Vulnerabilities (CVE)

Filtered by CWE-20
Total 11574 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-5385 1 Ibm 2 I, Z\/os 2026-06-16 8.5 HIGH N/A
The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries servers, and in Networking Operating System (aka NOS, formerly BLADE Operating System) does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
CVE-2013-5350 1 Tejimaya 1 Openpne 2026-06-16 7.5 HIGH N/A
The "Remember me" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object injection attacks, and execute arbitrary PHP code, via a crafted serialized object.
CVE-2013-5220 1 Hot 2 Hotbox Router, Hotbox Router Firmware 2026-06-16 6.1 MEDIUM N/A
goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial of service (device crash) via crafted HTTP POST data.
CVE-2013-5211 3 Ntp, Opensuse, Oracle 3 Ntp, Opensuse, Linux 2026-06-16 5.0 MEDIUM N/A
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.
CVE-2013-5192 1 Apple 1 Mac Os X 2026-06-16 4.9 MEDIUM N/A
The USB hub controller in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a request with a crafted (1) port or (2) port number.
CVE-2013-5175 1 Apple 1 Mac Os X 2026-06-16 6.6 MEDIUM N/A
The kernel in Apple Mac OS X before 10.9 allows local users to obtain sensitive information or cause a denial of service (out-of-bounds read and system crash) via a crafted Mach-O file.
CVE-2013-5168 1 Apple 1 Mac Os X 2026-06-16 6.8 MEDIUM N/A
Console in Apple Mac OS X before 10.9 allows user-assisted remote attackers to execute arbitrary applications by triggering a log entry with a crafted attached URL.
CVE-2013-5155 1 Apple 1 Iphone Os 2026-06-16 7.1 HIGH N/A
The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random.
CVE-2013-5152 1 Apple 1 Iphone Os 2026-06-16 4.3 MEDIUM N/A
Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site.
CVE-2013-5140 1 Apple 1 Iphone Os 2026-06-16 7.8 HIGH N/A
The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment.
CVE-2013-5106 1 Python-mode Project 1 Python-mode 2026-06-16 6.8 MEDIUM 8.8 HIGH
A Code Execution vulnerability exists in select.py when using python-mode 2012-12-19.
CVE-2013-5046 1 Microsoft 1 Internet Explorer 2026-06-16 6.2 MEDIUM N/A
Microsoft Internet Explorer 7 through 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka "Internet Explorer Elevation of Privilege Vulnerability."
CVE-2013-5045 1 Microsoft 1 Internet Explorer 2026-06-16 6.2 MEDIUM N/A
Microsoft Internet Explorer 10 and 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka "Internet Explorer Elevation of Privilege Vulnerability."
CVE-2013-5029 2 Opensuse, Phpmyadmin 2 Opensuse, Phpmyadmin 2026-06-16 4.3 MEDIUM N/A
phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php.
CVE-2013-4955 1 Puppet 1 Puppet Enterprise 2026-06-16 5.8 MEDIUM N/A
Open redirect vulnerability in the login page in Puppet Enterprise before 3.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the service parameter.
CVE-2013-4932 1 Wireshark 1 Wireshark 2026-06-16 5.0 MEDIUM N/A
Multiple array index errors in epan/dissectors/packet-gsm_a_common.c in the GSM A Common dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allow remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2013-4930 1 Wireshark 1 Wireshark 2026-06-16 5.0 MEDIUM N/A
The dissect_dvbci_tpdu_hdr function in epan/dissectors/packet-dvbci.c in the DVB-CI dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not validate a certain length value before decrementing it, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet.
CVE-2013-4926 1 Wireshark 1 Wireshark 2026-06-16 5.0 MEDIUM N/A
epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly determine whether there is remaining packet data to process, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2013-4924 1 Wireshark 1 Wireshark 2026-06-16 5.0 MEDIUM N/A
epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly validate certain index values, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet.
CVE-2013-4912 1 Siemens 1 Wincc 2026-06-16 5.8 MEDIUM N/A
Open redirect vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks by leveraging improper configuration of SIMATIC HMI panels by the WinCC product.