Total
82344 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0023 | 1 Redhat | 1 Openshift | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution | |||||
| CVE-2014-0021 | 3 Chrony Project, Debian, Fedoraproject | 3 Chrony, Debian Linux, Fedora | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Chrony before 1.29.1 has traffic amplification in cmdmon protocol | |||||
| CVE-2013-7488 | 1 Convert\ | 1 \ | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input. | |||||
| CVE-2013-7484 | 1 Zabbix | 1 Zabbix | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Zabbix before 5.0 represents passwords in the users table with unsalted MD5. | |||||
| CVE-2013-7476 | 1 Simple Fields Project | 1 Simple Fields | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface. | |||||
| CVE-2013-7473 | 1 Windu | 1 Windu Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Windu CMS 2.2 allows CSRF via admin/users/?mn=admin.message.error to add an admin account. | |||||
| CVE-2013-7469 | 1 Seafile | 1 Seafile | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks. | |||||
| CVE-2013-7468 | 1 Simplemachines | 1 Simple Machines Forum | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter. | |||||
| CVE-2013-7466 | 1 Simplemachines | 1 Simple Machines Forum | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation. | |||||
| CVE-2013-7464 | 1 Csrf-magic Project | 1 Csrf-magic | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used. | |||||
| CVE-2013-7333 | 1 Projectfloodlight | 1 Open Sdn Controller | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in version 0.90 of the Open Floodlight SDN controller software could allow an attacker with access to the OpenFlow control network to selectively disconnect individual switches from the SDN controller, causing degradation and eventually denial of network access to all devices connected to the targeted switch. | |||||
| CVE-2013-7325 | 1 Debian | 2 Debian Linux, Devscripts | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball. | |||||
| CVE-2013-7286 | 1 Att | 2 Mobileiron Sentry, Mobileiron Virtual Smartphone Platform | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| MobileIron VSP < 5.9.1 and Sentry < 5.0 has a weak password obfuscation algorithm | |||||
| CVE-2013-7245 | 1 Sybase | 1 Adaptive Server Enterprise | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows remote attackers to bypass access restrictions and perform database dumps by leveraging failure to validate credentials, aka SAP Security Note 1927859. | |||||
| CVE-2013-7202 | 1 Paypal | 1 Paypal | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| The WebHybridClient class in PayPal 5.3 and earlier for Android allows remote attackers to execute arbitrary JavaScript on the system. | |||||
| CVE-2013-7201 | 1 Paypal | 1 Paypal | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| WebHybridClient.java in PayPal 5.3 and earlier for Android ignores SSL errors, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information. | |||||
| CVE-2013-7185 | 1 Daum | 1 Potplayer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| PotPlayer 1.5.40688: .avi File Memory Corruption | |||||
| CVE-2013-7172 | 1 Slackware | 1 Slackware Linux | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Slackware 13.1, 13.37, 14.0 and 14.1 contain world-writable permissions on the iodbctest and iodbctestw programs within the libiodbc package, which could allow local users to use RPATH information to execute arbitrary code with root privileges. | |||||
| CVE-2013-7089 | 3 Clamav, Debian, Fedoraproject | 3 Clamav, Debian Linux, Fedora | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ClamAV before 0.97.7: dbg_printhex possible information leak | |||||
| CVE-2013-7053 | 1 Dlink | 2 Dir-100, Dir-100 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| D-Link DIR-100 4.03B07: cli.cgi CSRF | |||||