Export limit exceeded: 363169 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363169 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-2115 1 Apache 1 Struts 2025-04-11 8.1 High
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
CVE-2013-2116 2 Gnu, Redhat 2 Gnutls, Enterprise Linux 2025-04-11 N/A
The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169.
CVE-2013-2117 2 Jason A Donenfeld, Lars Hjemli 2 Cgit, Cgit 2025-04-11 N/A
Directory traversal vulnerability in the cgit_parse_readme function in ui-summary.c in cgit before 0.9.2, when a readme file is set to a filesystem path, allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter.
CVE-2013-2118 1 Spip 1 Spip 2025-04-11 N/A
SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 allows remote attackers to gain privileges and "take editorial control" via vectors related to ecrire/inc/filtres.php.
CVE-2013-2119 3 Phusion, Redhat, Ruby-lang 3 Passenger, Openshift, Ruby 2025-04-11 N/A
Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem.
CVE-2013-2121 2 Redhat, Theforeman 3 Openstack, Satellite, Foreman 2025-04-11 N/A
Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.
CVE-2013-2122 2 Drupal, Quade 2 Drupal, Edit Limit 2025-04-11 N/A
The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to comments, which allows remote authenticated users with the "edit comments" permission to edit arbitrary comments of other users via unspecified vectors.
CVE-2013-2123 2 Drupal, Node Access User Reference Project 2 Drupal, Nodeaccess Userreference Module 2025-04-11 N/A
The Node access user reference module 6.x-3.x before 6.x-3.5 and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to content containing a user reference field when the author update/delete grants are enabled and the author's user account is deleted, which allows remote attackers to modify the content via unspecified vectors.
CVE-2013-2126 3 Canonical, Libraw, Opensuse 3 Ubuntu Linux, Libraw, Opensuse 2025-04-11 N/A
Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image file.
CVE-2013-2127 1 Libraw 1 Libraw 2025-04-11 N/A
Buffer overflow in the exposure correction code in LibRaw before 0.15.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
CVE-2013-2128 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Openstack 2025-04-11 5.5 Medium
The tcp_read_sock function in net/ipv4/tcp.c in the Linux kernel before 2.6.34 does not properly manage skb consumption, which allows local users to cause a denial of service (system crash) via a crafted splice system call for a TCP socket.
CVE-2013-2129 2 Drupal, Nathan Haug 2 Drupal, Webform 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.19 for Drupal allows remote authenticated users with the "edit own webform content" or "edit all webform content" permissions to inject arbitrary web script or HTML via a component label.
CVE-2013-2132 4 Canonical, Mongodb, Opensuse and 1 more 4 Ubuntu Linux, Mongodb, Opensuse and 1 more 2025-04-11 N/A
bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef."
CVE-2013-2133 1 Redhat 5 Enterprise Linux, Jboss Bpms, Jboss Brms and 2 more 2025-04-11 N/A
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class.
CVE-2013-2134 1 Apache 1 Struts 2025-04-11 N/A
Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
CVE-2013-2576 1 B-e-soft 1 Artweaver 2025-04-11 N/A
Buffer overflow in Artweaver before 3.1.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AWD file.
CVE-2013-2135 1 Apache 1 Struts 2025-04-11 N/A
Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
CVE-2013-2136 1 Apache 1 Cloudstack 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Apache CloudStack before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Physical network name to the Zone wizard; (2) New network name, (3) instance name, or (4) group to the Instance wizard; (5) unspecified "multi-edit fields;" and (6) unspecified "list view" edit fields related to global settings.
CVE-2013-2137 1 Apache 1 Ofbiz 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the "View Log" screen in the Webtools application in Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-2138 1 Menalto 1 Gallery 2025-04-11 N/A
The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a replay attack.