Export limit exceeded: 363781 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363781 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363781 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-7295 1 Torproject 1 Tor 2025-04-11 N/A
Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for (1) relay identity keys and (2) hidden-service identity keys, which might make it easier for remote attackers to bypass cryptographic protection mechanisms via unspecified vectors.
CVE-2013-7296 1 Freedesktop 1 Poppler 2025-04-11 N/A
The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file.
CVE-2013-7298 1 Tntnet 1 Cxxtools 2025-04-11 N/A
query_params.cpp in cxxtools before 2.2.1 allows remote attackers to cause a denial of service (infinite recursion and crash) via an HTTP query that contains %% (double percent) characters.
CVE-2013-7299 1 Tntnet 1 Tntnet 2025-04-11 N/A
framework/common/messageheaderparser.cpp in Tntnet before 2.2.1 allows remote attackers to obtain sensitive information via a header that ends in \n instead of \r\n, which prevents a null terminator from being added and causes Tntnet to include headers from other requests.
CVE-2013-7300 1 Craig Drummond 1 Cantata 2025-04-11 N/A
Absolute path traversal vulnerability in cantata before 1.2.2 allows local users to read arbitrary files via a full pathname in a request to the internal httpd server. NOTE: this vulnerability can be leveraged by remote attackers using CVE-2013-7301.
CVE-2013-7301 1 Craig Drummond 1 Cantata 2025-04-11 N/A
Cantata before 1.2.2 does not restrict access to files in the play queue, which allows remote attackers to obtain sensitive information by reading the songs in the queue.
CVE-2013-7303 1 Spip 1 Spip 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote attackers to inject arbitrary web script or HTML via the author name field.
CVE-2013-7304 1 Checkpoint 1 Endpoint Security Mi Server R73 2025-04-11 N/A
Check Point Endpoint Security MI Server through R73 3.0.0 HFA2.5 does not configure X.509 certificate validation for client devices, which allows man-in-the-middle attackers to spoof SSL servers by presenting an arbitrary certificate during a session established by a client.
CVE-2013-7305 1 E107 1 E107 2025-04-11 N/A
fpw.php in e107 through 1.0.4 does not check the user_ban field, which makes it easier for remote attackers to reset passwords by sending a pwsubmit request and leveraging access to the e-mail account of a banned user.
CVE-2013-7306 1 Brocade 11 Adx, Bigiron Rx, Fastiron and 8 more 2025-04-11 N/A
The OSPF implementation on Brocade routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
CVE-2013-7308 1 Dlink 2 Des-3810-28, Des-3810-28 Firmware 2025-04-11 N/A
The OSPF implementation on the D-Link DES-3810-28 switch with firmware R2.20.B017 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
CVE-2013-7310 1 Yamaha 14 Fwx120, Rt105, Rt107e and 11 more 2025-04-11 N/A
The OSPF implementation on Yamaha routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
CVE-2013-7311 1 Checkpoint 2 Gaia Os, Ipso Os 2025-04-11 N/A
The OSPF implementation in Check Point Gaia OS R75.X and R76 and IPSO OS 6.2 R75.X and R76 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
CVE-2013-7309 1 Extremenetworks 1 Exos 2025-04-11 N/A
The OSPF implementation in Extreme Networks EXOS does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
CVE-2013-7312 1 Enterasys 9 C5, G3, K10 and 6 more 2025-04-11 N/A
The OSPF implementation on Enterasys switches and routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
CVE-2013-7313 1 Juniper 3 Junos, Junose, Screenos 2025-04-11 N/A
The OSPF implementation in Juniper Junos through 13.x, JunosE, and ScreenOS through 6.3.x does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
CVE-2013-7314 1 Nec 12 Ip38x 1000, Ip38x 105, Ip38x 107e and 9 more 2025-04-11 N/A
The OSPF implementation on NEC IP38X, IX1000, IX2000, and IX3000 routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
CVE-2013-7315 2 Springsource, Vmware 2 Spring Framework, Spring Framework 2025-04-11 N/A
The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.
CVE-2013-7316 1 Gitlab 1 Gitlab 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in GitLab 6.0 and other versions before 6.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML file, as demonstrated by README.html.
CVE-2013-7317 1 Cs-cart 1 Cs-cart 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in CS-Cart before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) settings_file or (2) data_file parameter to (a) ampie.swf, (b) amline.swf, or (c) amcolumn.swf.