Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 35896 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-1968 4 Apache, Canonical, Collabnet and 1 more 4 Subversion, Ubuntu Linux, Subversion and 1 more 2026-06-16 5.5 MEDIUM N/A
Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name.
CVE-2013-1949 2 Blinkwebeffects, Wordpress 2 Social-media-widget, Wordpress 2026-06-16 5.0 MEDIUM N/A
Social Media Widget (social-media-widget) plugin 4.0 for WordPress contains an externally introduced modification (Trojan Horse), which allows remote attackers to force the upload of arbitrary files.
CVE-2013-1948 2 Rob Westgeest, Ruby-lang 2 Md2pdf, Ruby 2026-06-16 10.0 HIGH N/A
converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.
CVE-2013-1927 3 Canonical, Opensuse, Redhat 3 Ubuntu Linux, Opensuse, Icedtea-web 2026-06-16 6.8 MEDIUM N/A
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."
CVE-2013-1926 3 Canonical, Opensuse, Redhat 3 Ubuntu Linux, Opensuse, Icedtea-web 2026-06-16 5.8 MEDIUM N/A
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.
CVE-2013-1896 4 Apache, Canonical, Opensuse and 1 more 10 Http Server, Ubuntu Linux, Opensuse and 7 more 2026-06-16 4.3 MEDIUM N/A
mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
CVE-2013-1862 5 Apache, Canonical, Opensuse and 2 more 11 Http Server, Ubuntu Linux, Opensuse and 8 more 2026-06-16 5.1 MEDIUM N/A
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
CVE-2013-1753 1 Python 1 Python 2026-06-16 5.0 MEDIUM 7.5 HIGH
The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request.
CVE-2013-1747 1 Ngircd 1 Ngircd 2026-06-16 5.0 MEDIUM N/A
channel.c in ngIRCd 20 and 20.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a KICK command for a user who is not on the associated channel.
CVE-2013-1744 1 Iris Citations Management Tool Project 1 Iris Citations Management Tool 2026-06-16 7.5 HIGH 9.8 CRITICAL
IRIS citations management tool through 1.3 allows remote attackers to execute arbitrary commands.
CVE-2013-1739 1 Mozilla 1 Network Security Services 2026-06-16 5.0 MEDIUM N/A
Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure.
CVE-2013-1708 1 Mozilla 2 Firefox, Seamonkey 2026-06-16 4.3 MEDIUM N/A
Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (application crash) via a crafted WAV file that is not properly handled by the nsCString::CharAt function.
CVE-2013-1702 1 Mozilla 2 Firefox, Seamonkey 2026-06-16 10.0 HIGH N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2013-1701 1 Mozilla 4 Firefox, Seamonkey, Thunderbird and 1 more 2026-06-16 10.0 HIGH N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2013-1683 1 Mozilla 1 Firefox 2026-06-16 10.0 HIGH N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2013-1682 1 Mozilla 3 Firefox, Thunderbird, Thunderbird Esr 2026-06-16 10.0 HIGH N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2013-1669 1 Mozilla 1 Firefox 2026-06-16 10.0 HIGH N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2013-1654 3 Canonical, Puppet, Puppetlabs 4 Ubuntu Linux, Puppet, Puppet Enterprise and 1 more 2026-06-16 5.0 MEDIUM N/A
Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote attackers to conduct SSLv2 downgrade attacks against SSLv3 sessions via unspecified vectors.
CVE-2013-1653 3 Canonical, Puppet, Puppetlabs 4 Ubuntu Linux, Puppet, Puppet Enterprise and 1 more 2026-06-16 7.1 HIGH N/A
Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authenticated users to execute arbitrary code via a crafted HTTP request.
CVE-2013-1640 2 Canonical, Puppet 3 Ubuntu Linux, Puppet, Puppet Enterprise 2026-06-16 9.0 HIGH N/A
The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request.