Total
5231 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-4596 | 1 Danielkorte | 1 Nodeaccesskeys | 2024-11-21 | 5.8 MEDIUM | N/A |
The Node Access Keys module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote attackers to bypass access restrictions via a node listing. | |||||
CVE-2013-4577 | 1 Gnu | 1 Grub | 2024-11-21 | 2.1 LOW | N/A |
A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file. | |||||
CVE-2013-4566 | 2 Mod Nss Project, Redhat | 2 Mod Nss, Enterprise Linux | 2024-11-21 | 4.0 MEDIUM | N/A |
mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions. | |||||
CVE-2013-4559 | 3 Debian, Lighttpd, Opensuse | 3 Debian Linux, Lighttpd, Opensuse | 2024-11-21 | 7.6 HIGH | N/A |
lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached. | |||||
CVE-2013-4554 | 1 Xen | 1 Xen | 2024-11-21 | 5.2 MEDIUM | N/A |
Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2. | |||||
CVE-2013-4548 | 1 Openbsd | 1 Openssh | 2024-11-21 | 6.0 MEDIUM | N/A |
The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address. | |||||
CVE-2013-4505 | 1 Apache | 2 Mod Dontdothat, Subversion | 2024-11-21 | 2.6 LOW | N/A |
The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request. | |||||
CVE-2013-4504 | 2 Drupal, Monster Menus Module Project | 2 Drupal, Monster Menus | 2024-11-21 | 2.6 LOW | N/A |
The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL. | |||||
CVE-2013-4502 | 2 Drupal, Nathan Haug | 2 Drupal, Filefield Sources | 2024-11-21 | 4.0 MEDIUM | N/A |
The FileField Sources module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.9 for Drupal does not properly check file permissions, which allows remote authenticated users to read arbitrary files by attaching a file. | |||||
CVE-2013-4501 | 1 Quiz Module Project | 1 Quiz | 2024-11-21 | 5.0 MEDIUM | N/A |
The default views in the Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote attackers to obtain sensitive quiz results via unspecified vectors. | |||||
CVE-2013-4500 | 1 Quiz Module Project | 1 Quiz | 2024-11-21 | 4.9 MEDIUM | N/A |
The Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote authenticated users with the "view any quiz results" or "view results for own quiz" permission to delete arbitrary results via the delete option. | |||||
CVE-2013-4498 | 2 Drupal, Florian Weber | 2 Drupal, Spaces | 2024-11-21 | 2.1 LOW | N/A |
The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes the content to be "orphaned" and allows remote authenticated users with the "access content" permission to obtain sensitive information via vectors involving a rebuild access for the site or content. | |||||
CVE-2013-4497 | 1 Openstack | 3 Folsom, Grizzly, Havana | 2024-11-21 | 6.4 MEDIUM | N/A |
The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions. | |||||
CVE-2013-4477 | 1 Openstack | 2 Grizzly, Havana | 2024-11-21 | 3.3 LOW | N/A |
The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges. | |||||
CVE-2013-4475 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2024-11-21 | 4.0 MEDIUM | N/A |
Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream (ADS). | |||||
CVE-2013-4470 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 6.9 MEDIUM | N/A |
The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c. | |||||
CVE-2013-4459 | 2 Canonical, Robert Ancell | 2 Ubuntu Linux, Lightdm | 2024-11-21 | 3.3 LOW | N/A |
LightDM 1.7.5 through 1.8.3 and 1.9.x before 1.9.2 does not apply the AppArmor profile to the Guest account, which allows local users to bypass intended restrictions by leveraging the Guest account. | |||||
CVE-2013-4455 | 1 Katello | 1 Katello Installer | 2024-11-21 | 2.1 LOW | N/A |
Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node, which allows local users to obtain the private key by reading the file. | |||||
CVE-2013-4452 | 1 Redhat | 1 Jboss Operations Network | 2024-11-21 | 2.1 LOW | N/A |
Red Hat JBoss Operations Network 3.1.2 uses world-readable permissions for the (1) server and (2) agent configuration files, which allows local users to obtain authentication credentials and other unspecified sensitive information by reading these files. | |||||
CVE-2013-4451 | 1 Gitolite | 1 Gitolite | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
gitolite commit fa06a34 through 3.5.3 might allow attackers to have unspecified impact via vectors involving world-writable permissions when creating (1) ~/.gitolite.rc, (2) ~/.gitolite, or (3) ~/repositories/gitolite-admin.git on fresh installs. |