Total
10666 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-2279 | 3 Siteminder Agent For Sharepoint, Siteminder Federation, Siteminder For Secure Proxy Server | 8 2010, 12.0, 12.1 and 5 more | 2023-11-07 | 7.5 HIGH | N/A |
| CA SiteMinder Federation (FSS) 12.5, 12.0, and r6; Federation (Standalone) 12.1 and 12.0; Agent for SharePoint 2010; and SiteMinder for Secure Proxy Server 6.0, 12.0, and 12.5 does not properly verify XML signatures for SAML statements, which allows remote attackers to spoof other users and gain privileges. | |||||
| CVE-2013-2155 | 1 Apache | 1 Xml Security For C\+\+ | 2023-11-07 | 5.8 MEDIUM | N/A |
| Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 does not properly validate length values, which allows remote attackers to cause a denial of service or bypass the CVE-2009-0217 protection mechanism and spoof a signature via crafted length values to the (1) compareBase64StringToRaw, (2) DSIGAlgorithmHandlerDefault, or (3) DSIGAlgorithmHandlerDefault::verify functions. | |||||
| CVE-2013-2116 | 1 Gnu | 1 Gnutls | 2023-11-07 | 5.0 MEDIUM | N/A |
| The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169. | |||||
| CVE-2013-1939 | 3 Fruux, Microsoft, Owncloud | 3 Sabredav, Windows, Owncloud | 2023-11-07 | 5.0 MEDIUM | N/A |
| The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.7.7, and 1.8.x before 1.8.5, as used in ownCloud, when running on Windows, does not properly check path separators in the base path, which allows remote attackers to read arbitrary files via a \ (backslash) character. | |||||
| CVE-2013-1889 | 1 Mod Ruid2 Project | 1 Mod Ruid2 | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| mod_ruid2 before 0.9.8 improperly handles file descriptors which allows remote attackers to bypass security using a CGI script to break out of the chroot. | |||||
| CVE-2013-1441 | 1 Exactcode | 1 Exactimage | 2023-11-07 | 4.3 MEDIUM | N/A |
| econvert in ExactImage 0.8.9 and earlier does not properly initialize the setjmp variable, which allows context-dependent users to cause a denial of service (crash) via a crafted image file. | |||||
| CVE-2013-0926 | 1 Google | 1 Chrome | 2023-11-07 | 6.8 MEDIUM | N/A |
| Google Chrome before 26.0.1410.43 does not properly handle active content in an EMBED element during a copy-and-paste operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site. | |||||
| CVE-2013-0873 | 1 Ffmpeg | 1 Ffmpeg | 2023-11-07 | 10.0 HIGH | N/A |
| The read_header function in libavcodec/shorten.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid channel count, related to "freeing invalid addresses." | |||||
| CVE-2013-0867 | 1 Ffmpeg | 1 Ffmpeg | 2023-11-07 | 9.3 HIGH | N/A |
| The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1.2 does not properly check when the pixel format changes, which allows remote attackers to have unspecified impact via crafted H.264 video data, related to an out-of-bounds array access. | |||||
| CVE-2013-0860 | 1 Ffmpeg | 1 Ffmpeg | 2023-11-07 | 4.3 MEDIUM | N/A |
| The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 does not properly verify that a frame is fully initialized, which allows remote attackers to trigger a NULL pointer dereference via crafted picture data. | |||||
| CVE-2013-0857 | 1 Ffmpeg | 1 Ffmpeg | 2023-11-07 | 9.3 HIGH | N/A |
| The decode_frame_ilbm function in libavcodec/iff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted height value in IFF PBM/ILBM bitmap data. | |||||
| CVE-2013-0856 | 1 Ffmpeg | 1 Ffmpeg | 2023-11-07 | 9.3 HIGH | N/A |
| The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Apple Lossless Audio Codec (ALAC) data, related to a large nb_samples value. | |||||
| CVE-2013-0854 | 1 Ffmpeg | 1 Ffmpeg | 2023-11-07 | 9.3 HIGH | N/A |
| The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted MJPEG data. | |||||
| CVE-2013-0849 | 1 Ffmpeg | 1 Ffmpeg | 2023-11-07 | 9.3 HIGH | N/A |
| The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted (1) width or (2) height dimension that is not a multiple of sixteen in id RoQ video data. | |||||
| CVE-2013-0846 | 1 Ffmpeg | 1 Ffmpeg | 2023-11-07 | 9.3 HIGH | N/A |
| Array index error in the qdm2_decode_super_block function in libavcodec/qdm2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted QDM2 data, which triggers an out-of-bounds array access. | |||||
| CVE-2013-0841 | 1 Google | 1 Chrome | 2023-11-07 | 7.5 HIGH | N/A |
| Array index error in the content-blocking functionality in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2013-0837 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2023-11-07 | 7.5 HIGH | N/A |
| Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of extension tabs. | |||||
| CVE-2013-0830 | 3 Google, Microsoft, Opensuse | 3 Chrome, Windows, Opensuse | 2023-11-07 | 7.5 HIGH | N/A |
| The IPC layer in Google Chrome before 24.0.1312.52 on Windows omits a NUL character required for termination of an unspecified data structure, which has unknown impact and attack vectors. | |||||
| CVE-2013-0267 | 1 Apache | 1 Vcl | 2023-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| The Privileges portion of the web GUI and the XMLRPC API in Apache VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2 and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or userGrant permissions to gain privileges, cause a denial of service, or conduct cross-site scripting (XSS) attacks by leveraging improper data validation. | |||||
| CVE-2013-0198 | 1 Thekelleys | 1 Dnsmasq | 2023-11-07 | 5.0 MEDIUM | N/A |
| Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via spoofed TCP based DNS queries. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3411. | |||||