|
290961
|
- |
|
xen
|
xen
|
Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified o…
|
CWE-200
Information Exposure
|
CVE-2013-4355
|
2024-11-21 10:55 |
2013-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290962
|
- |
|
redhat
|
jboss_enterprise_web_platform
jboss_enterprise_brms_platform
jboss_enterprise_soa_platform
jboss_enterprise_application_platform
|
The org.jboss.remoting.transport.socket.ServerThread class in Red Hat JBoss Remoting for Red Hat JBoss SOA Platform 5.3.1 GA, Web Platform 5.2.0, Enterprise Application Platform 5.2.0, and other prod…
|
NVD-CWE-noinfo
|
CVE-2013-4210
|
2024-11-21 10:55 |
2013-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290963
|
- |
|
polarssl
|
polarssl
|
The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 and 1.2.x before 1.2.8 does not properly parse certificate messages during the SSL/TLS handshake, which allows remote attackers to …
|
CWE-20
Improper Input Validation
|
CVE-2013-4623
|
2024-11-21 10:55 |
2013-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290964
|
- |
|
werner_baumann
|
davfs2
|
WEB-DAV Linux File System (davfs2) 1.4.6 and 1.4.7 allow local users to gain privileges via unknown attack vectors in (1) kernel_interface.c and (2) mount_davfs.c, related to the "system" function.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4362
|
2024-11-21 10:55 |
2013-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290965
|
- |
|
openstack
fedoraproject
canonical
redhat
|
keystone
fedora
ubuntu_linux
openstack
|
OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users …
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2013-4222
|
2024-11-21 10:55 |
2013-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290966
|
- |
|
emeric_vernat
|
javamelody
|
Cross-site scripting (XSS) vulnerability in HtmlSessionInformationsReport.java in JavaMelody 1.46 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted X-Forwarded-…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4378
|
2024-11-21 10:55 |
2013-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290967
|
- |
|
apache
oracle
|
struts
mysql_enterprise_monitor
flexcube_private_banking
webcenter_sites
|
Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.
|
CWE-16
NVD-CWE-noinfo
CWE-284
Configuration
Improper Access Control
|
CVE-2013-4316
|
2024-11-21 10:55 |
2013-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290968
|
- |
|
jean-paul_calderone
canonical
|
pyopenssl
ubuntu_linux
|
The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle a…
|
CWE-20
Improper Input Validation
|
CVE-2013-4314
|
2024-11-21 10:55 |
2013-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290969
|
- |
|
apache
|
struts
|
Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4310
|
2024-11-21 10:55 |
2013-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290970
|
- |
|
redhat
|
libvirt
|
The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-4297
|
2024-11-21 10:55 |
2013-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
