Total
5119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-2032 | 3 Fedoraproject, Gentoo, Mediawiki | 3 Fedora, Linux, Mediawiki | 2024-11-21 | 5.0 MEDIUM | N/A |
| MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks. | |||||
| CVE-2013-2028 | 2 F5, Fedoraproject | 2 Nginx, Fedora | 2024-11-21 | 7.5 HIGH | N/A |
| The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow. | |||||
| CVE-2013-2014 | 2 Fedoraproject, Openstack | 2 Fedora, Keystone | 2024-11-21 | 5.0 MEDIUM | N/A |
| OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests. | |||||
| CVE-2013-1931 | 2 Fedoraproject, Mantisbt | 2 Fedora, Mantisbt | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version. | |||||
| CVE-2013-1930 | 2 Fedoraproject, Mantisbt | 2 Fedora, Mantisbt | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues. | |||||
| CVE-2013-1915 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Opensuse and 1 more | 2024-11-21 | 7.5 HIGH | N/A |
| ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability. | |||||
| CVE-2013-1895 | 2 Fedoraproject, Python | 2 Fedora, Py-bcrypt | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten. | |||||
| CVE-2013-1888 | 2 Fedoraproject, Pypa | 2 Fedora, Pip | 2024-11-21 | 2.1 LOW | N/A |
| pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory. | |||||
| CVE-2013-1830 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | 5.0 MEDIUM | N/A |
| user/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not enforce the forceloginforprofiles setting, which allows remote attackers to obtain sensitive course-profile information by leveraging the guest role, as demonstrated by a Google search. | |||||
| CVE-2013-1820 | 2 Fedoraproject, Redhat | 2 Fedora, Tuned | 2024-11-21 | 4.7 MEDIUM | 5.5 MEDIUM |
| tuned before 2.x allows local users to kill running processes due to insecure permissions with tuned's ktune service. | |||||
| CVE-2013-1817 | 4 Debian, Fedoraproject, Mediawiki and 1 more | 4 Debian Linux, Fedora, Mediawiki and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information. | |||||
| CVE-2013-1816 | 4 Debian, Fedoraproject, Mediawiki and 1 more | 4 Debian Linux, Fedora, Mediawiki and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request. | |||||
| CVE-2013-1812 | 2 Fedoraproject, Janrain | 2 Fedora, Ruby-openid | 2024-11-21 | 4.3 MEDIUM | N/A |
| The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack. | |||||
| CVE-2013-1437 | 2 Fedoraproject, Module-metadata Project | 2 Fedora, Module-metadata | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value. | |||||
| CVE-2013-1416 | 4 Fedoraproject, Mit, Opensuse and 1 more | 8 Fedora, Kerberos 5, Opensuse and 5 more | 2024-11-21 | 4.0 MEDIUM | N/A |
| The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request. | |||||
| CVE-2013-0348 | 5 Acme, Fedoraproject, Gentoo and 2 more | 5 Thttpd, Fedora, Linux and 2 more | 2024-11-21 | 2.1 LOW | N/A |
| thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file. | |||||
| CVE-2013-0334 | 3 Bundler, Fedoraproject, Opensuse | 3 Bundler, Fedora, Opensuse | 2024-11-21 | 5.0 MEDIUM | N/A |
| Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source. | |||||
| CVE-2013-0294 | 2 Fedoraproject, Pyrad Project | 2 Fedora, Pyrad | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack. | |||||
| CVE-2013-0237 | 3 Fedoraproject, Moxiecode, Wordpress | 3 Fedora, Plupload, Wordpress | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2013-0211 | 5 Canonical, Fedoraproject, Freebsd and 2 more | 5 Ubuntu Linux, Fedora, Freebsd and 2 more | 2024-11-21 | 5.0 MEDIUM | N/A |
| Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow. | |||||