|
286191
|
9.8 |
CRITICAL
Network
|
dlitz
fedoraproject
|
pycrypto
fedora
|
Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv p…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-7459
|
2024-11-21 11:01 |
2017-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286192
|
6.1 |
MEDIUM
Network
|
nodejs
|
node.js
|
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings.
|
CWE-79
Cross-site Scripting
|
CVE-2013-7454
|
2024-11-21 11:01 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286193
|
6.1 |
MEDIUM
Network
|
nodejs
|
node.js
|
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing.
|
CWE-79
Cross-site Scripting
|
CVE-2013-7453
|
2024-11-21 11:01 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286194
|
6.1 |
MEDIUM
Network
|
nodejs
|
node.js
|
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via a crafted javascript URI.
|
CWE-79
Cross-site Scripting
|
CVE-2013-7452
|
2024-11-21 11:01 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286195
|
6.1 |
MEDIUM
Network
|
nodejs
|
node.js
|
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag.
|
CWE-79
Cross-site Scripting
|
CVE-2013-7451
|
2024-11-21 11:01 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286196
|
3.3 |
LOW
Local
|
redislabs
debian
|
redis
debian_linux
|
linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.
|
CWE-200
Information Exposure
|
CVE-2013-7458
|
2024-11-21 11:01 |
2016-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286197
|
7.6 |
HIGH
Network
|
libgd
|
libgd
|
gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service (…
|
CWE-125
Out-of-bounds Read
|
CVE-2013-7456
|
2024-11-21 11:01 |
2016-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286198
|
7.8 |
HIGH
Local
|
google
|
android
|
Unspecified vulnerability in the Qualcomm components in Android before 2016-07-05 allows attackers to gain privileges via a crafted application.
|
NVD-CWE-noinfo
|
CVE-2013-7457
|
2024-11-21 11:01 |
2016-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286199
|
5.9 |
MEDIUM
Network
|
python
|
python
|
The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof serve…
|
CWE-19
Data Processing Errors
|
CVE-2013-7440
|
2024-11-21 11:01 |
2016-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286200
|
7.5 |
HIGH
Network
|
php
|
php
|
file before 5.18, as used in the Fileinfo component in PHP before 5.6.0, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a zero root_storage …
|
NVD-CWE-Other
|
CVE-2014-0236
|
2024-11-21 11:01 |
2016-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
