Export limit exceeded: 337851 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337851 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-2097 | 1 Zpanel Project | 1 Zpanel | 2024-11-21 | 7.8 High |
| ZPanel through 10.1.0 has Remote Command Execution | ||||
| CVE-2013-2095 | 1 Openshift-origin-controller Project | 1 Openshift-origin-controller | 2024-11-21 | 9.8 Critical |
| rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command injection | ||||
| CVE-2013-2093 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 9.8 Critical |
| Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands. | ||||
| CVE-2013-2092 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) in Dolibarr ERP/CRM 3.3.1 allows remote attackers to inject arbitrary web script or HTML in functions.lib.php. | ||||
| CVE-2013-2091 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php. | ||||
| CVE-2013-2075 | 1 Call-cc | 1 Chicken | 2024-11-21 | 8.8 High |
| Multiple buffer overflows in the (1) R5RS char-ready, (2) tcp-accept-ready, and (3) file-select procedures in Chicken through 4.8.0.3 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. NOTE: this issue exists because of an incomplete fix for CVE-2012-6122. | ||||
| CVE-2013-2060 | 1 Redhat | 1 Openshift | 2024-11-21 | 9.8 Critical |
| The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart. | ||||
| CVE-2013-2057 | 1 Yabb | 1 Yabb | 2024-11-21 | 9.8 Critical |
| YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability | ||||
| CVE-2013-2049 | 1 Redhat | 2 Cloudforms Management Engine, Cloudforms Managementengine | 2024-11-21 | N/A |
| Red Hat CloudForms 2 Management Engine (CFME) allows remote attackers to conduct session tampering attacks by leveraging use of a static secret_token.rb secret. | ||||
| CVE-2013-2024 | 2 Call-cc, Debian | 2 Chicken, Debian Linux | 2024-11-21 | 8.8 High |
| OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0. | ||||
| CVE-2013-2016 | 3 Debian, Novell, Qemu | 4 Debian Linux, Open Desktop Server, Open Enterprise Server and 1 more | 2024-11-21 | 7.8 High |
| A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host. | ||||
| CVE-2013-2012 | 2 Autojump Project, Debian | 2 Autojump, Debian Linux | 2024-11-21 | 7.3 High |
| autojump before 21.5.8 allows local users to gain privileges via a Trojan horse custom_install directory in the current working directory. | ||||
| CVE-2013-2011 | 1 Automattic | 1 W3 Super Cache | 2024-11-21 | 8.8 High |
| WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. This issue exists because of an incomplete fix for CVE-2013-2009. | ||||
| CVE-2013-2010 | 2 Automattic, Boldgrid | 2 Wp Super Cache, W3 Total Cache | 2024-11-21 | 9.8 Critical |
| WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability | ||||
| CVE-2013-2009 | 1 Automattic | 1 Wp Super Cache | 2024-11-21 | 8.8 High |
| WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution | ||||
| CVE-2013-2008 | 1 Automattic | 1 Wp Super Cache | 2024-11-21 | 6.1 Medium |
| WordPress Super Cache Plugin 1.3 has XSS. | ||||
| CVE-2013-20004 | 1 Starwindsoftware | 1 Iscsi San | 2024-11-21 | 9.8 Critical |
| A flaw was found in StarWind iSCSI target. StarWind service does not limit client connections and allocates memory on each connection attempt. An attacker could create a denial of service state by trying to connect a non-existent target multiple times. This affects iSCSI SAN (Windows Native) Version 6.0, build 2013-01-16. | ||||
| CVE-2013-20003 | 1 Silabs | 10 Zgm130s037hgn, Zgm130s037hgn Firmware, Zgm2305a27hgn and 7 more | 2024-11-21 | 8.3 High |
| Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a known, shared network key of all zeros, allowing an attacker within radio range to spoof Z-Wave traffic. | ||||
| CVE-2013-20002 | 1 Themify | 1 Framework | 2024-11-21 | 9.8 Critical |
| Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework (before 1.2.2) wp-content/themes/elemin/themify/themify-ajax.php file. | ||||
| CVE-2013-20001 | 1 Openzfs | 1 Openzfs | 2024-11-21 | 7.5 High |
| An issue was discovered in OpenZFS through 2.0.3. When an NFS share is exported to IPv6 addresses via the sharenfs feature, there is a silent failure to parse the IPv6 address data, and access is allowed to everyone. IPv6 restrictions from the configuration are not applied. | ||||