CVSS: 9.3EPSS: 37%CPEs: 14EXPL: 0CVE-2013-5056
https://notcve.org/view.php?id=CVE-2013-5056
11 Dec 2013 — Use-after-free vulnerability in the Scripting Runtime Object Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site that is visited with Internet Explorer, aka "Use-After-Free Vulnerability in Microsoft Scripting Runtime... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-099 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 2%CPEs: 14EXPL: 2CVE-2013-5058 – Microsoft Windows Kernel - 'win32k.sys' Integer Overflow (MS13-101)
https://notcve.org/view.php?id=CVE-2013-5058
11 Dec 2013 — Integer overflow in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows local users to gain privileges via a crafted application, aka "Win32k Integer Overflow Vulnerability." Desbordamiento de enteros en los controladores en modo kernel de Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y... • https://packetstorm.news/files/id/124403 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.4EPSS: 2%CPEs: 15EXPL: 0CVE-2013-3876
https://notcve.org/view.php?id=CVE-2013-3876
16 Nov 2013 — DirectAccess in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly verify server X.509 certificates, which allows man-in-the-middle attackers to spoof servers and read encrypted domain credentials via a crafted certificate. DirectAccess en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP1 y SP2, W... • http://technet.microsoft.com/security/advisory/2862152 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 67%CPEs: 14EXPL: 0CVE-2013-3940
https://notcve.org/view.php?id=CVE-2013-3940
13 Nov 2013 — Integer overflow in the Graphics Device Interface (GDI) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image in a Windows Write (.wri) document, which is not properly handled in WordPad, aka "Graphics Device Interface Integer Ove... • http://www.us-cert.gov/ncas/alerts/TA13-317A • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 8%CPEs: 14EXPL: 0CVE-2013-3869
https://notcve.org/view.php?id=CVE-2013-3869
13 Nov 2013 — Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to cause a denial of service (daemon hang) via a web-service request containing a crafted X.509 certificate that is not properly handled during validation, aka "Digital Signatures Vulnerability." Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Win... • http://www.us-cert.gov/ncas/alerts/TA13-317A • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 84%CPEs: 14EXPL: 2CVE-2013-3918 – Microsoft Internet Explorer - CardSpaceClaimCollection ActiveX Integer Underflow (MS13-090)
https://notcve.org/view.php?id=CVE-2013-3918
12 Nov 2013 — The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted web page that is accessed by Internet Explorer, as exploited in the wild in November 2013, aka "InformationCard... • https://packetstorm.news/files/id/124183 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 52%CPEs: 48EXPL: 0CVE-2013-3128 – Microsoft Windows OpenType Font Parsing Persistent Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2013-3128
09 Oct 2013 — The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5, allow remote attackers to execute arbitrary code via a crafted OpenType font (OTF) file, aka "OpenType Font Parsing Vulnerability." Los drivers kernel-mode en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 S... • http://www.us-cert.gov/ncas/alerts/TA13-288A •
CVSS: 7.8EPSS: 4%CPEs: 11EXPL: 5CVE-2013-3956 – Novell Client 2 SP3 - 'nicm.sys 3.1.11.0' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2013-3956
31 Jul 2013 — The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted 0x143B6B IOCTL call. El controlador del kernel NICM.SYS 3.1.11.0 en Novell Client 4.91 SP5 sobre Windows XP and Windows Server 2003; Novell Client 2 SP2 sobre Windows Vista y Windows Server 2008; y No... • https://www.exploit-db.com/exploits/27191 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 1CVE-2013-3697
https://notcve.org/view.php?id=CVE-2013-3697
31 Jul 2013 — Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003 and the NCPL.SYS kernel driver in Novell Client 2 SP2 on Windows Vista and Windows Server 2008 and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 might allow local users to gain privileges via a crafted 0x1439EB IOCTL call. Desbordamiento de enterio en el controlador para el kernel NWFS.SYS 4.91.5.8 en Novell Client 4.91 SP5 sobre Windows XP y ... • http://pastebin.com/RcS2Bucg • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 83%CPEs: 20EXPL: 1CVE-2013-3163 – Microsoft Internet Explorer Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2013-3163
10 Jul 2013 — Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3151. Microsoft Internet Explorer 8 hasta 10 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web malicioso, también conocido como "Internet Explo... • https://www.exploit-db.com/exploits/28187 • CWE-787: Out-of-bounds Write •