Vulnerabilities (CVE)

Filtered by CWE-20
Total 11573 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-4494 2 Debian, Xen 2 Debian Linux, Xen 2026-06-16 5.2 MEDIUM N/A
Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors.
CVE-2013-4485 2 Fedoraproject, Redhat 3 389 Directory Server, Directory Server, Enterprise Linux 2026-06-16 4.0 MEDIUM N/A
389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request.
CVE-2013-4474 2 Canonical, Freedesktop 2 Ubuntu Linux, Poppler 2026-06-16 5.0 MEDIUM N/A
Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename.
CVE-2013-4450 1 Nodejs 1 Nodejs 2026-06-16 5.0 MEDIUM N/A
The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service (memory and CPU consumption) by sending a large number of pipelined requests without reading the response.
CVE-2013-4436 1 Saltstack 1 Salt 2026-06-16 9.3 HIGH N/A
The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle (MITM) attack.
CVE-2013-4427 1 Leon Weber 1 Pyxtrlock 2026-06-16 2.1 LOW N/A
pyxtrlock before 0.2 does not properly check the return values of the (1) xcb_grab_pointer and (2) xcb_grab_keyboard XCB library functions, which allows physically proximate attackers to gain access to the keyboard or mouse without unlocking the screen via unspecified vectors.
CVE-2013-4409 3 Fedoraproject, Redhat, Reviewboard 4 Fedora, Enterprise Linux, Djblets and 1 more 2026-06-16 7.5 HIGH 9.8 CRITICAL
An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.
CVE-2013-4402 2 Canonical, Gnupg 2 Ubuntu Linux, Gnupg 2026-06-16 5.0 MEDIUM N/A
The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message.
CVE-2013-4390 1 Apache 2 Sling, Sling Auth Core Component 2026-06-16 5.8 MEDIUM N/A
Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter, related to "a custom login form and XSS."
CVE-2013-4373 1 Redhat 1 Jboss Operations Network 2026-06-16 3.2 LOW N/A
The storeFiles method in JPADriftServerBean in Red Hat JBoss Operations Network (JON) 3.1.2 allows local users to load arbitrary drift files into a server by writing the files to the temporary directory that is used to unpack zip files.
CVE-2013-4366 1 Apache 1 Httpclient 2026-06-16 7.5 HIGH 9.8 CRITICAL
http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification.
CVE-2013-4354 1 Openstack 1 Image Registry And Delivery Service \(glance\) 2026-06-16 2.1 LOW N/A
The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image.
CVE-2013-4353 1 Openssl 1 Openssl 2026-06-16 4.3 MEDIUM N/A
The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake.
CVE-2013-4339 1 Wordpress 1 Wordpress 2026-06-16 7.5 HIGH N/A
WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string.
CVE-2013-4322 1 Apache 1 Tomcat 2026-06-16 4.3 MEDIUM N/A
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.
CVE-2013-4314 2 Canonical, Jean-paul Calderone 2 Ubuntu Linux, Pyopenssl 2026-06-16 4.3 MEDIUM N/A
The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
CVE-2013-4286 1 Apache 1 Tomcat 2026-06-16 5.8 MEDIUM N/A
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.
CVE-2013-4283 1 Fedoraproject 1 389 Directory Server 2026-06-16 5.0 MEDIUM N/A
ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request.
CVE-2013-4270 1 Linux 1 Linux Kernel 2026-06-16 3.6 LOW N/A
The net_ctl_permissions function in net/sysctl_net.c in the Linux kernel before 3.11.5 does not properly determine uid and gid values, which allows local users to bypass intended /proc/sys/net restrictions via a crafted application.
CVE-2013-4255 2 Condor Project, Redhat 2 Condor, Enterprise Mrg 2026-06-16 3.5 LOW N/A
The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, or (5) KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job.