Vulnerabilities (CVE)

Filtered by CWE-20
Total 11557 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-1694 1 Mozilla 3 Firefox, Thunderbird, Thunderbird Esr 2026-06-16 7.5 HIGH N/A
The PreserveWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly handle the lack of a wrapper, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by leveraging unintended clearing of the wrapper cache's preserved-wrapper flag.
CVE-2013-1689 1 Mozilla 1 Firefox 2026-06-16 4.3 MEDIUM 6.5 MEDIUM
Mozilla Firefox 20.0a1 and earlier allows remote attackers to cause a denial of service (crash), related to event handling with frames.
CVE-2013-1671 1 Mozilla 1 Firefox 2026-06-16 4.3 MEDIUM N/A
Mozilla Firefox before 21.0 does not properly implement the INPUT element, which allows remote attackers to obtain the full pathname via a crafted web site.
CVE-2013-1661 1 Vmware 2 Esx, Esxi 2026-06-16 4.3 MEDIUM N/A
VMware ESXi 4.0 through 5.1, and ESX 4.0 and 4.1, does not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to cause a denial of service (unhandled exception and application crash) by modifying the client-server data stream.
CVE-2013-1656 1 Spreecommerce 1 Spree 2026-06-16 4.3 MEDIUM N/A
Spree Commerce 1.0.x through 1.3.2 allows remote authenticated administrators to instantiate arbitrary Ruby objects and execute arbitrary commands via the (1) payment_method parameter to core/app/controllers/spree/admin/payment_methods_controller.rb; and the (2) promotion_action parameter to promotion_actions_controller.rb, (3) promotion_rule parameter to promotion_rules_controller.rb, and (4) calculator_type parameter to promotions_controller.rb in promo/app/controllers/spree/admin/, related to unsafe use of the constantize function.
CVE-2013-1655 3 Puppet, Puppetlabs, Ruby-lang 4 Puppet, Puppet Enterprise, Puppet and 1 more 2026-06-16 7.5 HIGH N/A
Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes."
CVE-2013-1648 1 Open-xchange 1 Open-xchange Server 2026-06-16 3.5 LOW N/A
The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffic via a crafted Source field, as demonstrated by (1) an ftp: URL, (2) a gopher: URL, or (3) an http://127.0.0.1/ URL, related to a "Server-side request forging (SSRF)" issue.
CVE-2013-1633 1 Python 1 Setuptools 2026-06-16 6.8 MEDIUM N/A
easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product.
CVE-2013-1630 1 Guillaume Gauvrit 1 Pyshop 2026-06-16 6.8 MEDIUM N/A
pyshop before 0.7.1 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a download operation.
CVE-2013-1629 1 Pypa 1 Pip 2026-06-16 6.8 MEDIUM N/A
pip before 1.3 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a "pip install" operation.
CVE-2013-1621 1 Polarssl 1 Polarssl 2026-06-16 4.3 MEDIUM N/A
Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session, a different vulnerability than CVE-2013-0169.
CVE-2013-1607 1 Pdfkit Project 1 Pdfkit 2026-06-16 7.5 HIGH 9.8 CRITICAL
Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability
CVE-2013-1585 1 Wireshark 1 Wireshark 2026-06-16 2.9 LOW N/A
epan/tvbuff.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly validate certain length values for the MS-MMC dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-1584 1 Wireshark 1 Wireshark 2026-06-16 2.9 LOW N/A
The dissect_version_5_and_6_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-1583 1 Wireshark 1 Wireshark 2026-06-16 2.9 LOW N/A
The dissect_version_4_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-1581 1 Wireshark 1 Wireshark 2026-06-16 2.9 LOW N/A
The dissect_pft_fec_detailed function in epan/dissectors/packet-dcp-etsi.c in the DCP-ETSI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle fragment gaps, which allows remote attackers to cause a denial of service (loop) via a malformed packet.
CVE-2013-1580 1 Wireshark 1 Wireshark 2026-06-16 2.9 LOW N/A
The dissect_cmstatus_tlv function in plugins/docsis/packet-cmstatus.c in the DOCSIS CM-STATUS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a position variable, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
CVE-2013-1578 1 Wireshark 1 Wireshark 2026-06-16 2.9 LOW N/A
The dissect_pw_eth_heuristic function in epan/dissectors/packet-pw-eth.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle apparent Ethernet address values at the beginning of MPLS data, which allows remote attackers to cause a denial of service (loop) via a malformed packet.
CVE-2013-1577 1 Wireshark 1 Wireshark 2026-06-16 2.9 LOW N/A
The dissect_sip_p_charging_func_addresses function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle offset data associated with a quoted string, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
CVE-2013-1575 1 Wireshark 1 Wireshark 2026-06-16 2.9 LOW N/A
The dissect_r3_cmd_alarmconfigure function in epan/dissectors/packet-assa_r3.c in the R3 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a certain alarm length, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.