Export limit exceeded: 74838 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 74838 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74838 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-4225 | 2 Redhat, Restful Web Services Project | 2 Satellite, Restful Web Services | 2024-11-21 | 8.8 High |
| The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the "access resource node" and "create page content" permissions (or equivalents) to conduct cross-site scripting (XSS) or execute arbitrary PHP code via a crafted text field. | ||||
| CVE-2013-4166 | 2 Gnome, Redhat | 6 Evolution, Evolution Data Server, Enterprise Linux and 3 more | 2024-11-21 | 7.5 High |
| The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information. | ||||
| CVE-2013-4161 | 2 Fedoraproject, Gksu-polkit Project | 2 Fedora, Gksu-polkit | 2024-11-21 | 7.8 High |
| gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue. | ||||
| CVE-2013-4133 | 2 Debian, Kde | 2 Debian Linux, Kde-workspace | 2024-11-21 | 7.5 High |
| kde-workspace before 4.10.5 has a memory leak in plasma desktop | ||||
| CVE-2013-4120 | 1 Theforeman | 1 Katello | 2024-11-21 | 7.5 High |
| Katello has a Denial of Service vulnerability in API OAuth authentication | ||||
| CVE-2013-4105 | 1 Cryptocat Project | 1 Cryptocat | 2024-11-21 | 7.5 High |
| Cryptocat before 2.0.22 has Multiparty Encryption Scheme Information Disclosure | ||||
| CVE-2013-4104 | 1 Cryptocat Project | 1 Cryptocat | 2024-11-21 | 7.5 High |
| Cryptocat before 2.0.22 has weak encryption in the Socialist Millionnaire Protocol | ||||
| CVE-2013-4100 | 1 Cryptocat Project | 1 Cryptocat | 2024-11-21 | 7.5 High |
| Cryptocat before 2.0.22 has Remote Denial of Service via username | ||||
| CVE-2013-4090 | 1 Varnish Cache Project | 1 Varnish Cache | 2024-11-21 | 7.5 High |
| Varnish HTTP cache before 3.0.4: ACL bug | ||||
| CVE-2013-3946 | 1 Extensis | 1 Mrsid | 2024-11-21 | 7.8 High |
| Heap-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a levels header. | ||||
| CVE-2013-3945 | 1 Extensis | 1 Mrsid | 2024-11-21 | 7.8 High |
| The MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a nband tag. | ||||
| CVE-2013-3944 | 1 Extensis | 1 Mrsid | 2024-11-21 | 7.8 High |
| Stack-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via an IMAGE tag. | ||||
| CVE-2013-3942 | 1 Daum | 1 Potplayer | 2024-11-21 | 7.8 High |
| Potplayer prior to 1.5.39659: DLL Loading Arbitrary Code Execution Vulnerability | ||||
| CVE-2013-3939 | 1 Xnview | 1 Xnview | 2024-11-21 | 7.8 High |
| xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow. | ||||
| CVE-2013-3937 | 1 Xnview | 1 Xnview | 2024-11-21 | 7.8 High |
| Heap-based buffer overflow in xnview.exe in XnView before 2.13 allows remote attackers to execute arbitrary code via the biBitCount field in a BMP file. | ||||
| CVE-2013-3935 | 1 Opsview | 2 Opsview, Opsview Core | 2024-11-21 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.1 and Opsview Core before 20130522 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via unspecified vectors. | ||||
| CVE-2013-3932 | 1 Jomres | 1 Jomres | 2024-11-21 | 8.8 High |
| SQL injection vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to execute arbitrary SQL commands via the id parameter in an editProfile action to administrator/index.php. | ||||
| CVE-2013-3722 | 1 Opensips | 1 Opensips | 2024-11-21 | 7.5 High |
| A Denial of Service (infinite loop) exists in OpenSIPS before 1.10 in lookup.c. | ||||
| CVE-2013-3691 | 1 Ovislink | 2 Airlive Poe2600hd, Airlive Poe2600hd Firmware | 2024-11-21 | 7.5 High |
| AirLive POE-2600HD allows remote attackers to cause a denial of service (device reset) via a long URL. | ||||
| CVE-2013-3685 | 2 Lg, Spritesoftware | 45 E971, E973, E975 and 42 more | 2024-11-21 | 7.0 High |
| A Privilege Escalation Vulnerability exists in Sprite Software Spritebud 1.3.24 and 1.3.28 and Backup 2.5.4105 and 2.5.4108 on LG Android smartphones due to a race condition in the spritebud daemon, which could let a local malicious user obtain root privileges. | ||||