The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 1.1.3 does not validate the relationship between luma depth and chroma depth, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted H.264 data.
Max CVSS
7.5
EPSS Score
0.38%
Published
2013-02-27
Updated
2018-10-30
The avcodec_decode_audio4 function in utils.c in libavcodec in FFmpeg before 1.1.3 does not verify the decoding state before proceeding with certain skip operations, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted audio data.
Max CVSS
7.5
EPSS Score
0.18%
Published
2013-02-27
Updated
2018-10-30
Unspecified vulnerability in the MathML implementation in WebKit in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, has unknown impact and remote attack vectors, related to a "high severity security issue."
Max CVSS
7.5
EPSS Score
0.12%
Published
2013-02-23
Updated
2017-09-19
Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion.
Max CVSS
6.2
EPSS Score
0.07%
Published
2013-02-28
Updated
2023-02-13
Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel before 3.7.10 allows local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option.
Max CVSS
6.2
EPSS Score
0.04%
Published
2013-02-28
Updated
2023-02-13
Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message.
Max CVSS
7.2
EPSS Score
0.06%
Published
2013-02-28
Updated
2023-11-01
VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and 5.1 before 5.1.0b; VMware ESXi 3.5 through 5.1; and VMware ESX 3.5 through 4.1 do not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption) by modifying the client-server data stream.
Max CVSS
7.6
EPSS Score
0.13%
Published
2013-02-22
Updated
2013-02-25
Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF protection mechanism via a crafted web site that triggers a CORS request.
Max CVSS
6.8
EPSS Score
0.16%
Published
2013-02-08
Updated
2013-03-08
Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document.
Max CVSS
9.3
EPSS Score
91.42%
Published
2013-02-08
Updated
2013-03-08
Opera before 12.13 allows remote attackers to execute arbitrary code via vectors involving DOM events.
Max CVSS
9.3
EPSS Score
5.46%
Published
2013-02-08
Updated
2013-03-08
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 13 and earlier and 6 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Max CVSS
10.0
EPSS Score
1.45%
Published
2013-02-20
Updated
2022-05-13
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
Max CVSS
10.0
EPSS Score
1.75%
Published
2013-02-20
Updated
2022-05-13
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Max CVSS
10.0
EPSS Score
3.52%
Published
2013-02-20
Updated
2017-09-19
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU.
Max CVSS
10.0
EPSS Score
1.24%
Published
2013-02-02
Updated
2017-09-19
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU.
Max CVSS
10.0
EPSS Score
1.24%
Published
2013-02-02
Updated
2017-09-19
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
Max CVSS
10.0
EPSS Score
5.15%
Published
2013-02-02
Updated
2022-05-13
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption.
Max CVSS
10.0
EPSS Score
7.76%
Published
2013-02-02
Updated
2022-05-13
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Max CVSS
10.0
EPSS Score
3.08%
Published
2013-02-02
Updated
2022-05-13
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" that can trigger an integer overflow and memory corruption.
Max CVSS
10.0
EPSS Score
9.33%
Published
2013-02-02
Updated
2022-05-13
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU.
Max CVSS
10.0
EPSS Score
1.24%
Published
2013-02-02
Updated
2017-09-19
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via "certain value handler constructors."
Max CVSS
10.0
EPSS Score
5.92%
Published
2013-02-02
Updated
2022-05-13
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java.
Max CVSS
10.0
EPSS Score
4.75%
Published
2013-02-02
Updated
2022-05-13
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU.
Max CVSS
9.3
EPSS Score
1.18%
Published
2013-02-02
Updated
2017-09-19
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU.
Max CVSS
10.0
EPSS Score
1.24%
Published
2013-02-02
Updated
2017-09-19
The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrated by modifying the application configuration using the Config object.
Max CVSS
9.8
EPSS Score
30.19%
Published
2013-02-08
Updated
2024-01-09
203 vulnerabilities found
1 2 3 4 5 6 7 8 9
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!