|
284871
|
- |
|
djangoproject
|
django
|
Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbit…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4249
|
2024-11-21 10:55 |
2013-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284872
|
- |
|
systemd_project
debian
canonical
|
systemd
debian_linux
ubuntu_linux
|
systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race con…
|
CWE-362
Race Condition
|
CVE-2013-4327
|
2024-11-21 10:55 |
2013-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284873
|
- |
|
lennart_poettering
redhat
|
rkit
enterprise_linux
|
RealtimeKit (aka rtkit) 0.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess Po…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4326
|
2024-11-21 10:55 |
2013-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284874
|
- |
|
spice-gtk_project
redhat
|
spice-gtk
enterprise_linux
|
spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by l…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4324
|
2024-11-21 10:55 |
2013-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284875
|
- |
|
redhat
canonical
|
libvirt
ubuntu_linux
enterprise_linux
|
libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race c…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4311
|
2024-11-21 10:55 |
2013-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284876
|
- |
|
opensuse
polkit_project
canonical
redhat
|
opensuse
polkit
ubuntu_linux
enterprise_linux
|
Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is perf…
|
CWE-362
Race Condition
|
CVE-2013-4288
|
2024-11-21 10:55 |
2013-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284877
|
- |
|
xen
|
xen
|
The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by r…
|
CWE-200
Information Exposure
|
CVE-2013-4361
|
2024-11-21 10:55 |
2013-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284878
|
- |
|
xen
|
xen
|
Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified o…
|
CWE-200
Information Exposure
|
CVE-2013-4355
|
2024-11-21 10:55 |
2013-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284879
|
- |
|
redhat
|
jboss_enterprise_web_platform
jboss_enterprise_brms_platform
jboss_enterprise_soa_platform
jboss_enterprise_application_platform
|
The org.jboss.remoting.transport.socket.ServerThread class in Red Hat JBoss Remoting for Red Hat JBoss SOA Platform 5.3.1 GA, Web Platform 5.2.0, Enterprise Application Platform 5.2.0, and other prod…
|
NVD-CWE-noinfo
|
CVE-2013-4210
|
2024-11-21 10:55 |
2013-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284880
|
- |
|
polarssl
|
polarssl
|
The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 and 1.2.x before 1.2.8 does not properly parse certificate messages during the SSL/TLS handshake, which allows remote attackers to …
|
CWE-20
Improper Input Validation
|
CVE-2013-4623
|
2024-11-21 10:55 |
2013-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
