Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-20
Total 9170 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-1633 1 Python 1 Setuptools 2013-10-11 6.8 MEDIUM N/A
easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product.
CVE-2012-4222 1 Google 1 Android 2013-10-11 4.3 MEDIUM N/A
drivers/gpu/msm/kgsl.c in the Qualcomm Innovation Center (QuIC) Graphics KGSL kernel-mode driver for Android 2.3 through 4.2 allows attackers to cause a denial of service (NULL pointer dereference) via an application that uses crafted arguments in a local kgsl_ioctl call.
CVE-2013-5152 1 Apple 1 Iphone Os 2013-10-11 4.3 MEDIUM N/A
Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site.
CVE-2013-3955 1 Apple 4 Ipad, Ipad2, Ipad Mini and 1 more 2013-10-10 6.2 MEDIUM N/A
The get_xattrinfo function in the XNU kernel in Apple iOS 5.x and 6.x through 6.1.3 on iPad devices does not properly validate the header of an AppleDouble file, which might allow local users to cause a denial of service (memory corruption) or have unspecified other impact via an invalid file on an msdosfs filesystem.
CVE-2011-1398 1 Php 1 Php 2013-10-10 4.3 MEDIUM N/A
The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome.
CVE-2013-2138 1 Menalto 1 Gallery 2013-10-10 7.5 HIGH N/A
The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a replay attack.
CVE-2012-3489 1 Postgresql 1 Postgresql 2013-10-10 4.0 MEDIUM N/A
The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.
CVE-2013-1839 1 Squid-cache 1 Squid 2013-10-10 7.8 HIGH N/A
The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a "," character in an Accept-Language header.
CVE-2013-5716 1 Gomlab 1 Gom Player 2013-10-08 4.3 MEDIUM N/A
Gretech GOM Media Player 2.2.53.5169 and possibly earlier allows remote attackers to cause a denial of service (application crash) via a crafted WAV file.
CVE-2013-5481 1 Cisco 1 Ios 2013-10-07 7.1 HIGH N/A
The PPTP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted TCP port-1723 packets, aka Bug ID CSCtq14817.
CVE-2013-5476 1 Cisco 1 Ios 2013-10-07 7.8 HIGH N/A
The Zone-Based Firewall (ZFW) feature in Cisco IOS 15.1 through 15.2, when content filtering or HTTP ALG inspection is enabled, allows remote attackers to cause a denial of service (device reload or hang) via crafted IPv4 HTTP traffic, aka Bug ID CSCtx56174.
CVE-2013-5480 1 Cisco 1 Ios 2013-10-07 7.8 HIGH N/A
The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCuf28733.
CVE-2013-5479 1 Cisco 1 Ios 2013-10-07 7.8 HIGH N/A
The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCtn53730.
CVE-2013-5478 1 Cisco 2 Ios, Ios Xe 2013-10-07 7.8 HIGH N/A
Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via crafted UDP RSVP packets, aka Bug ID CSCuf17023.
CVE-2013-5477 1 Cisco 1 Ios 2013-10-07 7.8 HIGH N/A
The T1/E1 driver-queue functionality in Cisco IOS 12.2 and 15.0 through 15.3, when an HDLC32 driver is used, allows remote attackers to cause a denial of service (interface queue wedge) via bursty network traffic, aka Bug ID CSCub67465.
CVE-2013-5475 1 Cisco 2 Ios, Ios Xe 2013-10-07 7.8 HIGH N/A
Cisco IOS 12.2 through 12.4 and 15.0 through 15.3, and IOS XE 2.1 through 3.9, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets that are processed locally by a (1) server or (2) relay agent, aka Bug ID CSCug31561.
CVE-2013-1630 1 Guillaume Gauvrit 1 Pyshop 2013-10-07 6.8 MEDIUM N/A
pyshop before 0.7.1 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a download operation.
CVE-2013-6011 1 Citrix 2 Netscaler Application Delivery Controller, Netscaler Application Delivery Controller Firmware 2013-10-07 7.8 HIGH N/A
Citrix NetScaler Application Delivery Controller (ADC) 10.0 before 10.0-76.7 allows remote attackers to cause a denial of service (nsconfigd crash and appliance reboot) via a crafted request.
CVE-2013-3675 1 Ffmpeg 1 Ffmpeg 2013-10-04 4.3 MEDIUM N/A
The process_frame_obj function in sanm.c in libavcodec in FFmpeg before 1.2.1 does not validate width and height values, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) via crafted LucasArts Smush video data.
CVE-2012-4110 1 Cisco 1 Unified Computing System 2013-10-03 6.8 MEDIUM N/A
run-script in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86560.