Vulnerabilities (CVE)

Filtered by CWE-20
Total 11557 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-0854 1 Ffmpeg 1 Ffmpeg 2026-06-16 9.3 HIGH N/A
The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted MJPEG data.
CVE-2013-0849 1 Ffmpeg 1 Ffmpeg 2026-06-16 9.3 HIGH N/A
The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted (1) width or (2) height dimension that is not a multiple of sixteen in id RoQ video data.
CVE-2013-0846 1 Ffmpeg 1 Ffmpeg 2026-06-16 9.3 HIGH N/A
Array index error in the qdm2_decode_super_block function in libavcodec/qdm2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted QDM2 data, which triggers an out-of-bounds array access.
CVE-2013-0841 1 Google 1 Chrome 2026-06-16 7.5 HIGH N/A
Array index error in the content-blocking functionality in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2013-0837 2 Google, Opensuse 2 Chrome, Opensuse 2026-06-16 7.5 HIGH N/A
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of extension tabs.
CVE-2013-0830 3 Google, Microsoft, Opensuse 3 Chrome, Windows, Opensuse 2026-06-16 7.5 HIGH N/A
The IPC layer in Google Chrome before 24.0.1312.52 on Windows omits a NUL character required for termination of an unspecified data structure, which has unknown impact and attack vectors.
CVE-2013-0757 4 Canonical, Mozilla, Opensuse and 1 more 9 Ubuntu Linux, Firefox, Seamonkey and 6 more 2026-06-16 9.3 HIGH N/A
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of an object, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by referencing Object.prototype.__proto__ in a crafted HTML document.
CVE-2013-0747 4 Canonical, Mozilla, Opensuse and 1 more 9 Ubuntu Linux, Firefox, Seamonkey and 6 more 2026-06-16 6.8 MEDIUM N/A
The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same Origin Policy, which allows remote attackers to conduct clickjacking attacks via crafted JavaScript code that listens for a mutation event.
CVE-2013-0740 1 Dell 1 Openmanage Server Administrator 2026-06-16 5.8 MEDIUM N/A
Open redirect vulnerability in Dell OpenManage Server Administrator (OMSA) before 7.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the file parameter to HelpViewer.
CVE-2013-0716 1 Windriver 1 Vxworks 2026-06-16 5.0 MEDIUM N/A
The web server in Wind River VxWorks 5.5 through 6.9 allows remote attackers to cause a denial of service (daemon crash) via a crafted URI.
CVE-2013-0715 1 Windriver 1 Vxworks 2026-06-16 4.0 MEDIUM N/A
The WebCLI component in Wind River VxWorks 5.5 through 6.9 allows remote authenticated users to cause a denial of service (CLI session crash) via a crafted command string.
CVE-2013-0714 1 Windriver 1 Vxworks 2026-06-16 10.0 HIGH N/A
IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to execute arbitrary code or cause a denial of service (daemon hang) via a crafted public-key authentication request.
CVE-2013-0713 1 Windriver 1 Vxworks 2026-06-16 6.8 MEDIUM N/A
IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (daemon outage) via a crafted pty request.
CVE-2013-0712 1 Windriver 1 Vxworks 2026-06-16 6.8 MEDIUM N/A
IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (daemon outage) via a crafted packet.
CVE-2013-0711 1 Windriver 1 Vxworks 2026-06-16 7.8 HIGH N/A
IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to cause a denial of service (daemon outage) via a crafted authentication request.
CVE-2013-0699 1 Galilmc 1 Rio-47100 Plc 2026-06-16 7.1 HIGH N/A
The Galil RIO-47100 Pocket PLC allows remote attackers to cause a denial of service via a session that includes "repeated requests."
CVE-2013-0686 1 Invensys 1 Wonderware Information Server 2026-06-16 9.3 HIGH N/A
Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2013-0681 2 Cogentdatahub, Microsoft 5 Cascade Datahub, Cogent Datahub, Datahub Quicktrend and 2 more 2026-06-16 5.0 MEDIUM N/A
Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed data in a formatted text command.
CVE-2013-0670 1 Siemens 1 Wincc Tia Portal 2026-06-16 4.3 MEDIUM N/A
CRLF injection vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.
CVE-2013-0669 1 Siemens 1 Wincc Tia Portal 2026-06-16 4.0 MEDIUM N/A
The HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to cause a denial of service (daemon crash) via a crafted HTTP request.