Vulnerabilities (CVE)

Filtered by CWE-20
Total 11573 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-4254 1 Linux 1 Linux Kernel 2026-06-16 6.9 MEDIUM N/A
The validate_event function in arch/arm/kernel/perf_event.c in the Linux kernel before 3.10.8 on the ARM platform allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by adding a hardware event to an event group led by a software event.
CVE-2013-4250 1 Typo3 1 Typo3 2026-06-16 6.5 MEDIUM N/A
The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file.
CVE-2013-4248 3 Canonical, Php, Redhat 3 Ubuntu Linux, Php, Enterprise Linux 2026-06-16 4.3 MEDIUM N/A
The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2013-4245 2 Debian, Gnome 2 Debian Linux, Orca 2026-06-16 4.4 MEDIUM 7.3 HIGH
Orca has arbitrary code execution due to insecure Python module load
CVE-2013-4238 3 Canonical, Opensuse, Python 3 Ubuntu Linux, Opensuse, Python 2026-06-16 4.3 MEDIUM N/A
The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2013-4199 1 Plone 1 Plone 2026-06-16 3.5 LOW N/A
(1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) via a large zip archive, which is expanded (decompressed).
CVE-2013-4197 1 Plone 1 Plone 2026-06-16 5.5 MEDIUM N/A
member_portrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to modify or delete portraits of other users via unspecified vectors.
CVE-2013-4195 1 Plone 1 Plone 2026-06-16 5.8 MEDIUM N/A
Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) publish.py, and (3) principiaredirect.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2013-4192 1 Plone 1 Plone 2026-06-16 4.0 MEDIUM N/A
sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to spoof emails via unspecified vectors.
CVE-2013-4180 2 Redhat, Theforeman 2 Openstack, Foreman 2026-06-16 5.0 MEDIUM N/A
The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol.
CVE-2013-4129 1 Linux 1 Linux Kernel 2026-06-16 4.7 MEDIUM N/A
The bridge multicast implementation in the Linux kernel through 3.10.3 does not check whether a certain timer is armed before modifying the timeout value of that timer, which allows local users to cause a denial of service (BUG and system crash) via vectors involving the shutdown of a KVM virtual machine, related to net/bridge/br_mdb.c and net/bridge/br_multicast.c.
CVE-2013-4123 2 Opensuse, Squid-cache 2 Opensuse, Squid 2026-06-16 5.0 MEDIUM N/A
client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header.
CVE-2013-4111 2 Openstack, Opensuse 2 Python Glanceclient, Opensuse 2026-06-16 5.8 MEDIUM N/A
The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate and allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2013-4103 1 Cryptocat Project 1 Cryptocat 2026-06-16 7.5 HIGH 9.8 CRITICAL
Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input
CVE-2013-4101 1 Cryptocat Project 1 Cryptocat 2026-06-16 5.0 MEDIUM 5.3 MEDIUM
Cryptocat before 2.0.22 Link Markup Decorator HTML Handling Weakness
CVE-2013-4100 1 Cryptocat Project 1 Cryptocat 2026-06-16 5.0 MEDIUM 7.5 HIGH
Cryptocat before 2.0.22 has Remote Denial of Service via username
CVE-2013-4098 1 Ds3 1 Authentication Server 2026-06-16 5.0 MEDIUM N/A
ServerAdmin/ErrorViewer.jsp in DS3 Authentication Server allow remote attackers to inject arbitrary error-page text via the message parameter.
CVE-2013-4096 1 Ds3 1 Authentication Server 2026-06-16 9.0 HIGH N/A
ServerAdmin/TestTelnetConnection.jsp in DS3 Authentication Server allows remote authenticated users to execute arbitrary commands via shell metacharacters in the HOST_NAME field.
CVE-2013-4095 1 Imperva 1 Securesphere 2026-06-16 6.5 MEDIUM N/A
plain/actionsets.html in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to execute arbitrary commands via a task with a [command].value field in conjunction with an [arguments].value field.
CVE-2013-4094 1 Imperva 1 Securesphere 2026-06-16 6.5 MEDIUM N/A
The Key Management feature in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to upload executable files via the (1) private_key or (2) public_key parameter in a T/keyManagement request to plain/settings.html, as demonstrated by uploading a Linux ELF file and a shell script.