|
284881
|
- |
|
werner_baumann
|
davfs2
|
WEB-DAV Linux File System (davfs2) 1.4.6 and 1.4.7 allow local users to gain privileges via unknown attack vectors in (1) kernel_interface.c and (2) mount_davfs.c, related to the "system" function.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4362
|
2024-11-21 10:55 |
2013-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284882
|
- |
|
openstack
fedoraproject
canonical
redhat
|
keystone
fedora
ubuntu_linux
openstack
|
OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users …
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2013-4222
|
2024-11-21 10:55 |
2013-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284883
|
- |
|
emeric_vernat
|
javamelody
|
Cross-site scripting (XSS) vulnerability in HtmlSessionInformationsReport.java in JavaMelody 1.46 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted X-Forwarded-…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4378
|
2024-11-21 10:55 |
2013-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284884
|
- |
|
apache
oracle
|
struts
mysql_enterprise_monitor
flexcube_private_banking
webcenter_sites
|
Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.
|
CWE-16
NVD-CWE-noinfo
CWE-284
Configuration
Improper Access Control
|
CVE-2013-4316
|
2024-11-21 10:55 |
2013-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284885
|
- |
|
jean-paul_calderone
canonical
|
pyopenssl
ubuntu_linux
|
The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle a…
|
CWE-20
Improper Input Validation
|
CVE-2013-4314
|
2024-11-21 10:55 |
2013-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284886
|
- |
|
apache
|
struts
|
Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4310
|
2024-11-21 10:55 |
2013-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284887
|
- |
|
redhat
|
libvirt
|
The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-4297
|
2024-11-21 10:55 |
2013-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284888
|
- |
|
redhat
canonical
|
libvirt
ubuntu_linux
enterprise_linux
|
The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated u…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-4296
|
2024-11-21 10:55 |
2013-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284889
|
- |
|
redhat
|
libvirt
|
libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of service (memory consumption) via a large number of domain migrate parameters in certain RPC calls in (1) daemon/remote.c and (2) remote…
|
CWE-399
Resource Management Errors
|
CVE-2013-4292
|
2024-11-21 10:55 |
2013-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284890
|
- |
|
redhat
|
libvirt
|
The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4291
|
2024-11-21 10:55 |
2013-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
