|
285921
|
- |
|
openbsd
|
openssh
|
The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4548
|
2024-11-21 10:55 |
2013-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285922
|
7.5 |
HIGH
Network
|
lighttpd
debian
opensuse
|
lighttpd
debian_linux
opensuse
|
lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obta…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2013-4508
|
2024-11-21 10:55 |
2013-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285923
|
- |
|
openstack
|
havana
grizzly
folsom
|
The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4497
|
2024-11-21 10:55 |
2013-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285924
|
- |
|
ldap-account-manager
|
ldap_account_manager
|
Cross-site scripting (XSS) vulnerability in templates/login.php in LDAP Account Manager (LAM) 4.3 and 4.2.1 allows remote attackers to inject arbitrary web script or HTML via the language parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2013-4453
|
2024-11-21 10:55 |
2013-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285925
|
- |
|
libguestfs
suse
novell
|
libguestfs
suse_linux_enterprise_software_development_kit
suse_linux_enterprise_server
|
The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4419
|
2024-11-21 10:55 |
2013-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285926
|
- |
|
saltstack
|
salt
|
Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4439
|
2024-11-21 10:55 |
2013-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285927
|
- |
|
saltstack
|
salt
|
Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to …
|
CWE-94
Code Injection
|
CVE-2013-4438
|
2024-11-21 10:55 |
2013-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285928
|
- |
|
saltstack
|
salt
|
Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp."
|
NVD-CWE-noinfo
|
CVE-2013-4437
|
2024-11-21 10:55 |
2013-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285929
|
- |
|
saltstack
|
salt
|
The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle …
|
CWE-20
Improper Input Validation
|
CVE-2013-4436
|
2024-11-21 10:55 |
2013-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285930
|
- |
|
saltstack
|
salt
|
Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another rou…
|
CWE-287
Improper Authentication
|
CVE-2013-4435
|
2024-11-21 10:55 |
2013-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
