|
283331
|
6.1 |
MEDIUM
Network
|
nodejs
|
node.js
|
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag.
|
CWE-79
Cross-site Scripting
|
CVE-2013-7451
|
2024-11-21 11:01 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283332
|
3.3 |
LOW
Local
|
redislabs
debian
|
redis
debian_linux
|
linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.
|
CWE-200
Information Exposure
|
CVE-2013-7458
|
2024-11-21 11:01 |
2016-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283333
|
7.6 |
HIGH
Network
|
libgd
|
libgd
|
gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service (…
|
CWE-125
Out-of-bounds Read
|
CVE-2013-7456
|
2024-11-21 11:01 |
2016-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283334
|
7.8 |
HIGH
Local
|
google
|
android
|
Unspecified vulnerability in the Qualcomm components in Android before 2016-07-05 allows attackers to gain privileges via a crafted application.
|
NVD-CWE-noinfo
|
CVE-2013-7457
|
2024-11-21 11:01 |
2016-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283335
|
5.9 |
MEDIUM
Network
|
python
|
python
|
The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof serve…
|
CWE-19
Data Processing Errors
|
CVE-2013-7440
|
2024-11-21 11:01 |
2016-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283336
|
7.5 |
HIGH
Network
|
php
|
php
|
file before 5.18, as used in the Fileinfo component in PHP before 5.6.0, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a zero root_storage …
|
NVD-CWE-Other
|
CVE-2014-0236
|
2024-11-21 11:01 |
2016-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283337
|
9.8 |
CRITICAL
Network
|
littlecms
|
little_cms_color_engine
|
Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that t…
|
NVD-CWE-Other
|
CVE-2013-7455
|
2024-11-21 11:01 |
2016-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283338
|
6.5 |
MEDIUM
Network
|
canonical
xchat
hexchat_project
|
ubuntu_linux
xchat
xchat_gnome
hexchat
|
The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows m…
|
CWE-310
Cryptographic Issues
|
CVE-2013-7449
|
2024-11-21 11:01 |
2016-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283339
|
7.5 |
HIGH
Network
|
debian
didiwiki_project
|
debian_linux
didiwiki
|
Directory traversal vulnerability in wiki.c in didiwiki allows remote attackers to read arbitrary files via the page parameter to api/page/get.
|
CWE-22
Path Traversal
|
CVE-2013-7448
|
2024-11-21 11:01 |
2016-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283340
|
6.5 |
MEDIUM
Network
|
canonical
samsung
|
ubuntu_linux
x14j_firmware
|
Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, all…
|
NVD-CWE-Other
|
CVE-2013-7447
|
2024-11-21 11:01 |
2016-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
