LiveActive security incident?Get immediate response
CVE archive

May 2013

Browse CVE records published in May 2013, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 500 matching CVEs · Page 1 of 10.

Medium · CVSS 6.5 · CISA KEV

CVE-2013-1675: Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR...

Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.

Published May 16, 2013 · Updated Oct 22, 2025

High · CVSS 7.8 · CISA KEV

CVE-2013-3660: The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 a...

The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."

Published May 24, 2013 · Updated Oct 22, 2025

Medium · CVSS 4.8

CVE-2013-10001: HTC One/Sense Mail Client certificate validation

A vulnerability was found in HTC One/Sense 4.x. It has been rated as problematic. Affected by this issue is the certification validation of the mail client. An exploit has been disclosed to the public and may be used.

Published May 17, 2022 · Updated Apr 15, 2025

Medium · CVSS 6.5

CVE-2013-10002: Telecommunication Software SAMwin Contact Center Suite Credential SAMwinLIBVB.dll getCurrentDBVersion hard-coded credentials

A vulnerability was found in Telecommunication Software SAMwin Contact Center Suite 5.1. It has been rated as critical. Affected by this issue is the function getCurrentDBVersion in the library SAMwinLIBVB.dll of the credential handler. Authentication is possible with hard-coded credentials. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component.

Published May 24, 2022 · Updated Apr 15, 2025

Medium · CVSS 6.5

CVE-2013-10003: Telecommunication Software SAMwin Contact Center Suite Database SAMwinLIBVB.dll getCurrentDBVersion sql injection

A vulnerability classified as critical has been found in Telecommunication Software SAMwin Contact Center Suite 5.1. This affects the function getCurrentDBVersion in the library SAMwinLIBVB.dll of the database handler. The manipulation leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component.

Published May 24, 2022 · Updated Apr 15, 2025

Medium · CVSS 6.5

CVE-2013-10004: Telecommunication Software SAMwin Contact Center Suite Password SAMwinLIBVB.dll passwordScramble improper authentication

A vulnerability classified as critical was found in Telecommunication Software SAMwin Contact Center Suite 5.1. This vulnerability affects the function passwordScramble in the library SAMwinLIBVB.dll of the component Password Handler. Incorrect implementation of a hashing function leads to predictable authentication possibilities. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component.

Published May 24, 2022 · Updated Apr 15, 2025

High · CVSS 7.5

CVE-2013-3735: The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parse...

The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted function definition, as demonstrated by an attack within a shared web-hosting environment. NOTE: the vendor's http://php.net/security-note.php page says "for critical security situations you should be using OS-level security by running multiple web servers each as their own user id.

Published May 31, 2013 · Updated Jan 16, 2025

Unknown · CVSS Not scored

CVE-2013-3666: The LG Hidden Menu component for Android on the LG Optimus G E973 allows physically proximate attackers to...

The LG Hidden Menu component for Android on the LG Optimus G E973 allows physically proximate attackers to execute arbitrary commands by entering USB Debugging mode, using Android Debug Bridge (adb) to establish a USB connection, dialing 3845#*973#, modifying the WLAN Test Wi-Fi Ping Test/User Command tcpdump command string, and pressing the CANCEL button.

Published May 29, 2013 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2013-1208: The encryption functionality in Cisco NX-OS on the Nexus 1000V does not properly handle Virtual Supervisor...

The encryption functionality in Cisco NX-OS on the Nexus 1000V does not properly handle Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication, which allows remote attackers to intercept or modify network traffic by leveraging certain Layer 2 or Layer 3 access, aka Bug ID CSCud14691.

Published May 29, 2013 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2013-1245: The user-management page in Cisco WebEx Social relies on client-side validation of values in the Screen Nam...

The user-management page in Cisco WebEx Social relies on client-side validation of values in the Screen Name, First Name, Middle Name, Last Name, Email Address, and Job Title fields, which allows remote authenticated users to bypass intended access restrictions via crafted requests, aka Bug ID CSCue67190.

Published May 16, 2013 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2013-7376: Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710,...

Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by requests that conduct directory traversal attacks via the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-3514.

Published May 14, 2014 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2013-0941: EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent...

EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.

Published May 22, 2013 · Updated Sep 17, 2024