Export limit exceeded: 364535 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364535 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-7404 1 Gehealthcare 1 Discovery Nm 750b 2025-04-12 N/A
GE Healthcare Discovery NM 750b has a password of 2getin for the insite account for (1) Telnet and (2) FTP, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.
CVE-2013-7405 1 Gehealthcare 1 Centricity Dms 2025-04-12 N/A
The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a password of Never!Mind for the Administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.
CVE-2013-7406 1 Mrbs Project 1 Mrbs 2025-04-12 N/A
SQL injection vulnerability in the MRBS module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-7407 1 Drupal 1 Mrbs Module 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the MRBS module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2013-7408 1 F5 1 Big-ip Analytics 2025-04-12 N/A
F5 BIG-IP Analytics 11.x before 11.4.0 uses a predictable session cookie, which makes it easier for remote attackers to have unspecified impact by guessing the value.
CVE-2013-7409 1 Allplayer 1 Allplayer 2025-04-12 N/A
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .m3u (playlist) file.
CVE-2013-7416 1 Canto 1 Canto Curses 2025-04-12 N/A
canto_curses/guibase.py in Canto Curses before 0.9.0 allows remote feed servers to execute arbitrary commands via shell metacharacters in a URL in a feed.
CVE-2013-7417 1 Ipcop 1 Ipcop 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in cgi-bin/ipinfo.cgi in IPCop (aka IPCop Firewall) before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. NOTE: this can be used to bypass the cross-site request forgery (CSRF) protection mechanism by setting the Referer.
CVE-2013-7420 1 Hancom 1 Hancom Office 2010 Se 2025-04-12 N/A
Buffer overflow in Hancom Office 2010 SE allows remote attackers to execute arbitrary via a long string in the Text attribute in a TEXTART XML element in an HML file.
CVE-2013-7421 5 Canonical, Debian, Linux and 2 more 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more 2025-04-12 N/A
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.
CVE-2013-7422 2 Apple, Perl 2 Mac Os X, Perl 2025-04-12 N/A
Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.
CVE-2013-7423 4 Canonical, Gnu, Opensuse and 1 more 7 Ubuntu Linux, Glibc, Opensuse and 4 more 2025-04-12 N/A
The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.
CVE-2013-7424 2 Gnu, Redhat 2 Glibc, Enterprise Linux 2025-04-12 N/A
The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6.
CVE-2013-7436 2 Kanaka, Redhat 2 Novnc, Openstack 2025-04-12 N/A
noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
CVE-2013-7437 1 Icoasoft 1 Potrace 2025-04-12 N/A
Multiple integer overflows in potrace 1.11 allow remote attackers to cause a denial of service (crash) via large dimensions in a BMP image, which triggers a buffer overflow.
CVE-2013-7438 1 Pbm212030 Project 1 Pbm212030 2025-04-12 N/A
Multiple buffer overflows in pbm212030 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PBM image, related to (1) stream line data, which triggers a heap-based buffer overflow, or (2) vectors related to an "internal intermediate heap-based buffer."
CVE-2013-7439 4 Canonical, Debian, Redhat and 1 more 5 Ubuntu Linux, Debian Linux, Enterprise Linux and 2 more 2025-04-12 N/A
Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow.
CVE-2013-7440 2 Python, Redhat 4 Python, Rhel Software Collections, Satellite and 1 more 2025-04-12 N/A
The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.
CVE-2013-7442 1 Gehealthcare 1 Centricity Pacs Workstation 2025-04-12 N/A
GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of (1) CANal1 for the Administrator user and (2) iis for the IIS user, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it.
CVE-2013-7443 2 Canonical, Sqlite 2 Ubuntu Linux, Sqlite 2025-04-12 N/A
Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a denial of service (crash) via crafted SQL statements.