|
294051
|
- |
|
pivotal_software
vmware
|
spring_framework
|
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitra…
|
CWE-352
CWE-611
Origin Validation Error
XXE
|
CVE-2013-6429
|
2024-11-21 10:59 |
2014-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294052
|
- |
|
apple
canonical
|
cups
ubuntu_linux
|
lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cup…
|
CWE-59
Link Following
|
CVE-2013-6891
|
2024-11-21 10:59 |
2014-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294053
|
- |
|
yahoo
|
toolbar
|
Cross-site scripting (XSS) vulnerability in clickstream.js in Y! Toolbar plugin for FireFox 3.1.0.20130813024103 for Mac, and 2.5.9.2013418100420 for Windows, allows remote attackers to inject arbitr…
|
CWE-79
Cross-site Scripting
|
CVE-2013-6853
|
2024-11-21 10:59 |
2014-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294054
|
- |
|
redhat
|
libvirt
|
Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify…
|
CWE-362
Race Condition
|
CVE-2013-6458
|
2024-11-21 10:59 |
2014-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294055
|
- |
|
redhat
|
libvirt
|
The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of se…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6457
|
2024-11-21 10:59 |
2014-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294056
|
- |
|
redhat
|
enterprise_virtualization_manager
|
The remote-viewer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.3, when using a native SPICE client invocation method, initially makes insecure connections to the SPICE server, which…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6434
|
2024-11-21 10:59 |
2014-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294057
|
- |
|
live555
videolan
|
streaming_media
vlc_media_player
|
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibl…
|
CWE-189
Numeric Errors
|
CVE-2013-6934
|
2024-11-21 10:59 |
2014-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294058
|
- |
|
live555
|
streaming_media
|
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service …
|
CWE-119
CWE-189
Incorrect Access of Indexable Resource ('Range Error')
Numeric Errors
|
CVE-2013-6933
|
2024-11-21 10:59 |
2014-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294059
|
- |
|
redhat
|
cloudforms
cloudforms_3.0_management_engine
|
CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protect_from_forgery mechanism and conduct cross-site request forgery (CSRF) attacks via a destruct…
|
CWE-352
Origin Validation Error
|
CVE-2013-6443
|
2024-11-21 10:59 |
2014-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294060
|
- |
|
redhat
|
jboss_seam_2_framework
|
The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation restr…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6448
|
2024-11-21 10:59 |
2014-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
