Search

Search Results (363654 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-0164 1 Redhat 2 Openshift, Openshift Origin 2025-04-11 N/A
The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
CVE-2013-0166 2 Openssl, Redhat 6 Openssl, Enterprise Linux, Jboss Enterprise Application Platform and 3 more 2025-04-11 N/A
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
CVE-2013-0167 1 Redhat 3 Enterprise Linux, Enterprise Virtualization, Rhev Manager 2025-04-11 N/A
VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via guestInfo dictionaries with "unexpected fields."
CVE-2013-0168 1 Redhat 2 Enterprise Virtualization Manager, Rhev Manager 2025-04-11 N/A
The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to cause a denial of service (free space consumption of other storage domains) via unspecified vectors.
CVE-2013-0169 4 Openssl, Oracle, Polarssl and 1 more 11 Openssl, Openjdk, Polarssl and 8 more 2025-04-11 N/A
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
CVE-2013-0170 5 Canonical, Fedoraproject, Opensuse and 2 more 12 Ubuntu Linux, Fedora, Opensuse and 9 more 2025-04-11 N/A
Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.
CVE-2013-0172 1 Samba 1 Samba 2025-04-11 N/A
Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configurations, does not properly interpret Access Control Entries that are based on an objectClass, which allows remote authenticated users to bypass intended restrictions on modifying LDAP directory objects by leveraging (1) objectClass access by a user, (2) objectClass access by a group, or (3) write access to an attribute.
CVE-2013-0175 3 Erik Michaels-ober, Grape Project, Ruby-lang 3 Multi Xml, Grape, Ruby 2025-04-11 N/A
multi_xml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.
CVE-2013-0176 1 Libssh 1 Libssh 2025-04-11 N/A
The publickey_from_privatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a "Client: Diffie-Hellman Key Exchange Init" packet.
CVE-2013-0177 1 Apache 1 Ofbiz 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in widget/screen/ModelScreenWidget.java in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.05, 11.04.01, and possibly 09.04.x allow remote authenticated users to inject arbitrary web script or HTML via the (1) Screenlet.title or (2) Image.alt Widget attribute, as demonstrated by the parentPortalPageId parameter to exampleext/control/ManagePortalPages.
CVE-2013-0179 1 Memcached 1 Memcached 2025-04-11 N/A
The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr.
CVE-2013-0181 2 Drupal, Thomas Seidl 2 Drupal, Search Api 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Views in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal, when using certain backends and facets, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message.
CVE-2013-0182 2 Bart Feenstra, Drupal 2 Payment, Drupal 2025-04-11 N/A
The Payment module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to payments, which allows remote attackers to read arbitrary payments.
CVE-2013-0183 3 Cloudforms Cloudengine, Rack Project, Rhel Sam 3 1, Rack, 1.2 2025-04-11 N/A
multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.
CVE-2013-0184 3 Cloudforms Cloudengine, Rack Project, Rhel Sam 3 1, Rack, 1.2 2025-04-11 N/A
Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings."
CVE-2013-0189 2 Canonical, Squid-cache 2 Ubuntu Linux, Squid 2025-04-11 N/A
cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison.
CVE-2013-0190 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-11 N/A
The xen_failsafe_callback function in Xen for the Linux kernel 2.6.23 and other versions, when running a 32-bit PVOPS guest, allows local users to cause a denial of service (guest crash) by triggering an iret fault, leading to use of an incorrect stack pointer and stack corruption.
CVE-2013-0198 1 Thekelleys 1 Dnsmasq 2025-04-11 N/A
Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via spoofed TCP based DNS queries. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3411.
CVE-2013-0200 2 Hp, Redhat 2 Linux Imaging And Printing Project, Enterprise Linux 2025-04-11 N/A
HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722.
CVE-2013-0205 2 Drupal, Restful Web Services Project 2 Drupal, Restful Web Services 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the RESTful Web Services (restws) module 7.x-1.x before 7.x-1.2 and 7.x-2.x before 7.x-2.0-alpha4 for Drupal allows remote attackers to hijack the authentication of arbitrary users via unknown vectors.