Vulnerabilities (CVE)

Filtered by CWE-20
Total 11571 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-3376 1 Cisco 1 Video Surveillance Operations Manager 2026-06-16 4.3 MEDIUM N/A
Open redirect vulnerability in the help page in Cisco Video Surveillance Operations Manager allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka Bug ID CSCty74490.
CVE-2013-3342 1 Adobe 2 Acrobat, Acrobat Reader 2026-06-16 10.0 HIGH N/A
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 do not properly handle operating-system domain blacklists, which has unspecified impact and attack vectors.
CVE-2013-3299 1 Realnetworks 1 Realplayer 2026-06-16 4.3 MEDIUM N/A
RealNetworks RealPlayer 16.0.2.32 and earlier allows remote attackers to cause a denial of service (resource consumption or application crash) via an HTML document containing JavaScript code that constructs a long string.
CVE-2013-3277 1 Emc 1 Rsa Archer Egrc 2026-06-16 5.8 MEDIUM N/A
Open redirect vulnerability in EMC RSA Archer GRC 5.x before 5.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2013-3275 1 Emc 2 Avamar Server, Avamar Server Virtual Edition 2026-06-16 4.3 MEDIUM N/A
EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to obtain sensitive information via a crafted web site, related to "cross frame scripting vulnerabilities."
CVE-2013-3266 1 Freebsd 1 Freebsd 2026-06-16 7.5 HIGH N/A
The nfsrvd_readdir function in sys/fs/nfsserver/nfs_nfsdport.c in the new NFS server in FreeBSD 8.0 through 9.1-RELEASE-p3 does not verify that a READDIR request is for a directory node, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by specifying a plain file instead of a directory.
CVE-2013-3242 1 Joomla 1 Joomla\! 2026-06-16 5.5 MEDIUM N/A
plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors.
CVE-2013-3221 1 Rubyonrails 2 Rails, Ruby On Rails 2026-06-16 6.4 MEDIUM N/A
The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attacks against Ruby on Rails applications via a crafted value, as demonstrated by unintended interaction between the "typed XML" feature and a MySQL database.
CVE-2013-3159 1 Microsoft 1 Excel 2026-06-16 4.3 MEDIUM N/A
Microsoft Excel 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Excel Viewer; and Microsoft Office Compatibility Pack SP3 allow remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka "XML External Entities Resolution Vulnerability."
CVE-2013-3045 1 Ibm 1 Lotus Sametime 2026-06-16 3.5 LOW N/A
The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to share crafted links via the Library function.
CVE-2013-3036 1 Ibm 1 Rational Requirements Composer 2026-06-16 4.9 MEDIUM N/A
Open redirect vulnerability in IBM Rational Requirements Composer before 4.0.4 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
CVE-2013-3035 1 Ibm 2 Aix, Vios 2026-06-16 7.1 HIGH N/A
The IPv6 implementation in the inet subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allows remote attackers to cause a denial of service (system hang) via a crafted packet to an IPv6 interface.
CVE-2013-3030 1 Ibm 1 Cognos Business Intelligence 2026-06-16 5.0 MEDIUM N/A
The servlet gateway in IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote attackers to cause a denial of service (temporary gateway outage) via crafted HTTP requests.
CVE-2013-2994 1 Ibm 1 Websphere Commerce 2026-06-16 6.4 MEDIUM N/A
IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 incorrectly maintains a valid session after unspecified interaction with REST services, which allows remote attackers to issue REST requests in the context of an arbitrary user's active session via unknown vectors.
CVE-2013-2992 1 Ibm 1 Websphere Commerce 2026-06-16 4.3 MEDIUM N/A
The Search component in IBM WebSphere Commerce 7.0 FP4 through FP6, in certain search-term association configurations, allows remote attackers to cause a denial of service via a crafted query.
CVE-2013-2961 1 Ibm 2 Application Manager For Smart Business, Tivoli Monitoring 2026-06-16 4.3 MEDIUM N/A
The internal web server in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (formerly Tivoli Foundations Application Manager) 1.2.1 before 1.2.1.0-TIV-IAMSB-FP0004 and other products, allows remote attackers to perform unspecified redirection of HTTP requests, and bypass the proxy-server configuration, via crafted HTTP traffic.
CVE-2013-2898 1 Linux 1 Linux Kernel 2026-06-16 1.9 LOW N/A
drivers/hid/hid-sensor-hub.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_SENSOR_HUB is enabled, allows physically proximate attackers to obtain sensitive information from kernel memory via a crafted device.
CVE-2013-2897 1 Linux 1 Linux Kernel 2026-06-16 4.7 MEDIUM N/A
Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device.
CVE-2013-2888 1 Linux 1 Linux Kernel 2026-06-16 6.2 MEDIUM N/A
Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID.
CVE-2013-2871 1 Google 1 Chrome 2026-06-16 7.5 HIGH N/A
Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input.