Total
3872 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-2161 | 3 Openstack, Opensuse, Redhat | 5 Folsom, Grizzly, Havana and 2 more | 2024-08-06 | N/A |
| XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name. | ||||
| CVE-2013-2135 | 1 Apache | 1 Struts | 2024-08-06 | N/A |
| Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice. | ||||
| CVE-2013-2121 | 2 Redhat, Theforeman | 4 Openstack, Satellite, Satellite Capsule and 1 more | 2024-08-06 | N/A |
| Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute. | ||||
| CVE-2013-1965 | 1 Apache | 2 Struts, Struts2-showcase | 2024-08-06 | N/A |
| Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect. | ||||
| CVE-2013-2035 | 1 Redhat | 12 Fuse Mq Enterprise, Hawtjni, Jboss Amq and 9 more | 2024-08-06 | N/A |
| Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp. | ||||
| CVE-2013-1966 | 1 Apache | 1 Struts | 2024-08-06 | N/A |
| Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. | ||||
| CVE-2013-1899 | 3 Canonical, Postgresql, Redhat | 3 Ubuntu Linux, Postgresql, Cloudforms Managementengine | 2024-08-06 | N/A |
| Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen). | ||||
| CVE-2013-1850 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
| Multiple incomplete blacklist vulnerabilities in (1) import.php and (2) ajax/uploadimport.php in apps/contacts/ in ownCloud before 4.0.13 and 4.5.x before 4.5.8 allow remote authenticated users to execute arbitrary PHP code by uploading a .htaccess file. | ||||
| CVE-2013-1777 | 2 Apache, Ibm | 2 Geronimo, Websphere Application Server | 2024-08-06 | N/A |
| The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not properly implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object. | ||||
| CVE-2013-1638 | 1 Opera | 1 Opera Browser | 2024-08-06 | N/A |
| Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document. | ||||
| CVE-2013-1756 | 2 Mark Evans, Ruby On Rails | 2 Dragonfly Gem, Ruby On Rails | 2024-08-06 | N/A |
| The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request. | ||||
| CVE-2013-1762 | 2 Redhat, Stunnel | 2 Enterprise Linux, Stunnel | 2024-08-06 | N/A |
| stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow. | ||||
| CVE-2013-1666 | 1 Foswiki | 1 Foswiki | 2024-08-06 | 9.8 Critical |
| Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro. | ||||
| CVE-2013-1688 | 1 Mozilla | 1 Firefox | 2024-08-06 | N/A |
| The Profiler implementation in Mozilla Firefox before 22.0 parses untrusted data during UI rendering, which allows user-assisted remote attackers to execute arbitrary JavaScript code via a crafted web site. | ||||
| CVE-2013-1637 | 1 Opera | 1 Opera Browser | 2024-08-06 | N/A |
| Opera before 12.13 allows remote attackers to execute arbitrary code via vectors involving DOM events. | ||||
| CVE-2013-1491 | 2 Oracle, Redhat | 4 Jdk, Jre, Network Satellite and 1 more | 2024-08-06 | N/A |
| The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via vectors related to 2D, as demonstrated by Joshua Drake during a Pwn2Own competition at CanSecWest 2013. | ||||
| CVE-2013-1488 | 2 Oracle, Redhat | 4 Jdk, Jre, Enterprise Linux and 1 more | 2024-08-06 | N/A |
| The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James Forshaw during a Pwn2Own competition at CanSecWest 2013. | ||||
| CVE-2013-1436 | 1 Xmonad | 1 Xmonad-contrab | 2024-08-06 | N/A |
| The XMonad.Hooks.DynamicLog module in xmonad-contrib before 0.11.2 allows remote attackers to execute arbitrary commands via a web page title, which activates the commands when the user clicks on the xmobar window title, as demonstrated using an action tag. | ||||
| CVE-2013-1435 | 1 Cacti | 1 Cacti | 2024-08-06 | N/A |
| (1) snmp.php and (2) rrd.php in Cacti before 0.8.8b allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. | ||||
| CVE-2013-1349 | 1 Os4ed | 1 Opensis | 2024-08-06 | N/A |
| Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter. | ||||