Vulnerabilities (CVE)

Filtered by CWE-20
Total 10666 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-5524 1 Gajim 1 Gajim 2014-02-10 4.3 MEDIUM N/A
The _ssl_verify_callback function in tls_nb.py in Gajim before 0.15.3 does not properly verify SSL certificates, which allows remote attackers to conduct man-in-the-middle (MITM) attacks and spoof servers via an arbitrary certificate from a trusted CA.
CVE-2013-2038 2 Canonical, Gpsd Project 2 Ubuntu Linux, Gpsd 2014-02-07 4.3 MEDIUM N/A
The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpreted sentence that lacks certain fields and a terminator. NOTE: a separate issue in the AIS driver was also reported, but it might not be a vulnerability.
CVE-2013-6032 1 Lexmark 23 25xxn, C52x, C53x and 20 more 2014-02-04 10.0 HIGH N/A
cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x before LC.BR.P142, X85x through LC4.BE.P487, X644 and X646 before LC2.MC.P374, X642 through LC2.MB.P318, W840 through LS.HA.P252, T64x before LS.ST.P344, X64xef through LC2.TI.P325, C935dn through LC.JO.P091, C920 through LS.TA.P152, C78x through LC.IO.P187, X78x through LC2.IO.P335, C77x through LC.CM.P052, X772 through LC2.TR.P291, C53x through LS.SW.P069, C52x through LS.FA.P150, 25xxN through LCL.CU.P114, N4000 through LC.MD.P119, N4050e through GO.GO.N206, N70xxe through LC.CO.N309, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allows remote attackers to remove the Password Protect administrative password via the vac.255.GENPASSWORD parameter.
CVE-2013-5385 1 Ibm 2 I, Z\/os 2014-01-28 8.5 HIGH N/A
The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries servers, and in Networking Operating System (aka NOS, formerly BLADE Operating System) does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
CVE-2013-1024 1 Apple 2 Mac Os X, Mac Os X Server 2014-01-28 6.8 MEDIUM N/A
CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
CVE-2013-5350 1 Tejimaya 1 Openpne 2014-01-24 7.5 HIGH N/A
The "Remember me" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object injection attacks, and execute arbitrary PHP code, via a crafted serialized object.
CVE-2013-7306 1 Brocade 11 Adx, Bigiron Rx, Fastiron and 8 more 2014-01-23 5.4 MEDIUM N/A
The OSPF implementation on Brocade routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
CVE-2013-7113 1 Wireshark 1 Wireshark 2014-01-17 5.0 MEDIUM N/A
epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2013-2629 1 Idleman 1 Leed 2014-01-14 5.0 MEDIUM N/A
Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the (1) importForm, (2) importFeed, (3) addFavorite, or (4) removeFavorite actions in action.php.
CVE-2011-1780 1 Xen 1 Xen 2014-01-08 6.1 MEDIUM N/A
The instruction emulation in Xen 3.0.3 allows local SMP guest users to cause a denial of service (host crash) by replacing the instruction that causes the VM to exit in one thread with a different instruction in a different thread.
CVE-2013-6170 1 Juniper 1 Junos 2014-01-08 4.3 MEDIUM N/A
Juniper Junos 10.0 before 10.0S28, 10.4 before 10.4R7, 11.1 before 11.1R5, 11.2 before 11.2R2, and 11.4 before 11.4R1, when in a Next-Generation Multicast VPN (NGEN MVPN) environment, allows remote attackers to cause a denial of service (RPD routing daemon crash) via a large number of crafted PIM (S,G) join requests.
CVE-2013-6389 1 Drupal 1 Drupal 2014-01-04 5.8 MEDIUM N/A
Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.24 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2013-4402 2 Canonical, Gnupg 2 Ubuntu Linux, Gnupg 2014-01-04 5.0 MEDIUM N/A
The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message.
CVE-2013-6003 1 Cybozu 1 Garoon 2014-01-03 3.5 LOW N/A
CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vectors.
CVE-2013-4339 1 Wordpress 1 Wordpress 2013-12-31 7.5 HIGH N/A
WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string.
CVE-2013-5220 1 Hot 2 Hotbox Router, Hotbox Router Firmware 2013-12-30 6.1 MEDIUM N/A
goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial of service (device crash) via crafted HTTP POST data.
CVE-2013-4858 1 Microsoft 2 Windows Movie Maker, Windows Xp 2013-12-30 4.3 MEDIUM N/A
Microsoft Windows Movie Maker 2.1.4026.0 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) via a crafted .wav file, as demonstrated by movieMaker.wav.
CVE-2013-2821 1 Novatech 6 Orion5 Dnp Master, Orion5 Dnp Slave, Orion5r Dnp Master and 3 more 2013-12-26 7.1 HIGH N/A
NovaTech Orion Substation Automation Platform OrionLX DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier and Orion5/Orion5r DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier allow remote attackers to cause a denial of service (driver crash and process restart) via a crafted DNP3 TCP packet.
CVE-2013-2822 1 Novatech 6 Orion5 Dnp Master, Orion5 Dnp Slave, Orion5r Dnp Master and 3 more 2013-12-26 4.7 MEDIUM N/A
NovaTech Orion Substation Automation Platform OrionLX DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier and Orion5/Orion5r DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier allow physically proximate attackers to cause a denial of service (driver crash and process restart) via crafted input over a serial line.
CVE-2013-7102 1 Optimizepress 1 Optimizepress 2013-12-24 6.8 MEDIUM N/A
Multiple unrestricted file upload vulnerabilities in (1) media-upload.php, (2) media-upload-lncthumb.php, and (3) media-upload-sq_button.php in lib/admin/ in the OptimizePress theme before 1.61 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images_comingsoon, images_lncthumbs, or images_optbuttons in wp-content/uploads/optpress/, as exploited in the wild in November 2013.