Total
8277 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-6393 | 5 Canonical, Debian, Opensuse and 2 more | 6 Ubuntu Linux, Debian Linux, Leap and 3 more | 2024-11-21 | 6.8 MEDIUM | N/A |
| The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow. | |||||
| CVE-2013-6365 | 3 Debian, Horde, Opensuse | 3 Debian Linux, Groupware, Opensuse | 2024-11-21 | 2.6 LOW | 5.3 MEDIUM |
| Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions | |||||
| CVE-2013-6364 | 2 Debian, Horde | 2 Debian Linux, Groupware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book | |||||
| CVE-2013-6275 | 2 Debian, Horde | 2 Debian Linux, Groupware | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php. | |||||
| CVE-2013-6049 | 2 Apt-listbugs Project, Debian | 2 Apt-listbugs, Debian Linux | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| apt-listbugs before 0.1.10 creates temporary files insecurely, which allows attackers to have unspecified impact via unknown vectors. | |||||
| CVE-2013-5891 | 5 Canonical, Debian, Mariadb and 2 more | 7 Ubuntu Linux, Debian Linux, Mariadb and 4 more | 2024-11-21 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition. | |||||
| CVE-2013-5807 | 5 Canonical, Debian, Mariadb and 2 more | 7 Ubuntu Linux, Debian Linux, Mariadb and 4 more | 2024-11-21 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication. | |||||
| CVE-2013-5705 | 2 Debian, Trustwave | 2 Debian Linux, Modsecurity | 2024-11-21 | 5.0 MEDIUM | N/A |
| apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header. | |||||
| CVE-2013-5653 | 2 Artifex, Debian | 2 Afpl Ghostscript, Debian Linux | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file. | |||||
| CVE-2013-5589 | 3 Cacti, Debian, Opensuse | 3 Cacti, Debian Linux, Opensuse | 2024-11-21 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2013-5123 | 5 Debian, Fedoraproject, Pypa and 2 more | 6 Debian Linux, Fedora, Pip and 3 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. | |||||
| CVE-2013-4969 | 4 Canonical, Debian, Puppet and 1 more | 4 Ubuntu Linux, Debian Linux, Puppet Enterprise and 1 more | 2024-11-21 | 2.1 LOW | N/A |
| Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files. | |||||
| CVE-2013-4852 | 5 Debian, Opensuse, Putty and 2 more | 5 Debian Linux, Opensuse, Putty and 2 more | 2024-11-21 | 6.8 MEDIUM | N/A |
| Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow. | |||||
| CVE-2013-4590 | 3 Apache, Debian, Oracle | 3 Tomcat, Debian Linux, Solaris | 2024-11-21 | 4.3 MEDIUM | N/A |
| Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2013-4584 | 2 Debian, Horms | 2 Debian Linux, Perdition | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssl_outgoing_ciphers not being applied to STARTTLS connections | |||||
| CVE-2013-4560 | 3 Debian, Lighttpd, Opensuse | 3 Debian Linux, Lighttpd, Opensuse | 2024-11-21 | 5.0 MEDIUM | N/A |
| Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures. | |||||
| CVE-2013-4559 | 3 Debian, Lighttpd, Opensuse | 3 Debian Linux, Lighttpd, Opensuse | 2024-11-21 | 7.6 HIGH | N/A |
| lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached. | |||||
| CVE-2013-4532 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. | |||||
| CVE-2013-4508 | 3 Debian, Lighttpd, Opensuse | 3 Debian Linux, Lighttpd, Opensuse | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network. | |||||
| CVE-2013-4494 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-11-21 | 5.2 MEDIUM | N/A |
| Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors. | |||||