Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-20
Total 9170 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-5534 1 Flashtux 1 Weechat 2014-02-06 7.5 HIGH N/A
The hook_process function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to "shell expansion."
CVE-2013-6032 1 Lexmark 23 25xxn, C52x, C53x and 20 more 2014-02-04 10.0 HIGH N/A
cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x before LC.BR.P142, X85x through LC4.BE.P487, X644 and X646 before LC2.MC.P374, X642 through LC2.MB.P318, W840 through LS.HA.P252, T64x before LS.ST.P344, X64xef through LC2.TI.P325, C935dn through LC.JO.P091, C920 through LS.TA.P152, C78x through LC.IO.P187, X78x through LC2.IO.P335, C77x through LC.CM.P052, X772 through LC2.TR.P291, C53x through LS.SW.P069, C52x through LS.FA.P150, 25xxN through LCL.CU.P114, N4000 through LC.MD.P119, N4050e through GO.GO.N206, N70xxe through LC.CO.N309, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allows remote attackers to remove the Password Protect administrative password via the vac.255.GENPASSWORD parameter.
CVE-2013-5385 1 Ibm 2 I, Z\/os 2014-01-27 8.5 HIGH N/A
The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries servers, and in Networking Operating System (aka NOS, formerly BLADE Operating System) does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
CVE-2013-0854 1 Ffmpeg 1 Ffmpeg 2014-01-27 9.3 HIGH N/A
The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted MJPEG data.
CVE-2013-0857 1 Ffmpeg 1 Ffmpeg 2014-01-27 9.3 HIGH N/A
The decode_frame_ilbm function in libavcodec/iff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted height value in IFF PBM/ILBM bitmap data.
CVE-2013-1024 1 Apple 2 Mac Os X, Mac Os X Server 2014-01-27 6.8 MEDIUM N/A
CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
CVE-2012-2825 1 Google 1 Chrome 2014-01-27 5.0 MEDIUM N/A
The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors.
CVE-2013-5350 1 Tejimaya 1 Openpne 2014-01-24 7.5 HIGH N/A
The "Remember me" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object injection attacks, and execute arbitrary PHP code, via a crafted serialized object.
CVE-2013-7306 1 Brocade 11 Adx, Bigiron Rx, Fastiron and 8 more 2014-01-23 5.4 MEDIUM N/A
The OSPF implementation on Brocade routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
CVE-2013-7113 1 Wireshark 1 Wireshark 2014-01-16 5.0 MEDIUM N/A
epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2013-2629 1 Idleman 1 Leed 2014-01-13 5.0 MEDIUM N/A
Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the (1) importForm, (2) importFeed, (3) addFavorite, or (4) removeFavorite actions in action.php.
CVE-2011-1780 1 Xen 1 Xen 2014-01-08 6.1 MEDIUM N/A
The instruction emulation in Xen 3.0.3 allows local SMP guest users to cause a denial of service (host crash) by replacing the instruction that causes the VM to exit in one thread with a different instruction in a different thread.
CVE-2013-6170 1 Juniper 1 Junos 2014-01-07 4.3 MEDIUM N/A
Juniper Junos 10.0 before 10.0S28, 10.4 before 10.4R7, 11.1 before 11.1R5, 11.2 before 11.2R2, and 11.4 before 11.4R1, when in a Next-Generation Multicast VPN (NGEN MVPN) environment, allows remote attackers to cause a denial of service (RPD routing daemon crash) via a large number of crafted PIM (S,G) join requests.
CVE-2013-6389 1 Drupal 1 Drupal 2014-01-03 5.8 MEDIUM N/A
Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.24 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2013-4402 2 Canonical, Gnupg 2 Ubuntu Linux, Gnupg 2014-01-03 5.0 MEDIUM N/A
The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message.
CVE-2013-2888 1 Linux 1 Linux Kernel 2014-01-03 6.2 MEDIUM N/A
Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID.
CVE-2013-6003 1 Cybozu 1 Garoon 2014-01-03 3.5 LOW N/A
CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vectors.
CVE-2013-5221 1 Esri 1 Arcgis 2013-12-30 3.5 LOW N/A
The mobile-upload feature in Esri ArcGIS for Server 10.1 through 10.2 allows remote authenticated users to upload .exe files by leveraging (1) publisher or (2) administrator privileges.
CVE-2013-4339 1 Wordpress 1 Wordpress 2013-12-30 7.5 HIGH N/A
WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string.
CVE-2013-5220 1 Hot 2 Hotbox Router, Hotbox Router Firmware 2013-12-30 6.1 MEDIUM N/A
goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial of service (device crash) via crafted HTTP POST data.