Input Validation に分類される脆弱性に紐づく CVE を、公開年で絞り込みます。一覧は新しい公開が上に来る並びで、CVSS / EPSS のリスク指標でもさらに絞り込めます。
直近の脆弱性公開や傾向を押さえ、セキュリティチームが高リスクな事象や悪用の可能性を素早く把握するためのビューです。
2013 年に公開され、Input Validation に分類される CVE を表示しています。 CVE の一覧へ
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2013-3667 | The software update mechanism as used in Bare Bones Software Yojimbo before 4.0, TextWrangler before 4.5.3, and BBEdit before 10.5.5 does not properly download and verify updates before installation, which allows attackers to perform "tampering or corruption" of the updates. | 6.4 | 0.36% | 2013-12-31 | 2026-04-29 |
| CVE-2013-5220 | goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial of service (device crash) via crafted HTTP POST data. | 6.1 | 0.66% | 2013-12-30 | 2026-04-29 |
| CVE-2013-4858 | Microsoft Windows Movie Maker 2.1.4026.0 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) via a crafted .wav file, as demonstrated by movieMaker.wav. | 4.3 | 23.41% | 2013-12-30 | 2026-04-29 |
| CVE-2013-6981 | Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a denial of service (Packet Processor crash) via fragmented MPLS IP packets, aka Bug ID CSCul00709. | 5.4 | 2.76% | 2013-12-28 | 2026-04-29 |
| CVE-2013-7102 | Multiple unrestricted file upload vulnerabilities in (1) media-upload.php, (2) media-upload-lncthumb.php, and (3) media-upload-sq_button.php in lib/admin/ in the OptimizePress theme before 1.61 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images_comingsoon, images_lncthumbs, or images_optbuttons in wp-content/uploads/optpress/, as exploited in the wild in November 2013. | 6.8 | 63.32% | 2013-12-23 | 2026-04-29 |
| CVE-2013-7079 | Open redirect vulnerability in the OpenID extension in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 5.8 | 0.29% | 2013-12-23 | 2026-04-29 |
| CVE-2013-6422 | The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks. | 4.0 | 0.34% | 2013-12-23 | 2026-04-29 |
| CVE-2013-4549 | QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack. | 5.0 | 5.22% | 2013-12-23 | 2026-04-29 |
| CVE-2013-2629 | Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the (1) importForm, (2) importFeed, (3) addFavorite, or (4) removeFavorite actions in action.php. | 5.0 | 0.40% | 2013-12-23 | 2026-04-29 |
| CVE-2013-3705 | The VBA32 AntiRootKit component for Novell Client 2 SP3 before IR5 on Windows allows local users to cause a denial of service (bugcheck and BSOD) via an IOCTL call for an invalid IOCTL. | 4.9 | 0.03% | 2013-12-22 | 2026-04-29 |
| CVE-2013-5411 | IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote attackers to inject links and trigger unintended navigation or actions via unspecified vectors. | 4.3 | 0.25% | 2013-12-21 | 2026-04-29 |
| CVE-2013-5407 | IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not properly restrict use of FRAME elements, which allows remote authenticated users to bypass intended access restrictions or obtain sensitive information via a crafted web site, related to a "frame injection" issue. | 4.9 | 0.15% | 2013-12-21 | 2026-04-29 |
| CVE-2013-4046 | Open redirect vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 5.8 | 0.23% | 2013-12-21 | 2026-04-29 |
| CVE-2013-2822 | NovaTech Orion Substation Automation Platform OrionLX DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier and Orion5/Orion5r DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier allow physically proximate attackers to cause a denial of service (driver crash and process restart) via crafted input over a serial line. | 4.7 | 0.08% | 2013-12-21 | 2026-04-29 |
| CVE-2013-2821 | NovaTech Orion Substation Automation Platform OrionLX DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier and Orion5/Orion5r DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier allow remote attackers to cause a denial of service (driver crash and process restart) via a crafted DNP3 TCP packet. | 7.1 | 0.47% | 2013-12-21 | 2026-04-29 |
| CVE-2013-7113 | epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 5.0 | 0.97% | 2013-12-19 | 2026-04-29 |
| CVE-2013-7112 | The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | 5.0 | 1.07% | 2013-12-19 | 2026-04-29 |
| CVE-2013-5462 | IBM/ECMClient/configure/explodedformat/navigator/header.jsp in IBM Content Navigator 2.0.0, 2.0.1 before 2.0.1.2-ICN-FP002, and 2.0.2 before 2.0.2.1-ICN-FP001 allows remote attackers to conduct clickjacking attacks via vectors involving FRAME elements. | 4.3 | 0.25% | 2013-12-19 | 2026-04-29 |
| CVE-2013-6701 | The tNetTaskLimit process on the Transport Node Controller (TNC) on Cisco ONS 15454 devices with software 9.6 and earlier does not properly prioritize health pings, which allows remote attackers to cause a denial of service (watchdog timeout and TNC reset) via a flood of network traffic, aka Bug ID CSCud97155. | 5.0 | 0.69% | 2013-12-18 | 2026-04-29 |
| CVE-2013-2816 | The DNP3 component in Cooper Power Systems SMP 4, 4/DP, and 16 gateways allows physically proximate attackers to cause a denial of service (reboot or link outage) via crafted input over a serial line. | 4.7 | 0.08% | 2013-12-17 | 2026-04-29 |