Vulnerabilities (CVE)

Filtered by CWE-20
Total 11566 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-2155 1 Apache 1 Xml Security For C\+\+ 2026-06-16 5.8 MEDIUM N/A
Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 does not properly validate length values, which allows remote attackers to cause a denial of service or bypass the CVE-2009-0217 protection mechanism and spoof a signature via crafted length values to the (1) compareBase64StringToRaw, (2) DSIGAlgorithmHandlerDefault, or (3) DSIGAlgorithmHandlerDefault::verify functions.
CVE-2013-2146 1 Linux 1 Linux Kernel 2026-06-16 4.7 MEDIUM N/A
arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit.
CVE-2013-2145 3 Canonical, Opensuse, Perlmonks 3 Ubuntu Linux, Opensuse, Module\ 2026-06-16 4.4 MEDIUM N/A
The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special unknown cipher" that references an untrusted module in Digest/.
CVE-2013-2143 2 Redhat, Theforeman 2 Network Satellite, Katello 2026-06-16 6.5 MEDIUM N/A
The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.
CVE-2013-2140 1 Linux 1 Linux Kernel 2026-06-16 3.8 LOW N/A
The dispatch_discard_io function in drivers/block/xen-blkback/blkback.c in the Xen blkback implementation in the Linux kernel before 3.10.5 allows guest OS users to cause a denial of service (data loss) via filesystem write operations on a read-only disk that supports the (1) BLKIF_OP_DISCARD (aka discard or TRIM) or (2) SCSI UNMAP feature.
CVE-2013-2138 1 Menalto 1 Gallery 2026-06-16 7.5 HIGH N/A
The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a replay attack.
CVE-2013-2116 1 Gnu 1 Gnutls 2026-06-16 5.0 MEDIUM N/A
The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169.
CVE-2013-2111 1 Dovecot 1 Dovecot 2026-06-16 5.0 MEDIUM N/A
The IMAP functionality in Dovecot before 2.2.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via invalid APPEND parameters.
CVE-2013-2103 1 Redhat 1 Openshift 2026-06-16 5.5 MEDIUM 8.1 HIGH
OpenShift cartridge allows remote URL retrieval
CVE-2013-2093 1 Dolibarr 1 Dolibarr Erp\/crm 2026-06-16 10.0 HIGH 9.8 CRITICAL
Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands.
CVE-2013-2088 3 Apache, Collabnet, Opensuse 3 Subversion, Subversion, Opensuse 2026-06-16 7.1 HIGH N/A
contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.
CVE-2013-2083 1 Moodle 1 Moodle 2026-06-16 5.0 MEDIUM N/A
The MoodleQuickForm class in lib/formslib.php in Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not properly handle a certain array-element syntax, which allows remote attackers to bypass intended form-data filtering via a crafted request.
CVE-2013-2078 1 Xen 1 Xen 2026-06-16 4.7 MEDIUM N/A
Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users to cause a denial of service (hypervisor crash) via certain bit combinations to the XSETBV instruction.
CVE-2013-2073 1 Transifex 1 Transifex 2026-06-16 4.3 MEDIUM N/A
Transifex command-line client before 0.9 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate.
CVE-2013-2044 1 Owncloud 2 Owncloud, Owncloud Server 2026-06-16 5.8 MEDIUM N/A
Open redirect vulnerability in the Login Page (index.php) in ownCloud before 5.0.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter.
CVE-2013-2038 2 Canonical, Gpsd Project 2 Ubuntu Linux, Gpsd 2026-06-16 4.3 MEDIUM N/A
The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpreted sentence that lacks certain fields and a terminator. NOTE: a separate issue in the AIS driver was also reported, but it might not be a vulnerability.
CVE-2013-2037 2 Canonical, Httplib2 Project 2 Ubuntu Linux, Httplib2 2026-06-16 2.6 LOW N/A
httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2013-2014 2 Fedoraproject, Openstack 2 Fedora, Keystone 2026-06-16 5.0 MEDIUM N/A
OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests.
CVE-2013-1985 1 X 1 Libxinerama 2026-06-16 6.8 MEDIUM N/A
Integer overflow in X.org libXinerama 1.1.2 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XineramaQueryScreens function.
CVE-2013-1952 1 Xen 1 Xen 2026-06-16 1.9 LOW N/A
Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, does not properly check the source when accessing a bridge device's interrupt remapping table entries for MSI interrupts, which allows local guest domains to cause a denial of service (interrupt injection) via unspecified vectors.