Vulnerabilities (CVE)

Filtered by CWE-20
Total 11538 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-0252 1 Boost 1 Boost 2026-06-16 5.0 MEDIUM N/A
boost::locale::utf::utf_traits in the Boost.Locale library in Boost 1.48 through 1.52 does not properly detect certain invalid UTF-8 sequences, which might allow remote attackers to bypass input validation protection mechanisms via crafted trailing bytes.
CVE-2013-0243 1 Haskell 1 Hs-tls 2026-06-16 5.8 MEDIUM 7.4 HIGH
haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnerability may lead to Man in the Middle attacks on TLS connections
CVE-2013-0238 1 Ircd-hybrid 1 Ircd-hybrid 2026-06-16 5.0 MEDIUM N/A
The try_parse_v4_netmask function in hostmask.c in IRCD-Hybrid before 8.0.6 does not properly validate masks, which allows remote attackers to cause a denial of service (crash) via a mask that causes a negative number to be parsed.
CVE-2013-0221 2 Opensuse, Redhat 2 Opensuse, Enterprise Linux 2026-06-16 4.3 MEDIUM N/A
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function.
CVE-2013-0216 1 Linux 1 Linux Kernel 2026-06-16 5.2 MEDIUM N/A
The Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (loop) by triggering ring pointer corruption.
CVE-2013-0213 1 Samba 1 Samba 2026-06-16 5.1 MEDIUM N/A
The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element.
CVE-2013-0198 1 Thekelleys 1 Dnsmasq 2026-06-16 5.0 MEDIUM N/A
Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via spoofed TCP based DNS queries. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3411.
CVE-2013-0190 1 Linux 1 Linux Kernel 2026-06-16 4.9 MEDIUM N/A
The xen_failsafe_callback function in Xen for the Linux kernel 2.6.23 and other versions, when running a 32-bit PVOPS guest, allows local users to cause a denial of service (guest crash) by triggering an iret fault, leading to use of an incorrect stack pointer and stack corruption.
CVE-2013-0180 1 Redislabs 1 Redis 2026-06-16 3.6 LOW 5.5 MEDIUM
Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds.
CVE-2013-0178 1 Redislabs 1 Redis 2026-06-16 3.6 LOW 5.5 MEDIUM
Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm.
CVE-2013-0175 3 Erik Michaels-ober, Grape Project, Ruby-lang 3 Multi Xml, Grape, Ruby 2026-06-16 7.5 HIGH N/A
multi_xml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.
CVE-2013-0165 1 Redhat 1 Openshift 2026-06-16 7.5 HIGH 7.3 HIGH
cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp.
CVE-2013-0156 2 Debian, Rubyonrails 3 Debian Linux, Rails, Ruby On Rails 2026-06-16 7.5 HIGH N/A
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.
CVE-2013-0122 1 Avast 1 Avast\! Mobile Security 2026-06-16 1.9 LOW N/A
The avast! Mobile Security application before 2.0.4400 for Android allows attackers to cause a denial of service (application crash) via a crafted application that sends an intent to com.avast.android.mobilesecurity.app.scanner.DeleteFileActivity with zero arguments.
CVE-2013-0120 1 Dell 1 Powerconnect 6248p 2026-06-16 7.8 HIGH N/A
The web interface on Dell PowerConnect 6248P switches allows remote attackers to cause a denial of service (device crash) via a malformed request.
CVE-2013-0081 1 Microsoft 4 Sharepoint Foundation, Sharepoint Portal Server, Sharepoint Server and 1 more 2026-06-16 5.0 MEDIUM N/A
Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 do not properly process unassigned workflows, which allows remote attackers to cause a denial of service (W3WP process hang) via a crafted URL, aka "SharePoint Denial of Service Vulnerability."
CVE-2013-0078 1 Microsoft 3 Windows 8, Windows Defender, Windows Rt 2026-06-16 7.2 HIGH N/A
The Microsoft Antimalware Client in Windows Defender on Windows 8 and Windows RT uses an incorrect pathname for MsMpEng.exe, which allows local users to gain privileges via a crafted application, aka "Microsoft Antimalware Improper Pathname Vulnerability."
CVE-2013-0005 1 Microsoft 9 .net Framework, Management Odata Iis Extension, Windows 7 and 6 more 2026-06-16 7.8 HIGH N/A
The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability."
CVE-2013-0004 1 Microsoft 9 .net Framework, Windows 7, Windows 8 and 6 more 2026-06-16 9.3 HIGH N/A
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability."
CVE-2012-6696 1 Inspircd 1 Inspircd 2026-06-16 7.5 HIGH 9.8 CRITICAL
inspircd in Debian before 2.0.7 does not properly handle unsigned integers. NOTE: This vulnerability exists because of an incomplete fix to CVE-2012-1836.