Export limit exceeded: 363165 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363165 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-4542 | 2 Qemu, Redhat | 3 Qemu, Enterprise Linux, Openstack | 2025-04-12 | N/A |
| The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds array access. | ||||
| CVE-2013-4544 | 2 Canonical, Qemu | 2 Ubuntu Linux, Qemu | 2025-04-12 | N/A |
| hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indices. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2013-4546 | 1 Gitlab | 2 Gitlab, Gitlab-shell | 2025-04-12 | N/A |
| The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL. | ||||
| CVE-2013-4552 | 1 Drupalauth Project | 1 Drupalauth | 2025-04-12 | N/A |
| lib/Auth/Source/External.php in the drupalauth module before 1.2.2 for simpleSAMLphp allows remote attackers to authenticate as an arbitrary user via the user name (uid) in a cookie. | ||||
| CVE-2013-4562 | 1 Madeofcode | 1 Omniauth-facebook | 2025-04-12 | N/A |
| The omniauth-facebook gem 1.4.1 before 1.5.0 does not properly store the session parameter, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via the state parameter. | ||||
| CVE-2013-4565 | 1 Debian | 1 Ppthtml | 2025-04-12 | N/A |
| Heap-based buffer overflow in the __OLEdecode function in ppthtml 0.5.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .ppt file. | ||||
| CVE-2013-4570 | 1 Mediawiki | 1 Mediawiki | 2025-04-12 | N/A |
| The zend_inline_hash_func function in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to converting Lua data structures to PHP, as demonstrated by passing { [{}] = 1 } to a module function. | ||||
| CVE-2013-4571 | 1 Mediawiki | 1 Mediawiki | 2025-04-12 | N/A |
| Buffer overflow in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 has unspecified impact and remote vectors. | ||||
| CVE-2013-4574 | 1 Mediawiki | 1 Mediawiki | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the TimeMediaHandler extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to videos. | ||||
| CVE-2013-4577 | 1 Gnu | 1 Grub | 2025-04-12 | N/A |
| A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file. | ||||
| CVE-2013-4580 | 1 Gitlab | 1 Gitlab | 2025-04-12 | N/A |
| GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication via unspecified API calls. | ||||
| CVE-2013-4594 | 1 Payment For Webform Project | 1 Payment For Webform | 2025-04-12 | N/A |
| The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to use the payment of other anonymous users when submitting a form that requires payment. | ||||
| CVE-2013-4595 | 1 Gordon Heydon | 1 Secure Pages | 2025-04-12 | N/A |
| The Secure Pages module 6.x-2.x before 6.x-2.0 for Drupal does not properly match URLs, which causes HTTP to be used instead of HTTPS and makes it easier for remote attackers to obtain sensitive information via a crafted web page. | ||||
| CVE-2013-4596 | 1 Danielkorte | 1 Nodeaccesskeys | 2025-04-12 | N/A |
| The Node Access Keys module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote attackers to bypass access restrictions via a node listing. | ||||
| CVE-2013-4597 | 1 Rik De Boer | 1 Revisioning | 2025-04-12 | N/A |
| The Revisioning module 7.x-1.x before 7.x-1.6 for Drupal does not properly check node access permissions for content marked unpublished by the Scheduled module, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | ||||
| CVE-2013-4598 | 1 Groups Communities And Co Project | 1 Gcc | 2025-04-12 | N/A |
| The Groups, Communities and Co (GCC) module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permission, which allows remote attackers to access the configuration pages via unspecified vectors. | ||||
| CVE-2013-4599 | 1 Misery Project | 1 Misery | 2025-04-12 | N/A |
| The Misery module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.2 for Drupal, when the "delay misery" configuration is set to a high value, allows remote attackers to cause a denial of service (process consumption) via multiple requests. | ||||
| CVE-2013-4663 | 1 Redmine | 1 Redmine Git Hosting Plugin | 2025-04-12 | N/A |
| git_http_controller.rb in the redmine_git_hosting plugin for Redmine allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the service parameter to info/refs, related to the get_info_refs function or (2) the reqfile argument to the file_exists function. | ||||
| CVE-2013-4694 | 1 Nullsoft | 1 Winamp | 2025-04-12 | N/A |
| Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. NOTE: a second buffer overflow involving a long GUI Search field to ml_local.dll was also reported. However, since it is only exploitable by the user of the application, this issue would not cross privilege boundaries unless Winamp is running under a highly restricted environment such as a kiosk. | ||||
| CVE-2013-4710 | 1 Google | 1 Android | 2025-04-12 | N/A |
| Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636. | ||||