Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 35865 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-0277 1 Rubyonrails 2 Rails, Ruby On Rails 2026-06-16 10.0 HIGH N/A
ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML.
CVE-2013-0274 1 Pidgin 1 Pidgin 2026-06-16 2.9 LOW N/A
upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network.
CVE-2013-0273 1 Pidgin 1 Pidgin 2026-06-16 5.0 MEDIUM N/A
sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash) via a crafted packet.
CVE-2013-0271 1 Pidgin 1 Pidgin 2026-06-16 5.0 MEDIUM N/A
The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname.
CVE-2013-0263 1 Rack Project 1 Rack 2026-06-16 5.1 MEDIUM N/A
Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.
CVE-2013-0260 2 Drupal, Elliot Pahl 2 Drupal, Drush Debian Packaging 2026-06-16 2.1 LOW N/A
Unspecified vulnerability in the Drush Debian Packaging module for Drupal allows local users to obtain database credentials via unknown vectors.
CVE-2013-0232 1 Zoneminder 1 Zoneminder 2026-06-16 7.5 HIGH N/A
includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) runState parameter in the packageControl function; or (2) key or (3) command parameter in the setDeviceStatusX10 function.
CVE-2013-0229 1 Miniupnp Project 1 Miniupnpd 2026-06-16 7.8 HIGH N/A
The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that triggers a buffer over-read.
CVE-2013-0184 1 Rack Project 1 Rack 2026-06-16 4.3 MEDIUM N/A
Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings."
CVE-2013-0158 2 Cloudbees, Jenkins 2 Jenkins, Jenkins 2026-06-16 2.6 LOW N/A
Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown vectors.
CVE-2013-0154 1 Xen 1 Xen 2026-06-16 1.9 LOW N/A
The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled, allows local PV or HVM guest administrators to cause a denial of service (assertion failure and hypervisor crash) via unspecified vectors related to a hypercall.
CVE-2013-0153 1 Xen 1 Xen 2026-06-16 4.7 MEDIUM N/A
The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to cause a denial of service by injecting an interrupt into other guests.
CVE-2013-0149 1 Cisco 7 Asa 5500, Fwsm, Ios and 4 more 2026-06-16 5.8 MEDIUM N/A
The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.3, IOS-XE 2.x through 3.9.xS, ASA and PIX 7.x through 9.1, FWSM, NX-OS, and StarOS before 14.0.50488 does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a (1) unicast or (2) multicast packet, aka Bug IDs CSCug34485, CSCug34469, CSCug39762, CSCug63304, and CSCug39795.
CVE-2013-0139 1 Arecont 1 Vision Av1355dn Megadome Camera 2026-06-16 7.8 HIGH N/A
The Arecont Vision AV1355DN MegaDome camera allows remote attackers to cause a denial of service (video-capture outage) via a packet to UDP port 69.
CVE-2013-0079 1 Microsoft 3 Office Filter Pack, Visio, Visio Viewer 2026-06-16 9.3 HIGH N/A
Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka "Visio Viewer Tree Object Type Confusion Vulnerability."
CVE-2013-0074 1 Microsoft 1 Silverlight 2026-06-16 9.3 HIGH 7.8 HIGH
Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability."
CVE-2012-6653 1 All Video Gallery Plugin Project 1 All Video Gallery Plugin 2026-06-16 7.5 HIGH N/A
Unspecified vulnerability in the All Video Gallery (all-video-gallery) plugin before 1.2.0 for WordPress has unspecified impact and attack vectors.
CVE-2012-6646 1 F-secure 3 Anti-virus, Psb Workstation Security, Safe Anywhere 2026-06-16 2.1 LOW N/A
F-Secure Anti-Virus, Safe Anywhere, and PSB Workstation Security before 11500 for Mac OS X allows local users to disable the Mac OS X firewall via unspecified vectors.
CVE-2012-6613 1 Dlink 2 Dsr-250n, Dsr-250n Firmware 2026-06-16 9.0 HIGH 7.2 HIGH
D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root Access because of the admin password for the admin account.
CVE-2012-6612 1 Apache 1 Solr 2026-06-16 7.5 HIGH N/A
The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.