Vulnerabilities (CVE)

Filtered by CWE-20
Total 11618 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-4314 2 Canonical, Jean-paul Calderone 2 Ubuntu Linux, Pyopenssl 2026-06-16 4.3 MEDIUM N/A
The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
CVE-2013-4286 1 Apache 1 Tomcat 2026-06-16 5.8 MEDIUM N/A
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.
CVE-2013-4283 1 Fedoraproject 1 389 Directory Server 2026-06-16 5.0 MEDIUM N/A
ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request.
CVE-2013-4270 1 Linux 1 Linux Kernel 2026-06-16 3.6 LOW N/A
The net_ctl_permissions function in net/sysctl_net.c in the Linux kernel before 3.11.5 does not properly determine uid and gid values, which allows local users to bypass intended /proc/sys/net restrictions via a crafted application.
CVE-2013-4255 2 Condor Project, Redhat 2 Condor, Enterprise Mrg 2026-06-16 3.5 LOW N/A
The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, or (5) KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job.
CVE-2013-4254 1 Linux 1 Linux Kernel 2026-06-16 6.9 MEDIUM N/A
The validate_event function in arch/arm/kernel/perf_event.c in the Linux kernel before 3.10.8 on the ARM platform allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by adding a hardware event to an event group led by a software event.
CVE-2013-4250 1 Typo3 1 Typo3 2026-06-16 6.5 MEDIUM N/A
The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file.
CVE-2013-4248 3 Canonical, Php, Redhat 3 Ubuntu Linux, Php, Enterprise Linux 2026-06-16 4.3 MEDIUM N/A
The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2013-4245 2 Debian, Gnome 2 Debian Linux, Orca 2026-06-16 4.4 MEDIUM 7.3 HIGH
Orca has arbitrary code execution due to insecure Python module load
CVE-2013-4238 3 Canonical, Opensuse, Python 3 Ubuntu Linux, Opensuse, Python 2026-06-16 4.3 MEDIUM N/A
The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2013-4199 1 Plone 1 Plone 2026-06-16 3.5 LOW N/A
(1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) via a large zip archive, which is expanded (decompressed).
CVE-2013-4197 1 Plone 1 Plone 2026-06-16 5.5 MEDIUM N/A
member_portrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to modify or delete portraits of other users via unspecified vectors.
CVE-2013-4195 1 Plone 1 Plone 2026-06-16 5.8 MEDIUM N/A
Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) publish.py, and (3) principiaredirect.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2013-4192 1 Plone 1 Plone 2026-06-16 4.0 MEDIUM N/A
sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to spoof emails via unspecified vectors.
CVE-2013-4180 2 Redhat, Theforeman 2 Openstack, Foreman 2026-06-16 5.0 MEDIUM N/A
The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol.
CVE-2013-4129 1 Linux 1 Linux Kernel 2026-06-16 4.7 MEDIUM N/A
The bridge multicast implementation in the Linux kernel through 3.10.3 does not check whether a certain timer is armed before modifying the timeout value of that timer, which allows local users to cause a denial of service (BUG and system crash) via vectors involving the shutdown of a KVM virtual machine, related to net/bridge/br_mdb.c and net/bridge/br_multicast.c.
CVE-2013-4123 2 Opensuse, Squid-cache 2 Opensuse, Squid 2026-06-16 5.0 MEDIUM N/A
client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header.
CVE-2013-4111 2 Openstack, Opensuse 2 Python Glanceclient, Opensuse 2026-06-16 5.8 MEDIUM N/A
The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate and allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2013-4103 1 Cryptocat Project 1 Cryptocat 2026-06-16 7.5 HIGH 9.8 CRITICAL
Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input
CVE-2013-4101 1 Cryptocat Project 1 Cryptocat 2026-06-16 5.0 MEDIUM 5.3 MEDIUM
Cryptocat before 2.0.22 Link Markup Decorator HTML Handling Weakness