Vulnerabilities (CVE)

Filtered by CWE-20
Total 11549 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-0740 1 Dell 1 Openmanage Server Administrator 2026-06-16 5.8 MEDIUM N/A
Open redirect vulnerability in Dell OpenManage Server Administrator (OMSA) before 7.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the file parameter to HelpViewer.
CVE-2013-0716 1 Windriver 1 Vxworks 2026-06-16 5.0 MEDIUM N/A
The web server in Wind River VxWorks 5.5 through 6.9 allows remote attackers to cause a denial of service (daemon crash) via a crafted URI.
CVE-2013-0715 1 Windriver 1 Vxworks 2026-06-16 4.0 MEDIUM N/A
The WebCLI component in Wind River VxWorks 5.5 through 6.9 allows remote authenticated users to cause a denial of service (CLI session crash) via a crafted command string.
CVE-2013-0714 1 Windriver 1 Vxworks 2026-06-16 10.0 HIGH N/A
IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to execute arbitrary code or cause a denial of service (daemon hang) via a crafted public-key authentication request.
CVE-2013-0713 1 Windriver 1 Vxworks 2026-06-16 6.8 MEDIUM N/A
IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (daemon outage) via a crafted pty request.
CVE-2013-0712 1 Windriver 1 Vxworks 2026-06-16 6.8 MEDIUM N/A
IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (daemon outage) via a crafted packet.
CVE-2013-0711 1 Windriver 1 Vxworks 2026-06-16 7.8 HIGH N/A
IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to cause a denial of service (daemon outage) via a crafted authentication request.
CVE-2013-0699 1 Galilmc 1 Rio-47100 Plc 2026-06-16 7.1 HIGH N/A
The Galil RIO-47100 Pocket PLC allows remote attackers to cause a denial of service via a session that includes "repeated requests."
CVE-2013-0686 1 Invensys 1 Wonderware Information Server 2026-06-16 9.3 HIGH N/A
Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2013-0681 2 Cogentdatahub, Microsoft 5 Cascade Datahub, Cogent Datahub, Datahub Quicktrend and 2 more 2026-06-16 5.0 MEDIUM N/A
Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed data in a formatted text command.
CVE-2013-0670 1 Siemens 1 Wincc Tia Portal 2026-06-16 4.3 MEDIUM N/A
CRLF injection vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.
CVE-2013-0669 1 Siemens 1 Wincc Tia Portal 2026-06-16 4.0 MEDIUM N/A
The HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to cause a denial of service (daemon crash) via a crafted HTTP request.
CVE-2013-0655 1 Schneider-electric 1 Software Update Utility 2026-06-16 9.3 HIGH N/A
The client in Schneider Electric Software Update (SESU) Utility 1.0.x and 1.1.x does not ensure that updates have a valid origin, which allows man-in-the-middle attackers to spoof updates, and consequently execute arbitrary code, by modifying the data stream on TCP port 80.
CVE-2013-0654 1 Ge 3 Intelligent Platforms Proficy Hmi\/scada Cimplicity, Intelligent Platforms Proficy Process Systems, Intelligent Platforms Proficy Process Systems With Cimplicity 2026-06-16 9.3 HIGH N/A
CimWebServer in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary commands or cause a denial of service (daemon crash) via a crafted packet.
CVE-2013-0551 1 Ibm 2 Application Manager For Smart Business, Tivoli Monitoring 2026-06-16 5.0 MEDIUM N/A
The Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (formerly Tivoli Foundations Application Manager) 1.2.1 before 1.2.1.0-TIV-IAMSB-FP0004 and other products, allows remote attackers to cause a denial of service (abend) via a crafted URL.
CVE-2013-0526 1 Ibm 3 Avocent 1754 Kvm, Global Console Manager 16 Firmware, Global Console Manager 32 Firmware 2026-06-16 8.5 HIGH N/A
ping.php in Global Console Manager 16 (GCM16) and Global Console Manager 32 (GCM32) before 1.20.0.22575 on the IBM Avocent 1754 KVM switch allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) count or (2) size parameter.
CVE-2013-0520 1 Ibm 1 Sterling Secure Proxy 2026-06-16 4.0 MEDIUM N/A
IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 allows remote authenticated users to obtain sensitive Java stack-trace information by providing invalid input data.
CVE-2013-0518 1 Ibm 1 Sterling Secure Proxy 2026-06-16 4.3 MEDIUM N/A
IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 does not refuse to be rendered in different-origin frames, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
CVE-2013-0505 1 Ibm 2 Sterling Multi-channel Fulfillment Solution, Sterling Selling And Fulfillment Foundation 2026-06-16 5.5 MEDIUM N/A
IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to conduct XPath injection attacks, and read arbitrary XML files, via unspecified vectors.
CVE-2013-0500 1 Ibm 2 Storwize V7000 Unified, Storwize V7000 Unified Software 2026-06-16 5.4 MEDIUM N/A
IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 does not properly handle device files that are created with the NFS protocol but accessed with a non-NFS protocol, which allows remote authenticated users to obtain sensitive information, modify programs or files, or cause a denial of service (device crash) via a (1) CIFS, (2) HTTPS, (3) SCP, or (4) SFTP operation.