Export limit exceeded: 363262 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363262 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-4416 | 1 Xen | 1 Xen | 2025-04-11 | N/A |
| The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, and 4.3.x allows local guest domains to cause a denial of service (domain shutdown) via a large message reply. | ||||
| CVE-2013-4419 | 4 Libguestfs, Novell, Redhat and 1 more | 4 Libguestfs, Suse Linux Enterprise Server, Enterprise Linux and 1 more | 2025-04-11 | N/A |
| The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitrary commands by creating /tmp/.guestfish-$UID/ in advance. | ||||
| CVE-2013-4420 | 1 Feep | 1 Libtar | 2025-04-11 | N/A |
| Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files via a .. (dot dot) in a crafted tar file. | ||||
| CVE-2013-4421 | 1 Dropbear Ssh Project | 1 Dropbear Ssh | 2025-04-11 | N/A |
| The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service (memory consumption) via a compressed packet that has a large size when it is decompressed. | ||||
| CVE-2013-4958 | 1 Puppet | 1 Puppet Enterprise | 2025-04-11 | N/A |
| Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation. | ||||
| CVE-2013-4424 | 1 Redhat | 1 Jboss Enterprise Portal Platform | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal component in Red Hat JBoss Portal 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-4425 | 1 Osirix-viewer | 2 Osirix, Osirix Md | 2025-04-11 | N/A |
| The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starting up, encrypts the TLS private key file using "SuperSecretPassword" as the hardcoded password, which allows local users to obtain the private key. | ||||
| CVE-2013-4428 | 3 Canonical, Openstack, Redhat | 3 Ubuntu Linux, Glance, Openstack | 2025-04-11 | N/A |
| OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image UUID. | ||||
| CVE-2013-4434 | 1 Dropbear Ssh Project | 1 Dropbear Ssh | 2025-04-11 | N/A |
| Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to discover valid usernames. | ||||
| CVE-2013-4435 | 1 Saltstack | 1 Salt | 2025-04-11 | N/A |
| Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine. | ||||
| CVE-2013-4436 | 1 Saltstack | 1 Salt | 2025-04-11 | N/A |
| The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle (MITM) attack. | ||||
| CVE-2013-4437 | 1 Saltstack | 1 Salt | 2025-04-11 | N/A |
| Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp." | ||||
| CVE-2013-4438 | 1 Saltstack | 1 Salt | 2025-04-11 | N/A |
| Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to be loaded has already been determined to be safe. | ||||
| CVE-2013-4439 | 1 Saltstack | 1 Salt | 2025-04-11 | N/A |
| Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key. | ||||
| CVE-2013-4445 | 2 Drupal, Steven Jones | 2 Drupal, Context | 2025-04-11 | N/A |
| The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal uses Drupal's token scheme to restrict access to blocks, which makes it easier for remote authenticated users to guess the access token for a block by leveraging the token from a block to which the user has access. | ||||
| CVE-2013-4446 | 2 Drupal, Steven Jones | 2 Drupal, Context | 2025-04-11 | N/A |
| The _json_decode function in plugins/context_reaction_block.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support the json_decode function, allows remote attackers to execute arbitrary PHP code via unspecified vectors related to Ajax operations, possibly involving eval injection. | ||||
| CVE-2013-4447 | 1 Md-systems | 1 Simplenews | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the API in the Simplenews module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via an email address. | ||||
| CVE-2013-4449 | 3 Debian, Openldap, Redhat | 3 Debian Linux, Openldap, Enterprise Linux | 2025-04-11 | N/A |
| The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search. | ||||
| CVE-2013-4450 | 2 Nodejs, Redhat | 2 Nodejs, Rhel Software Collections | 2025-04-11 | N/A |
| The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service (memory and CPU consumption) by sending a large number of pipelined requests without reading the response. | ||||
| CVE-2013-4452 | 1 Redhat | 1 Jboss Operations Network | 2025-04-11 | N/A |
| Red Hat JBoss Operations Network 3.1.2 uses world-readable permissions for the (1) server and (2) agent configuration files, which allows local users to obtain authentication credentials and other unspecified sensitive information by reading these files. | ||||