Vulnerabilities (CVE)

Filtered by CWE-20
Total 11574 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-5523 1 Cisco 1 Identity Services Engine Software 2026-06-16 4.3 MEDIUM N/A
The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCui82666.
CVE-2013-5508 1 Cisco 2 Adaptive Security Appliance Software, Firewall Services Module Software 2026-06-16 7.1 HIGH N/A
The SQL*Net inspection engine in Cisco Adaptive Security Appliance (ASA) Software 7.x before 7.2(5.12), 8.x before 8.2(5.44), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.5.x before 8.5(1.18), 8.6.x before 8.6(1.12), 8.7.x before 8.7(1.6), 9.0.x before 9.0(2.10), and 9.1.x before 9.1(2) and Firewall Services Module (FWSM) 3.1.x and 3.2.x before 3.2(27) and 4.x before 4.1(14) allows remote attackers to cause a denial of service (device reload) via crafted segmented Transparent Network Substrate (TNS) packets, aka Bug ID CSCub98434.
CVE-2013-5498 1 Cisco 1 Ios Xr 2026-06-16 5.0 MEDIUM N/A
The PPTP-ALG component in CRS Carrier Grade Services Engine (CGSE) and ASR 9000 Integrated Service Module (ISM) in Cisco IOS XR allows remote attackers to cause a denial of service (module reset) via crafted packet streams, aka Bug ID CSCue91963.
CVE-2013-5496 1 Cisco 1 Nx-os 2026-06-16 6.3 MEDIUM N/A
Open Network Environment Platform (ONEP) in Cisco NX-OS allows remote authenticated users to cause a denial of service (network-element reload) via a crafted packet, aka Bug ID CSCui51551.
CVE-2013-5493 1 Cisco 2 Virtualization Experience Client 6000, Virtualization Experience Client 6000 Series Firmware 2026-06-16 6.8 MEDIUM N/A
The diagnostic module in the firmware on Cisco Virtualization Experience Client 6000 devices allows local users to bypass intended access restrictions and execute arbitrary commands via unspecified vectors, aka Bug ID CSCug68407.
CVE-2013-5488 1 Cisco 4 Prime Lan Management Solution, Security Manager, Unified Operations Manager and 1 more 2026-06-16 5.0 MEDIUM N/A
Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact with the ActiveMQ component, which allows remote attackers to cause a denial of service (memory consumption) via simultaneous TCP sessions, aka Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, and CSCuh95969.
CVE-2013-5481 1 Cisco 1 Ios 2026-06-16 7.1 HIGH N/A
The PPTP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted TCP port-1723 packets, aka Bug ID CSCtq14817.
CVE-2013-5480 1 Cisco 1 Ios 2026-06-16 7.8 HIGH N/A
The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCuf28733.
CVE-2013-5479 1 Cisco 1 Ios 2026-06-16 7.8 HIGH N/A
The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCtn53730.
CVE-2013-5478 1 Cisco 2 Ios, Ios Xe 2026-06-16 7.8 HIGH N/A
Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via crafted UDP RSVP packets, aka Bug ID CSCuf17023.
CVE-2013-5477 1 Cisco 1 Ios 2026-06-16 7.8 HIGH N/A
The T1/E1 driver-queue functionality in Cisco IOS 12.2 and 15.0 through 15.3, when an HDLC32 driver is used, allows remote attackers to cause a denial of service (interface queue wedge) via bursty network traffic, aka Bug ID CSCub67465.
CVE-2013-5476 1 Cisco 1 Ios 2026-06-16 7.8 HIGH N/A
The Zone-Based Firewall (ZFW) feature in Cisco IOS 15.1 through 15.2, when content filtering or HTTP ALG inspection is enabled, allows remote attackers to cause a denial of service (device reload or hang) via crafted IPv4 HTTP traffic, aka Bug ID CSCtx56174.
CVE-2013-5475 1 Cisco 2 Ios, Ios Xe 2026-06-16 7.8 HIGH N/A
Cisco IOS 12.2 through 12.4 and 15.0 through 15.3, and IOS XE 2.1 through 3.9, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets that are processed locally by a (1) server or (2) relay agent, aka Bug ID CSCug31561.
CVE-2013-5472 1 Cisco 2 Ios, Ios Xe 2026-06-16 7.1 HIGH N/A
The NTP implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.1, and IOS XE 2.1 through 3.3, does not properly handle encapsulation of multicast NTP packets within MSDP SA messages, which allows remote attackers to cause a denial of service (device reload) by leveraging an MSDP peer relationship, aka Bug ID CSCuc81226.
CVE-2013-5470 1 Cisco 1 Secure Access Control System 2026-06-16 5.0 MEDIUM N/A
Cisco Secure Access Control System (ACS) does not properly handle requests to read from the TACACS+ socket, which allows remote attackers to cause a denial of service (process crash) via malformed TCP packets, aka Bug ID CSCuh12488.
CVE-2013-5462 1 Ibm 1 Content Navigator 2026-06-16 4.3 MEDIUM N/A
IBM/ECMClient/configure/explodedformat/navigator/header.jsp in IBM Content Navigator 2.0.0, 2.0.1 before 2.0.1.2-ICN-FP002, and 2.0.2 before 2.0.2.1-ICN-FP001 allows remote attackers to conduct clickjacking attacks via vectors involving FRAME elements.
CVE-2013-5431 1 Ibm 2 Tivoli Federated Identity Manager, Tivoli Federated Identity Manager Business Gateway 2026-06-16 5.8 MEDIUM N/A
Open redirect vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2013-5411 1 Ibm 2 Sterling B2b Integrator, Sterling File Gateway 2026-06-16 4.3 MEDIUM N/A
IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote attackers to inject links and trigger unintended navigation or actions via unspecified vectors.
CVE-2013-5407 1 Ibm 2 Sterling B2b Integrator, Sterling File Gateway 2026-06-16 4.9 MEDIUM N/A
IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not properly restrict use of FRAME elements, which allows remote authenticated users to bypass intended access restrictions or obtain sensitive information via a crafted web site, related to a "frame injection" issue.
CVE-2013-5394 1 Ibm 1 Websphere Extreme Scale 2026-06-16 4.9 MEDIUM N/A
The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows remote authenticated users to conduct phishing attacks via unspecified vectors.