Total
5442 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2013-1977 | 1 Openstack | 1 Devstack | 2024-08-06 | N/A |
OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file. | ||||
CVE-2013-2007 | 2 Qemu, Redhat | 2 Qemu, Enterprise Linux | 2024-08-06 | N/A |
The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files. | ||||
CVE-2013-1963 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
The contacts application in ownCloud before 4.5.10 and 5.x before 5.0.5 does not properly check the ownership of contacts, which allows remote authenticated users to download arbitrary contacts via unspecified vectors. | ||||
CVE-2013-2027 | 2 Jython Project, Opensuse | 2 Jython, Opensuse | 2024-08-06 | N/A |
Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors. | ||||
CVE-2013-1964 | 1 Xen | 1 Xen | 2024-08-06 | N/A |
Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possibly have other impacts via unspecified vectors. | ||||
CVE-2013-2047 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
The login page (aka index.php) in ownCloud before 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate attackers to guess the password. | ||||
CVE-2013-1957 | 1 Linux | 1 Linux Kernel | 2024-08-06 | N/A |
The clone_mnt function in fs/namespace.c in the Linux kernel before 3.8.6 does not properly restrict changes to the MNT_READONLY flag, which allows local users to bypass an intended read-only property of a filesystem by leveraging a separate mount namespace. | ||||
CVE-2013-1973 | 1 Autocomplete Widgets Project | 1 Autocomplete Widgets | 2024-08-06 | N/A |
The autocomplete callback in Autocomplete Widgets for Text and Number Fields (autocomplete_widgets) module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-rc1 does not properly handle node permissions, which allows remote authenticated users to obtain sensitive field values via unspecified vectors. | ||||
CVE-2013-2032 | 3 Fedoraproject, Gentoo, Mediawiki | 3 Fedora, Linux, Mediawiki | 2024-08-06 | N/A |
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks. | ||||
CVE-2013-2048 | 1 Owncloud | 1 Owncloud | 2024-08-06 | N/A |
ownCloud before 5.0.6 does not properly check permissions, which allows remote authenticated users to execute arbitrary API commands via unspecified vectors. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary API commands. | ||||
CVE-2013-1979 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Mrg | 2024-08-06 | N/A |
The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application. | ||||
CVE-2013-1956 | 1 Linux | 1 Linux Kernel | 2024-08-06 | N/A |
The create_user_ns function in kernel/user_namespace.c in the Linux kernel before 3.8.6 does not check whether a chroot directory exists that differs from the namespace root directory, which allows local users to bypass intended filesystem restrictions via a crafted clone system call. | ||||
CVE-2013-1959 | 1 Linux | 1 Linux Kernel | 2024-08-06 | N/A |
kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a file within an unprivileged process and then modifying the file within a privileged process. | ||||
CVE-2013-1958 | 1 Linux | 1 Linux Kernel | 2024-08-06 | N/A |
The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.8.6 does not properly enforce capability requirements for controlling the PID value associated with a UNIX domain socket, which allows local users to bypass intended access restrictions by leveraging the time interval during which a user namespace has been created but a PID namespace has not been created. | ||||
CVE-2013-1940 | 3 Canonical, Redhat, X | 3 Ubuntu Linux, Enterprise Linux, X.org-xserver | 2024-08-06 | N/A |
X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty. | ||||
CVE-2013-1903 | 1 Postgresql | 1 Postgresql | 2024-08-06 | N/A |
PostgreSQL, possibly 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 incorrectly provides the superuser password to scripts related to "graphical installers for Linux and Mac OS X," which has unspecified impact and attack vectors. | ||||
CVE-2013-1925 | 1 Chaos Tool Suite Project | 1 Ctools | 2024-08-06 | N/A |
The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict node access, which allows remote authenticated users with the "access content" permission to read restricted node titles via an autocomplete list. | ||||
CVE-2013-1920 | 1 Xen | 1 Xen | 2024-08-06 | N/A |
Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running "under memory pressure" and the Xen Security Module (XSM) is enabled, uses the wrong ordering of operations when extending the per-domain event channel tracking table, which causes a use-after-free and allows local guest kernels to inject arbitrary events and gain privileges via unspecified vectors. | ||||
CVE-2013-1907 | 2 Acquia, Drupal | 3 Commons, Commons Group, Drupal | 2024-08-06 | N/A |
The Commons Group module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors. | ||||
CVE-2013-1922 | 1 Xen | 1 Xen | 2024-08-06 | N/A |
qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted, a different vulnerability than CVE-2008-2004. |