|
290211
|
- |
|
qemu
opensuse
redhat
canonical
|
qemu
opensuse
enterprise_linux_desktop
enterprise_linux_server
enterprise_linux_workstation
virtualization
ubuntu_linux
|
Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a R…
|
CWE-120
Classic Buffer Overflow
|
CVE-2013-4344
|
2024-11-21 10:55 |
2013-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290212
|
- |
|
apache
|
camel
|
Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName …
|
CWE-94
Code Injection
|
CVE-2013-4330
|
2024-11-21 10:55 |
2013-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290213
|
- |
|
djangoproject
|
django
|
Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbit…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4249
|
2024-11-21 10:55 |
2013-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290214
|
- |
|
systemd_project
debian
canonical
|
systemd
debian_linux
ubuntu_linux
|
systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race con…
|
CWE-362
Race Condition
|
CVE-2013-4327
|
2024-11-21 10:55 |
2013-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290215
|
- |
|
lennart_poettering
redhat
|
rkit
enterprise_linux
|
RealtimeKit (aka rtkit) 0.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess Po…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4326
|
2024-11-21 10:55 |
2013-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290216
|
- |
|
spice-gtk_project
redhat
|
spice-gtk
enterprise_linux
|
spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by l…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4324
|
2024-11-21 10:55 |
2013-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290217
|
- |
|
redhat
canonical
|
libvirt
ubuntu_linux
enterprise_linux
|
libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race c…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4311
|
2024-11-21 10:55 |
2013-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290218
|
- |
|
opensuse
polkit_project
canonical
redhat
|
opensuse
polkit
ubuntu_linux
enterprise_linux
|
Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is perf…
|
CWE-362
Race Condition
|
CVE-2013-4288
|
2024-11-21 10:55 |
2013-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290219
|
- |
|
xen
|
xen
|
The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by r…
|
CWE-200
Information Exposure
|
CVE-2013-4361
|
2024-11-21 10:55 |
2013-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290220
|
- |
|
xen
|
xen
|
Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified o…
|
CWE-200
Information Exposure
|
CVE-2013-4355
|
2024-11-21 10:55 |
2013-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
