Max CVSS | 10.0 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2013-4407 | 6.8 |
HTTP::Body::Multipart in the HTTP-Body module for Perl (1.07 through 1.22, before 1.23) uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct a
|
01-05-2024 - 18:15 | 23-11-2013 - 18:55 | |
CVE-2013-4547 | 7.5 |
nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.
|
10-11-2021 - 15:59 | 23-11-2013 - 18:55 | |
CVE-2013-6045 | 7.5 |
Multiple heap-based buffer overflows in OpenJPEG 1.3 and earlier might allow remote attackers to execute arbitrary code via unspecified vectors.
|
09-09-2020 - 19:56 | 12-12-2013 - 18:55 | |
CVE-2013-6054 | 7.5 |
Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and remote vectors, a different vulnerability than CVE-2013-6045.
|
09-09-2020 - 19:56 | 12-12-2013 - 18:55 | |
CVE-2013-6052 | 5.0 |
OpenJPEG 1.3 and earlier allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read.
|
09-09-2020 - 19:56 | 12-12-2013 - 18:55 | |
CVE-2013-1447 | 5.0 |
OpenJPEG 1.3 and earlier allows remote attackers to cause a denial of service (memory consumption or crash) via unspecified vectors related to NULL pointer dereferences, division-by-zero, and other errors.
|
09-09-2020 - 19:56 | 12-12-2013 - 18:55 | |
CVE-2003-0196 | 10.0 |
Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.
|
30-10-2018 - 16:26 | 05-05-2003 - 04:00 | |
CVE-2003-0201 | 10.0 |
Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.
|
30-10-2018 - 16:26 | 05-05-2003 - 04:00 | |
CVE-2013-5605 | 7.5 |
Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets.
|
09-10-2018 - 19:34 | 18-11-2013 - 05:23 | |
CVE-2013-4073 | 6.8 |
The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name fie
|
13-08-2018 - 21:47 | 18-08-2013 - 02:52 | |
CVE-2013-4164 | 6.8 |
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute
|
09-01-2018 - 02:29 | 23-11-2013 - 19:55 | |
CVE-2013-2236 | 2.6 |
Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers to cause a denial of service (cr
|
05-01-2018 - 02:29 | 24-10-2013 - 03:48 | |
CVE-2013-4479 | 6.8 |
lib/sup/message_chunks.rb in Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the content_type of an email attachment.
|
22-12-2016 - 02:59 | 07-12-2013 - 20:55 | |
CVE-2013-1821 | 5.0 |
lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack. Per: http://www.r
|
08-12-2016 - 03:03 | 09-04-2013 - 21:55 | |
CVE-2013-6410 | 7.5 |
nbd-server in Network Block Device (nbd) before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partial match in the authfile configuration file.
|
28-11-2016 - 19:09 | 07-12-2013 - 20:55 | |
CVE-2013-6385 | 5.1 |
The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote attackers to trigger application-specific impacts such
|
14-01-2014 - 04:28 | 07-12-2013 - 21:55 | |
CVE-2013-6386 | 6.8 |
Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand function to generate random numbers, which uses predictable seeds and allows remote attackers to predict security strings and bypass intended restrictions via a brute force attack.
|
14-01-2014 - 04:28 | 07-12-2013 - 21:55 | |
CVE-2013-6387 | 2.1 |
Cross-site scripting (XSS) vulnerability in the Image module in Drupal 7.x before 7.24 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the description field.
|
04-01-2014 - 04:50 | 24-12-2013 - 20:55 | |
CVE-2013-6388 | 4.3 |
Cross-site scripting (XSS) vulnerability in the Color module in Drupal 7.x before 7.24 allows remote attackers to inject arbitrary web script or HTML via vectors related to CSS.
|
04-01-2014 - 04:50 | 24-12-2013 - 20:55 | |
CVE-2013-6389 | 5.8 |
Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.24 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
|
04-01-2014 - 04:50 | 07-12-2013 - 21:55 | |
CVE-2013-6051 | 4.3 |
The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted BGP update.
|
16-12-2013 - 20:41 | 14-12-2013 - 17:21 | |
CVE-2013-6050 | 4.3 |
Integer overflow in Links before 2.8 allows remote attackers to cause a denial of service (crash) via crafted HTML tables.
|
09-12-2013 - 20:02 | 07-12-2013 - 20:55 | |
CVE-2013-4478 | 6.8 |
Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment.
|
09-12-2013 - 17:54 | 07-12-2013 - 20:55 |