|
284591
|
7.8 |
HIGH
Local
|
ovirt
|
ovirt-engine
|
ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod() works when passed a mode of '-1'.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2013-4367
|
2024-11-21 10:55 |
2019-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284592
|
9.8 |
CRITICAL
Network
|
gitolite
|
gitolite
|
gitolite commit fa06a34 through 3.5.3 might allow attackers to have unspecified impact via vectors involving world-writable permissions when creating (1) ~/.gitolite.rc, (2) ~/.gitolite, or (3) ~/rep…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4451
|
2024-11-21 10:55 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284593
|
3.3 |
LOW
Local
|
redhat
|
automatic_bug_reporting_tool
|
Automatic Bug Reporting Tool (ABRT) before 2.1.6 allows local users to obtain sensitive information about arbitrary files via vectors related to sha1sums.
|
CWE-200
Information Exposure
|
CVE-2013-4209
|
2024-11-21 10:55 |
2018-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284594
|
4.3 |
MEDIUM
Network
|
katello
|
katello
|
Katello allows remote authenticated users to call the "system remove_deletion" CLI command via vectors related to "remove system" permissions.
|
CWE-275
Permission Issues
|
CVE-2013-4201
|
2024-11-21 10:55 |
2018-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284595
|
4.3 |
MEDIUM
Network
|
apache
|
cloudstack
|
In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their…
|
CWE-200
Information Exposure
|
CVE-2013-4317
|
2024-11-21 10:55 |
2018-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284596
|
7.8 |
HIGH
Local
|
redhat
|
openshift
|
(1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink atta…
|
CWE-59
Link Following
|
CVE-2013-4364
|
2024-11-21 10:55 |
2018-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284597
|
5.3 |
MEDIUM
Network
|
oracle
|
jre
jdk
|
jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper fi…
|
CWE-74
Injection
|
CVE-2013-4578
|
2024-11-21 10:55 |
2017-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284598
|
9.8 |
CRITICAL
Network
|
apache
|
httpclient
|
http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors in…
|
CWE-20
Improper Input Validation
|
CVE-2013-4366
|
2024-11-21 10:55 |
2017-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284599
|
8.8 |
HIGH
Network
|
apache
|
subversion
|
libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt FSFS repositories and cause a denial of service or obtain sensitive i…
|
CWE-284
Improper Access Control
|
CVE-2013-4246
|
2024-11-21 10:55 |
2017-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284600
|
6.2 |
MEDIUM
Local
|
oracle
linux
|
linux
linux_kernel
|
The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, r…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-4312
|
2024-11-21 10:55 |
2016-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
