-3181 | Buffer Errors vulnerability in Microsoft Windows Server 2003 and Windows XP usp10.dll in the Unicode Scripts Processor in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability." | 9.3 |
2013-08-09 | CVE-2013-4031 | Credentials Management vulnerability in IBM products The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers has a default password for the IPMI user account, which makes it easier for remote attackers to perform power-on, power-off, or reboot actions, or add or modify accounts, via unspecified vectors. | 10.0 |
2013-08-09 | CVE-2013-2577 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xnview Buffer overflow in XnView before 2.04 allows remote attackers to execute arbitrary code via a crafted PCT file. | 9.3 |
2013-08-09 | CVE-2013-3480 | Numeric Errors vulnerability in Sagelighteditor Sagelight 4.4 Integer overflow in Sagelight 4.4 and earlier allows remote attackers to execute arbitrary code via crafted width and height dimensions in a BMP file, which triggers a heap-based buffer overflow. | 9.3 |
2013-08-09 | CVE-2013-3027 | Numeric Errors vulnerability in IBM Lotus Domino 9.0.0.0 Integer overflow in the DWA9W ActiveX control in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to execute arbitrary code via a crafted web page, aka SPR PTHN97XHFW. | 9.3 |
2013-08-08 | CVE-2013-3454 | Credentials Management vulnerability in Cisco products Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X00, 30X0, and 3X00 devices, and 6.0.3 and earlier on TX 9X00 devices, has a default password for the pwrecovery account, which makes it easier for remote attackers to modify the configuration or perform arbitrary actions via HTTPS requests, aka Bug ID CSCui43128. | 10.0 |
2013-08-07 | CVE-2013-1710 | Improper Input Validation vulnerability in Mozilla products The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting (XSS) attacks via vectors related to Certificate Request Message Format (CRMF) request generation. | 10.0 |
2013-08-07 | CVE-2013-1705 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla Firefox and Seamonkey Heap-based buffer underflow in the cryptojs_interpret_key_gen_type function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Certificate Request Message Format (CRMF) request. | 10.0 |
2013-08-07 | CVE-2013-1704 | Resource Management Errors vulnerability in Mozilla Firefox and Seamonkey Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a DOM modification at the time of a SetBody mutation event. | 9.3 |
2013-08-07 | CVE-2013-1702 | Memory Corruption vulnerability in Mozilla Firefox/Thunderbird/Seamonkey Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 10.0 |