|
290941
|
- |
|
openvpn
opensuse
|
openvpn
openvpn_access_server
opensuse
|
The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparis…
|
CWE-200
Information Exposure
|
CVE-2013-2061
|
2024-11-21 10:50 |
2013-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290942
|
- |
|
mediawiki
fedoraproject
gentoo
|
mediawiki
fedora
linux
|
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attacke…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-2032
|
2024-11-21 10:50 |
2013-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290943
|
- |
|
gentoo
mediawiki
|
linux
mediawiki
|
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in …
|
CWE-79
Cross-site Scripting
|
CVE-2013-2031
|
2024-11-21 10:50 |
2013-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290944
|
- |
|
linux
|
linux_kernel
|
The host_start function in drivers/usb/chipidea/host.c in the Linux kernel before 3.7.4 does not properly support a certain non-streaming option, which allows local users to cause a denial of service…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-2058
|
2024-11-21 10:50 |
2013-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290945
|
- |
|
opensuse
ruby-lang
|
opensuse
ruby
|
(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to byp…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-2065
|
2024-11-21 10:50 |
2013-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290946
|
- |
|
mozilla
|
bugzilla
|
Multiple cross-site scripting (XSS) vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HT…
|
CWE-79
Cross-site Scripting
|
CVE-2013-1743
|
2024-11-21 10:50 |
2013-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290947
|
- |
|
mozilla
|
bugzilla
|
Multiple cross-site scripting (XSS) vulnerabilities in editflagtypes.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allow remote att…
|
CWE-79
Cross-site Scripting
|
CVE-2013-1742
|
2024-11-21 10:50 |
2013-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290948
|
- |
|
mozilla
|
bugzilla
|
Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allows remote attackers…
|
CWE-352
Origin Validation Error
|
CVE-2013-1734
|
2024-11-21 10:50 |
2013-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290949
|
- |
|
mozilla
|
bugzilla
|
Cross-site request forgery (CSRF) vulnerability in process_bug.cgi in Bugzilla 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that modify bugs…
|
CWE-352
Origin Validation Error
|
CVE-2013-1733
|
2024-11-21 10:50 |
2013-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290950
|
- |
|
mozilla
|
network_security_services
|
Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possib…
|
NVD-CWE-noinfo
|
CVE-2013-1739
|
2024-11-21 10:50 |
2013-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
