Total
11573 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4254 | 1 Linux | 1 Linux Kernel | 2026-06-16 | 6.9 MEDIUM | N/A |
| The validate_event function in arch/arm/kernel/perf_event.c in the Linux kernel before 3.10.8 on the ARM platform allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by adding a hardware event to an event group led by a software event. | |||||
| CVE-2013-4250 | 1 Typo3 | 1 Typo3 | 2026-06-16 | 6.5 MEDIUM | N/A |
| The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file. | |||||
| CVE-2013-4248 | 3 Canonical, Php, Redhat | 3 Ubuntu Linux, Php, Enterprise Linux | 2026-06-16 | 4.3 MEDIUM | N/A |
| The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||
| CVE-2013-4245 | 2 Debian, Gnome | 2 Debian Linux, Orca | 2026-06-16 | 4.4 MEDIUM | 7.3 HIGH |
| Orca has arbitrary code execution due to insecure Python module load | |||||
| CVE-2013-4238 | 3 Canonical, Opensuse, Python | 3 Ubuntu Linux, Opensuse, Python | 2026-06-16 | 4.3 MEDIUM | N/A |
| The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||
| CVE-2013-4199 | 1 Plone | 1 Plone | 2026-06-16 | 3.5 LOW | N/A |
| (1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) via a large zip archive, which is expanded (decompressed). | |||||
| CVE-2013-4197 | 1 Plone | 1 Plone | 2026-06-16 | 5.5 MEDIUM | N/A |
| member_portrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to modify or delete portraits of other users via unspecified vectors. | |||||
| CVE-2013-4195 | 1 Plone | 1 Plone | 2026-06-16 | 5.8 MEDIUM | N/A |
| Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) publish.py, and (3) principiaredirect.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2013-4192 | 1 Plone | 1 Plone | 2026-06-16 | 4.0 MEDIUM | N/A |
| sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to spoof emails via unspecified vectors. | |||||
| CVE-2013-4180 | 2 Redhat, Theforeman | 2 Openstack, Foreman | 2026-06-16 | 5.0 MEDIUM | N/A |
| The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol. | |||||
| CVE-2013-4129 | 1 Linux | 1 Linux Kernel | 2026-06-16 | 4.7 MEDIUM | N/A |
| The bridge multicast implementation in the Linux kernel through 3.10.3 does not check whether a certain timer is armed before modifying the timeout value of that timer, which allows local users to cause a denial of service (BUG and system crash) via vectors involving the shutdown of a KVM virtual machine, related to net/bridge/br_mdb.c and net/bridge/br_multicast.c. | |||||
| CVE-2013-4123 | 2 Opensuse, Squid-cache | 2 Opensuse, Squid | 2026-06-16 | 5.0 MEDIUM | N/A |
| client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header. | |||||
| CVE-2013-4111 | 2 Openstack, Opensuse | 2 Python Glanceclient, Opensuse | 2026-06-16 | 5.8 MEDIUM | N/A |
| The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate and allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2013-4103 | 1 Cryptocat Project | 1 Cryptocat | 2026-06-16 | 7.5 HIGH | 9.8 CRITICAL |
| Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input | |||||
| CVE-2013-4101 | 1 Cryptocat Project | 1 Cryptocat | 2026-06-16 | 5.0 MEDIUM | 5.3 MEDIUM |
| Cryptocat before 2.0.22 Link Markup Decorator HTML Handling Weakness | |||||
| CVE-2013-4100 | 1 Cryptocat Project | 1 Cryptocat | 2026-06-16 | 5.0 MEDIUM | 7.5 HIGH |
| Cryptocat before 2.0.22 has Remote Denial of Service via username | |||||
| CVE-2013-4098 | 1 Ds3 | 1 Authentication Server | 2026-06-16 | 5.0 MEDIUM | N/A |
| ServerAdmin/ErrorViewer.jsp in DS3 Authentication Server allow remote attackers to inject arbitrary error-page text via the message parameter. | |||||
| CVE-2013-4096 | 1 Ds3 | 1 Authentication Server | 2026-06-16 | 9.0 HIGH | N/A |
| ServerAdmin/TestTelnetConnection.jsp in DS3 Authentication Server allows remote authenticated users to execute arbitrary commands via shell metacharacters in the HOST_NAME field. | |||||
| CVE-2013-4095 | 1 Imperva | 1 Securesphere | 2026-06-16 | 6.5 MEDIUM | N/A |
| plain/actionsets.html in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to execute arbitrary commands via a task with a [command].value field in conjunction with an [arguments].value field. | |||||
| CVE-2013-4094 | 1 Imperva | 1 Securesphere | 2026-06-16 | 6.5 MEDIUM | N/A |
| The Key Management feature in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to upload executable files via the (1) private_key or (2) public_key parameter in a T/keyManagement request to plain/settings.html, as demonstrated by uploading a Linux ELF file and a shell script. | |||||
